After a hack, it's possible that the pwconv program has been altered, as
well as the login, etc...
Look & see if the passwd file is there or not (both the normal one & the pam
one), & see if they've been modified.
Also, check the login program... One of the hacks on those looks like a
failed login, so that you try all your different passwords (thinking you've
misremembered which one to use on a particular system), and records all
those passwords for the cracker to use later.
> -----Original Message-----
> From: Gary Carr [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 08, 2000 1:12 PM
> To: [EMAIL PROTECTED]
> Subject: can not log in as root or a user
>
> One of our servers may have gotten hacked thru the ftp bug causing all
> logins to get denied. I can not log into the server as root or any other
> login unless I boot to single user mode. I have checked for the nologin
> file
> in the /etc directory and it is not present. What else do I need to check
> to
> find the cause of not being able to log into the console as root or any
> other user? BTW, I have also booted to single user mode and changed the
> root
> password and even run the passconv program to make sure the shadow file
> gets
> updated. I'm at a loss here and any help would be appreciated.
>
>
> Thanks,
>
> Gary
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list