It's from Netbackup -----Original Message----- From: Birl [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: Re: Strange files found on Solaris8
Jiang: Date: Wed, 9 Jul 2003 15:27:11 +0800 Jiang: From: Jiang Peng <[EMAIL PROTECTED]> Jiang: To: [EMAIL PROTECTED] Jiang: Subject: Strange files found on Solaris8 Jiang: Jiang: Hi All, Jiang: Jiang: I just found some strange files under Root directory of my Solaris 8. Jiang: Jiang: the files are named as: .SeCuRiTy.0, .SeCuRiTy.1, ..... until .SeCuRiTy.68. Jiang: Following are part of the output of command: ls -al Jiang: Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.0 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.1 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.10 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.11 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.12 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.13 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.14 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.15 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.16 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.17 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.18 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.19 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.2 Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.20 Jiang: .............. Jiang: Jiang: Does anyone know what these files for? I googled the internet, but found no Jiang: clues. Jiang: This server is runnin an internet DNS server. Jiang: What I am worrying about is if someone broke into my system. Jiang: Can anyone point me a right way to analysis these files? what kind of log Jiang: files I need pay attention to? Jiang: Jiang: thank you, Jiang: Peng Doesnt sound good. If you suspect that you've been cracked, I would pull the Ethernet cable out of the computer immediately. Since your question is Solaris-related, have you try posting to SunManagers? I cant say I saw this on that list. Have you ran 'file' against it? If it isnt binary, try 'cat'ing it. Have 'lsof' installed? See what program has it open. HTH Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------