On Thu, May 23, 2002 at 09:54:06AM +0800, aeab wrote:
> usual wednesday morning here...logon to the linux server.. su -
> got prompt bash-2.05#
aeab,
If you did not login as root and then you did su - and got a shell
1. type id to see your user and group id
uid=0(root) gid=0(root) << if you see this then you are root
2. Was there a passwd for root before? Check your /var/log/messages
to see if there was a passwd change, then you can use last to see
who was logged at that time.
3. if you have PAM, check the login and system-auth modules. if
you see lines like:
auth sufficient /lib/security/pam_unix.so likeauth nullok
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
then you might want to remove the argument "nullok" since it allows the
use of "blank" passwds.
4. Check your computer for any signs of unauthorized access.
Are you still able to repeat that same thing (log as a user and do su and
get a root shell)? Or did it just happened once?
Regards,
David Correa
Network Engineer http://www.linux-tech.com
Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
