Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 






Current Newswire:

5 Best Android Apps For Reddit Lovers

SECURITY: Flash Player Sandbox Comes to Firefox

The Future of Kubuntu

SECURITY: Symantec should not be afraid of 'open' source code

Linux 3.3 rc3

60 Fantastic Free Android Apps

Ready for Another Linux Tablet? Meet the Rugged Trimble Yuma

How can the layman get involved with free software?

RIM Commits to Open Source BlackBerry 10 Native SDK

Oracle Staking Claim in Open-Source 'R' Language



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:A strangely compromised Linux box
A strangely compromised Linux box
Nov 6, 2009, 12 :43 UTC (1 Talkback[s]) (7971 reads)

"When I arrived on site, I found that I could not login as he had said. I rebooted to single use mode and started peeking around. The machine had been hacked; there was little doubt about that. It's HOW it was hacked that bothers me,

"First, there was no attempt to hide any evidence. I could see in wtmp and the secure logs that someone had logged in from a German ISP address, attained su status, and created a new su user for himself. He then changed root's password.

"Fine so far, right? But then he did something very strange. He hand edited /etc/passwd and added "/nologin" at the end of each line except root and his own. This was what was preventing people from logging in.

Why do that?"

Complete Story

Related Stories:
GNU/Linux Security: Linux House vs Microsoft House(Oct 28, 2009)
Linux and Security: Mission Impossible?(Oct 26, 2009)
Where Are the Cybercops?(Oct 05, 2009)
Attack on WPA refined(Aug 28, 2009)
If Everything Was Made by Microsoft(Apr 29, 2009)
Fedora: Chronicle of a Server Break-in(Apr 03, 2009)


Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat  
  Talkback(s) Name  and Date
I was just talking to the owner of the h ...   Update   
Tony Lawrence
Nov 6, 2009, 13:47:19  
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP