LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


Reply
  Search this Thread
Old 06-10-2004, 03:44 PM   #1
Mike_the_Man
Member
 
Registered: Jan 2001
Location: work
Distribution: Redhat, Mandrake
Posts: 33

Rep: Reputation: 15
/var/adm/utmpx hacked?!?


I got the below message on one of my solaris server. This message appeared when booting the server.

Jun 8 12:28:25 <myhost> syslogd: /var/adm/utmpx not owned by root or not mode 644.\nThis file must be owned by root and not writable by\nanyone other than root. This alert is being dropped because of\nthis problem.
Jun 8 12:28:25 <myhost> last message repeated 2 times

Has anyone gotten this message? An ls -l on the file is below.
-rw-rw-r-- 1 adm other 4464 Jun 10 13:36 /var/adm/utmpx


I am kinda worried because a couple months ago, we had a hacker hack into a bunch of our servers. I don't want to go yelling hacker unless I know I have been hacked. Has anyone else seen this message?

Thanks
Mike
 
Old 06-11-2004, 07:25 AM   #2
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Re: /var/adm/utmpx hacked?!?

Quote:
Originally posted by Mike_the_Man
I am kinda worried because a couple months ago, we had a hacker hack into a bunch of our servers. I don't want to go yelling hacker unless I know I have been hacked. Has anyone else seen this message?
Thanks
Mike
At this point you might consider doing a full audit of this system and the move to others depending on your results. Do you have any log archive that you can go back and check to see if this is a leftover of the first intrusion?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Adm Group Obie Linux - Security 1 10-10-2004 07:54 AM
Moving /var/adm and /var/lib - why does it hurt? J_Szucs Linux - General 1 09-15-2004 06:46 PM
cleaning up /var/adm/wtmp Risc91 AIX 5 08-23-2004 09:52 AM
Whats the equivalent on Linux for /var/adm/syslog? eDubster Linux - General 5 05-15-2003 08:02 PM
/var/adm/messages & syslog Khalid Linux - General 0 11-08-2001 05:40 PM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 12:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration