Hi!
One of our 3000/800-servers has started to behave very strange. We can't login.
When trying telnet the connection is just closed, and when trying rlogin it
reports "Can't open /var/adm/lastlog". I managed to get in using rsh and got
to root using a setuid shell.
When someone tries to login this message is logged in the syslog:
Jan 10 11:57:39 lane login: audgen(LOGIN): Permission denied
Jan 10 11:57:42 lane login: audgen(LOGIN): Permission denied
Jan 10 11:57:42 lane login: LOGIN FAILURE
When running ps no processes are reported. There are 45 processes on the
machine when looking in /proc. The system is a NFS-server, NFS is working.
A reboot did not solve the problem and nothing was reported during the reboot.
It was booted on /vmunix.
What has happend? We are not aware of any changes made to the system.
The machine is a 3000/800 running 3.0B of OSF/1. We are not running
C2-security.
/Mats
===============================================================================
Mats G Karlsson E-mail: atomaka_at_ato.abb.se (__)
ABB Atom AB MEMO: ABB.SEATO.ATOMAKA (oo)
Avd: AUP Tel: +46 (0)21 347762 \/-------\
S-721 63 Vasteras Fax: +46 (0)21 347088 || | \
Sweden ||---W|| *
===============================================================================
Received on Wed Jan 10 1996 - 13:29:26 NZDT