John,
I hope not. Having said that, I looked at the messages file and I found this
wierd part that came up shortly after the server was setup:
Feb 26 21:12:52 redhserver PAM_pwdb[656]: (login) session opened for user
rilindo by (uid=0)
Feb 26 21:13:49 redhserver PAM_pwdb[679]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 26 21:14:09 redhserver PAM_pwdb[680]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 26 21:14:15 redhserver PAM_pwdb[681]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 26 21:14:43 redhserver PAM_pwdb[682]: password for (rilindo/500) changed
by (rilindo/500)
Feb 26 21:16:00 redhserver PAM_pwdb[656]: (login) session closed for user
rilindo
Feb 26 21:16:00 redhserver inetd[486]: pid 655: exit status 1
Feb 26 21:16:05 redhserver PAM_pwdb[685]: (login) session opened for user
rilindo by (uid=0)
Feb 26 21:16:07 redhserver PAM_pwdb[685]: (login) session closed for user
rilindo
Feb 26 21:16:07 redhserver inetd[486]: pid 684: exit status 1
Feb 27 04:02:00 redhserver anacron[816]: Updated timestamp for job
`cron.daily' to 2001-02-27
Feb 27 12:15:51 redhserver inetd[486]: pid 3447: exit status 1
Feb 27 12:17:11 redhserver inetd[486]: pid 3449: exit status 1
Feb 27 12:21:23 redhserver PAM_pwdb[3454]: (login) session opened for user
rilindo by (uid=0)
Feb 27 12:26:41 redhserver PAM_pwdb[3478]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 27 12:26:53 redhserver PAM_pwdb[3479]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 27 12:27:01 redhserver PAM_pwdb[3480]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 27 12:27:53 redhserver PAM_pwdb[3481]: password for (rilindo/500)
changed by (rilindo/500)
Feb 27 12:27:56 redhserver PAM_pwdb[3454]: (login) session closed for user
rilindo
Feb 27 12:27:56 redhserver inetd[486]: pid 3453: exit status 1
Feb 27 22:35:35 redhserver rpc.statd[360]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿bffff750 8049710 8052c28687
465676274736f6d616e797265206520726f7220726f66
bffff718
bffff719 bffff71a
bffff71b<90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
Feb 27 22:37:20 redhserver adduser[3640]: new group: name=dns, gid=501
Feb 27 12:26:53 redhserver PAM_pwdb[3479]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 27 12:27:01 redhserver PAM_pwdb[3480]: authentication failure;
rilindo(uid=500) -> rilindo for passwd service
Feb 27 12:27:53 redhserver PAM_pwdb[3481]: password for (rilindo/500)
changed by (rilindo/500)
Feb 27 12:27:56 redhserver PAM_pwdb[3454]: (login) session closed for user
rilindo
Feb 27 12:27:56 redhserver inetd[486]: pid 3453: exit status 1
Feb 27 22:35:35 redhserver rpc.statd[360]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿bffff750 8049710 8052c28687
465676274736f6d616e797265206520726f7220726f66
bffff718
bffff719 bffff71a
bffff71b<90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90>
<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>
Feb 27 22:37:20 redhserver adduser[3640]: new group: name=dns, gid=501
Feb 27 22:37:20 redhserver adduser[3640]: new user: name=dns, uid=501,
gid=501, home=/bin, shell=/bin/bash
Feb 27 22:38:20 redhserver adduser[3642]: new user: name=sql, uid=0, gid=0,
home=/bin, shell=/bin/bash
Feb 27 22:38:32 redhserver PAM_pwdb[3643]: password for (sql/0) changed by
((null)/0)
Feb 27 22:38:42 redhserver PAM_pwdb[3644]: password for (dns/501) changed by
((null)/0)
Feb 27 22:41:00 redhserver PAM_pwdb[3648]: (login) session opened for user
dns by (uid=0)
Feb 27 22:41:07 redhserver PAM_pwdb[3669]: (su) session opened for user sql
by dns(uid=501)
Feb 27 22:44:03 redhserver syslogd 1.3-3: restart.
Feb 27 23:04:03 redhserver -- MARK --
Feb 27 23:24:03 redhserver -- MARK --
Feb 27 23:37:48 redhserver PAM_pwdb[3669]: (su) session closed for user sql
Feb 28 00:04:03 redhserver -- MARK --
Feb 28 00:24:03 redhserver -- MARK --
Feb 28 00:44:03 redhserver -- MARK --
Feb 28 01:04:03 redhserver -- MARK --
What in the world is that?!
Rilindo Foster
-----Original Message-----
From: John Aldrich [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 03, 2001 5:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Wierd password problem - root linked to user login.
On Sat, 03 Mar 2001, Rilindo Foster wrote:
> Friends,
>
> We recently setup Red Hat 6.2 (server installed) and yesterday I had to go
> change the root password via linux single mode (the client couldn't su to
> root). At any rate, here is the problem.
>
[snip]
>
> It is as if the root password is linked with the users on that machine.
Any
> ideas what is going on?
>
> (BTW, passwd does have the SETGID correctly set).
>
Wierd... almost as if the box was hacked! I'd consider
wiping the drive and reinstalling from scratch!
John
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
