Hi Gurus,
We had to reinstall the system after having removed manually a log
file in /var/tcb/files/dblogs (Tru64 Unix 5.0a + enhanced security).
The lesson is that those files should be removed by the system
itself as can be configured in the "Security Configuration:
Custom Options", bottom "Configure authorization database
options", and press "Trimm now" or configure periodical cleaning.
Otherwise one can get into serial troubles.
Thanks to Ann Majeske who have sent me informations about
"Security db Utilities", contained in the V5.0A Security Guide.
By the way, we solved our problem with "w" and "last" by
recompiling ssh1 and ssh2 under Tru64 5.0a.
Regards,
Oyanarte Portilho
Institute of Physics
University of Brasilia, Brazil
--------- Original posting:
> We had a problem with sshd compiled under DU 4.0a not working properly
> under Tru64 5.0a + C2 after upgrading:
>
> > Sorry if this is a FAQ. After upgrading to Tru64 5.0a + enhanced
> > security, command "w" does not show all logged users correctly.
> > Also, "last" shows a bunch of lines like
> >
> > username ^G Wed Dec 31 21:00 still logged in
> >
> > as if those users were still logged in since 9 pm of Dec 31. Is this
> > a new security feature or what?
>
> We submitted the problem to this list and got suggestions to recompile
> ssh under Tru64 5.0a and remove /etc/wtmp and /etc/utmp, creating new wtmp
> and utmp with "touch", since they should be corrupted. I have done so and
> further I removed also, maybe inadvertedly, /usr/var/tcb/files/dblogs/log.00006
> in order to save some disk space (while a newer /usr/var/tcb/files/dblogs/log.00007
> was left intact). After rebooting, nobody can login by console, where we
> get the message
>
> "cannot obtain information database information on this terminal"
>
> The only possible access mode is by ssh1 from other machines (I can do
> it as root). If we try to access by telnet (which I have reactivated) we get
>
> login: log_get: /var/tcb/files/dblogs/log.00006: No such file or directory
>
> Another symptom is that there are several /usr/sbin/cron processes running,
> loading the cpu.
>
> There is a line in /var/spool/cron/crontabs/root which states to remove
> db logs periodically:
>
> # Start of entries to purge enhanced profile db logs
> 0 2 * * 0 /usr/tcb/bin/db_checkpoint -1 -h /var/tcb/files && /usr/tcb/bin/db_archive -a -h /var/tcb/files | /
> usr/bin/xargs /usr/bin/rm -f
> # End of entries to purge enhanced profile db logs
>
> I do not know if this has something to do with our troubles. How to get out of this mess?
Received on Fri Oct 20 2000 - 21:35:06 NZDT