Re: files named: /.SeCuRiTy. on Solaris server
From: Doug Hughes (doug@Eng.Auburn.EDU)Date: 07/24/01
- Previous message: Toby Rider: "files named: /.SeCuRiTy. on Solaris server"
- In reply to: Toby Rider: "files named: /.SeCuRiTy. on Solaris server"
- Next in thread: Brian Carpio: "Re: files named: /.SeCuRiTy. on Solaris server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Jul 2001 13:22:16 -0500 (CDT) From: Doug Hughes <doug@Eng.Auburn.EDU> To: Toby Rider <tarider@blackmill.net> Subject: Re: files named: /.SeCuRiTy. on Solaris server Message-ID: <Pine.SOL.4.10.10107241321470.9589-100000@goodall.eng.auburn.edu>
On Tue, 24 Jul 2001, Toby Rider wrote:
> Hello all,
>
> I noticed that in the root directory of one of my Solaris 7
> Sparc servers I have about a hundred files named: .SeCuRiTy.<number> in
> the root directory.
> They are all grouped in two days. They are all owned by daemon,
> and all have 600 permissions.
> This machine is not open to direct access from the internet, it is
> a NIS slave server and runs Veritas Netbackup Datacenter, and has the
> latest recommended patch cluster from Sun.
> Obviously I am curious about these files, but I can't find any
> info. on the web about this being a possible compromise.
> Does anyone know if this is the result of a compromise and where I
> can get info. on this possible exploit? Thanks!
>
>
Do they all have similar time? Check your cron jobs?
- Previous message: Toby Rider: "files named: /.SeCuRiTy. on Solaris server"
- In reply to: Toby Rider: "files named: /.SeCuRiTy. on Solaris server"
- Next in thread: Brian Carpio: "Re: files named: /.SeCuRiTy. on Solaris server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
