Re: Shadow passwords NOT md5'ed ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Bill Campbell wrote:
> On Sun, Apr 05, 2009, Ralph Angenendt wrote:
>> Michael A. Peters wrote:
>>> Ralph Angenendt wrote:
>>>> Frédérique Da Luene wrote:
>>>>> Useradd newuser : ok
>>>>> passwd newuser : ok
>>>>>
>>>>> The password is not MD5, only 3DES.
>>>> Again: Have you looked if passwd on your machine is the one from CentOS?
>>>>
>>> I would suggesting copying the binary to a known clean machine to check 
>>>   the md5sum to verify. If you might have been hacked, you can't check 
>>> the md5 on that box.
>> Yupp. The last times I had to handle/help in such situations, the binaries
>> were clearly way off for the machines - often a comparing ls -l is enough, but
>> not all the time.
> 
> This will tell if the program is different and works on any RPM
> based system regardless of their package contents.
> 
> rpm -V `rpm -qf /bin/login`

This assumes that rpm and the library it uses have not been compromised.
I personally suspect the machine has been compromised.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux