HPE Community
Operating System - HP-UX
1833016 Members
2310 Online
110048 Solutions
New Discussion

Re: mysql leds the /var full

 
Achilles_2
Regular Advisor

‎01-19-2008 12:02 PM

‎01-19-2008 12:02 PM

mysql leds the /var full

When I started mysql server everytime, both "/var/adm/wtmps" & "/var/adm/wtmps" & "/var/adm/btmps" files" files become increasing. How can I avoid it, cos it will make the /var parition full.

Thanks
0 Kudos
Reply
9 REPLIES 9
Bill Hassell
Honored Contributor

‎01-19-2008 01:05 PM

‎01-19-2008 01:05 PM

Re: mysql leds the /var full

/var/adm is where almost every logfile is stored and these logfiles will grow in size every day. That's why you must monitor the logfiles by first reading them to determine if you have a problem (and then fix the problem), then truncate the logfiles once you have read the messages. /var will fill up on every Unix system unless you take action -- not just logfiles but email and printer files and so on. This is part of your daily duties as a sysadmin. Most sysadmins write scripts to monitor logfiles and mountpoint sizes.


Bill Hassell, sysadmin
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎01-19-2008 02:26 PM

‎01-19-2008 02:26 PM

Re: mysql leds the /var full

1) /var/adm/wtmp is the repository for the 'last' command. So this is likely related to user login problems. Has anybody been complaining?

/var/adm/wtmp is not a file that can be easily reduced without corruption. Have you done anything like ' vi /var/adm/wtmp'? If your output from 'last' command looks messed up then /var/adm/wtmp is corrupt. So 'null' this file with '>/var/adm/btmp' and go through SAM to trim this file in the future. Refer to basic administrator commands in SAM.


2) /var/adm/btmp records bad logins and is used with the 'lastb' command. Same rules from 1) apply here.

3) Run this commands, get the errors, paste them in a response.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-19-2008 04:08 PM

‎01-19-2008 04:08 PM

Re: mysql leds the /var full

>Michael: 1) /var/adm/wtmp is the repository for the 'last' command. So this is likely related to user login problems.

The problems are logged in btmps that you mentioned in 2).

>/var/adm/wtmp is not a file that can be easily reduced without corruption.

You can use fwtmp(1M) to convert the files to an ascii format that you can edit.

>3) Run this commands, get the errors, paste them in a response.

Were you suggesting running last(1) and lastb(1)?
Note the latter may have passwords, so only a highly edited form should be added to this thread. See:
http://docs.hp.com/en/B2355-60130/last.1.html
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎01-19-2008 04:30 PM

‎01-19-2008 04:30 PM

Re: mysql leds the /var full

Dennis, . . .

Re: passwords. I have no idea what you are talking about. Logging into other accounts? You don't need a password from root to log into another account. That's what 'su' is for.

Getting into little side shows like this can be very distracting to the author. If you focus on answering the author's questions then you avoid this problem.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-19-2008 04:53 PM

‎01-19-2008 04:53 PM

Re: mysql leds the /var full

>Michael: Re: passwords. I have no idea what you are talking about. Logging into other accounts?

Read the lastb(1) warning about possible passwords.

>If you focus on answering the author's questions

I was warning about posting the contents of btmps vs your suggestion of errors.
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎01-19-2008 05:13 PM

‎01-19-2008 05:13 PM

Re: mysql leds the /var full

Dennis:

I've never seen any lastb report display a password. And is so then the author can easily filter out this information. So what's up?

Got a link to a real life example?

(* Practically speaking I think this is a dead end and the side show stopped. *)
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-19-2008 05:51 PM

‎01-19-2008 05:51 PM

Re: mysql leds the /var full

Actually, btmp is a security risk. It has to do with busy users that don't pay attention to the actual prompt and start typing on automatic. I'm sure every one of us has at one time typed the username where the prompt said Password? and typed your password where the prompt said: login:

The problem is that the password you accidentally typed at the login prompt was recorded in btmp. A hacker then compares last and lastb and looks for a correct login right after a bad login with a user name that suspiciously looks like a password. Thus, /var/adm/btmp must be kept at 600 permission, owned by root. This keeps the lastb command from reporting possible passwords.


Bill Hassell, sysadmin
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-20-2008 12:56 AM

‎01-20-2008 12:56 AM

Re: mysql leds the /var full

>Bill: Actually, btmp is a security risk. ... I'm sure every one of us has at one time ... typed your password where the prompt said: login:

Exactly. That was why I reporting the warning in the man page.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-20-2008 12:07 PM

‎01-20-2008 12:07 PM

Re: mysql leds the /var full

Hi:

>Bill: I'm sure every one of us has at one time typed the username where the prompt said Password? and typed your password where the prompt said: login:

>Bill: The problem is that the password you accidentally typed at the login prompt was recorded in btmp.

Very true. I've done it too. Dennis was on-the-mark pointing out that '/var/adm/btmps' should be carefully managed and not made generally available for inspection, exactly as the manpages note, too.

>Michael: You don't need a password from root to log into another account. That's what 'su' is for.

True, of course, but both the success or failure of any transition is recorded in '/var/adm/sulog' --- yet another log in '/var'.

Regards!

...JRF...

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.