Date: Tue, 28 Aug 2001 17:19:47 -0800 From: Beech Rintoul <akbeech@anchoragerescue.org> To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, akbeech@anchoragerescue.org, questions@FreeBSD.org Subject: Re: Login does not ask for password Message-ID: <01082817194702.29735@galaxy.anchoragerescue.org> In-Reply-To: <F140wxXSXI3acH0xxDE00020804@hotmail.com> References: <F140wxXSXI3acH0xxDE00020804@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 28 August 2001 02:19 pm, Nelson Terrazas wrote:
> Thanks Beech !
> I was able to boot into single-mode and execute passwd but that did not fix
> the problem.
>
> As you suggested, the machine has been hacked. The /var/log directory was
> erased, I do not have access to any of the logs.
>
> Any other suggestion to fix the login problem. I already looked at the
> /etc/password file and it looks fine to me.
>
> Regards,
>
> Nelson Terrazas
>
> From: Beech Rintoul <akbeech@anchoragerescue.org>
>
> >To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, questions@FreeBSD.org
> >Subject: Re: Login does not ask for password
> >Date: Tue, 28 Aug 2001 08:43:28 -0800
> >
> >On Tuesday 28 August 2001 07:55 am, Nelson Terrazas wrote:
> > > After supplying the user name FreeBsd doesn't ask for a password, for
> >
> >root
> >
> > > or any other user (I am not able to login).
> > >
> > > All othet services WWW/Squid/FTP, etc seem to be working fine.
> > >
> > > I am running FreeBSD 3.2 (Walnut Creek CDROM) and this behaviour
> > > started suddenly to our machine that was running OK for almost 2 years
> > > without
> >
> >any
> >
> > > change of configuration after the first install.
> >
> >Boot into single user mode and follow the handbook directions on changing
> >root password. Once you're in you can restore from the /var directory if
> >needed. Also look for signs of hacking in the logs, 3.2 had a lot of
> >security
> >issues, and you may have been "rooted".
> >
> >Beech
> >
> >
If you want to rebuild your passwords carefully check
/var/backups/master.passwd.bak for any calling cards left by your intruder.
Copy that file to /etc and rename it master.passwd.
Run pwd_mkdb to rebuild your database. As an alternative you can also run
vipw after you restore your master.passwd. Also look at /etc/group to make
sure your groups are still intact. There is also a group.bak in /var/backups.
Beech
--
Micro$oft: "Where can we make you go today?"
-------------------------------------------------------------------
Beech Rintoul - IT Manager - Instructor - akbeech@anchoragerescue.org
/"\ ASCII Ribbon Campaign | Anchorage Gospel Rescue Mission
\ / - NO HTML/RTF in e-mail | P.O. Box 230510
X - NO Word docs in e-mail | Anchorage, AK 99523-0510
/ \ -----------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01082817194702.29735>