I just had a bit of a scare on my master server. I found 865 of the file
in the subject, all with 700 perms, owned by daemon and in the "other"
group.
-rwx------ 1 daemon other 920 Feb 26 20:18 .SeCuRiTy.94
-rwx------ 1 daemon other 776 Feb 26 20:18 .SeCuRiTy.95
-rwx------ 1 daemon other 776 Feb 26 20:18 .SeCuRiTy.96
-rwx------ 1 daemon other 776 Feb 26 20:18 .SeCuRiTy.97
-rwx------ 1 daemon other 920 Feb 26 20:18 .SeCuRiTy.98
-rwx------ 1 daemon other 920 Feb 26 20:18 .SeCuRiTy.99
Apparently, the culprit was NetBackup, specifically, bpbkar.
[netbackup1]-/opt/openv/netbackup/bin# strings bpbkar | grep -i security
-no_security
.SeCuRiTy.%d
bpbkar add_security_info
Key file security tag invalid
Security devices are not enabled
I am pretty P.O'd about this, as I spent the last hour or so tracking
this down. I was minutes away from turning my disks over to Infosec.
Can someone please tell me why the engineers at Veritas decided it was a
great idea to write files that look suspiciously "warez-y" to /,
nonetheless, and leave this little detail undocumented (at least, I
can't find any reference to this)?
In the event that any of you see this on your machines, what created
them was a test restore of some NT files onto my master server. We were
having a problem with a restore, so I decided to test the sanity of the
image itself by restoring locally to my master server, which obviously
worked.
IMHO, this is shoddy and careless SW engineering, made even worse by
lack of documentation this behavior.
Geof, please forward this to the appropriate party(ies).
--Steve
--
===================================
Steven L. Sesar
Ops. Sys. Programmer/Analyst, Sr.
Application Operations R10A
The MITRE Corporation
202 Burlington Road - R101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
email: ssesar AT mitre DOT org
mobile: (617) 893-9635
===================================
|