[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: 19991116: Problem with ldmadmin scour Output from "cron" command (fwd)
- Subject: Re: 19991116: Problem with ldmadmin scour Output from "cron" command (fwd)
- Date: Tue, 16 Nov 1999 09:33:55 -0700 (MST)
On Mon, 15 Nov 1999, Unidata Support wrote:
> >To: address@hidden
> >From: address@hidden
> >Subject: Problem with ldmadmin scour Output from "cron" command (fwd)
> >Organization: .
> >Keywords: 199911160233.TAA05959
>
> I don't know if I have been hacked or I messed something up,
> but ldmadmin scour run from cron or manually is producing
> the following on our Solaris/SPARC system. It is trying
> to delete files in the user weather's home directory (like the
> Office51 directory). I am running ldm-5.0.8, I copied over
> the old ldmadmin and scour.conf from the ldm-5.0.6 and I
> get the same output if I have anythinbg in scour.conf that
> it can try and delete. Here is my scour.conf:
>
> # Directory Days-old Optional-filename-pattern
>
> #~ldm/data/forecasts 2
> #~ldm/data/warnings 2 *.gdbm
> #~ldm/data/severe 2 *.wmo
> #~ldm/data/decoded 2 *.nc
> #~ldm/data/upperair 2 *.wmo
> #~ldm/data/GRIB 2
> #~ldm/data/GRIB 1 *eta.nc
> #~ldm/data/gempak 2
> #~ldm/data/surface 2
> #~ldm/data/campus/netcdf 1
> #~ldm/data/ispan 2
> ~ldm/data/gempak/hds 1
> ~ldm/data/gempak/profiler 1
> ~ldm/data/gempak/nwx/mos 1
> ~ldm/data/gempak/mos 1
> ~ldm/data/rawfiles 1 *.wmo
> ~ldm/data/rawfiles/fdus 1
> ~ldm/data/rawfiles/dfus/DFUS 1
> ~ldm/data/rawfiles/dfus/DFAK 1
> ~ldm/data/rawfiles/fdcn 1
> ~ldm/data/rawfiles/tcus 1
>
> I can't find any evidence of unauthorized logins, and I don't
> seem to have files missing.
>
> Any ideas?
Robert,
Here's a couple things to look at:
% cd ~ldm
Hopefully that's the ldm home directory.
Next,
% cd ~ldm/bin
Look at the scour script for the directories, use the -v flag and maybe
add a couple echo statements. I would look at the mod date first to see if
it was tampered. Also, you can do a diff between 5.0.6 and 5.0.8 version,
they should be the same.
Robb...
>
> Thanks,
> Robert Mullenax
>
> ---------- Forwarded message ----------
> Date: Mon, 15 Nov 1999 02:43:09 GMT
> From: ldm
> To: ldm
> Subject: Output from "cron" command
>
> Your "cron" job on psnldm
> bin/ldmadmin scour
>
> produced the following output:
>
> find: cannot read dir ./DeadLetters: Permission denied
> find: cannot read dir ./Mail: Permission denied
> find: cannot read dir ./MailTemplates: Permission denied
> rm: ./1566P is a directory
> find: cannot read dir ./DeadLetters: Permission denied
> rm: ./IM is a directory
> rm: ./IM/bin is a directory
> rm: ./IM/man is a directory
> rm: ./IM/man/man1 is a directory
> rm: ./IM/lib is a directory
> rm: ./IM/lib/perl5 is a directory
> rm: ./IM/lib/perl5/site_perl is a directory
> rm: ./IM/lib/perl5/site_perl/sun4-solaris is a directory
> rm: ./IM/lib/perl5/man is a directory
> rm: ./IM/lib/perl5/man/man3 is a directory
> find: cannot read dir ./Mail: Permission denied
> find: cannot read dir ./MailTemplates: Permission denied
> rm: ./Office51 is a directory
> rm: ./Office51/bin is a directory
> rm: ./Office51/fonts is a directory
> rm: ./Office51/fonts/type1 is a directory
> rm: ./Office51/fonts/75dpi is a directory
> rm: ./Office51/fonts/75dpi/bdf is a directory
> rm: ./Office51/config is a directory
> rm: ./Office51/config/help is a directory
> rm: ./Office51/config/groups is a directory
> rm: ./Office51/config/groups/E-mail & News is a directory
> rm: ./Office51/config/startup is a directory
> rm: ./Office51/config/quickstart is a directory
> rm: ./Office51/config/symbol is a directory
> rm: ./Office51/config/start is a directory
> rm: ./sao is a directory
>
===============================================================================
Robb Kambic Unidata Program Center
Software Engineer III Univ. Corp for Atmospheric Research
address@hidden WWW: http://www.unidata.ucar.edu/
===============================================================================
