root access locked up

Dummy_Guy · ‎05-14-2009

Hi,
Last year I had I upgrade from 11.11 version to 11.23 version. And ever since the system having some kind of problem with System Fault Management.

In some occassion, my root access will be locked up and I have to release it via console.

When I checked detail on how it happen, I saw:
/var/adm/sulog
SU 02/24 13:28 + tty?? root-sfmdb
SU 02/24 13:28 + tty?? root-sfmdb
SU 02/24 13:43 + tty?? root-sfmdb
SU 02/24 13:43 + tty?? root-sfmdb
SU 02/24 13:58 + tty?? root-sfmdb
SU 02/24 13:58 + tty?? root-sfmdb
....
It looks like it repeat every 15 mins and attempt twice each time.

In lastb root I see:
# lastb root |more
root console Sun Apr 26 19:41
root ssh:notty Fri Apr 24 16:06
root ssh:notty Fri Apr 24 16:06
root ssh:notty Fri Apr 24 16:06
root ssh:notty Fri Apr 24 16:06
root ssh:notty Fri Apr 24 16:06
root ssh:notty Fri Apr 24 16:06
root ssh:notty Fri Apr 24 16:05
root ssh:notty Fri Apr 24 16:04
root ssh:notty Fri Apr 24 16:04
root ssh:notty Fri Apr 24 16:04
root ssh:notty Fri Apr 24 16:04
root ssh:notty Fri Apr 24 13:30
root ssh:notty Fri Apr 24 13:30
root ssh:notty Fri Apr 24 13:30
root ssh:notty Fri Apr 24 13:30

I already have remove disable direct root access.
# more /etc/securetty
console

For a while I thought the problem may becasue the upgrade wasn't done properly.

But, when I checked my DR server that is install from fresh. It has same problem...

I wonder why?? Can anyone give me some advice or solution?

Thanks Guys...

Tingli · ‎05-14-2009

SU 02/24 13:28 + tty?? root-sfmdb

seems like that root runs sfmdb jobs. More likely a crontab job twice a day.

root ssh:notty Fri Apr 24 16:06

Is it possible that some outsiders tries to ssh (or maybe scp) to root?

Dummy_Guy · ‎05-14-2009

Yes, I have cron job running every 15 mins and send screen alter message to some user. Business purposes...
Not sure that is the case... but very likely...

Sorry I haven't add full information. After I uninstall System Fault Management, the message doesn't appears...

So should I reinstall System Fault Managment? and
where can I get the software back?
How do I avoid the message come back again?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

root access locked up

root access locked up

Re: root access locked up

Re: root access locked up