search for: chsh

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed...

I'm noticing that logrotate's default configuration for rotating /var/ log/secure and /var/log/messages partially fails if root's shell is set to /bin/tcsh (via chsh). (Running on CentOS 4.4; logrotate-3.7.1-5.RHEL4). What seems to be happening is that the logrotate.d/syslog postrotate command runs: /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true Under bash, this redirects stderr to /dev/null. Under tcsh, this produ...

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar t...

I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and noticed that chfn, date, and chsh showed as being infected. I remember reading post from the past that right now chkrootkit is giving alot of false positives, so I suspected that these 3 binaries are not bad. However, to be on the safe side, I deleted the 3 binaries, removed /usr/src and did a 'make world' to 4.10-STABLE....

...============================= FreeBSD-SA-00:58 Security Advisory FreeBSD, Inc. Topic: chpass family contains local root vulnerability Category: core Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd Announced: 2000-10-30 Credits: Problem fixed during internal auditing. Vulnerability pointed out by: caddis <caddis@DISSENSION.NET> Affects: FreeBSD 3.x (all releases), FreeBSD 4.0-RELEASE, FreeBSD 4.0-STABLE prior to the correction date Corrected...

Hey, Gang! To ensure that a file hasn't been corrupted or tampered with, you can use rpm to verify the package it came from. Well, I found this: rpm -Vv util-linux .... ........ /usr/bin/cal S.?..... /usr/bin/chfn ........ /usr/bin/chrt S.?..... /usr/bin/chsh .... Does anyone else get this? And what would be the proper course of action at this point? Thanks mucho. -- Without music, life would be a mistake. --Friedrich Nietzsche

Hi! Running chkrootkit on newly installed FreeBSD 5.0 got: -cut- Checking `basename'... not infected Checking `biff'... not infected Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `cron'... not infected Checking `date'... INFECTED -cut- Checking `ls'... INFECTED -cut- Checking `ps'... INFECTED Checking `pstree'... not found -cut- What does it mean? Is my system really hacked?

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that chkrootkit isn't perfect with FreeBSD versions 5.x But I'm n...

Hi, when I use useradd of adduser in CentOS 3 or 4, the default shell a user gets /bin/bash. I want this to be changed to /bin/false for security reasons... How can I accomplish this? Thanks in advance for any help. -- Michiel

...abled. I have the following six files on it which are all hardlinks and have the immutable flag set: 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 chfn 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 chpass 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 chsh 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 ypchfn 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 ypchpass 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 ypchsh An attempt to rsync those file to a testbox running FreeBSD 4.11 with an rsync 3.0.4 clie...

Hello! I've found that on two FreeBSD 4.5-RELEASE boxes chkrootkit finds: Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED recompiling, say, ls from souces didn't help. False positive or source changed as well? -- Alex.

I am by no means an expert along these lines, but should the following small program lock out (for 60 seconds) elements of the shadow suit such as chsh ?? ------------------------ #include <stdlib.h> #include <shadow.h> void main() { if(lckpwdf()) { printf("Failed to get password locks\n"); exit(0); } printf("password files locked\n"); sleep(60);...

...ollecting all of the relevant commands that they need to know about, in the sense of, "if you understand these commands, you should be fine." regarding user/group admin, my tentative list of commands would be: * user{add,mod,del} * group(add,mod,del} * passwd, gpasswd * chage, chsh, chfn * pwck, grpck * pwconv, pwunconv not sure what i'm missing here, i just typed those off the top of my head. rather than scatter all of that over an entire chapter, are there any official centos/rhel reference sheets like that? if not, i can just write my own and post them at my wi...

You're going to need root access. Presumably you have it if you have control over icecast. You could do a simple adduser. Then use your favorite editor and open up the /etc/passwd file (again as root). You'll need to read up on what each of the fields are, but in short you'll want to * the password field for that new user. You'll also want to change the shell to /bin/false.

On 08/02/15 06:51, Jason Long wrote: > Thanks a lot. > > [root at printmah ~]# getent passwd jason > jason:*:11303:10513:jason JASON:/home/JASONDOMAIN/jason:/bin/false > > But I can't login to Linux via AD username and it show me : > > > > Last login: Sun Feb 8 01:48:32 2015 > Could not chdir to home directory /home/JASONDOMAIN/jason: No such file or directory

...rectory ?/home/jason?: Permission denied > -sh-4.2$ > > > About "PAM", I have not the file that you said : > > > [root at printmah ~]# nano /etc/pam.d/ > atd password-auth smtp > chfn password-auth-ac smtp.postfix > chsh polkit-1 sshd > config-util postlogin su > crond postlogin-ac sudo > cups ppp sudo-i > fingerprint-auth remote su-l > fingerprint-auth-ac runuser sy...

Hi, the man page an docs of ssh client say "If command is specified, it is executed on the remote host instead of a login shell." But afaik this is not quite accurate. The login shell is always started. But if a command is specified it runs that command instead of just opening an interactive setting. So if a user has /dev/false as login shell, you cannot run a command on that host via

Hi all. New puppet developer. Very excited. I have the agents communicating with the puppet master. I''m wondering now about best practice for file and user permissions on the puppet master. Most of my wonder probably stems from general lack of understanding in this area. I''d like to get it right though to avoid refactoring later. 1. What''s the best practice, or your

...; bash -version 1.14.7(1) - Ncpfs 2.2.0 ; ncpmount -v n/a - Pcmcia-cs 3.0.7 ; cardmgr -V 3.0.0 (n/u :) - PPP 2.3.5 ; pppd -v 2.2.0 (n/u) - Util-linux 2.9g ; chsh -v doesn't respond to -v (nonstd shadow version perhaps?) ==================================================================

.../bin:/opt/current/java/bin" declare -x PWD="/home/xxxx" declare -x SHELL="/bin/bash" declare -x SHLVL="1" declare -x TERM="xterm-256color" declare -x USER=?xxxx" -bash: PATH: command not found I have tried to rectify the issue using the usermod and chsh commands with no success. Is there anything else that I can do to get rid of this message? Kind Regards Leon