From owner-freebsd-questions@FreeBSD.ORG Tue Jun 14 20:57:15 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B72AA16A41C for ; Tue, 14 Jun 2005 20:57:15 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84D0943D1D for ; Tue, 14 Jun 2005 20:57:15 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id B306E5DD8; Tue, 14 Jun 2005 16:57:14 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97959-08; Tue, 14 Jun 2005 16:57:13 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-69-6.ny325.east.verizon.net [68.161.69.6]) by pi.codefab.com (Postfix) with ESMTP id 4E71B5DA8; Tue, 14 Jun 2005 16:57:12 -0400 (EDT) Message-ID: <42AF4523.9080407@mac.com> Date: Tue, 14 Jun 2005 16:59:15 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vinicius Pavanelli Vianna References: <42AF3EC7.3050008@hacked.com.br> In-Reply-To: <42AF3EC7.3050008@hacked.com.br> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-questions@freebsd.org Subject: Re: Access granted even on root password change X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2005 20:57:15 -0000 Vinicius Pavanelli Vianna wrote: > How could I afford that i can get always access to my remote server even > in the case of a breakin by some script kiddie/hack? I thought about > setting a key in ssh so i can log using it even the root password is > changed, but this is simple to stop and it's not good to assume lack of > knowledge of others ;) > Anyone knows a good backup access system, like a rootkit for FreeBSD? Enable another uid-0 account, such as the one called toor? Setup sudo access for some other account which can run passwd or a shell as root, gaining superuser perms via the account password? Note that having someone untrusted gain superuser access to a machine should be cause for backing up the system and reinstalling from scratch or restoring from a known-OK backup.... -- -Chuck