[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20000808: your machine is hammered AND has security problems

Subject: 20000808: your machine is hammered AND has security problems
Date: Tue, 08 Aug 2000 19:18:40 -0600

>From: "Thomas L. Mote" <address@hidden>
>Organization: University of Georgia
>Keywords: 200007172022.e6HKMuT11816 UGA McIDAS-X ADDE NOAAPORT GINI imagery

Tom,

While on cacimbo, I asked our system administrator to take a look at
the massive number of errors being sent to your /var/adm/messages file.
Here is an example:

Aug  8 21:06:29 cacimbo inetd[115]: /usr/dt/bin/rpc.ttdbserverd: Child Status 
Changed
Aug  8 21:07:26 cacimbo last message repeated 28 times

His comment was that you shouldn't be running 'rpc.ttdbserverd', or if you
really need to, you should upgrade your OS patch level.  'rpc.ttdbserverd'
has known security problems, and it is causing a bunch of errors on
your system.  If your machine hasn't already been breeched, it could
be at anytime.

To stop running rpc.ttdbserverd. you should edit /etc/inetd.conf and
comment out the Sun ToolTalk Database Server:

change:

100083/1        stream  rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd 
rpc.ttdbserverd

to:

# 100083/1        stream  rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd 
rpc.ttdbserverd

After making the change, send a HUP to inetd:

kill -HUP <process id of inetd>

Also, in my previous email I noted that your machine is very slow.  Not
finding the handy application 'top', I had to resort to the listing
from 'uptime':

cacimbo% uptime
  9:13pm  up 1 day(s),  2:46,  4 users,  load average: 22.60, 22.77, 22.65

You can see that the load averages are at 22!  Something is not right
here!  No wonder it is taking hours for the McIDAS update to run its
course.  The compilers are simply waiting for little slices of your
CPUs.  Perhaps the rpc.ttdbserverd error messages are an indication of
what is going on?

My system administrator suggests that you load 'top' so you can better
monitor what is eating up your machine.  Here is a URL for 'top':

ftp://ftp.groupsys.com/pub/top/

'top' has to be installed as 'root', otherwise we would have done it for
you.

Tom

Prev by Date: 20000808: ADDE access to NOAAPORT GINI imagery at U. Georgia (cont.)
Next by Date: 20000808: ADDE access to NOAAPORT GINI imagery at U. Georgia (cont.)
Previous by thread: 20000808: ADDE access to NOAAPORT GINI imagery at U. Georgia (cont.)
Next by thread: 20000809: performance, LDM, and ADDE remote server issues on cacimbo
Index(es):
- Date
- Thread