Re: files named: /.SeCuRiTy. on Solaris server

From: Brian Carpio (
Date: 07/24/01

Date: Tue, 24 Jul 2001 12:35:27 -0600 (MDT)
From: Brian Carpio <>
To: Toby Rider <>
Subject: Re: files named: /.SeCuRiTy. on Solaris server
Message-ID: <>

I have the same thing on my backup production server :

-r--r----- 1 root root 28 Jun 3 17:36 .SeCuRiTy.0
-r--r----- 1 root root 28 Jun 3 17:36 .SeCuRiTy.1

Those are the only two files.... I am running Veritas Netbackup 3.2
although I do something weird where i can bring up an old backup server's
dabase images and then entire netbackup volume mananger 3.4 datacenter if
I shut down the current 3.2 netbackup... they never show up untill I open
Veritas Netbackup 3.4 (datacenter).. (if that made any sence)

Brian Carpio
CSG Systems Inc.
Open Systems Unix System Admin


--- Security is a Process NOT a Product ----

On Tue, 24 Jul 2001, Toby Rider wrote:

> Hello all,
> I noticed that in the root directory of one of my Solaris 7
> Sparc servers I have about a hundred files named: .SeCuRiTy.<number> in
> the root directory.
> They are all grouped in two days. They are all owned by daemon,
> and all have 600 permissions.
> This machine is not open to direct access from the internet, it is
> a NIS slave server and runs Veritas Netbackup Datacenter, and has the
> latest recommended patch cluster from Sun.
> Obviously I am curious about these files, but I can't find any
> info. on the web about this being a possible compromise.
> Does anyone know if this is the result of a compromise and where I
> can get info. on this possible exploit? Thanks!
> Toby A. Rider