Language Selection

English French German Italian Portuguese Spanish

A strangely compromised Linux box

Filed under
Linux
Security

A customer reported that a Linux machine used for ssh access (to in turn give telnet access to an ancient SCO machine) was refusing logins. I asked him to try logging in as root at the console; he was unable to do so.

When I arrived on site, I found that I could not login as he had said. I rebooted to single use mode and started peeking around. The machine had been hacked; there was little doubt about that. It's HOW it was hacked that bothers me,

First, there was no attempt to hide any evidence. I could see in wtmp and the secure logs that someone had logged in from a German ISP address, attained su status, and created a new su user for himself. He then changed root's password.

Fine so far, right? But then he did something very strange. He hand edited /etc/passwd and added "/nologin" at the end of each line except root and his own. This was what was preventing people from logging in.

Why do that?




More in Tux Machines

The long-awaited Maru OS source release

Hey guys, I'm happy to announce that Maru has been fully open-sourced under The Maru OS Project! There are many reasons that led me to open-source Maru (https://blog.maruos.com/2016/02/11/maru-is-open-source/), but a particularly important one is expanding Maru's device support with the help of the community. If you'd like to help out with a device port (even just offering to test a new build helps a lot), let the community know on the device port planning list (https://groups.google.com/forum/#!topic/maru-os-dev/YufKu...) . We currently have a few Nexus, LG, and Motorola builds being planned. If you don't see your device on there and would like to help with development or testing, please do chip in and we'll get it added to the list. Read more

KaOS Brings Serious Relevance Back to KDE

If you’ve been looking for a distribution to sway you back to the KDE desktop, look no further than KaOS. It’s beautiful, runs with the snap of a much lighter desktop, and feels as reliable as any other option available for Linux. I haven’t been this impressed with KDE for a very, very long time. And, I am certain users would find themselves equally happy to return to a desktop that has long needed a champion like KaOS. Read more

Another Set of Updated Fedora 24 Linux Live ISO Images Are Now Ready to Download

Fedora Unity Project leader and Fedora AmbassadorBen Williams proudly announce the release of yet another set of updated Live ISO images for the Fedora 24 Linux operating system. Read more

LinuxConsole 2.5 Gaming Distro Out Now with Minecraft, SuperTux, and Many Games

It's been more than a year since Yann Le Doaré released version 2.4 of his independently developed LinuxConsole gaming distribution, and now a new release makes its way to users' computers. Read more