On Wed, 21 Apr 2004 09:45, you wrote:
> On Tue, Apr 20, 2004 at 09:36:43AM +1200, Yuri de Groot wrote:
> > I was checking my IPCOP logs and discovered I may have been hacked.
> > It turns out that IPCOP thought someone may have gotten root access
> > because it saw a packet containing the string "u
On Wed, 2004-04-21 at 09:45, Martin Bähr wrote:
> On Tue, Apr 20, 2004 at 09:36:43AM +1200, Yuri de Groot wrote:
> > It turns out that IPCOP thought someone may have gotten root access
> > because it saw a packet containing the string "uid=0(root)" in
> if you get a page with that string from a web
On Tue, Apr 20, 2004 at 09:36:43AM +1200, Yuri de Groot wrote:
> I was checking my IPCOP logs and discovered I may have been hacked.
> It turns out that IPCOP thought someone may have gotten root access
> because it saw a packet containing the string "uid=0(root)" in
> response to "id".
>
> This r
On Tue, 2004-04-20 at 09:36, Yuri de Groot wrote:
> This reply will trigger it again :-)
Oh, I needed a good laugh this morning. Thanks Yuri!
-jim
I was checking my IPCOP logs and discovered I may have been hacked.
It turns out that IPCOP thought someone may have gotten root access because it
saw a packet containing the string "uid=0(root)" in response to "id".
I checked the offending IP address and it resolved to pop.clear.net.nz
"Damn" I
Well, I've fixed it by deluser'ing ajt and adduser'ing him again with
--uid 1002 .
I'm a little curious as to what the critical difference between
inserting lines into /etc/passwd and /etc/shadow and using adduser
are.
Of course, I've just realised I've forgotten to add ajt to the right
group
On Sat, Apr 17, 2004 at 06:40:12PM +1200, Andrew Tarr wrote:
> [EMAIL PROTECTED]:~$ id
> uid=1002(ajt) gid=1002(ajt)
> groups=1002(ajt),24(cdrom),29(audio),30(dip),60(games),100(users),1000(wheel)
> portia:~# id ajt
> uid=1002(ajt) gid=1002(ajt)
> groups=1002(ajt),24(cdrom),29(audio),30(dip),60(g
Mike Beattie <[EMAIL PROTECTED]> writes:
> Aha, how about running 'id' as both root, ajt, and the other user?
>
> and running 'id ajt', and 'id ' as root...
[EMAIL PROTECTED]:~$ id
uid=1002(ajt) gid=1002(ajt)
groups=1002(ajt),24(cdrom),29(audio),30(dip),60(games),100(users),1000(wheel)
[EMAI
On Fri, Apr 16, 2004 at 10:28:27AM +1200, Andrew Tarr wrote:
> Well, the lines above is the output from getent... I either put it
> into a file using output redirect or used 'script', and inserted the
> resulting file into my emacs buffer --- is there any other useful way
> of getting stuff from a
On Fri, Apr 16, 2004 at 10:46:47AM +1200, Andrew Tarr wrote:
> Now, I'm not quite sure ATM how I got 'ajt' into the system... I may
> have copied lines from my old /etc/passwd and /etc/shadow. Was that
> maybe not a good idea? I wanted to preserve the uid, because otherwise
> the uids on all my fi
On Fri, Apr 16, 2004 at 10:28:27AM +1200, Andrew Tarr wrote:
> /etc/pam.d/su :
> auth sufficient pam_wheel.so trust group=wheel
Obviously you've specifically enabled this, and I think we've been
through this, but ajt is _definitely_ a member of the wheel group?
(make sure you check /etc/{p
OK, another piece of the puzzle:
I've tried adding another user. Logging in as that user and then
running 'su' works just fine.
Now, I'm not quite sure ATM how I got 'ajt' into the system... I may
have copied lines from my old /etc/passwd and /etc/shadow. Was that
maybe not a good idea? I want
Mike Beattie <[EMAIL PROTECTED]> writes:
> >
> > root:x:0:0:root:/root:/bin/bash
> > ajt:x:1002:1002:Andrew Tarr,,,:/home/ajt:/bin/bash
> >
> > root:$1$:12500:0:9:7:::
> > ajt:$1$/:12497:0:9:7:::
>
> > > Also, check the permissions on /sbin/unix_chkpwd--they should be 4555.
> >
> > y
on the password, and you cannot have them break.
Lock your computer room doors people.
Ciao, Dave
-Original Message-
From: Mike Beattie [mailto:[EMAIL PROTECTED]
Sent: Thursday, 15 April 2004 7:36 p.m.
To: [EMAIL PROTECTED]
Subject: Re: Now: Why I left my password blank... RE: su not
On Thu, Apr 15, 2004 at 12:12:43AM +1200, Andrew Tarr wrote:
> > As root, try:
> > (assumes your user is ajt--based on auth.log above)
> >
> > # getent passwd root ajt
> > ajt:x:1000:1000:Andrew Tarr,,,:/home/ajt:/bin/csh
> > root:x:0:0:root:/root:/bin/csh
>
> root:x:0:0:root:/root:/bin/bash
> aj
On Thu, Apr 15, 2004 at 11:52:06AM +1200, Nick Rout wrote:
> It is next to impossible to easily re-create the password from
> the encrypted form saved in the password database. getent only returns
> the encrypted version.
I hate to nitpick, but passwords are hashed, not encrypted... apart from
tha
On Thursday 15 April 2004 11:36, Don Gould wrote:
> I think the subject like says it all really...
Yes, and what the subject says is that you have hi-jacked the thread and
turned what was developing into a very interesting lesson in diagnosing a
problem into a sequence of beat-my-chest rantings,
Boot Access = Root Access
Full Stop.
Nick Rout wrote:
On Thu, 15 Apr 2004 11:49:58 +1200
Dale Anderson <[EMAIL PROTECTED]> wrote:
if someone has physical access to ya box a simple live cd gives anyone
access to your data regardless or how great your password is if you
want to get paraniod
y
On Thu, 15 Apr 2004 11:49:58 +1200
Dale Anderson <[EMAIL PROTECTED]> wrote:
> if someone has physical access to ya box a simple live cd gives anyone
> access to your data regardless or how great your password is if you
> want to get paraniod
yes and the ability to chroot into your system an
On Thu, 2004-04-15 at 11:36, Don Gould wrote:
> Reading this threed I was just left with the reality check that dispite over
> 20 years playing with and using computers I haven't got a hope in hell of
> keeping you guys out of my system!
Well, if you will use Microsoft ... :-)
The number of remote
On Thu, 15 Apr 2004 11:36:12 +1200
Don Gould <[EMAIL PROTECTED]> wrote:
> Questions:
>
> What is 'getent' ? It's a tool to do wat exactly? I can sort of see what
> it did, from what I can see it made a complete mocaray of security.
getent --help
getent --help
Usage: getent [OPTION...] data
t; <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 15, 2004 11:36 AM
Subject: Now: Why I left my password blank... RE: su not working
> I think the subject like says it all really...
>
> How secure is linux v's how much we just leave each others systems alone
> -Original Message-
> From: Andrew Tarr [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 15, 2004 12:13 AM
> To: [EMAIL PROTECTED]
> Subject: Re: su not working
>
>
> Matthew Gregan <[EMAIL PROTECTED]> writes:
>
>
> > As root, try:
> > (assume
Andrew,
Since we're not making a lot of progress, the way to solve this problem
may be to enable PAM debugging. Unfortunately, to do this you'll need
to build libpam0g from source.
Here's what you need to do:
As root:
1. Add a deb-src line to /etc/apt/sources.list, e.g.:
deb-src ftp://ftp.
On Thu, Apr 15, 2004 at 12:12:43AM +1200, Andrew Tarr wrote:
> root:x:0:0:root:/root:/bin/bash
> ajt:x:1002:1002:Andrew Tarr,,,:/home/ajt:/bin/bash
> root:$1$:12500:0:9:7:::
> ajt:$1$/:12497:0:9:7:::
Looks fine.
> portia:~# grep md5 /etc/pam.d/*
> /etc/pam.d/common-password:password
Matthew Gregan <[EMAIL PROTECTED]> writes:
> As root, try:
> (assumes your user is ajt--based on auth.log above)
>
> # getent passwd root ajt
> ajt:x:1000:1000:Andrew Tarr,,,:/home/ajt:/bin/csh
> root:x:0:0:root:/root:/bin/csh
root:x:0:0:root:/root:/bin/bash
ajt:x:1002:1002:Andrew Tarr,,,:/hom
On Wed, Apr 14, 2004 at 04:21:05PM +1200, Andrew Tarr wrote:
> this is the auth.log stuff for a console login and an attempt at
> executing 'su':
> Apr 14 16:19:18 portia login[15663]: (pam_unix) session opened for user ajt by
> LOGIN(uid=0)
> Apr 14 16:19:20 portia su[15691]: pam_acct_mgmt: Au
Mike Beattie <[EMAIL PROTECTED]> writes:
>
> So, Andrew, have you found a solution, or are you still battling?
>
> Mike.
> --
> Mike Beattie <[EMAIL PROTECTED]> ZL4TXK, IRLP Node 6184
nup, still battling. apt-get upgrade didn't help.
this is the auth.log stuff for a cons
On Sun, Apr 11, 2004 at 03:46:16PM +1200, Andrew Tarr wrote:
> > If you're logged in as root, does using su(1) to change to another user
> > work? If it's failing, strace(1) the su process and look of obvious
> > failures, or post the censored strace log to the list.
>
> Yes, that works.
So, An
On Sun, Apr 11, 2004 at 03:46:16PM +1200, Andrew Tarr wrote:
> I think so. I'm not entirely sure about how to interpret the 'setuid'
> stuff in either numeric permissions or the output of 'ls -l', and I
> can neither seem to coerce ls into giving numeric permissions or
> immediately find anything
On Sat, Apr 10, 2004 at 11:57:41PM +1200, Nick Rout wrote:
> can you tell us a little more about the wheel group's use and abuse? I
> have never understood quite what it was for, where it got it's name
> etc. Apart from the fact that I need to be in the group, in some
> distro's, in order to su. A
It's the case in FreeBSD - I just checked. It's bound to be the case in the
other *BSD as well. I've never heard of it being so in Linux.
On Sat, 10 Apr 2004 18:07, you wrote:
> On Saturday 10 April 2004 16:41, Andrew Tarr wrote:
> > su: Authentication Failure
> > Sorry.
>
> On ye olde Unix, an
Matthew Gregan <[EMAIL PROTECTED]> writes:
> On Sat, Apr 10, 2004 at 04:41:35PM +1200, Andrew Tarr wrote:
>
> > So I reinstalled Debian from the installation beta on my laptop, and
>
> Was this a fresh reinstallation, or have you restored files from backup?
It was a fresh installation. /home an
On Sat, 10 Apr 2004 23:54:01 +1200, you wrote:
>On Sat, Apr 10, 2004 at 11:10:59PM +1200, Steve Holdoway wrote:
>> FWIW, In the 20+ years that I've been using *nices for a living, it
>> wasn't until I used Linux that I even heard of the wheel group.
>
>The wheel group hasn't been strongly adopted
On Sat, 10 Apr 2004 23:10, Steve Holdoway wrote:
> If you're using debian, it might be worth running an apt-get update,
> just to see if there's something out of kilter, I must admit to
> running a b*stardised version of Fedora, which I know isn't PC in this
> group (^:
nothing unPC about that as
On Sat, 10 Apr 2004 23:54, Matthew Gregan wrote:
> On Sat, Apr 10, 2004 at 11:10:59PM +1200, Steve Holdoway wrote:
> > FWIW, In the 20+ years that I've been using *nices for a living, it
> > wasn't until I used Linux that I even heard of the wheel group.
>
> The wheel group hasn't been strongly ado
On Sat, Apr 10, 2004 at 11:10:59PM +1200, Steve Holdoway wrote:
> FWIW, In the 20+ years that I've been using *nices for a living, it
> wasn't until I used Linux that I even heard of the wheel group.
The wheel group hasn't been strongly adopted in Linux. Any Linux use of
the wheel group is derive
mea culpa, Matthew & Andrew are perfectly correct, I did not read the original
post properly. My apologies for clogging the ariwaves. I'll shut up now.
On Sat, 10 Apr 2004 22:28, Andrew Tarr wrote:
> Nick Rout <[EMAIL PROTECTED]> writes:
> > On Sat, 10 Apr 2004 18:07, Christopher Sawtell wrote:
On Sat, 10 Apr 2004 22:28:31 +1200, you wrote:
>
>Nick Rout <[EMAIL PROTECTED]> writes:
>
>> On Sat, 10 Apr 2004 18:07, Christopher Sawtell wrote:
>> > On Saturday 10 April 2004 16:41, Andrew Tarr wrote:
>> > > su: Authentication Failure
>> > > Sorry.
>> >
>> > On ye olde Unix, and some Linux dist
Nick Rout <[EMAIL PROTECTED]> writes:
> On Sat, 10 Apr 2004 18:07, Christopher Sawtell wrote:
> > On Saturday 10 April 2004 16:41, Andrew Tarr wrote:
> > > su: Authentication Failure
> > > Sorry.
> >
> > On ye olde Unix, and some Linux distributions, you have to be a member of
> > the wheel group
On Sat, Apr 10, 2004 at 04:41:35PM +1200, Andrew Tarr wrote:
> So I reinstalled Debian from the installation beta on my laptop, and
Was this a fresh reinstallation, or have you restored files from backup?
Are the permissions on /bin/su set to 4755?
> Now I can no longer 'su'. I can log in as ro
On Sat, Apr 10, 2004 at 06:56:48PM +1200, Nick Rout wrote:
> On Sat, 10 Apr 2004 18:07, Christopher Sawtell wrote:
> > On ye olde Unix, and some Linux distributions, you have to be a member of
> > the wheel group to be able to su. I'm now sure if this is current Debian
> > policy, but it's worth a
On Sat, 10 Apr 2004 18:07, Christopher Sawtell wrote:
> On Saturday 10 April 2004 16:41, Andrew Tarr wrote:
> > su: Authentication Failure
> > Sorry.
>
> On ye olde Unix, and some Linux distributions, you have to be a member of
> the wheel group to be able to su. I'm now sure if this is current Deb
On Saturday 10 April 2004 16:41, Andrew Tarr wrote:
> su: Authentication Failure
> Sorry.
On ye olde Unix, and some Linux distributions, you have to be a member of the
wheel group to be able to su. I'm now sure if this is current Debian policy,
but it's worth a try.
--
Sincerely etc.
Christop
So I reinstalled Debian from the installation beta on my laptop, and
after a bit of fiddling and using someone else's XF86Config, almost
everything that was working before is working again, and some things
that weren't working are now (including, amazingly, suspend-to-disk).
However, there are a
45 matches
Mail list logo
