runaway wtmp and setuid on my cluster
both of the above files are filling up at amazing rates: dozens of
megabytes per day. the wtmp seems to be filled with login attempts from
tty 1-6. the setuid has entries from every device in /dev/ in order.
-rw-r----- 1 root adm 466257 Nov 12 06:30 setuid.today
-rw-r----- 1 root adm 2059982 Oct 8 06:26 setuid.yesterday
-rw-rw-r-- 1 root utmp 2143104 Nov 17 2002 wtmp
-rw-rw-r-- 1 root utmp 14795136 Nov 17 06:26 wtmp.1
the other log files seem normal.
these machines are in a diskless cluster, with root mounted nfs.
i discovered this when they filled up the disk of the nfs server node.
there are about 13 nodes, each a dual pii 333 and one with quad xeons.
they all run the same copy of linux with their own root nodes.
there is so much specific information i could give, that i have no idea
where to start. i'd be so thankful for a clue...
Dave Mallery, K5EN (debian testing & woody)
PO Box 520 .~. _ Ramah, NM 87321
no gates... /( )\ /\\ running Debian GNU/Linux
no windows! ^^^^^ _\_v free at last!