Date: Tue, 28 Aug 2001 16:15:50 -0800 From: Beech Rintoul <akbeech@anchoragerescue.org> To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, questions@FreeBSD.org Subject: Re: Login does not ask for password Message-ID: <01082816155000.29735@galaxy.anchoragerescue.org> In-Reply-To: <F140wxXSXI3acH0xxDE00020804@hotmail.com> References: <F140wxXSXI3acH0xxDE00020804@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 28 August 2001 02:19 pm, Nelson Terrazas wrote:
> Thanks Beech !
> I was able to boot into single-mode and execute passwd but that did not fix
> the problem.
>
> As you suggested, the machine has been hacked. The /var/log directory was
> erased, I do not have access to any of the logs.
>
> Any other suggestion to fix the login problem. I already looked at the
> /etc/password file and it looks fine to me.
>
> Regards,
>
> Nelson Terrazas
>
> From: Beech Rintoul <akbeech@anchoragerescue.org>
>
> >To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, questions@FreeBSD.org
> >Subject: Re: Login does not ask for password
> >Date: Tue, 28 Aug 2001 08:43:28 -0800
> >
> >On Tuesday 28 August 2001 07:55 am, Nelson Terrazas wrote:
> > > After supplying the user name FreeBsd doesn't ask for a password, for
> >
> >root
> >
> > > or any other user (I am not able to login).
> > >
> > > All othet services WWW/Squid/FTP, etc seem to be working fine.
> > >
> > > I am running FreeBSD 3.2 (Walnut Creek CDROM) and this behaviour
> > > started suddenly to our machine that was running OK for almost 2 years
> > > without
> >
> >any
> >
> > > change of configuration after the first install.
> >
> >Boot into single user mode and follow the handbook directions on changing
> >root password. Once you're in you can restore from the /var directory if
> >needed. Also look for signs of hacking in the logs, 3.2 had a lot of
> >security
> >issues, and you may have been "rooted".
> >
> >Beech
> >
At this point I would strongly recomend rebuilding your server. There are
many places to hide "backdoors" and you will never find them if the hacker
was any good. You can safely save files from etc (your configs & password
files after you've inspected them carefully) but I would nuke everything else
and install 4-STABLE. I know this wasn't what you really wanted to hear, but
it the only sure way after a break-in. Email if you need any more assistance.
Beech
Micro$oft: "Where can we make you go today?"
-------------------------------------------------------------------
Beech Rintoul - IT Manager - Instructor - akbeech@anchoragerescue.org
/"\ ASCII Ribbon Campaign | Anchorage Gospel Rescue Mission
\ / - NO HTML/RTF in e-mail | P.O. Box 230510
X - NO Word docs in e-mail | Anchorage, AK 99523-0510
/ \ -----------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01082816155000.29735>