On 2015-02-05, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, February 5, 2015 5:23 pm, Always Learning wrote:
>>
>> On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote:
>>
>>> >>>
>>> >>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>>
>>> Be it me, I would consider box compromised. All done on/from that box
>>> since probable day it happened compromised as well. If there is no way
>>> to
>>> establish the day, then since that system originally build. With full
>>> blown sweeping up the consequences. Finding really-really-really
>>> convincing proof it is not a result of compromise (and yes, fight one's
>>> wishful thinking!).
>>
>> Logically ?
>>
>> 1. to change the permissions on shadow from -rw-x------ or from
>> ---------- to -rw-r--r-- requires root permissions ?
>>
>> 2. if so, then what is the advantage of changing those permissions when
>> the entity possessing root authority can already read shadow - that
>> entity requires neither group nor user permissions to read shadow.
>
> As I said, it's your money, mister.
It seems very likely that, even if the system's security is not
compromised, the sysadmin's certainly is. Some things are beyond our
ability to repair.
--keith
--
kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
