[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] A hacked box - an example
- Subject: RE: [cobalt-security] A hacked box - an example
- From: "MikeM" <mike_miller@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Apr 2001 13:06:33 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> On Behalf Of HubNut Limited
> Sent: Tuesday, April 24, 2001 9:44 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] A hacked box - an example
>
>
> Hi,
>
> Try running as root...
>
> Richard
>
Similar results:
[admin@config admin]$ rpm -V util-linux
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
..?..... /usr/bin/chfn
..?..... /usr/bin/chsh
.M?..... /usr/bin/newgrp
.M...... /usr/bin/write
[admin@config admin]$ su
Password:
[root@config admin]# rpm -V util-linux
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
.M...... /usr/bin/newgrp
.M...... /usr/bin/write
[root@config admin]#
Does it matter that the problem login is in the /etc/pam.d/chfn directory
instead of the /bin directory? I guess what I am really asking is, which
version of login is actually run when I log in?