[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Strange entries in /etc/passwd -- possible security breach

Subject: Re: [cobalt-users] Strange entries in /etc/passwd -- possible security breach
From: "Michael Fritsch" <fritschnet@xxxxxxxxxxxxx>
Date: Fri Aug 16 10:09:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Also strange is that the consecutive uid numbers assigned for the new
users
> are quite a bit larger than the
> uid number of the last user I added. There are also entries in the
> /etc/shadow file for them but the crypted
> password strings are 34 chracters long rather than 13 like all my other
> entries. Both new passwd entries
> have gid values of 0, i.e. root's group.
>
> Any thoughts. Is this stuff legit? Can I/Should I just remove the entries
> from the passwd file and remove
> the home directories? So far  there are _apparently_ no login's for either
> of these two users based on
> the contents of the last log. Based on creation dates of the files in the
> respective home directories,
> these things appear to have been created 4 days ago,
>

Ask the company you rent your server from. It is usually put there by the
hosting
company to allow them a backdoor to your server.

Mike

References:
- [cobalt-users] Strange entries in /etc/passwd -- possible security breach
  - From: Jolley, Carl

Prev by Date: Re: [cobalt-users] Postgresql
Next by Date: [cobalt-users] Re: CGI permission problems (driving me bonkers)
Previous by thread: RE: [cobalt-users] Strange entries in /etc/passwd -- possible security breach
Next by thread: [cobalt-users] Re :CGI permission problems (driving me bonkers)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index