(?) disappearing act

From eric lin

Answered By Ben Okopnik

Hello Answer Gang,

Let me start off by thanking all of you for providing such excellent service.

I'm running RedHat 6.2 with apache 1.3.9 and Sendmail 8.9.3 as an Internal web/mail server. I use it on a daily basis, but haven't changed any of the configurations since the initial install. Yet mysteriously the httpd.conf and the sendmail.conf files becomes null (file size of 0)!!! This occurs randomly and usually after a reboot of the system.

Since it is internal and no one uses it except for myself, I have no way of explaining why this is.

Do you guys have any ideas???

(!) [Ben] Wow. That's odd. Very odd. It sounds like maybe some sort of a config file backup procedure (?) gone wrong. One of the first things I'd do is switch to "/etc/init.d" and grep the scripts there for any mention of the above files. I'd investigate anything I found with a very sceptical eye, possibly looking for evidence of intrusion (I can see some script kiddie being very interested in those two files...) or just a badly-written script.
If you can't find anything, try setting the immutable attribute on those files via "chattr" (see the manpage); this should at least stop them from "disappearing". I, for one, would be very interested to know what you find out in your troubleshooting process.

