I have this repeating issue in my messages log, this is on a recently upgraded server (was SLES10SP4 w/ OES2SP3, now SLES11SP2 w/ OES11 SP1)
It appears that the /usr/lib64/libhd.so.* files relate to hwinfo-15.48-0.6.6.1, but beyond that, I really don’t know where to begin looking. Any help would be appreciated. Here is the repeating entry from the messages log:
Nov 19 09:35:46 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:37:01 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:38:16 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:39:31 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:40:47 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:42:02 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:43:17 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Nov 19 09:44:32 a2c1s14 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
Jens-U
November 19, 2013, 5:38pm
2
Hi jesse_johnston,
but beyond that, I really don’t know where to begin looking
seems to be a running process (script?) looping around that “ls” with a 15 second delay. If nothing catches the eyes in “ps alx” (i.e. “sleep”), then you might want to run your own little loop, looking for sudo (i.e. with a delay of 1 second: “ps alx|head -1;while ps alx ; do sleep 1; done |grep sudo|egrep -v grep”) hopefully you’ll catch the sudo process and can have a closer look at the parent process.
As there are not that many processes that use “/” as their current working directory, " lsof /|grep cwd" might give you a first idea of potential candidates, too.
Regards,
amila
June 3, 2014, 2:45pm
3
Hi,
I have exactly the same problem on all SLES11SP2 OES11SP1 Server
Jun 3 11:14:31 server1 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.48
ps alx|head -1;while ps alx ; do sleep 1; done |grep sudo|egrep -v grep
Any Idee please
Thanks
Amila
ab1
June 3, 2014, 3:09pm
4
Do these boxes have ZENworks Imaging software on them, by chance?
https://www.novell.com/support/kb/doc.php?id=7014204
Not the same issue, of course, but I wonder if something within the
–
If you find this post helpful and are logged into the web interface,
amila
June 3, 2014, 5:30pm
5
No,
ZENworks Linux Imaging Agent is unused
all Server (File-Server, Groupwise Server and SLES-XEN…) have ZENworks Adaptive Agent Version 11.2.4.32791
but this problem is ony on SLES11SP2 OES11SP1 File Server, not on GroupWise Server, SLES-Xen or ZEN Satellite Server!
I uninstall ZCM Agent on one OES11SP1 File-Server and now there is no more this “sudo” messages in /var/log/messages!!!
Jun 3 16:17:51 server1 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/ls /usr/lib64/libhd.so.12 /usr/lib64/libhd.so.15 /usr/lib64/libhd.so.15.53
Component Version Status
-----------------------------------±----------±-------------------------------
Maybe I need to open SR by Novell
Amila