Solved

apache

Posted on 2008-10-04
6
264 Views
Last Modified: 2013-12-27
Can you please tell me whether " /Apache/platform/apache-2.0.55/bin/httpd -k start"  reads passwd and shadow files.  in solaris.. Thanks in advance..
0
Comment
Question by:conversekid
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
ID: 22640914
why you think that it reads the passwd and shadow files?
0
 

Author Comment

by:conversekid
ID: 22641151
Apache is the only software running on the server and the passwd fie is getting corrupted once in a while..
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
ID: 22641275
reading file does not corrupt it. Look for some other reason for that. Do you have any script that updates the passwd file?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:conversekid
ID: 22641471
We checked all that before. Please check http://www.experts-exchange.com/OS/Unix/Solaris/Q_23748034.html.. This is one question which arose in the final discussion...
0
 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 100 total points
ID: 22642011
Check the process list to make sure that httpd is running mostly as a non root account.  

You can also check the httpd.conf file to ensure that it is running as a non root account.   It may be that the a hole/page/exploit is running that is allowing right access to the password file.  

Check the permissions on the password file.  

Parse the access and error logs of the apache server to find out if there are access / http post  to the password/shadow file.  

look at the command "last".. see if there are any unusual activity on the log account or source.   An emtpy log is suspect too.


0
 
LVL 13

Accepted Solution

by:
Rowley earned 200 total points
ID: 22648057
Why not use some IDS software to help you figure out what is changing the file. Tripwire  is some commercial software you could use to help you, otherwise you could try http://www.la-samhna.de/ .

Solaris also comes with its own file accounting software - BART. http://docs.sun.com/app/docs/doc/816-4557/bart-1?a=view
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now