Scenario is Legato Networker with one drive as NDMP to Backup Netapp.
When u start the group to backup Netapp using NDMP drive ,in
/nsr/logs/daemon.log it writes all the info including username &
passwd(clear text) for NetApp (usually it will root )
As any one can read this file ,so that he can mess up NetApp.
I Moved /nsr dir & stop & restarted Networker ,it will recreate /nsr dir
with 755 perm.
This is seriously vulnerable to NetApp.
I masked few variables from my log file.
Solaris7, Networker 6.1 & NetApp DataONTAP 6.0.3.
Ex:
01/08/02 10:20:40 nsrd: savegroup info: starting netapp (with 1 client(s))
application information: HIST=y;
auth index: netapp;
auth index name space: backup, 1;
auth level: full;
auth mode: save;
auth server: server;
auth ssname: /vol/vol0;
auth ssname long: /vol/vol0;
auth sstime: 10xxxxxx;
auth sstime 64-bit: 10xxxxx;
client id: \
xxxxxxxxxxxxx;
groups: netapp;
hard session limit: 1;
hostname: server;
locale: C;
ndmp: Yes;
password: password;
remote user: root;
store index entries: Yes;
volume pool: netapp;
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 13:29:29 PST