At 09:40 2001-01-24 -0500, you wrote:
I believe my Raq3i may have been compromised. At 2:39am this morning it stopped responding, and my monitoring software reports a change in my passwd, group, and shadow files. Does anyone have a list of the factory cobalt usernames? I know I should have taken an inventory by now, but you know, busy busy... The specific usernames that I question are: "pop" and "operator" Are those installed into the raq3i by the factory? Thanks, Kevin
You can't use those accounts for logins. They are used by system services. Boot into single-user mode and edit /etc/shadow.
-- Thomas Novin · thnov@xxxxxxxxxxx · http://xyz.pp.se/~thnov/pgp.asc Thalamus Networks AB · +46 (0)431 445400 · http://www.thalamus.se Fingerprint: DFB2 39F2 0EF8 7A21 E8C9 22D3 E798 A74A 14F7 6F0C