Date: Tue, 28 Aug 2001 20:36:54 -0400 From: "ShellsAndHosting.com Administration" <admin@shellsandhosting.com> To: "Beech Rintoul" <akbeech@anchoragerescue.org> Cc: <questions@FreeBSD.ORG> Subject: Re: Login does not ask for password Message-ID: <004501c13022$b3f16e90$0200000a@critter> References: <F140wxXSXI3acH0xxDE00020804@hotmail.com> <01082816155000.29735@galaxy.anchoragerescue.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, There is a package/port call chkrootkit. It can help determin your vunrabilities, and how you were hacked. I suggest you look for files with invalid dates and times on you fs. Such as /usr/sbin/sshd for example. I would then cvsup to 4.4-RC as alot of security issues will be eliminated. Make world should also correct any files that may have been altered an/or tampered with. Hope this helps a bit! :> Jason admin@shellsandhostng.com ----- Original Message ----- From: "Beech Rintoul" <akbeech@anchoragerescue.org> To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>; <questions@FreeBSD.ORG> Sent: Tuesday, August 28, 2001 8:15 PM Subject: Re: Login does not ask for password > On Tuesday 28 August 2001 02:19 pm, Nelson Terrazas wrote: > > Thanks Beech ! > > I was able to boot into single-mode and execute passwd but that did not fix > > the problem. > > > > As you suggested, the machine has been hacked. The /var/log directory was > > erased, I do not have access to any of the logs. > > > > Any other suggestion to fix the login problem. I already looked at the > > /etc/password file and it looks fine to me. > > > > Regards, > > > > Nelson Terrazas > > > > From: Beech Rintoul <akbeech@anchoragerescue.org> > > > > >To: "Nelson Terrazas" <nelson_terrazas@hotmail.com>, questions@FreeBSD.org > > >Subject: Re: Login does not ask for password > > >Date: Tue, 28 Aug 2001 08:43:28 -0800 > > > > > >On Tuesday 28 August 2001 07:55 am, Nelson Terrazas wrote: > > > > After supplying the user name FreeBsd doesn't ask for a password, for > > > > > >root > > > > > > > or any other user (I am not able to login). > > > > > > > > All othet services WWW/Squid/FTP, etc seem to be working fine. > > > > > > > > I am running FreeBSD 3.2 (Walnut Creek CDROM) and this behaviour > > > > started suddenly to our machine that was running OK for almost 2 years > > > > without > > > > > >any > > > > > > > change of configuration after the first install. > > > > > >Boot into single user mode and follow the handbook directions on changing > > >root password. Once you're in you can restore from the /var directory if > > >needed. Also look for signs of hacking in the logs, 3.2 had a lot of > > >security > > >issues, and you may have been "rooted". > > > > > >Beech > > > > > At this point I would strongly recomend rebuilding your server. There are > many places to hide "backdoors" and you will never find them if the hacker > was any good. You can safely save files from etc (your configs & password > files after you've inspected them carefully) but I would nuke everything else > and install 4-STABLE. I know this wasn't what you really wanted to hear, but > it the only sure way after a break-in. Email if you need any more assistance. > > Beech > > Micro$oft: "Where can we make you go today?" > ------------------------------------------------------------------- > Beech Rintoul - IT Manager - Instructor - akbeech@anchoragerescue.org > /"\ ASCII Ribbon Campaign | Anchorage Gospel Rescue Mission > \ / - NO HTML/RTF in e-mail | P.O. Box 230510 > X - NO Word docs in e-mail | Anchorage, AK 99523-0510 > / \ ----------------------------------------------------------------- > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004501c13022$b3f16e90$0200000a>