SYSMGR

We're a bunch of Computers: Diana, Daphne, and Dido, called the 3D-cluster, running OpenVMS, Io running OpenVMS as well (in some obscure role in the network) Aphrodite, Athene and Irene running WindowsXP-Pro (SP2, of course) and Cerberus at the edge of the Network, with Charon, also running Linux, as standby. SYSMGR takes care of us.

Sunday, February 5

05-Feb-2006

One step at a time
I had just a few hours to work on Diana booting from the new system disk, to test POP - being the only one of the basic protocols still to be tested. Also, had the system authorisation and startup files located in another location and that should be usable as well. This required some rethought - "3dgen" not being a logical disk but a single directory made things a lot simpler. But some had to be changed in startup - for instance, the right definition of this logical....
This was a requirement since although the system came up nicely, it was impossible to login since a number of logicals seemed to be wrong, and for instance SYSUAF.DAT was inaccessable. Using minimal startup, all these issues could be solved and in the end, it all worked, thta is: sort-of. BIND, for instance, wasn't started and TCPIP SHO HOST didn't show all the expected results - just what's in HOSTS but not the DNS zone.
It turned out that the copied SYSUAF.DAT containend different values for the TCPIP service identifiers, so ownership of most of the service directories and files was wrong. Had that solved maually - there are not so many - and restrated the services, and it all worked - POP as well.
Reversed to original disk, since the webserver hasn't been installed yet. That's next.
Aphrodite's troubles
I have de-installed the VPN software - the system even restarted in the final stage of de-installing the VPN software. but it seemed to be gone anyway. Next, retried to reverse to an earlier checkpoint of XP, before installation of VPN. But this failed, and even one further away. The final "solution" was to examine the registry and change that directly, removeing what seemed to be related to this removed software. After reboot, VPS and some other products were indeed fully removed, and no more crashed have occurred.
Security
Some FTP attemps have been made since last time:

%%%%%%%%%%% OPCOM 2-FEB-2006 07:06:35.33 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: rtr.sebastiana.ceti.pl
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.060202070831p]

TCPIP$FTP_ANONYMOUS.LOG shows a 30 minutes connection:

2-FEB-2006 07:06:34.44 User:anonymous logged in ident:Rgpuser@home.com from Host:rtr.sebastiana.ceti.pl
2-FEB-2006 07:06:35.07 User:anonymous ident:Rgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
2-FEB-2006 07:07:09.96 User:anonymous ident:Rgpuser@home.com logged out

Manual activity, this time?
According TCPIP$FTP_RUN.log, TWO attempts. One straight FTP (presumably):

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from rtr.sebastiana.ceti.pl at 2-FEB-2006 02:55:39.69
%TCPIP-E-FTP_LOGFAL, remote interactive login failure anonymous@ftp.adobe.com
-TCPIP-I-FTP_NODE, client host name: rtr.sebastiana.ceti.pl
-LOGIN-F-NOSUCHUSER, no such user
The other attempt, is just the usual:
%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from rtr.sebastiana.ceti.pl at 2-FEB-2006 07:06:34.04
%TCPIP-I-FTP_NODE, client host name: rtr.sebastiana.ceti.pl
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.060202070831p]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00003: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
%TCPIP-I-FTP_NODE, client host name: rtr.sebastiana.ceti.pl
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: /pub/
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00003: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format
and the same for:
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /_vti_txt/
%TCPIP-I-FTP_OBJ, object: /_vti_cfg/
%TCPIP-I-FTP_OBJ, object: /_vti_log/
%TCPIP-I-FTP_OBJ, object: /_vti_cnf/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /public/incoming/
%TCPIP-I-FTP_OBJ, object: /public_html/
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_OBJ, object: /wwwroot/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /web/

%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from rtr.sebastiana.ceti.pl at 2-FEB-2006 07:07:10.03

Another attempt the next day, by an US-based kiddy:

Operator.log:
%%%%%%%%%%% OPCOM 3-FEB-2006 05:38:23.89 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 66-227-168-217.static.aldl.mi.charter.com
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.sliverslide_tagged]

According FTP_ANOPNYMOUS.LOG this must have been a script:
3-FEB-2006 05:38:22.74 User:anonymous logged in ident:ddeeff from Host:66-227-168-217.static.aldl.mi.charter.com
3-FEB-2006 05:38:23.67 User:anonymous ident:ddeeff status:00010001 CWD dir:WEB_DISK:[public.anonymous]
3-FEB-2006 05:38:24.04 User:anonymous ident:ddeeff status:07649912 CWD dir:WEB_DISK:[public.anonymous]SYS$POSIX_ROOT^:^[000000^]pub.;
3-FEB-2006 05:38:33.32 User:anonymous ident:ddeeff logged out

Trying the obvious - once again - according FTP_RUN.LOG: all IIS and Linux/Apache:

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from 66-227-168-217.static.aldl.mi.charter.com at 3-FEB-2006 05:38:22.39
%TCPIP-I-FTP_NODE, client host name: 66-227-168-217.static.aldl.mi.charter.com
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.sliverslide_tagged]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00004: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
%TCPIP-I-FTP_NODE, client host name: 66-227-168-217.static.aldl.mi.charter.com
%TCPIP-I-FTP_USER, user name: anonymous%TCPIP-I-FTP_OBJ, object: SYS$POSIX_ROOT^:^[000000^]pub
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00004: Failed to set default directory
%TCPIP-E-FTP_BADDIR, invalid directory

and it goes on:
%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /pub/images /pub/_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /pub/_vti_txt/ /wwwroot/
%TCPIP-I-FTP_OBJ, object: /wwwroot/incoming/
%TCPIP-I-FTP_OBJ, object: /wwwroot/pub/
%TCPIP-I-FTP_OBJ, object: /public/incoming/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_OBJ, object: /_vti_cfg/
%TCPIP-I-FTP_OBJ, object: /_vti_cnf/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /_vti_txt/
%TCPIP-I-FTP_OBJ, object: /_vti_log/
%TCPIP-I-FTP_OBJ, object: /wwwroot/
%TCPIP-I-FTP_OBJ, object: /www/
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /outgoing/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /tmp/
%TCPIP-I-FTP_OBJ, object: /anonymous/_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /anonymous/incoming/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /anonymous/pub/
%TCPIP-I-FTP_OBJ, object: /anonymous/public/
%TCPIP-I-FTP_OBJ, object: /anonymous/
%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /cgibin/
%TCPIP-I-FTP_OBJ, object: /usr/
%TCPIP-I-FTP_OBJ, object: /usr/incoming/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /in/
%TCPIP-I-FTP_OBJ, object: /html/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /cgibin/
%TCPIP-I-FTP_OBJ, object: /usr/
%TCPIP-I-FTP_OBJ, object: /usr/incoming/
%TCPIP-I-FTP_OBJ, object: /public_html/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /public/incoming/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /~temp/
%TCPIP-I-FTP_OBJ, object: /tmp/
%TCPIP-I-FTP_OBJ, object: /~tmp/
%TCPIP-I-FTP_OBJ, object: /outgoing/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /~temp/
%TCPIP-I-FTP_OBJ, object: /anonymous/public/
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_USER, user name: anonymous

%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from 66-227-168-217.static.aldl.mi.charter.com at 3-FEB-2006 05:38:33.39

Mail is a long list - for the time (over one week) so I won't get into that one this time.

posted by SYSMGR @ 11:59 AM 

0 Comments:

Post a Comment

<< Home