I receive an alert yesterday night from our Oracle monitoring system of one of the two unreacheable nodes, (one has a more upgraded version of the monitoring agent). In one of the nodes there is no evidence of the logging via last command - solaris Sparc 64 bit.
Can it be possible that one of this two things be possible?
1- Someone can enter and change root permissions in the Solaris node without a trace in the last command.
2- There is some sort of certification expiration or software expiration that will change the root permissions to 0 yesterday february 16 like some kind of "trial software" or some kind of "virus software".