Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] .SeCuRiTy.n files in / on Solaris

2003-03-03 19:35:13
Subject: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
From: Matthew.Williams AT raba DOT com (Matthew Williams)
Date: Mon, 3 Mar 2003 19:35:13 -0500 
Dig around in /tmp and /var/tmp .. this is by far not the only place
that Netbackup uses these types of filenames. They have been doing it
for quite awhile. Guess somebody's idea of internal humor. Just don't be
alarmed.

Matthew


----------------------------------------------------------------- 
Matthew Williams        Raba Technologies 
Senior Consultant       8830 Stanford Blvd. 
Cell: (443) 994-7061    Suite 205 
Office: (410) 715-9399  Columbia, MD 21045
 

> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu 
> [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of 
> Johnson, Tony -Research
> Sent: Monday, March 03, 2003 11:29 AM
> To: 'adam lapizza'; Johnson, Tony -Research; 'Steven L. 
> Sesar'; Cord Beermann
> Cc: veritas-bu AT mailman.eng.auburn DOT edu; Geof Milstein
> Subject: RE: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
> 
> 
> I think the argument is the naming convention of the files , 
> not thier purpose.  Coming to the conclusion that your 
> machine was broken into with files written to it in this 
> manner isn't a bad conclusion in my mind if you don't have 
> informaion as to where they come from
> 
> Tony
> 
> -----Original Message-----
> From: adam lapizza [mailto:adamlapizza AT hotmail DOT com]
> Sent: Monday, March 03, 2003 10:24 AM
> To: Johnson, Tony -Research; 'Steven L. Sesar'; Cord Beermann
> Cc: veritas-bu AT mailman.eng.auburn DOT edu; Geof Milstein
> Subject: Re: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
> 
> 
> Hi,
> 
> It's most likely NT/W2K ACL's, or some other stuff which NBU 
> would need to save to do a fully correct restores on Windows, 
> but is not supported by tar. So this "other" data is stored 
> on tape in a file (.SeCuRiTy*). Normally, the NetBackup tar 
> process on the client would handle translating this back into 
> whatever it was in the first place. Looks like the Solaris 
> client tar doesn't know what to do with it (or it doesn't 
> make sense to do anything with it), so it just tries to 
> restore it as a file. Solaris doesn't do anything with NT/W2K 
> ACL, and we know that some metadata is stored in special 
> format in the tar stream when necessary.
> 
> Check out the section on "Reading Backup Images with tar" in 
> Appendix C page 610, and that should give you a good picture.
> 
> >From VERITAS NetBackup User Guide Page 142.
> 
> Any administrator on any NetBackup server can direct a 
> restore to the client that backed up the files. The 
> administrator can also perform an alternate client 
> restore-that is, files backed up from one NetBackup client 
> can be restored to another NetBackup client, of the same 
> type. Server-directed restores can be useful, for example, if 
> users do not have permission to restore the files themselves. 
> Files or raw partitions can be restored to any client, of the 
> same type, that backed up the files.
> 
> In other words cross-platform restores are not supported by 
> NetBackup, and that is why you cannot get a successful 
> restores W2K to Solaris box.
> 
> I hope this helps.
> 
> Adam.
> 
> ----- Original Message -----
> From: "Johnson, Tony -Research" <gjohnson AT ADMWORLD DOT com>
> To: "'Steven L. Sesar'" <ssesar AT mitre DOT org>; "Cord Beermann" 
> <cord.beermann AT telefonica DOT de>
> Cc: <veritas-bu AT mailman.eng.auburn DOT edu>; "Geof Milstein" 
> <Geof.Milstein AT veritas DOT com>
> Sent: Monday, March 03, 2003 11:06 AM
> Subject: RE: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
> 
> 
> > Can you tell us what version of Netbackup you are running and the 
> > patches you've installed?
> >
> > Please ignore the confidentiality message at the bottom of this... 
> > -----Original Message-----
> > From: Steven L. Sesar [mailto:ssesar AT mitre DOT org]
> > Sent: Monday, March 03, 2003 9:54 AM
> > To: Cord Beermann
> > Cc: veritas-bu AT mailman.eng.auburn DOT edu; Geof Milstein
> > Subject: Re: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
> >
> >
> > Cord Beermann wrote:
> > > Hallo! Steven L. Sesar hat geschrieben:
> > >
> > > [snip]
> > >
> > >
> > >>I am pretty P.O'd about this, as I spent the last hour or so 
> > >>tracking this down. I was minutes away from turning my 
> disks over to 
> > >>Infosec.
> > >
> > >
> > > It's nice to know when you are not the only who tries to 
> figure out 
> > > how that /&§&%§"%& cracker hacked into the Backupserver. BTDT. 
> > > including hyperventilating.
> > >
> > >
> > >>Can someone please tell me why the engineers at Veritas 
> decided it 
> > >>was a great idea to write files that look suspiciously 
> "warez-y" to 
> > >>/, nonetheless, and leave this little detail undocumented 
> (at least, 
> > >>I can't find any reference to this)?
> > >
> > >
> > > It is somewhere in the archive of this mailinglist.
> >
> > That's cool, but A) this list is not documentation and B) it's 
> > ridiculous that this $$$$$ product writes files like that, anyway.
> >
> >
> > >
> > >
> > >>In the event that any of you see this on your machines, 
> what created 
> > >>them was a test restore of some NT files onto my master 
> server. We 
> > >>were having a problem with a restore, so I decided to test the 
> > >>sanity of the image itself by restoring locally to my 
> master server, 
> > >>which obviously worked.
> > >
> > >
> > > the .SeCuRiTy-Files contain some additional information of the 
> > > access-rights.
> >
> > I dunno:
> >
> > [netbackup1]-/root# strings /.SeCuRiTy.94
> >
> > dxpP3P
> > dxpP
> > dxpP
> > dxpPI
> > dxpP3P
> > dxpP
> > dxpP
> > dxpPI
> > dxpP3P
> > dxpP
> > dxpP
> > dxpPI
> > dxpPj
> > dxpP
> > dxpP
> > dxpP3P
> > dxpP
> > dxpP
> > dxpPI
> > [netbackup1]-/root#
> >
> > >
> > >
> > >>IMHO, this is shoddy and careless SW engineering, made 
> even worse by 
> > >>lack of documentation this behavior.
> > >
> > >
> > > Yup. there are some more 'nice' features of this kind in it.
> > >
> > > Cord
> >
> >
> > --
> > ===================================
> >
> > Steven L. Sesar
> > Ops. Sys. Programmer/Analyst, Sr.
> > Application Operations R10A
> > The MITRE Corporation
> > 202 Burlington Road - R101
> > Bedford, MA 01730
> > tel: (781) 271-7702
> > fax: (781) 271-2600
> > email: ssesar AT mitre DOT org
> > mobile: (617) 893-9635
> >
> > ===================================
> >
> >
> >
> > _______________________________________________
> > Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu 
> > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> >
> > CONFIDENTIALITY NOTICE:
> > This message is intended for the use of the individual or entity to 
> > which it is addressed and may contain information that is 
> privileged, 
> > confidential and exempt from disclosure under applicable 
> law.  If the
> reader
> > of this message is not the intended recipient or the 
> employee or agent 
> > responsible for delivering this message to the intended 
> recipient, you 
> > are hereby notified that any dissemination, distribution or 
> copying of 
> > this communication is strictly prohibited. If you have 
> received this 
> > communication in error, please notify us immediately by 
> email reply or 
> > by telephone and immediately delete this message and any 
> attachments.  
> > In the U.S. call us toll free at (800) 637-5843.
> > Spanish, French, Quebecois French, Portuguese, Polish, German,
> > Dutch, Turkish, Russian, Japanese and Chinese:
> > http://www.admworld.com/confidentiality.htm.
> >
> >
> >
> > _______________________________________________
> > Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu 
> > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> >
> 
> CONFIDENTIALITY NOTICE: 
>       This message is intended for the use of the individual 
> or entity to which it is addressed and may contain 
> information that is privileged, confidential and exempt from 
> disclosure under applicable law.  If the reader of this 
> message is not the intended recipient or the employee or 
> agent responsible for delivering this message to the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly prohibited.
>       If you have received this communication in error, 
> please notify us immediately by email reply or by telephone 
> and immediately delete this message and any attachments.  In 
> the U.S. call us toll free at (800) 637-5843.
>       Spanish, French, Quebecois French, Portuguese, Polish, 
> German, Dutch, Turkish, Russian, Japanese and Chinese: 
> http://www.admworld.com/confidentiality.htm> .
> 
> 
> 
> 
> _______________________________________________
> 
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu 
> http://mailman.eng.auburn.edu/mailman/listi> nfo/veritas-bu
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] RE: Veritas-bu digest, Vol 1 #1990 - 3 msgs, W. Curtis Preston
Next by Date:  [Veritas-bu] Oracle Restore over private network, Mark Hickey
Previous by Thread:  [Veritas-bu] .SeCuRiTy.n files in / on Solaris, Johnson, Tony -Research
Next by Thread:  [Veritas-bu] .SeCuRiTy.n files in / on Solaris, Donaldson, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]