Re: can not log in as root or a user

2000-08-09 Thread John Aldrich
On Tue, 08 Aug 2000, you wrote: > Ok, I have found the replaced files in the /bin directory. They replaced the > login, ls, netstat, ps, and pwd files. I have restored those from the backup > and am able to get into the server again. I was able to access the server by > enabling the rlogin from si

Re: can not log in as root or a user

2000-08-08 Thread Jack Bowling
** Reply to message from "Gary Carr" <[EMAIL PROTECTED]> on Tue, 8 Aug 2000 13:59:20 -0400 > Ok, I have found the replaced files in the /bin directory. They replaced the > login, ls, netstat, ps, and pwd files. I have restored those from the backup > and am able to get into the server again. I w

RE: can not log in as root or a user

2000-08-08 Thread Burke, Thomas G.
already)... > -Original Message- > From: Gary Carr [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, August 08, 2000 1:59 PM > To: [EMAIL PROTECTED] > Subject: Re: can not log in as root or a user > > Ok, I have found the replaced files in the /bin directory. They repl

Re: can not log in as root or a user

2000-08-08 Thread Gary Carr
Ok, I have found the replaced files in the /bin directory. They replaced the login, ls, netstat, ps, and pwd files. I have restored those from the backup and am able to get into the server again. I was able to access the server by enabling the rlogin from single user mode and logging in remotely.

Re: can not log in as root or a user

2000-08-08 Thread Jason Costomiris
On Tue, Aug 08, 2000 at 11:24:09AM -0600, Chuck Mead wrote: : Reinstall. Sorry but you're in an ugly situation... imagine that : /bin/login has : been replaced! At the very least! Rootkits have become pretty sophisticated. I've even seen one that was PAMified, so it would work nicely on RedHat

Re: can not log in as root or a user

2000-08-08 Thread Eddie Strohmier
Gary, I had the same symptoms on a breakin once and it turned out the hack had replaced my /bin/login file. He or she was kind enough to back up my old one though. If you don't have a backup of the /bin/login file I am afraid you will probably have to reinstall. Best of luck, Eddie Strohmier

RE: can not log in as root or a user

2000-08-08 Thread Burke, Thomas G.
After a hack, it's possible that the pwconv program has been altered, as well as the login, etc... Look & see if the passwd file is there or not (both the normal one & the pam one), & see if they've been modified. Also, check the login program... One of the hacks on those looks like a failed lo

Re: can not log in as root or a user

2000-08-08 Thread Chuck Mead
On Tue, 8 Aug 2000, Gary Carr spewed into the bitstream: GC>One of our servers may have gotten hacked thru the ftp bug causing all GC>logins to get denied. I can not log into the server as root or any other GC>login unless I boot to single user mode. I have checked for the nologin file GC>in the