On Sun, Jan 14, 2001 at 02:59:42AM -0600, Michael Yuan wrote:
>
> Hi,
>
> Thanks for the speedy responses. I logged in as single user but did not
> find anything in /var/log/secure or any other log files ... I tried to run
> "/bin/login" directly but the computer just hangs. So, I compiled another
> "login" program and copied it into "/bin/". This time the computer asks
> for "Password" but it always says "incorrect password" on my correct
> passwords ...
>
> Any more suggestions? :)
> Thanks a lot!
assuming a rpm based system,you might try
rpm -V `rpm -qa` | tee /tmp/rpmreport
from single user. Otherwise I'd start over and use something like
tripwire or aide next time...
rpm -V compares the files on your system with checksums stored in the rpm
database... any files that have changed since the package was created are
flagged, that /bin/login was damaged is a sign of either intrusion (very
clumsy intrusion, at that), or file system damage... since the box came up
in single user, the fsck would have run and not found anything (unless you
omitted having to fsck).
check the manpage for the codes used in the output.
> Michael
>
>
> On Sun, 14 Jan 2001, Chip Rosenthal wrote:
>
> > On Sat, Jan 13, 2001 at 11:28:57PM -0600, Michael Yuan wrote:
> > > But the computer did not ask for my password after I typed in my login
> > > name.
> >
> > I believe that's the point at which there is a handoff from mingetty
> > to login. It could be something screwed up in the PAM subsystem,
> > a bad tty device node, who knows. (Maybe not PAM if your FTP is working.)
> >
> > There is a reasonable chance that whatever has pissed off login will
> > have been logged. If I couldn't login/telnet/rlogin/slogin to the box,
> > I'd be inclined to try a CTRL-ALT-DEL reboot (or a big red button reboot
> > failing that) and go to single user mode. I do that by saying "linux
> > single" at the LILO prompt. (YMMV if you use something other than LILO,
> > or if you're default entry is named something other than "linux".)
> >
> > Then I'd go looking first at whatever logfile is setup for the syslog
> > authpriv channel. On my Red Hat systems that's /var/log/secure.
> > Hopefully you can get a clue from there.
> >
> > --
> > Chip Rosenthal <[EMAIL PROTECTED]> http://www.unicom.com/
> > Protect your mail server against spam. http://mail-abuse.org/
> > Junk email is theft. There ought to be a law. http://www.cauce.org/
> > "I can't control my fingers. I can't control my brain."
> > ---------------------------------------------------------------------------
> > Send administrative requests to [EMAIL PROTECTED]
> >
>
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
--
_____________________ _ _ _________________________
Michael Rice |_| Collective |_| http://www.colltech.com
[EMAIL PROTECTED] |_ Technologies _| 8009464646/1415141 pager
Consultant [] [] "The Power Of Many Minds"
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
