Syntax error in GUI
-
Set up pfsense on an x86 box a couple of days ago. I was rushed and didn't change the default password. When I went back to the web interface recently to set a different password, I got this error:
parse error: syntax error unexpected T_STRING in /usr/local/www/index.php on line 52
Have I been hacked? Or am I the victim of filesystem corruption? The box is still passing traffic, though response is occasionally slow.
-
I suppose that depends on what is on line 52 of index.php, and whether or not your GUI port was open to the world.
First thing I suspect would be filesystem corruption.
-
I suppose that depends on what is on line 52 of index.php, and whether or not your GUI port was open to the world.
First thing I suspect would be filesystem corruption.
Didn't change the GUI preferences from default, which I'm pretty sure is off on the WAN interface. I'll hook a monitor up to it and look for I/O errors in the log. Which raises the question, where would I look for said log on BSD?
-
clog /var/log/system.log
http://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_%28clog%29
-
Set up pfsense on an x86 box a couple of days ago. I was rushed and didn't change the default password. When I went back to the web interface recently to set a different password, I got this error:
parse error: syntax error unexpected T_STRING in /usr/local/www/index.php on line 52
Have I been hacked? Or am I the victim of filesystem corruption? The box is still passing traffic, though response is occasionally slow.
I would first try doing a simple diff between the file and a known-good copy e.g.
diff file1 file2
-
Fired up the console and got spammed with php errors scrolling by. Rebooted, and fsck (or the BSD equivalent) kicked off and found some corrupted files - scrolled by too fast to read. After reboot, I was able to access the GUI w/o error and changed the password. (BTW, is there any connection between running 'passwd admin' on the console and the admin account in the GUI?) However, scanning through the system log I found no sign of I/O errors. Should I still be concerned about a possible intrusion?
-
I'd be seriously suspicious of the hard drive in that case. Not an intrusion.
You must change the password for root/admin in the GUI. Changing it at the console would only work until the system rebooted or rewrote the user database from the config.xml
-
I'd be seriously suspicious of the hard drive in that case. Not an intrusion.
In that case…does pfSense have any SMART tools?
EDIT: Never mind, found Diagnostics>SMART. It says everything is hunky dory. Hmm, guess I need to run a surface test. That'll only take a few days...
Would it be feasible to just boot off a USB stick? Would I need to worry about wearing out the memory?
EDIT2: Running a long offline test now. Also, since I got the GUI back up, got notice of a kernel panic from a couple of days ago. Not sure if it's related to the disk corruption or not.