corrupted database (II) from Oyanarte Portilho on 2000-10-19 (tru64-unix-managers)

From: Oyanarte Portilho <portilho_at_helium.fis.unb.br>
Date: Wed, 18 Oct 2000 14:25:38 -0200 (EDT)

Hi Gurus,

It seems that the remotion of the log file /var/tcb/files/dblogs/log.00006
messed all our system. We are about to reinstall the OS but wondered if
there would a way out of this without doing it. Maybe trying to issue
checkpoint or somehow turning off C2. Any pointers are welcome.

TIA,

        Oyanarte Portilho
        Institute of Physics
        University of Brasilia, Brazil

--------

> > Sorry if this is a FAQ. After upgrading to Tru64 5.0a + enhanced
> > security, command "w" does not show all logged users correctly.
> > Also, "last" shows a bunch of lines like
> >
> > username ^G Wed Dec 31 21:00 still logged in
> >
> > as if those users were still logged in since 9 pm of Dec 31. Is this
> > a new security feature or what?
>
> We submitted the problem to this list and got suggestions to recompile
> ssh under Tru64 5.0a and remove /etc/wtmp and /etc/utmp, creating new wtmp
> and utmp with "touch", since they should be corrupted. I have done so and
> further I removed also, maybe inadvertedly, /usr/var/tcb/files/dblogs/log.00006
> in order to save some disk space (while a newer /usr/var/tcb/files/dblogs/log.00007
> was left intact). After rebooting, nobody can login by console, where we
> get the message
>
> "cannot obtain information database information on this terminal"
>
> The only possible access mode is by ssh1 from other machines (I can do
> it as root). If we try to access by telnet (which I have reactivated) we get
>
> login: log_get: /var/tcb/files/dblogs/log.00006: No such file or directory
>
> Another symptom is that there are several /usr/sbin/cron processes running,
> loading the cpu.
>
> There is a line in /var/spool/cron/crontabs/root which states to remove
> db logs periodically:
>
> # Start of entries to purge enhanced profile db logs
> 0 2 * * 0 /usr/tcb/bin/db_checkpoint -1 -h /var/tcb/files && /usr/tcb/bin/db_archive -a -h /var/tcb/f
> iles | /usr/bin/xargs /usr/bin/rm -f
> # End of entries to purge enhanced profile db logs
>
> I do not know if this has something to do with our troubles. How to get out of this mess?
Received on Wed Oct 18 2000 - 16:29:51 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:41 NZDT