Re: named 9.6.1 Filling wtmp
On 21 Jan 2010, at 7:21 PM, Mark Andrews wrote: In message 6b845b73-065f-4e8b-afa5-408ecdbe7...@govnet.state.vt.us, David Kre indler writes: We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, nam ed is filling /var/adm/wtmp with numerous entries like the following. This is not named (the program). It may be su or some other process that is logging changes in uid. Or it could be someone login in as the user named. Mark user pts/1 pts/1 7 1327240 1264089183 host-NN.domain Thu Jan 21 10: 53:03 EST 2010 named 8 2572472 1264089217Thu Jan 21 10: 53:37 EST 2010 named 8 2572472 1264089217Thu Jan 21 10: 53:37 EST 2010 named 8 2572472 1264089277Thu Jan 21 10: 54:37 EST 2010 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org There is no user 'named' on this system. # su - named 3004-500 User named does not exist. It appears to be the process 'named', but we do not understand what is causing it to be logged in wtmp constantly. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named 9.6.1 Filling wtmp
On 22 Jan 2010, at 7:25 AM, David Kreindler wrote: On 21 Jan 2010, at 7:21 PM, Mark Andrews wrote: In message 6b845b73-065f-4e8b-afa5-408ecdbe7...@govnet.state.vt.us, David Kre indler writes: We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, nam ed is filling /var/adm/wtmp with numerous entries like the following. This is not named (the program). It may be su or some other process that is logging changes in uid. Or it could be someone login in as the user named. Mark user pts/1 pts/1 7 1327240 1264089183 host-NN.domain Thu Jan 21 10: 53:03 EST 2010 named 8 2572472 1264089217Thu Jan 21 10: 53:37 EST 2010 named 8 2572472 1264089217Thu Jan 21 10: 53:37 EST 2010 named 8 1264089277Thu Jan 21 10: 54:37 EST 2010 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org There is no user 'named' on this system. # su - named 3004-500 User named does not exist. It appears to be the process 'named', but we do not understand what is causing it to be logged in wtmp constantly. It looks as though the problem was in the AIX accounting system. Somehow it kept logging PID 2572472 (which did not exist) as a dead process. A restart corrected the problem. We are not sure if the fact that the process appeared to be the BIND daemon (named) was incidental. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named 9.6.1 Filling wtmp
We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, named is filling /var/adm/wtmp with numerous entries like the following. user pts/1 pts/1 7 1327240 1264089183 host-NN.domain Thu Jan 21 10:53:03 EST 2010 named 8 2572472 1264089217Thu Jan 21 10:53:37 EST 2010 named 8 2572472 1264089217Thu Jan 21 10:53:37 EST 2010 named 8 2572472 1264089277Thu Jan 21 10:54:37 EST 2010 named 8 2572472 1264089277Thu Jan 21 10:54:37 EST 2010 named 8 2572472 1264089337Thu Jan 21 10:55:37 EST 2010 named 8 2572472 1264089337Thu Jan 21 10:55:37 EST 2010 named 8 2572472 1264089337Thu Jan 21 10:55:37 EST 2010 named 8 2572472 1264089397Thu Jan 21 10:56:37 EST 2010 named 8 2572472 1264089397Thu Jan 21 10:56:37 EST 2010 named 8 2572472 1264089397Thu Jan 21 10:56:37 EST 2010 named 8 2572472 1264089457Thu Jan 21 10:57:37 EST 2010 named 8 2572472 1264089457Thu Jan 21 10:57:37 EST 2010 named 8 2572472 1264089457Thu Jan 21 10:57:37 EST 2010 named 8 2572472 1264089517Thu Jan 21 10:58:37 EST 2010 named 8 2572472 1264089517Thu Jan 21 10:58:37 EST 2010 named 8 2572472 1264089517Thu Jan 21 10:58:37 EST 2010 named 8 2572472 1264089577Thu Jan 21 10:59:37 EST 2010 named 8 2572472 1264089577Thu Jan 21 10:59:37 EST 2010 named 8 2572472 1264089577Thu Jan 21 10:59:37 EST 2010 named 8 2572472 1264089637Thu Jan 21 11:00:37 EST 2010 named 8 2572472 1264089637Thu Jan 21 11:00:37 EST 2010 named 8 2572472 1264089637Thu Jan 21 11:00:37 EST 2010 named 8 2572472 1264089697Thu Jan 21 11:01:37 EST 2010 named 8 2572472 1264089697Thu Jan 21 11:01:37 EST 2010 named 8 2572472 1264089697Thu Jan 21 11:01:37 EST 2010 named 8 2572472 1264089757Thu Jan 21 11:02:37 EST 2010 named 8 2572472 1264089757Thu Jan 21 11:02:37 EST 2010 named 8 2572472 1264089757Thu Jan 21 11:02:37 EST 2010 named 8 2572472 1264089817Thu Jan 21 11:03:37 EST 2010 named 8 2572472 1264089817Thu Jan 21 11:03:37 EST 2010 named 8 2572472 1264089817Thu Jan 21 11:03:37 EST 2010 named 8 2572472 1264089877Thu Jan 21 11:04:37 EST 2010 named 8 2572472 1264089877Thu Jan 21 11:04:37 EST 2010 named 8 2572472 1264089937Thu Jan 21 11:05:37 EST 2010 named 8 2572472 1264089937Thu Jan 21 11:05:37 EST 2010 What is going on? How do we correct this issue? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named 9.6.1 Filling wtmp
In message 6b845b73-065f-4e8b-afa5-408ecdbe7...@govnet.state.vt.us, David Kre indler writes: We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, nam ed is filling /var/adm/wtmp with numerous entries like the following. This is not named (the program). It may be su or some other process that is logging changes in uid. Or it could be someone login in as the user named. Mark user pts/1 pts/1 7 1327240 1264089183 host-NN.domain Thu Jan 21 10: 53:03 EST 2010 named 8 2572472 1264089217Thu Jan 21 10: 53:37 EST 2010 named 8 2572472 1264089217Thu Jan 21 10: 53:37 EST 2010 named 8 2572472 1264089277Thu Jan 21 10: 54:37 EST 2010 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users