# Unexpected Inconsistency, run fsck manually



## wclas

I have a Cyberguard firewall running CgLinux 3.1 with LILO as the boot loader. The firewall is reporting the following error: "Unexpected Inconsistency, run fsck manually". The problem is that I do not have the root password to run the fsck. With this firewall being down, I've lost all connectivity coming and going. Does anyone know how I can get into LILO to change the root password so that I can run FSCK? Your quick responses will be much appreciated! Or, can anyone suggest what I can do to run fsck to get this firewall back up and operational.


----------



## lensman3

I don't run with LILO. I use GRUB, so what I tell you might not be exactly right.

1) You need to look for the LILO prompt that says: Lilo boot:

2) Enter "linux single" and hit enter. The entire line will look like "Lilo boot: linux single".
The machine should boot and you should get to a prompt that has a # in it. Linux shouldn't ask you for a password. If it does you will need a rescue disk and will have to run that.

3) After you are on then you need to run fsck. Type in "/sbin/fsck -y -f /". fsck must be run against every partition and each partition must be read-only, otherwise you could trash your file system. There can't be any activity on the file system. To mount a file system readonly, enter the fillowing command: "mount -n -o remount,ro /". Generally, when you bring up a system in single user mode, none of the file systems (partition) are mounted except for root (/). Type in the "df" command to see what is mounted. Also since your are root when you logged in, if you run the command "touch /xyzzy" and a file is created, YOU ARE NOT IN READ-ONLY MODE. If touch replies with "cannot create file" you are OK. (Remember to delete /xyzzy later, if it was created".

4) When you run "/sbin/fsck" the -y says fix all the errors, since most people wouldn't know what to type in anyway! The -f flag is force a file check. Some of the partitions can be dismounted without error and the "clean dismount bit" will tell fsck that it won't have to run. This will "force" a check.

5) Run fsck on all the partitions. You don't have to do the swap, it is just holds temporary data anyway. When you are all done, type in "sync" to flush all the changes to the disk.

6) Do a in "cntl-D" to logout the the Linux will reboot or restart from there. 


Look at the errors the fsck produces to see what the problem is/was. Fsck doesn't have the best error codes. If you a worried about the -y option: run it first without it on the line. But I challenge you to know what to type in when it prompts you for the fix. As I remember it wants a inode number to hook that block backup into the inode table. 

fsck has the option to use backup master inode tables. They are spread out over you disk, so if one table goes bad you can use the backup. I don't know how to retrieve those numbers, you would have had to write them down when you first formated the disk (and of course everybody does)!

To this techsupportforum.com boards police: Mr wclas has to have physical access to the PCs keyboard for the above to work. It will not work across the network! (It is just about impossible, if not impossible, to (re)mount the root file system read-only when a PC is in multiuser mode). Physical security of a PC box is probably just as important to having a good firewall running.

Good luck.


----------



## mkumar4ever

Unexpected inconsistency: run fsck manually 

i Try to this command but it checking the file system and blank screen
Command : fsck -f -c - y /


----------



## lensman3

This can take a long time to complete. 

You might add -v to the command so it looks like:

fsck -f -c -y -v /

The command you printed will just check the root "/" file system. Remove the slash to check all partitions. The verbose -v command will display the various stages the program is running through. You should at least have lots of disk activity.

Hope this helps.


----------

