-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 15, 2003 at 10:15:21AM -0700, Jim Christiansen wrote: > Also, is there a way for a root user to hide the creation of another > user with root privileges? Typically no -- if there is another user with root privileges, they will be listed in the password file (/etc/passwd). All users with root privileges have the UID of 0. Note that creating multiple users with root privileges is generally a very bad idea... If you need to give root access to multiple people, the best way to do this is to use the sudo utility. It allows you to control what they can and can't run as root, and logs its usage in the system logs. There are RPMs available for Red Hat on the CD, or you can get it here: http://www.courtesan.com/sudo/ However, if someone has compromised your system, it *IS* possible that they could have created a backdoor user, and used a kernel module or some other obfuscation technique to hide that fact from you. Kernel modules exist that allow an attacker to do all sorts of nasty things: hide running malicious processes, hide files in the filesystem, etc. etc. ad nauseum. If you believe your system has been compromised, the only sure way to recover from that is to wipe your system clean, and re-install from known good (non-writable) installation media. Your question suggests that you may think you have been compromised... If you discover that you have, be sure to reinstall, and get all the security-related updates for the software you have installed and running. Also be sure not to run any network services that you don't need. They provide an attack vector that you simply don't need. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+JZzQHEnASN++rQIRAjF7AJ4/jNSfZG6k6nCTV065vgUmq4ymVQCdGalE B0x6rA49WElyC1Q1PEWWqNs= =IVWy -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list