https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078496#M14232 <P>Greetings,</P><P>I am not sure what version of HP-UX is being used on this server "<SPAN>sdbmblv2" but you are absolutely right in saying that the user "oracle" rebooted the server twice (per shutdownlog).</SPAN></P><P>An excerpt from the man page of reboot (1M)</P><P>At shutdown time a message is written in the file</P><P>/etc/shutdownlog</P><P>(if it exists), containing the time of shutdown, who ran reboot, and<BR />the reason.</P><P>Only users with appropriate privileges can run the reboot command.</P><P>Please take note of the last time. Also, per man page of&nbsp;privileges (5), under "Privileges for System Calls"</P><P>reboot() PRIV_REBOOT</P><P>So, the user definitely seem to have the privileges.&nbsp;</P><P>There was a potential security vulnerablity identified on HP-UX 11.11 and older versions in which local user could increase privileges. The fix was available in -&nbsp;<SPAN>PHCO_30402</SPAN></P><P>I don't think there is any such vulnerability on later versions though.&nbsp;</P><P>You may want to login as this user "<SPAN>oracle" and check it.&nbsp; Also, check if this user is part of any privileged group.</SPAN></P> Tue, 29 Jun 2021 07:20:07 GMT KishJ 2021-06-29T07:20:07Z https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078398#M14230 <P>Dear Concern,</P><P>Our system is running on HP-UX 11.31 system. System rebooted last two days few time and from below log, we have found below entries.&nbsp;</P><P># cat /etc/shutdownlog</P><P>12:35 Thu Feb 6, 2020. Reboot: (by sdbmblv2!oracle)<BR />12:08 Fri Feb 7, 2020. Reboot: (by sdbmblv2!oracle)&nbsp;&nbsp;</P><P>As per my understanding, these entries mean "oracle" user reboot the system twice. My query is can "oracle" user reboot the system as it is only a normal user not superuser priviledge?</P><P>With Best Regards,</P><P>Kauser</P><P>&nbsp;</P> Sat, 08 Feb 2020 05:02:59 GMT https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078398#M14230 Kauser 2020-02-08T05:02:59Z https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078403#M14231 <P>Dear Concern,</P><P>In addition to above post, we've found no entries in /etc/shutdown.allow file.</P><P>Best Regards,</P><P>Kauser</P> Sat, 08 Feb 2020 05:53:49 GMT https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078403#M14231 Kauser 2020-02-08T05:53:49Z https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078496#M14232 <P>Greetings,</P><P>I am not sure what version of HP-UX is being used on this server "<SPAN>sdbmblv2" but you are absolutely right in saying that the user "oracle" rebooted the server twice (per shutdownlog).</SPAN></P><P>An excerpt from the man page of reboot (1M)</P><P>At shutdown time a message is written in the file</P><P>/etc/shutdownlog</P><P>(if it exists), containing the time of shutdown, who ran reboot, and<BR />the reason.</P><P>Only users with appropriate privileges can run the reboot command.</P><P>Please take note of the last time. Also, per man page of&nbsp;privileges (5), under "Privileges for System Calls"</P><P>reboot() PRIV_REBOOT</P><P>So, the user definitely seem to have the privileges.&nbsp;</P><P>There was a potential security vulnerablity identified on HP-UX 11.11 and older versions in which local user could increase privileges. The fix was available in -&nbsp;<SPAN>PHCO_30402</SPAN></P><P>I don't think there is any such vulnerability on later versions though.&nbsp;</P><P>You may want to login as this user "<SPAN>oracle" and check it.&nbsp; Also, check if this user is part of any privileged group.</SPAN></P> Tue, 29 Jun 2021 07:20:07 GMT https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078496#M14232 KishJ 2021-06-29T07:20:07Z https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078499#M14233 <P>Hello again,</P><P>You may also want to check through the documentation :HP-UX System Administrator's Guide:Security Management HP-UX 11i Version 3" -&nbsp;<A href="https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&amp;docId=c01944073" target="_blank">https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&amp;docId=c01944073</A></P> Mon, 10 Feb 2020 09:29:49 GMT https://community.hpe.com/t5/integrity-servers/sudden-system-reboot-issue/m-p/7078499#M14233 KishJ 2020-02-10T09:29:49Z