runaway wtmp and setuid on my cluster

To: Debian UserList <debian-user@lists.debian.org>
Subject: runaway wtmp and setuid on my cluster
From: dave mallery <dmallery@cia-g.com>
Date: Sun, 17 Nov 2002 09:57:55 -0700
Message-id: <[🔎] 20021117165755.GA18985@bilbo>

hi

both of the above files are filling up at amazing rates:  dozens of 
megabytes per day.  the wtmp seems to be filled with login attempts from 
tty 1-6.  the setuid has entries from every device in /dev/ in order.

-rw-r-----    1 root     adm        466257 Nov 12 06:30 setuid.today
-rw-r-----    1 root     adm       2059982 Oct  8 06:26 setuid.yesterday
...
-rw-rw-r--    1 root     utmp      2143104 Nov 17  2002 wtmp
-rw-rw-r--    1 root     utmp     14795136 Nov 17 06:26 wtmp.1

the other log files seem normal.

these machines are in a diskless cluster, with root mounted nfs.
i discovered this when they filled up the disk of the nfs server node.
there are about 13 nodes, each a dual pii 333 and one with quad xeons.
they all run the same copy of linux with their own root nodes.

there is so much specific information i could give, that i have no idea 
where to start.  i'd be so thankful for a clue...

thanks 

dave
-- 
Dave Mallery, K5EN          (debian testing & woody)  
PO Box 520         .~.    _      Ramah,  NM  87321     
                   /V\   -o)
no gates...       /( )\  /\\     running Debian GNU/Linux
  no windows!     ^^^^^ _\_v        free at last!

Reply to:

Prev by Date: DHCP Kernel Options - where to set?
Next by Date: Gnome2 and SID ?? HOWTO
Previous by thread: Re: DHCP Kernel Options - where to set?
Next by thread: Gnome2 and SID ?? HOWTO
Index(es):
- Date
- Thread