RE: Have I been hacked? Shadow file deleted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



if you're in doubt, re install everything from scratch, it makes a big
difference
 

-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]
On Behalf Of Scot L. Harris
Sent: Friday, September 09, 2005 4:11 PM
To: 'For users of Fedora Core releases'
Subject: RE: Have I been hacked? Shadow file deleted

On Fri, 2005-09-09 at 10:57, Jose Luis Hime wrote:
> Only I have the root password, that I change every time the shadow 
> file is deleted. The passwd file is ok, also.
> 
> The shadow has the following permissions:
> 	-r--------  1 root root 8233 Sep  9 10:01 shadow
> 
> No crontab, at or other scheduled jobs.
> 
> No suspect process in "ps".
> 
> So... the last resort is really to re-install my box.
> 
> Can I use the "update" method to fix any problems without destroying 
> my installation? It took me 3 days to complete it!
> 
> Thanks in any way!

Are you running anything like phpbb or postnuke or similar type packages?
These have had many exploits in the past.  You would need to make sure you
have these fully patched or don't run them.

If you think the system has actually been compromised you don't really have
any choice but to do a bare metal install.

Have you tried disconnecting the system from the network to see if the
shadow file continues to disappear?  That might isolate the problem to
something running on the system vs. someone doing it from outside the
system.

But if you think the system is compromised your only choice it so reinstall.


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux