Hi,
Be clear in your terms.
1.Do you access internet from your Linux server?
If so do you logon from your root?
2.Do you access internet from a proxy server?
3.Ensure that you have ipchains(firewall) configure.
4.Does the Linux box act as a router?
5.Chances are that someone might have done malicious
things through telnet.Disable it.
It was the admins mistake to leave the system as it
is.
Log off when you leave(Obviously).
with regards,
Prashanth
--- Archan Paul <[EMAIL PROTECTED]> wrote:
> Hi Rahul,
>
>
> Rahul Jindal wrote:
> >
> > Hello all,
> > something really strange happened today, strong
> enough to shake me, so don't
> > mind the crooked language below.
> >
> > we have linux 6.2 installed on the computers in
> our lab. the admin logged
> > onto a computer 8:30 in the morning and left the
> login in the root user a/c.
> > after sometime we discovered that the system won't
> just let us perform the
> > admin tasks. we could still login with other a/c
> names and work on the
> > computer as normally as ever. we even started the
> X. only the admin
> > functions wouldn't work.
> >
> I am more than sure that it is not a virus!!! Ur sys
> admin kept the root
> login open and someone has done some stupid
> activity.
>
> > if we try su, it says the user root does not
> exist. the files such as
> > /etc/shadow and /etc/password /etc/issue are
> apparently as always.
> >
> > THE MOST STRANGE PART IS THIS:
> >
> > 1. IF WE TRY TO LOGIN AS ROOT THE FOLLOWING HAPPEN
> >
> > IF THE PASSWORD IS THE SAME AS THE ADMIN HAD
> SET IT - THE SCREEN WOULD
> > SIMPLY CLEAR, WITHOUT GIVING ANY MESSAGE.
> > IF WE ENTER A WRONG PASSWORD, THE EXPECTED
> login incorrect APPEARS.
> >
> someone has modified ur /etc/securetty file. There,
> mention
> tty1
> tty2
> tty3
> tty4
> tty5
> tty6
>
> > apparently the "virus" scans for the actual
> password.
> >
> means?????
>
> > 2. IF WE TRY TO RESTART THE COMPUTER BY DOING THE
> FOLLOWING
> > A) PRESS CTRL-ALT-DELETE
> > B) reboot
> > C) SHUTDOWN -H 0
> > THE FOLLOWING MESSAGE APPEARS
> >
> > "You don't exist anyway. Go away".
> >
> Again someone has modified ur rc files... Make it
> proper....
>
>
>
> > What is this going on?
> > The whole system has gone read-only. I call it a
> "virus" because there was
> > no person who cud do this, those who were are the
> beginners in linux
> > practising commands such as ls.
> >
> SOME CRAP HAS DONE IT MANUALLY AFTER GAINING ACCESS
> TO THE SYSTEM. IT IS
> NOT A VIRUS... IT IS A ACT OF STUPIDITY BY SOME
> INDIVIDUAL TO MAKE U
> CONFUSED.
>
>
>
>
> > Any clue or remedy is desparately awaited.
> >
>
> ----------------------------------------------
> LIH is all for free speech. But it was created
> for a purpose. Violations of the rules of
> this list will result in stern action.
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/LIH
