[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] A hacked box - an example

Subject: RE: [cobalt-security] A hacked box - an example
From: "MikeM" <mike_miller@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Apr 2001 13:06:33 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> On Behalf Of HubNut Limited
> Sent: Tuesday, April 24, 2001 9:44 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] A hacked box - an example
>
>
> Hi,
>
> Try running as root...
>
> Richard
>


Similar results:

[admin@config admin]$ rpm -V util-linux
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
..?.....   /usr/bin/chfn
..?.....   /usr/bin/chsh
.M?.....   /usr/bin/newgrp
.M......   /usr/bin/write
[admin@config admin]$ su
Password:
[root@config admin]# rpm -V util-linux
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
.M......   /usr/bin/newgrp
.M......   /usr/bin/write
[root@config admin]#


Does it matter that the problem login is in the /etc/pam.d/chfn directory
instead of the /bin directory?  I guess what I am really asking is, which
version of login is actually run when I log in?

References:
- RE: [cobalt-security] A hacked box - an example
  - From: HubNut Limited

Prev by Date: Re: [cobalt-security] A hacked box - an example
Next by Date: Re: [cobalt-security] A hacked box - an example
Previous by thread: RE: [cobalt-security] A hacked box - an example
Next by thread: RE: [cobalt-security] A hacked box - an example

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index