Locked out of server due to utmp growing out of control
Dear Solaris Experts,
The file /var/adm/utmpx is steadily growing on our standbye Sun Sparc T5220 Solaris 10 server. I have tried everything such as the following steps without success:
In short, I am not able to turn off, or reduce the amount of auditing / login data
it is rapidly collecting. In fact, I can no longer log back on to it with the
following message after successful login using a non-root user from a general
multi-user mode telnet session:
login: george
Password: No utmpx entry. You must exec "login" from the lowest level "shell".
<Your 'TELNET' connection has terminated>
Fortunately, it was possible to get back into this server in single-user maintenance mode as root on the Console. The only way to re-instate multi-user mode access is by rebooting this server but still not reduce the amount of auditing / login which will eventually fill up /var.
The strange thing is that our production (equivalent hardware) accessed extensive with the same SCAN_PERIOD is not experiencing this issue. I am not sure whether the standbye rainbow server has been split up to multiple zones has anything to do with it. ie rainbow being the global zone.
Your assistance would be much appreciated.
Thanks in advance,
George
Re-instated auditing mechanism by rebooting via ILOM
Dear bitlord,
Thank you for your valuable response. I am still digesting these material.
Yes, I got in through ILOM and was able to restore login access after having rebooted this server. Also found that by removing /var/adm/utmpx instead of cp /dev/null the same file has kept it size down to minimal and hence able to logon to it much quicker.
I am facing strange problem where after three failed login attempt user password must be locked. Actually what is happening, when I take the putty session of the server & enter user name on the prompt at the login prompt & then press enter to enter the password at this time when I checked the... (10 Replies)
Hello Folks,
My RHEL 4.3 server got crashed due to hardware crash,system hard disk and motherboard replaced and RAID rebuilt done.
while rebooting the server the server is gone into single user mode due to /sda5 var partition not able to mount.
Error :- " wrong fs type, bad... (1 Reply)
Sigh...
I use denyhosts for security. Been great for months, but today my butterfingers have managed to lock myself out of the server.
The denyhosts FAQ lists ways to edit the files to erase your IP, but...I'm locked out, so how can I edit the files? (5 Replies)
Hi
i was changing the entry in the /etc/passwd file for the root user.
i was changing the shell from sh to bash . I changed the file and rebooted
the server.Now it is saying that invalid shell. I think i have misspelt bash.
now the machine is set to boot in maultiuser mode so there is no... (5 Replies)
Hi.
I am working on a small assignment where i need to extract the login information of currently logged in users in a Linux client-server environment.I am able to extract only the userID,IP/HOST name,TTY,device name,GID,PID and login time using the structure 'utmp'.Also when i am saving the... (2 Replies)
Hi All,
if someone know where I can set dimension of utmp log files like
wtmp
failedlogin
sulog in an AIX system.
These are called security logs and they can reach a max amount in day or MB, where can I steady their size ?
thanks in advance. (2 Replies)
hiya all,
I have Fedora core 3 installed - as a server - onto an old PC.
Root u/n and psw lets me in
However, all the other accounts no longer worked.
They use to work until yesterday...
I now get the error at the login screen:
"AUTHENTICATIONFAILED"
I hope this is a common... (12 Replies)