On Thu, Jun 08, 2006 at 02:22:19PM +0200, Jonas Lindskog wrote: > Hello, > > A week ago my open bsd firewall started to show a very strange behaviour. > I have the ssh-daemon running and ususally log-in remotely to be able to > administrate the pf.conf file. But now I cant log in. Ok, maybe I've just > forgott my password. I booted in single user mode and changed it, then > booted normally but couldn't log in anyway. I booted in single user mode > again changed it to another password, changed to another user (using su) > and then changed user to root again (again using su). Was prompted for the > password, entered it and login was again rejected. When i tried to change > the password it complained that something was wrong with a file called > /etc/master.passwd. When looking at the file it contained parts of my > pf.conf file. > > Have I've been hacked or is it just a major error done from my side.
Most likely, some form of major error. Might be filesystem damage; could you have done something to cause that? If master.passwd is unparseable, all sorts of nasty stuff happens. Restore from a 3*etc.tgz file, or - if possible - from backups. (Just a generic pointer - most hackers know what they are doing, and are quite careful not to make too much user-visible changes to the system; something as blatantly obvious as this is unlikely to be the work of a hacker. Even bad hackers are unlikely to randomly trash important files.) Joachim