There is nothing wrong with your server. Unix allows users to create completely crazy file and directory names. Now this can happen with a touch command or vi or a bad script. To see the actual characters decoded, use ll -b. As far as I can tell, all of the gatrbage files are zero length and were created at exactly the same time. Since this is the / directory and NO ONE except root can create files and directories in /, you may have a root user problem.
Cleanup procedure:
1. CHANGE THE ROOT PASSWORD. Do not give it to anyone that is not properly trained.
2. Run logins -d to see if you have hackers with UID=0 logins or if someone has decided to give ordinary users root privileges. Disable those accounts immediately and then discuss alternatives such as sudo.
3. MOVE the home directory for root! It should NEVER be in / (even though HP and Sun and other Unix flavors default to /). It is a terrible security and stability risk to have root's HOME in /. (just think what happens with rm -rf *)
4. SET ROOT's umask!!!! All the garbage files have 666 permissions and there are several directories with 777 permission---very bad practice. Root's umask should be 077 or at the very least 022. Root should have to make a conscious decision to change the permissions on newlt created files and directories. Inconvenient? You are correct. Safe and secure? Of course. umask=0 is also a default for many flavors of Unix--just plain bad.
5. .rhosts is 777 - very, very bad. Anyone on your computer can read it and trash it. .rhosts MUST be 600. It is not executable and should not have write-bits set.
6. /home is 777 which means that any user on the system can trash any other user's personal directories (rename, remove, etc). /home must be 755, owned by root. The permission and ownership strongly suggest that people from the SAP or Oracle team were tryring to fix some sort of permission problem and used their Unix For Dummies book to set everything to 777 (which didn't help, but they left it anyway)
7. Oh, the garbage files...use ll -b to list the files without showing the special chars. Then alias the rm command to rm -i as in:
alias rm="/usr/bin/rm -i"
and then use filename matching to find the files. For instance, if there are severl 3 character filenames, use:
rm /???
which will then ask you for confirmation to remove the file (y or n). Now you'll get matches for /net and /hel, etc but just answer n to the files you want to keep. Repeat for longer names. In some cases, you'll have to use something like:
rm /*4*
for those longer names.
Now look at the last command to see who was logged in as root Jul 1, just before 11:49. Look at sulog too. Those filenames were created automatically by some script or command.
Bill Hassell, sysadmin
