|
|
Hi,
On one of ou customer's site a RH 7.2 HP server , no web access (no dns,
....),
but a netgear dsl router on the lan, has the following problem:
Before yesterday:
..connecting as root through console was always OK
..connecting as root through telnet sometimes gave "illegal password" , in
this case
we used to connect as "normal" user and su - root , this always worked.
From yesterday on:
..We just created a new user account for FTP transfers. This account worked
for a while.
..15 minutes later this account no longer worked (invalid password) with
FTP , but
sometimes worked with telnet (but not always).
..the su - account gives "cannot set groups" and exits
..the /var/log/messages contains pam messages indicating that some files
are world
readable/writable (securetty , ftpusers,shells).
..oracle executable has 777 protection instead of 6751
..Investigating shows that all /etc files are 777 protection , /bin/su no
longer has
suid attribute
..we reset file protections to what it shouls be (/etc ..., /bin/su, oracle)
..system works OK
..15 minutes later : the file protections are reset to 777
..Active processes seen "normal" , no special cron's,
..bashrc,bashrc,.bash-profile
seem OK, the rc.d xxx contains no recent files
What we did:
..disconnect the router from dsl line (it seems there remains other routers
on the LAN)
..change root password
Other information (not related , but ...) this server was installed in
september and
replaced an older one. The new one has thes same IP@ than the old one ,
which has a new
address. Could "something" in the old server run with old IP address and
do "things" on
the new one. We just changed IP@ in hosts and sysconfig/network...
Thanks for any idea about the cause and remedy....
--
J.Bratières
Enlever paspub pour répondre
Please remove paspub when answering
|
|