Dear list, When logging in to my hitherto trusty SuSE8.2 after issuing the password nothing happens for a few seconds, then the screen fills with:
/bin/grep: too many arguments /bin/ls: too many arguments /bin/manpath: too many arguments /bin/sed: too many arguments etc I can kill the process with ctrl c; but then get a bash prompt: -bash2.05$ (the minus sign is intentional) I can spawn a bash shell from this prompt (with /bin/bash), where my 'normal' prompt appears. The output of ps ax, shows there is indeed a stopped process called -bash. If I kill it I'm back to the login prompt. This behaviour is for runlevels 2,3 & 5 (I guess, 'cause after the xdm login the system hangs). Any clues as to what's going on here? I'm rather suspicious, & in rescue mode found a few setuid & setgid files on my system, as recommended in: www.cert.org/tech_tips/intruder_detection_checklist.html Should all these be setuid (ignore the HD, I mounted the drive here in rescue mode)? /HD/bin/su /HD/bin/ping /HD/bin/eject /HD/bin/mount /HD/bin/ping6 /HD/bin/umount /HD/opt/kde3/bin/fileshareset /HD/opt/kde3/bin/kgrantpty /HD/opt/kde3/bin/artswrapper /HD/opt/kde3/bin/kcheckpass /HD/opt/kde3/bin/kpac_dhcp_helper /HD/usr/bin/at /HD/usr/bin/rcp /HD/usr/bin/rsh /HD/usr/bin/ssh /HD/usr/bin/bing /HD/usr/bin/chfn /HD/usr/bin/chsh /HD/usr/bin/sudo /HD/usr/bin/crontab /HD/usr/bin/chage /HD/usr/bin/mandb /HD/usr/bin/ziptool /HD/usr/bin/rcp /HD/usr/bin/rsh /HD/usr/bin/ssh /HD/usr/bin/bing /HD/usr/bin/chfn /HD/usr/bin/chsh /HD/usr/bin/sudo /HD/usr/bin/crontab /HD/usr/bin/chage /HD/usr/bin/mandb /HD/usr/bin/ziptool /HD/usr/bin/ncplogin /HD/usr/bin/ncpmount /HD/usr/bin/expiry /HD/usr/bin/ncpmap /HD/usr/bin/newgrp /HD/usr/bin/ntping /HD/usr/bin/passwd /HD/usr/bin/gpasswd /HD/usr/bin/rlogin /HD/usr/bin/nwsfind /HD/usr/bin/ncpumount /HD/usr/bin/cdrecord /HD/usr/lib/news/bin/inndstart /HD/usr/lib/news/bin/startinnfeed /HD/usr/lib/pt_chown /HD/usr/sbin/isdnctrl /HD/usr/sbin/suexec /HD/usr/sbin/plpnfsd /HD/usr/X11R6/bin/dga /HD/usr/X11R6/bin/v4l-conf /HD/usr/X11R6/bin/XFree86 Regards, Robert -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
