Date: Tue, 28 Aug 2001 17:19:47 -0800 From: Beech Rintoul <akbeech@anchoragerescue.org> To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, akbeech@anchoragerescue.org, questions@FreeBSD.org Subject: Re: Login does not ask for password Message-ID: <01082817194702.29735@galaxy.anchoragerescue.org> In-Reply-To: <F140wxXSXI3acH0xxDE00020804@hotmail.com> References: <F140wxXSXI3acH0xxDE00020804@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 28 August 2001 02:19 pm, Nelson Terrazas wrote: > Thanks Beech ! > I was able to boot into single-mode and execute passwd but that did not fix > the problem. > > As you suggested, the machine has been hacked. The /var/log directory was > erased, I do not have access to any of the logs. > > Any other suggestion to fix the login problem. I already looked at the > /etc/password file and it looks fine to me. > > Regards, > > Nelson Terrazas > > From: Beech Rintoul <akbeech@anchoragerescue.org> > > >To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, questions@FreeBSD.org > >Subject: Re: Login does not ask for password > >Date: Tue, 28 Aug 2001 08:43:28 -0800 > > > >On Tuesday 28 August 2001 07:55 am, Nelson Terrazas wrote: > > > After supplying the user name FreeBsd doesn't ask for a password, for > > > >root > > > > > or any other user (I am not able to login). > > > > > > All othet services WWW/Squid/FTP, etc seem to be working fine. > > > > > > I am running FreeBSD 3.2 (Walnut Creek CDROM) and this behaviour > > > started suddenly to our machine that was running OK for almost 2 years > > > without > > > >any > > > > > change of configuration after the first install. > > > >Boot into single user mode and follow the handbook directions on changing > >root password. Once you're in you can restore from the /var directory if > >needed. Also look for signs of hacking in the logs, 3.2 had a lot of > >security > >issues, and you may have been "rooted". > > > >Beech > > > > If you want to rebuild your passwords carefully check /var/backups/master.passwd.bak for any calling cards left by your intruder. Copy that file to /etc and rename it master.passwd. Run pwd_mkdb to rebuild your database. As an alternative you can also run vipw after you restore your master.passwd. Also look at /etc/group to make sure your groups are still intact. There is also a group.bak in /var/backups. Beech -- Micro$oft: "Where can we make you go today?" ------------------------------------------------------------------- Beech Rintoul - IT Manager - Instructor - akbeech@anchoragerescue.org /"\ ASCII Ribbon Campaign | Anchorage Gospel Rescue Mission \ / - NO HTML/RTF in e-mail | P.O. Box 230510 X - NO Word docs in e-mail | Anchorage, AK 99523-0510 / \ ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01082817194702.29735>