Related to root login
Net Llama!
netllama
Mon May 17 11:51:35 PDT 2004
On Mon, 25 Aug 2003, Swapana Ghosh wrote:
>
> Hi
>
> Thanks a lot for all of your answers ...
>
> >>There's a good possibility that while using telnet
> instead of ssh that
> >>your root password has been sniffed and the box has
> been compromised.
> >>You may want to consider using an intrusion
> detection system such as
> >>Tripwire to be able to monitor file changes, and
> never ever use telnet
> >>anywhere except on a protected lan. Do you have any
> way of verifying the
> >>system integrity now?
>
>
> This is not our sever.. It is one of our clinet's...We
> have asked several
> times but he will use *telnet*...
>
> I have nothing to verify - but just came to know that
> from the client's side somebody
> was trying to change the /etc/passwd file and after
> that it started behaving like
> this...I myself is not too experienced in the Sysadmin
> area...so need help..
>
> If you all can advice me what to check and where, it
> will be helpful... I am already
> compamring though with the files like sudo, su with
> our existing server , which
> has same type of configuration....
Today is the day that your client learns their lesson, and restores from
backups, because they were compromised for being stupid.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lonni J Friedman netllama at linux-sxs.org
Linux Step-by-step & TyGeMo http://netllama.ipfox.com
More information about the Linux-users
mailing list