Admin-Ahead Community

General Category => General Discussion => Topic started by: Aby on July 18, 2014, 10:44:36 pm

Title: Possible root compromise detected: Failed to create directory /dev/null – cPanel
Post by: Aby on July 18, 2014, 10:44:36 pm

Possible root compromise detected: Failed to create directory /dev/null – cPanel

Code: [Select]

Attempts to create new directories or files whose file-names begin with numbers have failed.
This is indicative of a root compromise of the server.

The exact error encountered was:

Failed to create directory /dev/null: No such file or directory
Just check the disk space of your server especially the disk space usage of /tmp using df command. Try the following:

#df -h or df -h /tmp

In most cases, there will be enough disk space in /tmp. Please see a sample output given below:

root@server [~]# df -h

Code: [Select]

Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3       909G   78G  785G  10% /
tmpfs           3.9G     0  3.9G   0% /dev/shm
/dev/sda1       194M  129M   56M  70% /boot
/usr/tmpMnt     7.6G  1.1G  6.1G  15% /tmp

root@server [~]# df -h /tmp

Code: [Select]

Filesystem      Size  Used Avail Use% Mounted on
/usr/tmpMnt     7.6G  1.1G  6.1G  15% /tmp
Now, try df -i

root@server [~]# df -i

Code: [Select]

Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda3 60481536 709298 59772238 2% /
tmpfs 173825 1 173824 1% /dev/shm
/dev/sda1 51200 59 51141 1% /boot
/usr/tmpMnt 500960 500425 535 100% /tmp

Yes, the problem for receiving this email is /tmp has reached its inode limit. Now, you need to clear some unnecessary files from /tmp to fix this problem.

Hope this helps!!!