Solved

apache

Posted on 2008-10-04
6
267 Views
Last Modified: 2013-12-27
Can you please tell me whether " /Apache/platform/apache-2.0.55/bin/httpd -k start"  reads passwd and shadow files.  in solaris.. Thanks in advance..
0
Comment
Question by:conversekid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
ID: 22640914
why you think that it reads the passwd and shadow files?
0
 

Author Comment

by:conversekid
ID: 22641151
Apache is the only software running on the server and the passwd fie is getting corrupted once in a while..
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
ID: 22641275
reading file does not corrupt it. Look for some other reason for that. Do you have any script that updates the passwd file?
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:conversekid
ID: 22641471
We checked all that before. Please check http://www.experts-exchange.com/OS/Unix/Solaris/Q_23748034.html.. This is one question which arose in the final discussion...
0
 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 100 total points
ID: 22642011
Check the process list to make sure that httpd is running mostly as a non root account.  

You can also check the httpd.conf file to ensure that it is running as a non root account.   It may be that the a hole/page/exploit is running that is allowing right access to the password file.  

Check the permissions on the password file.  

Parse the access and error logs of the apache server to find out if there are access / http post  to the password/shadow file.  

look at the command "last".. see if there are any unusual activity on the log account or source.   An emtpy log is suspect too.


0
 
LVL 13

Accepted Solution

by:
Rowley earned 200 total points
ID: 22648057
Why not use some IDS software to help you figure out what is changing the file. Tripwire  is some commercial software you could use to help you, otherwise you could try http://www.la-samhna.de/ .

Solaris also comes with its own file accounting software - BART. http://docs.sun.com/app/docs/doc/816-4557/bart-1?a=view
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stream live video from Raspberry Pi camera 22 328
AWS EC2 & RDS Instance 5 74
unix shell script 4 41
swp file in unix 16 45
Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question