/var/log/setuid.today wierdness in cluster
hi
my normal /var/log/setuid.today is full of entries that refer to
programs supposedly doing an suid:
32045 2755 1 root tty 9112 Sun Jan 27 00:05:55
2002 /usr/bin/wall
32055 2755 1 root shadow 32104 Sun Apr 7 09:59:04
2002 /usr/bin/chage
32056 4755 1 root root 25864 Sun Apr 7 09:59:04
2002 /usr/bin/chfn
32057 4755 1 root root 23944 Sun Apr 7 09:59:04
2002 /usr/bin/chsh
32058 2755 1 root shadow 16040 Sun Apr 7 09:59:04
2002 /usr/bin/expiry
32059 4755 1 root root 33064 Sun Apr 7 09:59:04
many of my cluster nodes have this instead:
184 660 1 root disk 0 Mon Oct 7 10:55:19 2002
/dev/loop6
185 660 1 root disk 0 Mon Oct 7 10:55:20
2002 /dev/loop7
186 600 1 root tty 0 Mon Oct 7 10:55:20
2002 /dev/tty0
187 600 1 root tty 0 Mon Oct 7 10:55:20
2002 /dev/console
189 660 1 root video 0 Mon Oct 7 10:55:20
2002 /dev/agpgart
194 660 1 root dip 0 Mon Oct 7 10:56:29
2002 /dev/ppp
200 660 1 root disk 0 Thu Mar 14 14:51:02
2002 /dev/hda1
201 660 1 root floppy 0 Thu Mar 14 14:56:54
2002 /dev/fd0
202 660 1 root floppy 0 Thu Mar 14 14:56:54
2002 /dev/fd0h1200
203 660 1 root floppy 0 Thu Mar 14 14:56:54
2002 /dev/fd0d360
tens of thousands of entries running thru the /dev directory. these
nodes develop 20+mb files per day.
i can't find documentation on what program writes these files. man
setuid only documents the library call.
if someone could please point me in the right direction....
thanks in advance
dave
--
Dave Mallery, K5EN (debian testing & woody)
PO Box 520 .~. _ Ramah, NM 87321
/V\ -o)
no gates... /( )\ /\\ running Debian GNU/Linux
no windows! ^^^^^ _\_v free at last!
Reply to: