HPE Community
Operating System - HP-UX
1753831 Members
9339 Online
108806 Solutions
New Discussion юеВ

Re: DTC port incorrectly shows up in 'ps' command

 
SOLVED
Go to solution
Brad Marks
Super Advisor

тАО03-15-2011 08:01 AM

тАО03-15-2011 08:01 AM

DTC port incorrectly shows up in 'ps' command

I have a terminal connected to a DTC and it has become non-responsive. The 'who' command shows that there is no user logged onto that DTC port:
>> who -u|grep d0201
fki[root]:/
>>
But if I look for a process related to that DTC port I get a positive result (see pid 27774)!!!
>> ps -ef|grep d0201
root 27774 1204 0 08:40:15 d0201 0:00 telnetd
root 2910 12021 1 08:57:43 pts/tic 0:00 grep d0201
c.dlc 27775 27774 0 08:40:16 d0201 0:05 /usr/pro5/pro5 -m3072 -c/usr/pro
5/config.bbx PREMEN
fki[root]:/
>>
But, again, the 'who' command shows the correct port:
>> who -u|grep 27775
c.dlc pts/tOd Mar 15 08:40 0:02 27775 dlc.internal.fotokem.com
fki[root]:/
>>

If I kill this process, another process will show up with the 'ps' command as using d0201 when, in fact, it is not.
Does anyone have a clue as to why/how this is happening? I think that because of this 'confusion' the terminal cannont establish a connection to the DTC port.
TIA
Brad
It's not impossible -- it'll just cost more...
0 Kudos
Reply
4 REPLIES 4
Matti_Kurkela
Honored Contributor

тАО03-15-2011 08:48 AM

тАО03-15-2011 08:48 AM

Solution

Re: DTC port incorrectly shows up in 'ps' command

Perhaps your /etc/utmp (and/or /etc/utmps and /etc/utmpx, depending on your HP-UX version) file has been corrupted.

This command should produce a text version of the utmp file as /tmp/utmp.txt:

/usr/sbin/acct/fwtmp < /etc/utmp >/tmp/utmp.txt

You could then locate and remove the corrupted record, and then use the fwtmp command to create a fixed version of /etc/utmp:

/usr/sbin/acct/fwtmp -ic /etc/utmp.fixed

... and then replace the corrupted utmp file with the fixed one.

See "man fwtmp" for more information about the command, and look into /usr/include/utmp.h for more information about the structure of the utmp file.

Look for utmp records associated with PID 27774, and/or with d0201. Ignore records with the type field set to 8 = DEAD_PROCESS.

MK
MK
Reply
Brad Marks
Super Advisor

тАО03-15-2011 09:00 AM

тАО03-15-2011 09:00 AM

Re: DTC port incorrectly shows up in 'ps' command

It is odd that I found no entries in /tmp/utmp.txt for d0201 but found many in /tmp/btmp.txt (after issuing: /usr/sbin/acct/fwtmp < /etc/btmp >/tmp/btmp.txt).

>> grep d0201 utmp.txt
fki[root]:/tmp
>>

Any thoughts?
It's not impossible -- it'll just cost more...
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО03-15-2011 11:44 PM

тАО03-15-2011 11:44 PM

Re: DTC port incorrectly shows up in 'ps' command

What's your HP-UX version?

It might be your /etc/utmp is so corrupted that fwtmp cannot find anything recognizable in it, or your HP-UX version uses the newer /etc/utmpx instead of /etc/utmp (which may still exist for legacy compatibility reasons).

What's the timestamp and size of /etc/utmp?

MK
MK
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО03-16-2011 11:19 AM

тАО03-16-2011 11:19 AM

Re: DTC port incorrectly shows up in 'ps' command

Basically you probably can trust ps(1) but not who(1).
Who is the owner of the d0201 device? Use ll to list the device file.

>the 'who' command shows the correct port:

You know this how?

>but found many in /tmp/btmp.txt

What dates have these bad logins? Is someone hacking into your system?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.