Thread: Does /var/adm/wtmpx get cleared automatically?
View Single Post

   
  #7 (permalink)  
Old 01-16-2008, 10:34 AM
Tristram Scott
 
Posts: n/a
Default Re: Does /var/adm/wtmpx get cleared automatically?
Lone Gaffe <news@buffy.sighup.org.uk> wrote:
> Tristram Scott <tristram.scott@ntlworld.com> wrote:
>> Thanks for that info. Neither root nor adm seem to be doing anything
>> accounting related. Any other ideas?
>>
>> Root does this:
>>
>> 10 3 * * * /usr/sbin/logadm
>> 15 3 * * 0 /usr/lib/fs/nfs/nfsfind
>> 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
>> #10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___
>
> That's reasonable for Solaris.
>
>> Adm does this:
>>
>> 10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sadm ] && PATH=. sadm)
>>>/dev/null 2>&1 &
>
> This isn't normal. Sar processing is usually done by sys and with different
> commands. See http://docs.sun.com/app/docs for details.

Thanks for that. I have had an email from a very helpful Sun employee who
pointed me at the following:

http://sunsolve.sun.com/search/docum...=1-26-102802-1

It seems that a worm has snuck in. I'm guessing that this happened back in
February in the couple of days between when this was announced and when I
patched the machine. I'll need to check some old backups to confirm that
this is the case.



--
Dr Tristram J. Scott
Energy Consultant
Reply With Quote