Gary wrote: > On my dual-boot laptop, running under Sabayon Linux, my normal user > password suddenly stopped working. I logged in as root, which was > fine, and thinking it was perhaps just some glitch, went to the "Users > and Groups" list to reset the password. There, I found a curious > entry, a user account called "nx" immediately following my normal user > account in numeric sequence, that I hadn't created myself, dating very > nearly (if not exactly) to the date I installed Sabayon, about 2 > months ago. Poking around in nx's home directory, defined as > '/usr/local/home/nx', I found it to contain a single piece of > software, whose "release notes.txt" directed me to a website called > nomachine.com, which appears to be a professional virtual machine > package! I delete the username and the associated directories, and 30 > minutes later, user "nx" was back, plus a half-dozen OTHER user accounts. > > I have no idea how this is even possible, but the evidence was > unmistakable. I concluded that my machine had been rootkitted > somehow, physically disconnected the machine from the internet, backed > up my personal data (mercifully it fit on one CD), rebooted from a > LiveCD and wiped the whole Linux partition. > > Folks, I strongly suggest you check YOUR userlists also! And don't > imagine just because you use Linux that your machine can't be > zombified! In fact, I recall reading somewhere that bot-herders > *love* hacked Linux boxes so much, they sell for premium prices on the > bot-net black market. >
I don't know if I would have been so quick to assume I had been rooted. I know absolutely nothing about either Sabayon or Nomachine NX other than what I quickly scanned on the two websites, but I did discover at: http://www.sabayonlinux.org/forum/viewtopic.php?t=3235 ...a bugfix line entry: # [F/B] NoMachine NX Server Free Edition has now the proper license key and the startup is a lot faster ...which suggests that Sabayon does have NoMachine NX in its install base. '/usr/local/home/nx' is not a '/home' directory. I think it is probably a 'build' directory or something, where individual users can install software. Also, not all 'users' are human... *nix machines have a lot of non-human users, that perform machine-related tasks. machine accounts are usually pretty easy to identify, because they will not have shells assigned to them, like /bin/bash or /bin/ksh, and instead, have an entry /sbin/nologin The place to check and see who and what kind of users you have on your system is the /etc/passwd file: http://en.wikipedia.org/wiki//etc/passwd > Since Fedora 8 had just been released, I installed that in place of > Sabayon, but Fedora *still* doesn't support my Broadcom wifi out of > the box and I *hate* having to reinstall ndiswrapper every time the > Fedora kernel is updated! I'd like to go back to Sabayon, but I'm not > sure if I can trust it. > > Also, Fedora 8's installation process seems to have neglected to > notice that it's sharing the machine with XP! It didn't destroy the > NTFS partition, or even touch it, I can "mount -t ntfs" and > examine/copy/modify the files, but I've lost the GRUB entry to boot > into Windows! > > I don't know how to manually re-enter the lines, beyond remembering > that it invoked "chainloader +1". Help? > Check: http://www.linuxforums.org/forum/ubuntu-help/68350-add-windows-grub.html -- -wittig http://www.robertwittig.com/ http://robertwittig.net/ http://robertwittig.org/ . To unsubscribe from this list, please email [EMAIL PROTECTED] & you will be removed. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/LINUX_Newbies/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/LINUX_Newbies/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
