If there is a backdoor/rootkit install, maybe someone modify your login program and now get your rootpasswd somewhere else. Maybe hardcoded in your login program.
I dont remember the exact option, since i didnt use RPM last few years, but I remember using such a command that tell if a file differ from the one that comes with the package. that help finding rootkit/backdoor Hope that helps. Mathieu On Monday 11 August 2003 23:19, N Wainwright wrote: > no capitals at all in any passwords i use > > i did change it, the new one won't work. nor will the new passwords for > my other users > > i'll try from right at the box (ssh'd in right now) > > trying right now to crack my passwd file with john the ripper... course > i have no idea if im doing it right. > > Bogi wrote: > >Hi :-) > >Check your capslock > >Also check for capital/small letters in youe password. > >And i would understand you changed the root password on your linux box :-) > >and looking at your mail, root may not be able to login from network, just > >from consule, so login as normal user then su to root .... > >Hope these helped > >Cheers > >Szemir > > > >On Monday 11 August 2003 22:35, you wrote: > >>okay... i don't know what the heck is going, who knows, maybe I'm > >>getting hacked. > >> > >>abit ago i tried logging into my system, into another terminal (was and > >>am still logged in) > >> > >>my root password woldn't work > >> > >>i've changed it (using passwd) in the terminal im in... that password > >>won't work either in the new login.... > >> > >>uhm... anyone help? -- -- <Neil> Using spaces for indentation is like using tabs for carriage return.
