HPE Community
Operating System - HP-UX
1825789 Members
2230 Online
109687 Solutions
New Discussion

IDS 9000 /var/rbootd warning

 
SOLVED
Go to solution
Ron Levy
Advisor

‎08-31-2005 05:18 AM

‎08-31-2005 05:18 AM

IDS 9000 /var/rbootd warning

I received a couple hundred warnings from IDS 9000 to the effect of:

User 0 changed permissions on "/var/rbootd/C065bed10a8.reply" owned by UID:1 executing UNKNOWN with arguments UNKNOWN as PID:UNKNOWN

All within a minute, and then it stopped. Both my HP systems showed the same error.

Having asked our network people, nothing they could immediately think of was booting or searching for a bootp at the time.

Is this something to worry about? What should I be looking for to track this down? I have never seen it before.
0 Kudos
Reply
1 REPLY 1
Mel Burslan
Honored Contributor

‎08-31-2005 05:39 AM

‎08-31-2005 05:39 AM

Solution

Re: IDS 9000 /var/rbootd warning

It is strange that your network people told you that nothing they were aware of. If they are logging events, they should have seen a slew of bootp requests in the process.

In the lack of more details, it may be because of someone building a new box or playing with a box setting to make it boot from network without knowing what he/she was doing.

Unless there was an intrusion attack logged by your network/firewall admins around the same time, I would not worry about it too much.
________________________________
UNIX because I majored in cryptology...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.