Veritas-bu

[Veritas-bu] .SeCuRiTy.n files in / on Solaris

2003-03-03 10:29:42
Subject: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
From: ssesar AT mitre DOT org (Steven L. Sesar)
Date: Mon, 03 Mar 2003 10:29:42 -0500
I just had a bit of a scare on my master server. I found 865 of the file 
in the subject, all with 700 perms, owned by daemon and in the "other" 
group.

-rwx------   1 daemon   other        920 Feb 26 20:18 .SeCuRiTy.94
-rwx------   1 daemon   other        776 Feb 26 20:18 .SeCuRiTy.95
-rwx------   1 daemon   other        776 Feb 26 20:18 .SeCuRiTy.96
-rwx------   1 daemon   other        776 Feb 26 20:18 .SeCuRiTy.97
-rwx------   1 daemon   other        920 Feb 26 20:18 .SeCuRiTy.98
-rwx------   1 daemon   other        920 Feb 26 20:18 .SeCuRiTy.99

Apparently, the culprit was NetBackup, specifically, bpbkar.

[netbackup1]-/opt/openv/netbackup/bin# strings bpbkar | grep -i security
-no_security
.SeCuRiTy.%d
bpbkar add_security_info
Key file security tag invalid
Security devices are not enabled

I am pretty P.O'd about this, as I spent the last hour or so tracking 
this down. I was minutes away from turning my disks over to Infosec.

Can someone please tell me why the engineers at Veritas decided it was a 
great idea to write files that look suspiciously "warez-y" to /, 
nonetheless, and leave this little detail undocumented (at least, I 
can't find any reference to this)?

In the event that any of you see this on your machines, what created 
them was a test restore of some NT files onto my master server. We were 
having a problem with a restore, so I decided to test the sanity of the 
image itself by restoring locally to my master server, which obviously 
worked.

IMHO, this is shoddy and careless SW engineering, made even worse by 
lack of documentation this behavior.

Geof, please forward this to the appropriate party(ies).


--Steve

-- 
===================================

Steven L. Sesar
Ops. Sys. Programmer/Analyst, Sr.
Application Operations R10A
The MITRE Corporation
202 Burlington Road - R101
Bedford, MA 01730
tel: (781) 271-7702
fax: (781) 271-2600
email: ssesar AT mitre DOT org
mobile: (617) 893-9635

===================================