- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: can we remove following HP-UX files
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2007 07:06 PM
тАО05-06-2007 07:06 PM
==============
# find / \( -nouser -o -nogroup \) -print
/usr/lib/nls/msg/C/ldd.cat lrwxr-xr-x 1 oracle 191 14 Jan8 2004 ldd.cat -> ./fastbind.cat
/usr/lib/hpux32/libCsup.so
/usr/lib/hpux32/libl.so lrwxr-xr-x 1 oracle 191 11 Jan8 2004 liby.so -> ./liby.so.1
/usr/lib/hpux32/libl_thread.so lrwxr-xr-x 1 oracle 191 18 Jan8 2004 libl_thread.so -> ./libl_thread.so.1
=============
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2007 08:09 PM
тАО05-06-2007 08:09 PM
Re: can we remove following HP-UX files
Some of these files might have been created or linked during the installation of your Oracle software.
Why do you want to remove these files?
kind regards
yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2007 08:13 PM
тАО05-06-2007 08:13 PM
SolutionIf you remove all the files listed in your attachment, at least these things will happen:
- you won't be able to run any PA-RISC binaries (using the Aries emulator), because the PA-RISC versions of some critical libraries will be gone (in /usr/lib/hpux32 and /usr/lib/hpux64).
- as /usr/ccs/bin/cc is gone, anything that uses the "bundled cc" compiler of HP-UX may be in trouble. This includes configuring your kernel!
- removing the listed files from /usr/include/aCC_std will make it impossible to compile most programs. At least C++ programs are affected; maybe even plain C programs.
- you will lose the commands funzip, unzip, unzipsfx, zipgrep and zipinfo and their man pages
- removing /var/adm/crash/crash.2 is not immediately harmful, but you will lose the "crashinfo" tool and its install documentation. If you have this stored elsewhere or won't need it, this is not a problem. The "crashinfo" tool is not mandatory.
There may be more bad effects.
Those files do not look at all Oracle-related. It might be important to find out why the owner and group of those files have been changed like that. Almost all of those files are "sysadmin territory" and are usually changed only by swinstall.
This looks like someone with root privileges may have made a mistake. If this is so, find out what he/she tried to do and ensure that he/she learns what went wrong and how it should have been done.
If the mistake is not found, beware: in theory, this might also be caused by an intruder that was not completely successful in covering his/her tracks.
---------------
The files in /usr/local/bin and /usr/local/man/man1 seem to be owned by root, and the group ID is 1307. This looks like sloppy packages from the HP-UX Porting and Archive Centre. Some of their swinstall depots don't specify the group of files to be installed, so the group number is inherited from the system that was used in creating the depot. If the newest version of this package in the Porting Archive still has this problem, it might be useful to contact the author of the package and politely request them to fix their package so that it sets the correct group ownership.
Because the group does not have any more permissions than "all others" (i.e. no group write permissions), it should not cause any significant security problems. Of course, it looks ugly and untidy.
---------------
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2007 08:18 PM
тАО05-06-2007 08:18 PM
Re: can we remove following HP-UX files
Audit team proposed for remove orphaned file from system.
We are using following command for fined orphaned files from system
# find / \( -nouser -o -nogroup \) -print
Please help us how we solve the issue without remove the files?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2007 08:47 PM
тАО05-06-2007 08:47 PM
Re: can we remove following HP-UX files
191 is the group id that no longer exist!
you may wish to check your /etc/group
it can also be that a particular group ID has been changed.
Beware that this does not automatically imply that the file is no longer in use!!
kind regards
yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2007 10:57 PM
тАО05-06-2007 10:57 PM
Re: can we remove following HP-UX files
The ownership of a link is mostly a cosmetic thing: when accessing a file through a symbolic link, the permissions and ownership of the link is _ignored_: only the actual file's permissions and ownership have meaning. So the security effect of a strange group/ownership is minimal, probably no effect at all.
For all the listed files in /usr/lib and /usr/include, the correct group is most likely "bin".
Wait... I just noticed a strange thing.
Just now, I got access to a HP-UX 11.23 (BUNDLE11i is September 2004 version, QPKBASE & QPKAPPS are March 2006). I tried to check what the user & group of those files should be.
I noticed that _all_ those files in /usr/lib and /usr/include you listed are symbolic links, and all have group 191 in my server too!
The owner of the files on my server is "iwww", which is different from your case... but the UID number of "iwww" in my server is 103. I'm guessing that in your server, the user "oracle" has UID 103. Am I correct? (run "id oracle" to check)
This might actually be a bug in HP-UX 11.23 installation system: open a support call to HP to see if this is a known bug.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-07-2007 07:27 AM
тАО05-07-2007 07:27 AM
Re: can we remove following HP-UX files
If you remove those .so files, you will not be able to link any applications to those shlibs.
>Matti: you won't be able to run any PA-RISC binaries (using the Aries emulator), because the PA-RISC versions of some critical libraries will be gone (in /usr/lib/hpux32 and /usr/lib/hpux64).
I'm not sure how that could happen. PA libs aren't in hpux##/.
>This includes configuring your kernel!
The kernel no longer uses cc_bundled.
>- removing the listed files from /usr/include/aCC_std will make it impossible to compile most programs. At least C++ programs are affected; maybe even plain C programs.
C doesn't use these C++ headers. aC++ user the headers in /opt/aCC/include*/.
>It might be important to find out why the owner and group of those files have been changed like that.
I don't know about all of the files you mentioned but any with 191 are due to a manufacturing error and are fixed on 11.31.
>yogeeraj: 191 is the group id that no longer exist!
(It exits on my system. ;-)
>Matti: Some of the listed files are actually symbolic links. ... So the security effect of a strange group/ownership is minimal, probably no effect at all.
Right.
>For all the listed files in /usr/lib and /usr/include, the correct group is most likely "bin".
Yes.
>I noticed that _all_ those files in /usr/lib and /usr/include you listed are symbolic links, and all have group 191 in my server too!
Yes.
>the UID number of "iwww" in my server is 103. I'm guessing that in your server, the user "oracle" has UID 103.
Yes, 103:191 are the IDs we use to manufacture software.
>This might actually be a bug in HP-UX 11.23 installation system: open a support call to HP to see if this is a known bug.
Well, I've heard of the issue several weeks ago. I don't know if the Response Center has heard about it, so go ahead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-07-2007 07:40 PM
тАО05-07-2007 07:40 PM
Re: can we remove following HP-UX files
I was thinking about the need to have both 32- and 64-bit libraries for PA-RISC emulation and yet another set for native programs. Then I obviously got confused :-(
Nice to see that the root cause is confirmed.
I'll examine our 11.23 ia64 servers a bit more, and will try to write a quick fix for this (otherwise, we will also eventually have some confused system auditors to worry about). Probably something like this:
find /usr/lib /usr/include -xdev -type l -user 103 -group 191 -print | xargs
That's assuming those conditions are specific enough to pick exactly the symlinks affected by this particular problem: that could be verified by putting "ll -d" in place of the
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-08-2007 01:06 AM
тАО05-08-2007 01:06 AM
Re: can we remove following HP-UX files
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-08-2007 04:04 AM
тАО05-08-2007 04:04 AM
Re: can we remove following HP-UX files
A quick check on our 11.23 ia64 showed exactly the same.
Dennis > Yes, 103:191 are the IDs we use to manufacture software.
Wouldn't it be advisable to either:
- define this UID/GID in /etc/passwd and /etc/group
- change the owner/group during swinstall
Should all files be owned by bin:bin ?
My list of files attached.
/Tor-Arne