From owner-freebsd-questions@FreeBSD.ORG Sat May 10 21:01:15 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12DDF1065671 for ; Sat, 10 May 2008 21:01:15 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id CE7228FC17 for ; Sat, 10 May 2008 21:01:14 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id DBB291CD4A; Sat, 10 May 2008 13:01:13 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org, dennis_flynn@yahoo.com Date: Sat, 10 May 2008 23:00:41 +0200 User-Agent: KMail/1.9.7 References: <812883.11120.qm@web54010.mail.re2.yahoo.com> In-Reply-To: <812883.11120.qm@web54010.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200805102300.41775.fbsd.questions@rachie.is-a-geek.net> Cc: Subject: Re: root login stops working X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2008 21:01:15 -0000 On Saturday 10 May 2008 20:50:46 Dennis Flynn wrote: > I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: > Sun Feb 24 19:59:52 UTC 2008 > root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > > About a day after install root login no longer works - even on the console. > > I see the following in /var/log/auth.log: > May 10 14:22:37 wx sshd[86223]: Accepted password for root from > 10.11.12.104 port 1492 ssh2 May 10 14:22:37 wx sshd[86223]: Received > disconnect from 10.11.12.104: 0: > > And in /var/log/messages: > May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 > (core dumped) Looks like you got hacked, the tell-tale being "ip port ####". http://security.freebsd.org/advisories/FreeBSD-SA-08:05.openssh.asc -- Mel Problem with today's modular software: they start with the modules and never get to the software part.