start up errors

[rgraf]

Hello,
1)I am having trouble with my visionfs server starting up upon the system entering run level 2. It is executed by a script in the /etc/rc2.d directory. Here is copy of the error output:
------------------------------------------------------------
usr/vision/visionfs/bin/scripts/status: netstat: cannot execute
/usr/vision/visionfs/bin/scripts/status: netstat: cannot execute
/usr/vision/visionfs/bin/scripts/status: netstat: cannot execute
Starting SCO VisionFS 3.1 from /usr/vision/visionfs...

2004/01/22 00:03:15.929 printing/vfsprint/error SCO VisionFS(3.10.905)
couldn't find "/usr/bin/lpstat" to execute

Command line: "vfsprint" "--list_printers" "/usr/bin/lpstat -v" "/usr/vision/vfs
data/logs"
2004/01/22 00:03:16.279 (pid 516) server/process/start SCO VisionFS(3.
1)
The server is running in fully enabled mode.
The server is running in fully enabled mode.
2004/01/22 00:11:33.281 (pid 521)
SCO VisionFS(3.1) ERROR:
server/session/unabletoauthenticate
Failed to setuid to root while attempting to authenticate user XXXXX: setegid(3):
(1) Operation not permitted
This transaction has failed.
Check the password file and check the server was started as a genuine root user.
2004/01/22 00:11:33.297 (pid 521)
SCO VisionFS(3.1) ERROR:
server/session/unabletoauthenticate
------------------------------------------------------------
One thing that is grabbing my attention is the line that says to check the password file and server was started by a genuine root user. I think this may be a lead in to the problem. When the system boots and this is started from the script /etc/rc2.d/S90visionfs , is it executed by the "root" user ??? Or somehow is it trying to su to root and failing ??

Another is that visionfs can't execute the netstat or lpstat command from its script like it wants to. These commands are in the appropriate places and all sym links are in place. They can be executed from the command line with no problem ?

Also, after going through the boot process I can manually start the visionfs server without error.

2) I am having problems with ssh starting up. It is also executed from a /etc/rc2.d/ start up stcript. It is generating the following error:
-----------------------------------------------------------
Generating host keys ... starting /usr/local/sbin/sshd... Couldn't connect to PRNGD socket "/usr/local/var/prngd/prngd-pool": Connection refused
Entropy collection failed
ssh-rand-helper child produced insufficient data
/etc/rc2.d/S99opensshd: Error 255 starting /usr/local/sbin/sshd... bailing
-----------------------------------------------------------
prngd is installed and appears to start correctly from the rc2.d script, but the sshd deamon is complaining about it and bails.

I noticed in the /usr/adm/sulog this entry:
SU 01/22 00:03 - console 65535-prngd

This is telling me that prngd tried to su to root and was not allowed. I wonder if this could be part of the ssh problem. If the prngd deamon is not allowed to su to root maybe it won't run properly ??? I have also tried to su from the command line to the root account and it will not work, just says "su:SORRY". Anybody have any insight to these problems ? Would appreciate any help !

Thanks,
Rob

PS: openserver 5.0.6 system w/ RS506a and all patches applied.

 

[PHV]

To check your authentification database run this:

/tcb/bin/integrity -em
tcbck
/tcb/bin/authck -a -v

If

 integrity

reports errors, run this:

fixmog -v

BTW you must be superuser to execute this commands, or in single user maintenance mode.

Hope This Help
PH.

 

[rgraf]

Hello,
I ran the authck and integrity commands and there were lots of errors. I then ran the fixmog command and it fixed most of them but not the following:

# /tcb/bin/integrity -em
/etc/passwd.local (entry 102) is missing.
/tcb/files/audit/audit_dmninfo (entry 145) is missing.
/usr/lib/cron/at.deny (entry 265) is missing.
/usr/lib/cron/cron.deny (entry 267) is missing.
/usr/lib/dumpolp (entry 282) is missing.
/usr/lib/nls/english (entry 303) is missing.
/usr/lib/nls/english/unixos (entry 304) is missing.
/usr/lib/nls/english/unixos/df.cat (entry 305) is missing.
/usr/lib/nls/english/unixos/id.cat (entry 306) is missing.
/usr/lib/nls/english/unixos/prot.cat (entry 307) is missing.
/usr/lib/nls/english/unixos/mesg.cat (entry 308) is missing.
/usr/lib/nls/english/unixos/newgrp.cat (entry 309) is missing.
/usr/lib/nls/english/unixos/ps.cat (entry 310) is missing.
/usr/lib/nls/english/unixos/write.cat (entry 311) is missing.
/etc/resolv.conf (entry 347) is missing.

--------------------------------------------------------
Any idea how these files came up missing. And what is the best way to recover them, from the original distribution cdrom ?

 

[PHV]

> what is the best way to recover them
1) From a reliable full-system backup
2) If datas are reliably restorable, reinstall OS from CD-Rom
Note: Sorry for my approximate english

Hope This Help
PH.

 

[rgraf]

Hello Again,
A couple of comments that I forgot to include in my last post.

Sometimes I have a suspicion that somehow someone has breached the security of the system and is messing around with important files. I don't know if this is the case or not but sometimes I wonder. This machine is the primary application server for accounting/customer data as well as a file and print server for all of my windows pc's. It is setting on a LAN that connects to the internet through a cisco router running nat. All of these internal machines use a private, unroutable ip addressing scheme (not real world ip addresses). I have ipfilters set up on the server to drop any packets coming in from or outbound to the router. The router doesn't have a registered ip address and gets a new address everytime it connects to the ISP (once a day). This is for outbound connections only and there are no inbound connections (tunnels) set up to come in to the LAN from the internet. Of course all my windows PC's are trusted and I have to allow incoming telnet sessions from them to access the applications. Does anyone have any comments on this setup, and any suggestions as to how to insure that my server is secure, or am I just being paranoid on this ?

Thanks for the advise,
Rob

 

[PHV]

Are you saying you use NetBios over Internet ?
If so, you are definitively NOT secured.

 

[rgraf]

Hello,
The Windows PC's on the lan connect to the Internet through the router (running NAT) that is setting on the LAN to retrieve email, etc. The SCO box is not set up to connect to the router or the Internet at all, however it IS setting on the same network as the router. None of the pc's are set up to share any files what so ever. The windows pc's are running a firewall and do not even trust each other, they only trust the SCO box so that they can use file and print services. The server IS running NetBios (Visionfs) so that the Windows PC's can use it to store files and access printers. There are NO inbound connections set up on the router, it is running NAT with no inbound tunnels, it is for outbound traffic only. Are you saying that there could be netbios broadcasts going out on to the Internet ? The server has Ipfilters set up to allow packets to-from the Windows PC's only (by ip address), all other packet are dropped and logged.

Very interested in your opinion/comments,
Rob