unable to login as oracle user

Josh Miller joshua at itsecureadmin.com
Fri Feb 2 21:06:48 UTC 2007 

When did this behavior begin?  When is the last time you patched 
anything on this box?  What changed?

This behavior is indicative of a recent patch with the current processes 
  unaware of changes that may  have occurred.  If you have recently 
patched and after patching this behavior began, this might be resolved 
with a system reboot.

Thanks,
Josh Miller, RHCE

Troy Knabe wrote:
> 
> 
> m.roth2006 at rcn.com wrote:
>>> Date: Fri, 02 Feb 2007 11:00:55 -0800
>>> From: Troy Knabe <knabe at 4j.lane.edu> 
>>> We have 3 Red Hat 4.4 AS Servers running RAC 10G.  Today one of them 
>>> had load averages of over 160.  But processors were 99% idle.  
>>
>> That's dreadful!
>>
>>> None of the RAC boxes were responding during this time.  I was able 
>>> to login fine (my local user), and sudo su -.  But when I tried to 
>>> sudo su - oracle, it just hung.  Finally rebooting fixed the issue.  
>>> As I have been looking through log files, this is the only thing 
>>> "weird" I have found.  We only use local authentication on the box.
>>>
>>> /var/log/secure:
>>>
>>> Feb  2 08:22:14 orarac1 login: PAM unable to 
>>> dlopen(/lib/security/pam_limits.so)
>>
>> PAM *is* local - check to see if the file /lib/security/pam_limits.so 
>> exists, and what the permissions and ownership are. PAM is the 
>> authentication system that comes with all Linux these days.
>>
> Yes, I was just trying to give as much info as possible, so people 
> didn't ask if I was ldap authenticating for instance.
> 
> The file is there, with permissions 755 root:root.  Last time it was 
> altered was May 12th, 2006, same timestamp as most everything else.
> 
> The thing that really confuses me, is why did the error appear when we 
> tried to su - oracle, and not when attempting to go to root, or login as 
> a "normal" user.
> 
> 
>> I'd worry that something happened to your box, either accidentally, or 
>> through an attack.
> 
> I haven't eliminated that as a possibility (especially the accidental 
> thought)
> 
> -Troy
>>
>>    mark
>>
>

More information about the redhat-list mailing list