www.chkrootkit.org The above mentioned util will find any rootkits (well, the ones that we currently know about) and sniffer logs. Shoud be what you are looking for. Rootkits are fairly easy to find but it is script kiddie behaviour. I take it you are not involved in administrating these machines at your institute ? Craig -----Original Message----- From: Anindya Mozumdar [mailto:anindya@xxxxxxxxx] Sent: 01 July 2004 09:43 To: linux-admin@xxxxxxxxxxxxxxx Subject: Re: Root Permissions Hi, Probably I framed the question badly, so everyone has misunderstood what I asked. I am not at all interested in reinstalling or preventing my friend from doing what he wants. I wanted to know what he may have possibly setup so that he can become root any time, so that I can do the same. And I wanted to know how it can be reversed, so that my own system is protected from such attacks. Thanks. Anindya. On Thu, Jul 01, 2004 at 10:34:25AM +0530, Anindya Mozumdar wrote: > Hi, > The following problem may be trivial to some of you, however my > knowledge of linux is limited, and I dont understand how can it be > done. > In our institute, we use Debian Linux, and the boot loader is lilo. > For those machines where the lilo password is not set, ANY ONE can > get a root shell by simply interrupting the boot process and typing > linux init=/bin/sh in the boot prompt. > One of my friends obtained a root shell in this manner, and has > either made some changes, or set up some program, by which he can > become root any time, without acutally knowing the root password, > which is known only to our system administrator. What may be the > possible things he has done to setup his program, and how can it be > reversed ? > Thanks in advance. > Anindya Mozumdar. > - > : send the line "unsubscribe linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html ---------------------------------------------------------------------------- --- Anindya Mozumdar anindya (at) cmi (dot) ac (dot) in "Bad language isn't second nature to me - it's first. Bad language and bad behaviour. It's a f****** winning combination, you've got to admit." - Ozzy Osbourne - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
