Or hey.... RPC is always a popular crack. It might be that someone has broken in via an RPC exploit. (You start it up again, they break in again and it crashes them to a remote root prompt. You start it up again, and they break in again). Remember that one with Redhat 6.2 (remote root via RPC). Check the exploit lists and see if there is an exploit for RPC on Solaris 2.7. Consider TCP wrappers too.... /etc/hosts.allow /etc/hosts.deny, or xinit.d if you have the time to install and set it up. cheers, sach On Sat, 1 Sep 2001, tack wrote: > Looks like your machines had a falling out with each other. What do you > know of in your configuration that would cause NIS to not pass > authorization/authentication between machines? Any new binaries? IDS? > > tack > > On 31 Aug 2001, John Hunter wrote: > > > > > We are using solaris 2.7 as a yp server. Last night when trying to > > add a new user I got an RPC error message 'Create clnt failure: RPC: > > Program not registered'. I did '/etc/init.d/rpc stop' then 'start' > > and this seemed to fix the new user problem. > > > > This morning it appears that the mail server is down. I found the > > following in /var/log/syslog > > > > Aug 31 07:31:03 ace.bsd.uchicago.edu sendmail[4480]: NOQUEUE: SYSERR(root): Cann > > ot bind to map mail.aliases in domain dream: can't communicate with rpcbind: No > > such file or directory > > > > Any thoughts about what I need to do to revive this sucker? > > > > But wait! How can I read the responses if my mail server is down. > > Catch 22! > > > > thanks, > > John Hunter > > > > -- /* Sach Jobb Sugoi Consulting 1177 Polk Street San Francisco, CA 94109 415.345.8872 (w) 415.345.8871 (f) 415.559.5483 (c) [EMAIL PROTECTED] %s/windows/linux/g */ "When I am working on a problem I never think about beauty. I only think about how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -- Buckminster Fuller (1895-1983)
