Hi! I managed to solve my problem. One of our system managers had changed the
owner of all files in /usr/bin and below. Not easy to spot and it sure gave
some
interesting effects...
/Mats
Original posting:
> Hi!
>
> One of our 3000/800-servers has started to behave very strange. We can't login.
> When trying telnet the connection is just closed, and when trying rlogin it
> reports "Can't open /var/adm/lastlog". I managed to get in using rsh and got
> to root using a setuid shell.
>
> When someone tries to login this message is logged in the syslog:
> Jan 10 11:57:39 lane login: audgen(LOGIN): Permission denied
> Jan 10 11:57:42 lane login: audgen(LOGIN): Permission denied
> Jan 10 11:57:42 lane login: LOGIN FAILURE
>
> When running ps no processes are reported. There are 45 processes on the
> machine when looking in /proc. The system is a NFS-server, NFS is working.
>
> A reboot did not solve the problem and nothing was reported during the reboot.
> It was booted on /vmunix.
>
> What has happend? We are not aware of any changes made to the system.
>
> The machine is a 3000/800 running 3.0B of OSF/1. We are not running
> C2-security.
>
> /Mats
===============================================================================
Mats G Karlsson E-mail: atomaka_at_ato.abb.se (__)
ABB Atom AB MEMO: ABB.SEATO.ATOMAKA (oo)
Avd: AUP Tel: +46 (0)21 347762 \/-------\
S-721 63 Vasteras Fax: +46 (0)21 347088 || | \
Sweden ||---W|| *
===============================================================================
Received on Wed Jan 10 1996 - 16:00:30 NZDT