On 16 Feb 2011 12:34, "Nico Kadel-Garcia" <nkadel@xxxxxxxxx> wrote:
>
> Uh-oh. Has your developer, or you, been editing the /etc/passwd,
> /etc/shadow, /etc/group, or /etc/gshadow files manually?
Nope.
> And do you
> use NIS or LDAP for authentication?
Nope.
> And this is a publicly exposed
> webserver, right? How fast can you rebuild it if it's been rootkitted?
How long is a peice of string? As quick as I can reupload the data, but thats another issue for another day.
> Check the /etc/shadow and /etc/group for consistent numbers of
> entries, and /etc/group and /etc/gshadow.
Do you mean duplicate entries? If so there are none of those.
> Do you have other users who
> can still log in or not?
There is only the root and web dev user on this box.
Thanks for your input Nico :)
--James. (This email was sent from a mobile device)
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
