Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Feb 5, 2015 at 4:39 PM, Valeri Galtsev
<galtsev@xxxxxxxxxxxxxxxxx> wrote:
>
>>
>> Yes, /etc/shadow would have always been readable only by root by
>> default.   The interesting question here is whether an intruder did
>> it, clumsily leaving evidence behind, or whether it is just a local
>> change from following some bad advice about things that need to be
>> changed - or running some script to make those changes.  The latter
>> seems more likely to me.
>>
>
> Be it me, I would consider box compromised. All done on/from that box
> since probable day it happened compromised as well. If there is no way to
> establish the day, then since that system originally build. With full
> blown sweeping up the consequences. Finding really-really-really
> convincing proof it is not a result of compromise (and yes, fight one's
> wishful thinking!).

You aren't being paranoid enough.  If it happened as a result of
following some instructions or running a script, it's not just the box
that is compromised, it is everything you think you know.   On the
other hand it could have just been an accidental typo.


-- 
   Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux