From: RAnderson@sealy.com
Date: Mon Dec 23 2002 - 16:11:13 EST
We have had a couple of situation where /dev/tty has suddenly lost it's
permissions and the owner and group have changed. Normally this file reads
as:
crw-rw-rw- 1 bin bin 207 0x000000 Dec 23 16:07 tty
but when after the change it is:
c--------- 1 root root 207 0x000000 Dec 23 16:07 tty
At this point in time no one else can log in. I don't want to jump the gun
and say we were hacked but I have no clue why this is happening. It has
happenend three times, twice before or after a reboot and once in the
middle of the day. Can anyone shed some light on this? The system is
trusted and I do have auditing turned on to monitor this (although I don't
think I'll get anywhere with it).
TIA
Ron Anderson
Senior Unix Administrator
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:23 EDT