Hi All! We have recently started getting a couple of new incidents that I cannot explain. They are appearing on two Solaris 9.2 machines that are in a 3.0 cluster, running Server Sensor 7.0 XPU 22.29.
The first event is Changes_to_important_files and the file name is always something liek this: /dev/rdsk/dev/rdsk/c2t41d0s2. First, the fact that "/dev/rdsk/" is doubled bothers me. Second, why would this device be changing? From the event details, I cannot determine what was changed. The next event is Failed_change_of_important_files with file names like /dev/dsk/c2t42d0. Here the directory is not doubled, but again I cannot figure why someone/something was trying to change this device. We have not changed anything in the auditing, but is it possible that the default settings have been changed and more is being audited? Any info would be greatly appreaciated. Regards, James Mohr Systembetrieb ____________________________________________________ ELAXY Business Solution & Services GmbH & Co. KG. Am Hofbräuhaus 1 96450 Coburg Germany Fon +49 (0) 95 61.55 43.0 Fax +49 (0) 95 61.55 43.302 E-Mail: [EMAIL PROTECTED] --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
