Re: FC9 Compromised...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Craig White wrote:

the problem isn't Fedora 9, it's the person setting it up and
maintaining it. These days, the most likely way someone would own a
computer would be to connect via ssh using a brute force method but it
could be something as simple as users who can get pop3 e-mail and also
have shell access so capturing an unsecured login on pop3 will allow
someone a local shell and when that happens, it's likely only a matter
of time before they get root. SELinux is designed to limit the
opportunities available when things like this happen.

Seems to me if you have a number of boxes that were compromised, they
probably all shared the same 'root' password and that was definitely
hacked.

Disagree, if anyone used the root password they had to know what it was... 27 characters

It's probable that they got in through a pop3 account on one machine.

You might parse /etc/passwd to see what account has uid = 0

It exists...

You should not have any of these machines connected to the Internet. You
should be aware of the likelihood that these machines have keyloggers
installed on them which will capture anything you type.

No rootkits found, no trojans or viruses found.

Yes, you need to get data off the system and completely re-install.

Your question however is unclear. If you want to add 'root' back in,
something like this should work...

Yes, I need to add root back in...

useradd -u 0 -g 0 -h /root
and then 'passwd root' to set the password
doesn't work... /etc/shadow is missing.


Craig



------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.4/1976 - Release Date: 02/27/09 13:27:00


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux