At 09:40 2001-01-24 -0500, you wrote:
>I believe my Raq3i may have been compromised. At 2:39am this morning it
>stopped responding, and my monitoring software reports a change in my
>passwd, group, and shadow files. Does anyone have a list of the factory
>cobalt usernames? I know I should have taken an inventory by now, but you
>know, busy busy...
>
>The specific usernames that I question are: "pop" and "operator"
>Are those installed into the raq3i by the factory?
>
>Thanks,
>Kevin
You can't use those accounts for logins. They are used by system services.
Boot into single-user mode and edit /etc/shadow.
--
Thomas Novin · [EMAIL PROTECTED] · http://xyz.pp.se/~thnov/pgp.asc
Thalamus Networks AB · +46 (0)431 445400 · http://www.thalamus.se
Fingerprint: DFB2 39F2 0EF8 7A21 E8C9 22D3 E798 A74A 14F7 6F0C
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
