jump to navigation

LVM: Duplicate VGName – Howto Rename 31 May 2016

Posted by Maulvi Bakar in : Linux,System,Unix , trackback

xsshot4d33ca58bce04.png.pagespeed.gp+jp+jw+pj+js+rj+rp+rw+ri+cp+md.ic.ECGX3Ynr_FI have an interesting problem. One of my Virtual Machine was compromised with a trojan/virus. The VM was relatively new with no exposed services to public facing interface except for SSH. It was a CentOS 7 , newly installed with nothing configured on it. I did made sure to update it to the latest updates, thinking it was just fine, I let it at default which by vendor’s default settings – only the SSH is enabled.

A few days later, the VM was compromised.  The tell-tale sign?  The VM was extremely sluggish and my home internet connectivity was sluggish as well. A simple “top” command shows that there are processes running in the background consuming obscene amount of available resources. It seems that this troan/virus is conducting a DDOS uti;izing my resources turning my VM into into a mindless zombie botnet. The process-name? It was randomly generated name. Killing and deleting them will only cause them to regenerate itself.

My first reaction was to take the VM offline.

Since this is a new system, I find it easier to rebuild the system from scratch. I took the VM’s existing disk-image offline and assigned a new one to itand proceeded to install the OS onto it.

Once done, I re-attached the old disk-image back to the VM.

As I rebuild the VM’s OS using the same details, unfortunately, the old disk-image and the new disk-image shares the same LVM Volume Group Name. While I was lucky the VM boots-up finne, I supposed it is due to the new disk-image being the first diskdetected by the OS, mounts fine but the old disk-image’s Volume Group was not.

The “lvcan” commands shows the Volume was inactive –
# lvscan
ACTIVE ‘/dev/centos_vg01/swap’ [2.00 GiB] inherit
ACTIVE ‘/dev/centos_vg01/root’ [7.53 GiB] inherit
inactive ‘/dev/centos_vg01/swap’ [1.00 GiB] inherit
inactive ‘/dev/centos_vg0/root’ [8.47 GiB] inherit

Using the command “vgdisplay”, I acquire the UUID of the Volume Group that I wanted to rename, the it is a simple command of “vgrename”
# vgrename gUgqiK-6KKe-DH70-5Zsr-KMu6-ooQm-BSwlJB centos_vg01_old
Volume group “centos_vg01” successfully renamed to “centos_vg01_old”

Upon the next reboot, both Volume Groups were detected normally –
# lvscan
ACTIVE ‘/dev/centos_vg01/swap’ [2.00 GiB] inherit
ACTIVE ‘/dev/centos_vg01t/root’ [7.53 GiB] inherit
ACTIVE ‘/dev/centos_vg01_old/swap’ [1.00 GiB] inherit
ACTIVE ‘/dev/centos_vg01_old/root’ [8.47 GiB] inherit



no comments yet - be the first?

Challenge *