Re: files named: /.SeCuRiTy. on Solaris server

From: Brian Carpio (carb02@csgsystems.com)
Date: 07/24/01

Previous message: Doug Hughes: "Re: files named: /.SeCuRiTy. on Solaris server"
In reply to: Toby Rider: "files named: /.SeCuRiTy. on Solaris server"
Next in thread: Rob Lindenbusch: "Re: files named: /.SeCuRiTy. on Solaris server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Jul 2001 12:35:27 -0600 (MDT)
From: Brian Carpio <carb02@csgsystems.com>
To: Toby Rider <tarider@blackmill.net>
Subject: Re: files named: /.SeCuRiTy. on Solaris server
Message-ID: <Pine.GSO.4.10.10107241232550.18074-100000@sylvester.co.csgsystems.com>

I have the same thing on my backup production server :

-r--r----- 1 root root 28 Jun 3 17:36 .SeCuRiTy.0
-r--r----- 1 root root 28 Jun 3 17:36 .SeCuRiTy.1

Those are the only two files.... I am running Veritas Netbackup 3.2
although I do something weird where i can bring up an old backup server's
dabase images and then entire netbackup volume mananger 3.4 datacenter if
I shut down the current 3.2 netbackup... they never show up untill I open
Veritas Netbackup 3.4 (datacenter).. (if that made any sence)

--------------
Brian Carpio
CSG Systems Inc.
Open Systems Unix System Admin

x3317
--------------

--- Security is a Process NOT a Product ----

On Tue, 24 Jul 2001, Toby Rider wrote:

> Hello all,
>
> I noticed that in the root directory of one of my Solaris 7
> Sparc servers I have about a hundred files named: .SeCuRiTy.<number> in
> the root directory.
> They are all grouped in two days. They are all owned by daemon,
> and all have 600 permissions.
> This machine is not open to direct access from the internet, it is
> a NIS slave server and runs Veritas Netbackup Datacenter, and has the
> latest recommended patch cluster from Sun.
> Obviously I am curious about these files, but I can't find any
> info. on the web about this being a possible compromise.
> Does anyone know if this is the result of a compromise and where I
> can get info. on this possible exploit? Thanks!
>
>
> Toby A. Rider
>
>
>
>
>

Previous message: Doug Hughes: "Re: files named: /.SeCuRiTy. on Solaris server"
In reply to: Toby Rider: "files named: /.SeCuRiTy. on Solaris server"
Next in thread: Rob Lindenbusch: "Re: files named: /.SeCuRiTy. on Solaris server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

devfsadm hang
... I have Fujitsu server PW2500 running solaris 9, ... SDS, Veritas Volume Manager 4.0, connected to SAN switch for disks and ... backup (Veritas Netbackup). ... When the switch was re-zoning for backup purpose (HBA using Emulex ...
(SunManagers)
Server Gray screen but Pingable
... getting stuck at a gray screen, but still show on our network. ... our customer applications run due to the server being "off in the weeds". ... They run SQL, Mcafee, and Veritas netbackup 4.5fp6. ...
(microsoft.public.windows.server.general)
Passive NetBackup
... I have a server behind a firewall. ... Is it possible to use Veritas NetBackup ... to backup this server but do not allow connections to it? ...
(comp.unix.solaris)