Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

apache

Can you please tell me whether " /Apache/platform/apache-2.0.55/bin/httpd -k start"  reads passwd and shadow files.  in solaris.. Thanks in advance..
0
conversekid
Asked:
conversekid
4 Solutions
 
omarfaridCommented:
why you think that it reads the passwd and shadow files?
0
 
conversekidAuthor Commented:
Apache is the only software running on the server and the passwd fie is getting corrupted once in a while..
0
 
omarfaridCommented:
reading file does not corrupt it. Look for some other reason for that. Do you have any script that updates the passwd file?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
conversekidAuthor Commented:
We checked all that before. Please check http://www.experts-exchange.com/OS/Unix/Solaris/Q_23748034.html.. This is one question which arose in the final discussion...
0
 
chingmdCommented:
Check the process list to make sure that httpd is running mostly as a non root account.  

You can also check the httpd.conf file to ensure that it is running as a non root account.   It may be that the a hole/page/exploit is running that is allowing right access to the password file.  

Check the permissions on the password file.  

Parse the access and error logs of the apache server to find out if there are access / http post  to the password/shadow file.  

look at the command "last".. see if there are any unusual activity on the log account or source.   An emtpy log is suspect too.


0
 
RowleyCommented:
Why not use some IDS software to help you figure out what is changing the file. Tripwire  is some commercial software you could use to help you, otherwise you could try http://www.la-samhna.de/ .

Solaris also comes with its own file accounting software - BART. http://docs.sun.com/app/docs/doc/816-4557/bart-1?a=view
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now