From: Andrew_Rotramel@cch-lis.com
Date: Thu Sep 19 2002 - 14:35:17 EDT
I have checked google, the FAQ and the archives.
I have a strange one. I have a 5-server network, 3 x E450's and 2 x E250's,
all running Solaris 2.6. They are in an NIS domain with one master and one
slave. We are using automount. The NIS clients have recently started to not
respond to remote connection attemps like telnet, rlogin or rsh, but they
will allow ftp connections. The clients also won't respond to the keyboard,
meaning we can't get through the screen lock, but we can move the mouse
curser. I always have several root xterms open on my desktop box, and they
won't respond either. I have tried ctl-c, ctl-d, ctl-z, and stop A with no
success. The clients never report any NIS or NFS connection or server
problems.
Some things the clients will do is continue doing their job, like running
Oracle, serving web pages, sharing drives via Samba, etc.. And we can do
things like "rsh server uptime" and get a response. I have the Perfmeter
for the clients running both on my desktop and on the consoles, and they
never show any problem. I have an xterms open for each client with vmstat
and sar running continuously, and they don't show any problem. Also, I run
uptime, vmstat and so on every 5 minutes and write the output to a log
file, and don't see any prolems. So, we can't use the keyboard, or log in
or do anything that requires authentication with the exception of ftp, but
everything else seems to be fine.
I would think there was a problem with inetd, but the NIS servers have not
"hung" like this. There is never anything strange in the messages or syslog
files, and I don't have a clue on where to go with this.
It may be coincidence, but I have recently started locking down the servers
by:
turning off almost all services in /etc/services and /etc/inetd.con, I have
running:
ftp, telnet, shell, login, exec, and rstatd/2-4
shutting off the sendmail daemon
shutting off SNMP and changing the public string
setting the TCP_STRONG_ISS variable to 2 in /etc/default/inetinit
restricting all yp commands except yppasswd to root's use only
running NFS on a reserved port by setting this in /etc/system:
nfssrv:nfs_portmon=1
The servers have been rebooted several times while I was doing all the
security stuff. Have I made them secure, even from me? LOL
Any ideas? I will summarize.
Andrew Rotramel
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:58 EDT