Language Selection

English French German Italian Portuguese Spanish

A strangely compromised Linux box

Filed under
Linux
Security

A customer reported that a Linux machine used for ssh access (to in turn give telnet access to an ancient SCO machine) was refusing logins. I asked him to try logging in as root at the console; he was unable to do so.

When I arrived on site, I found that I could not login as he had said. I rebooted to single use mode and started peeking around. The machine had been hacked; there was little doubt about that. It's HOW it was hacked that bothers me,

First, there was no attempt to hide any evidence. I could see in wtmp and the secure logs that someone had logged in from a German ISP address, attained su status, and created a new su user for himself. He then changed root's password.

Fine so far, right? But then he did something very strange. He hand edited /etc/passwd and added "/nologin" at the end of each line except root and his own. This was what was preventing people from logging in.

Why do that?




More in Tux Machines

Bill Gates Inadvertently Shows Off Ubuntu on His Facebook Page

Bill Gates is much more involved in philanthropy than Microsoft these days and he's done some great work regarding the eradications of certain diseases and to improve the quality of life in a number of third world countries. He's also inadvertently promoted Ubuntu, which is a Linux system. Read more

Major Release LibreOffice 4.4 Announced

The Document Foundation today announced the latest and "most beautiful" LibreOffice ever. LibreOffice 4.4 is the ninth major release for the project and brings with it lots of design and functionality improvements. Redesigned toolbars, menus, status bars, rulers and new theme selector are among the goodies for users. Michael Meeks said today that this release not only improves the visible features but also the foundations underneath. Read more

Sphinx: An outstanding open source documentation platform

Sphinx is a free, open source project written in Python and, not surprisingly, is really well suited for documenting Python projects. Now, before you harrumph “Meh, I code in which isn’t at all like Python!” be aware that Sphinx supports several other languages (C and C++ support is in development). Read more

today's leftovers