HPE Community
Operating System - HP-UX
1834315 Members
2032 Online
110066 Solutions
New Discussion

Re: HP Configuration

 
navin
Super Advisor

‎02-17-2007 03:40 PM

‎02-17-2007 03:40 PM

HP Configuration

Hi,
I have a HP server ,most of the etc configuration files had changed suddenly over night.Could not collect messages of the console during the incident.log files were mt since syslog was not running on the particular incident .What could have caused this .Any body had this kind of incident.
thanks in advance for any useful info.
Learning ...
0 Kudos
Reply
8 REPLIES 8
A. Clay Stephenson
Acclaimed Contributor

‎02-17-2007 03:51 PM

‎02-17-2007 03:51 PM

Re: HP Configuration

"most of the etc configuration files" is not very specific. Changed? How, specifically. Which files? Specifically.

In any event there is no inherent facility to do what you seem to be describing. What I would look for is when the machine was lasted booted. You may not be running on the boot disk (and hence, /etc) that you think you are running on. The only other thing that might cause something like you describe is a very long running swinstall or swupdate that just happened to finish or was triggered as a result of a reboot. Of course, don't overlook human intervention (intentional or otherwise) --- possibly a restore from backup operation.

Now, why was syslogd not running? That does sound extremely suspicious --- or a filesystem may be nearing to filling up.
If it ain't broke, I can fix that.
0 Kudos
Reply
navin
Super Advisor

‎02-17-2007 04:01 PM

‎02-17-2007 04:01 PM

Re: HP Configuration

Thanks so much for the reply.That was very good point.But system has rebooted so many after the update.
The files that changed are dns resolv file,internet daemon file,passwd and switch files and syslogd conf file.
Thanks
Learning ...
0 Kudos
Reply
Raj D.
Honored Contributor

‎02-17-2007 04:33 PM

‎02-17-2007 04:33 PM

Re: HP Configuration

Navin,

well passwd file usually dont get change if you install any software apart from it may adds some more user, but dont remove anything, though certain software changes cron and your old crontab disappears, so you need to have old configutaios you can restore those files from.

Check exactly what are the things have changed from the reboot, and then you can take a decission to correct them. /etc/resolv.conf and /etc/nsswitch.conf can be rebuild if you have name servers informations. Or can be copied from a similar system on the network.

hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
D Block 2
Respected Contributor

‎02-17-2007 04:37 PM

‎02-17-2007 04:37 PM

Re: HP Configuration

Navin- what Update ?

Was there a new Haredware or Sofware Path Install ?

It could be, that someone else has changed or updated the /etc files ?

Please let us know if you need anyhelp w/ security or Audit logs.
Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Reply
navin
Super Advisor

‎02-17-2007 04:47 PM

‎02-17-2007 04:47 PM

Re: HP Configuration

Raj and Tom ,
Thanks so much for the reply.I really appreciate it.

I meant the swupdate.The system was upgraded couple of months ago with swupdate command.

But may need help on security or the audit log.
thanks


Learning ...
0 Kudos
Reply
Raj D.
Honored Contributor

‎02-17-2007 05:01 PM

‎02-17-2007 05:01 PM

Re: HP Configuration

Navin,
which os version are you using, and exactly what command you used during update.

Here is a document for hp-ux security:

http://www.nortel.com/solutions/securenet/collateral/hp-ux_hardening_guide_v1.pdf

cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Raj D.
Honored Contributor

‎02-17-2007 05:04 PM

‎02-17-2007 05:04 PM

Re: HP Configuration

Navin(again),

Also check the while paper on security, may help you to understand basic/advanced security env,

http://www.nasi.com/pdfs/hp-ux_security_whitepaper.pdf

cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎02-18-2007 09:37 AM

‎02-18-2007 09:37 AM

Re: HP Configuration

swupdate?

There is no such command in HP-UX. Did you mean swinstall? If so, that command is meaningless without a list of patches or a patch bundle. Even so, no patches will change the /etc directory. If there are new versions of the config files (such as sendmail.cf), the patch will NOT replace your old config file. So it is unlikely swinstall changed anything in the /etc directories.

If instead of swupdate, you meant update-ux then yes, I would expect a lot of things to change, mostly for the worse. That's because updating HP-UX to a different version (in general) is very seldom successful.

There is a single command that will cause the problems that you describe:

cp -r /usr/newconfig/etc /etc

The problem you describe is a root user problem. Nothing in HP-UX will ever do this.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.