HPE Community
Operating System - OpenVMS
1752790 Members
6261 Online
108789 Solutions
New Discussion юеВ

PIPE files

 
Wim Van den Wyngaert
Honored Contributor

тАО01-08-2007 06:17 PM

тАО01-08-2007 06:17 PM

PIPE files

On many but not all of my nodes I find the file sys$manager:pipe_'node'.com. This on 6.2 and 7.3. Creation rate between 1 and 10 over 4 years.

In it is "ucx show interface". On the system with SSH installed I find in it "multinet show/config" (not on all systems with multinet installed !).

Who/what is creating this file ? I did a search for pipe_ in *.com and *tcp*.exe without success.

Wim
Wim
0 Kudos
10 REPLIES 10
Karl Rohwedder
Honored Contributor

тАО01-08-2007 11:11 PM

тАО01-08-2007 11:11 PM

Re: PIPE files

Wim,

perhaps from one of the pipe-emulation procedures/programs, that floated around before the PIPE function was implemented in VMS.

regards Kalle
0 Kudos
Hein van den Heuvel
Honored Contributor

тАО01-08-2007 11:39 PM

тАО01-08-2007 11:39 PM

Re: PIPE files

Yeah, quite possibly a helper file.

What is in the file?
Readable/Recognizable?
Start with $dump/recor=count=3

I guess the owner is 'system' and will not help much.

Groetjes,
Hein.
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО01-08-2007 11:40 PM

тАО01-08-2007 11:40 PM

Re: PIPE files

Kalel,

Don't use such stuff over here.

I found that the file is sometimes created while I'm not here (at night).

Wim
Wim
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО01-08-2007 11:40 PM

тАО01-08-2007 11:40 PM

Re: PIPE files

Kalle,

Don't use such stuff over here.

I found that the file is sometimes created while I'm not here (at night).

Wim
Wim
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО01-08-2007 11:42 PM

тАО01-08-2007 11:42 PM

Re: PIPE files

Hein,

As said : it contains "ucx show interface".

It is present on all kind of machines : stations (low %) and servers (high %).

Wim
Wim
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО01-08-2007 11:45 PM

тАО01-08-2007 11:45 PM

Re: PIPE files

Hein : owner is system.
Wim
0 Kudos
EdgarZamora
Trusted Contributor

тАО01-09-2007 12:23 AM

тАО01-09-2007 12:23 AM

Re: PIPE files

I suspect a home-grown procedure is writing that file. Try searching your system disk (and whatever other disks you may be storing system admin command procedures in)for "pipe_" or maybe even "pipe_''node'".

Good luck.

0 Kudos
Jan van den Ende
Honored Contributor

тАО01-09-2007 12:48 AM

тАО01-09-2007 12:48 AM

Re: PIPE files

Wim,

since that file appears in the System Manager home directory, I would begin to feel a little suspicious.
Do you know EVERYBODY that is supposed to be allowed to work there / under the SYSTEM account?
It would have to be someone with SYSPRV (or groupUIC < %O10 ?? brrr ).

Are you sure there is NO way those systems can be probed?

Have you got a recent suspect file, and accounting info for when this file was created?

It may be the famous needle in the haystack, but if I correctly understand your environment, finding that needle DOES warrant some expense. And in the (likely) event that it is innocent after all, you at least will have proven that nothing goes unnoticed....

Happy hunting.

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО01-09-2007 01:30 AM

тАО01-09-2007 01:30 AM

Re: PIPE files

I did a search for "show interface" and "pipe" on all files on the system disk. Nothing.

Started verifying accounting (just before Jan suggested it) and found processes coming from another system. Then I remembered doing something yesterday around the time of the last file.

I have WASD running under the SYSTEM account. I started a CGI script that in turn did a t2t to another node (the one with the pipe_ file). This node executes commands given by the other node (via t2t) and returns the output. To return the output, it directs the output to a temp file (not the pipe_ one).

The command to execute was a script located on yet another node. It generates html system info. And here it used a file pipe_node.com. And didn't clean it up.

Because a multinet command was used, I thought it couldn't be our error. But this code came from the internet ...

Solved. Thx for thinking with me.

Wim



Wim
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.