Re: /var/log/setuid.today wierdness in cluster
thanks much for the answer. i was able to eliminate the setuid logging
via the conf file.
the problem with wtmp is that it shows (without a decoder ring) that
there are thousands of logins per day on tty1 thru 6. that's odd on a
cluster node on a private network behind a server behind a firewall.
also no node has a keyboard! i can eliminate the file, but what is
causing these login records??? this is happening on most of my 16
nodes. i figure there is a lot of wasted activity. at most, i may log
in every few days via ssh.
so is there a decoder program that can dump the contents of wtmp, or do
i have to write one?? (muttered dave) i think some effort on the cause
here will be worth it.
the cluster nodes are diskless/swapless .5Gb twin pII 333s using
etherboot, dhcp, tftp and kernel nfs. it was once called an
"altacluster" and it was brand new in 1998! it had 64 nodes and worked
at los alamos. i got part of it at an auction. now it thinks about
little green men.
it has been a wonderful learning experience. the last step will be to
burn the etherboot code onto a prom so i can ditch the floppies!
thanks again, joey
dave
On Thu, Nov 21, 2002 at 12:12:26PM -0500, Joey Hess wrote:
> dave mallery wrote:
> > tens of thousands of entries running thru the /dev directory. these
> > nodes develop 20+mb files per day.
> >
> > i can't find documentation on what program writes these files. man
> > setuid only documents the library call.
>
> It's generated by the checksecurity program. You might want to read its
> man page and edit /etc/checksecurity.conf.
>
> The filename is a bit of a misnomer, as it is intended to report on
> changes of device file permissions, as such changes can be security
> risks.
>
> --
> see shy jo
--
Dave Mallery, K5EN (debian testing & woody)
PO Box 520 .~. _ Ramah, NM 87321
/V\ -o)
no gates... /( )\ /\\ running Debian GNU/Linux
no windows! ^^^^^ _\_v free at last!
Reply to: