Solved

apache

Posted on 2008-10-04
6
263 Views
Last Modified: 2013-12-27
Can you please tell me whether " /Apache/platform/apache-2.0.55/bin/httpd -k start"  reads passwd and shadow files.  in solaris.. Thanks in advance..
0
Comment
Question by:conversekid
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
Comment Utility
why you think that it reads the passwd and shadow files?
0
 

Author Comment

by:conversekid
Comment Utility
Apache is the only software running on the server and the passwd fie is getting corrupted once in a while..
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
Comment Utility
reading file does not corrupt it. Look for some other reason for that. Do you have any script that updates the passwd file?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:conversekid
Comment Utility
We checked all that before. Please check http://www.experts-exchange.com/OS/Unix/Solaris/Q_23748034.html.. This is one question which arose in the final discussion...
0
 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 100 total points
Comment Utility
Check the process list to make sure that httpd is running mostly as a non root account.  

You can also check the httpd.conf file to ensure that it is running as a non root account.   It may be that the a hole/page/exploit is running that is allowing right access to the password file.  

Check the permissions on the password file.  

Parse the access and error logs of the apache server to find out if there are access / http post  to the password/shadow file.  

look at the command "last".. see if there are any unusual activity on the log account or source.   An emtpy log is suspect too.


0
 
LVL 13

Accepted Solution

by:
Rowley earned 200 total points
Comment Utility
Why not use some IDS software to help you figure out what is changing the file. Tripwire  is some commercial software you could use to help you, otherwise you could try http://www.la-samhna.de/ .

Solaris also comes with its own file accounting software - BART. http://docs.sun.com/app/docs/doc/816-4557/bart-1?a=view
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now