named 9.6.1 Filling wtmp
David Kreindler
david at govnet.state.vt.us
Fri Jan 22 12:25:45 UTC 2010
On 21 Jan 2010, at 7:21 PM, Mark Andrews wrote:
> In message <6B845B73-065F-4E8B-AFA5-408ECDBE7724 at govnet.state.vt.us>, David Kre
> indler writes:
>> We have BIND 9.6.1-P3 running on several AIX 5.3 servers. On one of them, nam
>> ed is filling /var/adm/wtmp with numerous entries like the following.
>
> This is not named (the program). It may be "su" or some other process that
> is logging changes in uid. Or it could be someone login in as the user
> "named".
>
> Mark
>
>> user pts/1 pts/1 7 1327240 0000 0000 1264089183 host-NN.domain Thu Jan 21 10:
>> 53:03 EST 2010
>> named 8 2572472 0000 0000 1264089217 Thu Jan 21 10:
>> 53:37 EST 2010
>> named 8 2572472 0000 0000 1264089217 Thu Jan 21 10:
>> 53:37 EST 2010
>> named 8 2572472 0000 0000 1264089277 Thu Jan 21 10:
>> 54:37 EST 2010
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
There is no user 'named' on this system.
# su - named
3004-500 User "named" does not exist.
It appears to be the process 'named', but we do not understand what is causing it to be logged in wtmp constantly.
More information about the bind-users
mailing list