LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-27-2005, 03:46 PM   #1
Exempt
LQ Newbie
 
Registered: Sep 2003
Posts: 6

Rep: Reputation: 0
My User ID wiped out???


I currently use Slackware 10.1 running Kernel 2.6.10...

Well last night I ran slapt-get to upgrade various packages... Using the --dist-upgrade option... It upgraded a few things, cant remembet exactly what... But these are the recent security advisories on the slack site, that slapt-get probably would have downloaded and installed:


2005-07-22 - [slackware-security] gxine format string vulnerability (SSA:2005-203-04)
2005-07-22 - [slackware-security] fetchmail (SSA:2005-203-05)
2005-07-22 - [slackware-security] zlib (SSA:2005-203-03)
2005-07-22 - [slackware-security] Mozilla/Firefox (SSA:2005-203-01)
2005-07-22 - [slackware-security] kdenetwork (SSA:2005-203-02)
2005-07-20 - [slackware-security] emacs movemail POP utility (SSA:2005-201-02)
2005-07-20 - [slackware-security] dnsmasq (SSA:2005-201-01)
2005-07-14 - [slackware-security] tcpdump DoS (SSA:2005-195-10)
2005-07-14 - [slackware-security] XV (SSA:2005-195-02)

Well it went thru that, installed them all with no errors, I logged off root (I was using su, not actually logged in as root), and the machine worked fine all last night... And when I went to bed I shut off the monitor like I always do, leaving the PC running as my normal account... I wake up this morning and use it as normal (browsing the web, checking forums and such) and it seemed fine... Until I went to hit play on my XMMS (which was loaded all night as well), the sound file played for a few seconds and stopped, and an error message came up saying something about arts... And this is where it all began... I logged out of my user ID and when I went to log back in, it wouldnt accept my password... Which I thought was weird...

So I logged in as root, checked the passwd and shadow files, somehow there were 3 files for both, 'shadow' (didnt have my user ID listed), 'shadow-'. & 'shadow.orig' (had my user ID listed), and for passwd there was 'passwd' (which didnt have my user id in it), 'passwd.bak', & 'passwd.orig' (had my user ID in it)... So I figured I would just rename the ones contaning my name to the original file names, passwd and shadow respectively... And rebooted... Well that didnt work I still couldnt log in... So I tried a few different things, manually changing my password from root, adding a new user, removing my old name and keeping my home dir, and then recreating the name... And now I can log into my old name, but on the command line my name shows up as 'I have no name!@home#~", and I get error messages saying something about "cannot find user name for ID 500" when I get into KDE (its 3.4.x)...

Root logs in fine, only now I dont have any internet at all on any name, and when this first started it did work...

I ran f-prot, didnt find anything... I also (before my internet went down) downloaded and ran chkrootkit... And it didnt find anything...

Oh I also checked the logs and found some weird entry in /var/log/messages there saying:

Quote:
Jul 27 12:08:25 home -- MARK --
Jul 27 12:28:25 home -- MARK --
Jul 27 12:43:51 home gconfd (somebody-6065): starting (version 2.6.2), pid 6065 user 'somebody'
Jul 27 12:43:51 home gconfd (somebody-6065): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only config source at position 0
Jul 27 12:43:51 home gconfd (somebody-6065): Resolved address "xml:readwrite:/home/exempt/.gconf" to a writable config source at position 1
Jul 27 12:43:51 home gconfd (somebody-6065): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only config source at position 2
Jul 27 12:54:21 home gconfd (somebody-6065): Received signal 1, shutting down cleanly
Jul 27 12:54:21 home gconfd (somebody-6065): Exiting
Jul 27 12:54:21 home gconfd (exempt-6340): Received signal 1, shutting down cleanly
Jul 27 12:54:22 home gconfd (exempt-6340): Exiting
Jul 27 12:54:24 home kernel: agpgart: Found an AGP 2.0 compliant device at 0000:00:00.0.
Jul 27 12:54:24 home kernel: agpgart: Putting AGP V2 device at 0000:00:00.0 into 4x mode
Jul 27 12:54:24 home kernel: agpgart: Putting AGP V2 device at 0000:01:00.0 into 4x mode
Jul 27 12:55:50 home gconfd (root-7333): starting (version 2.6.2), pid 7333 user 'root'
Jul 27 12:55:50 home gconfd (root-7333): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only config source at position 0
Jul 27 12:55:50 home gconfd (root-7333): Resolved address "xml:readwrite:/root/.gconf" to a writable config source at position 1
Jul 27 12:55:50 home gconfd (root-7333): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only config source at position 2
Jul 27 13:08:25 home -- MARK --
Who is 'somebody'? He isnt listed under passwd or shadow either...

So in short, did someone root my PC? Or did some program installed with slapt-get screw up my accounts? And is it fixable, or even worth fixing?

Thanks in advance...
 
Old 07-28-2005, 05:06 AM   #2
jayakrishnan
Member
 
Registered: Feb 2002
Location: India
Distribution: Slacky 12.1, XP
Posts: 991

Rep: Reputation: 30
eddited

Last edited by jayakrishnan; 07-28-2005 at 05:10 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
windows wiped my MBR garba Linux - General 2 05-15-2005 02:11 PM
Rebuild EXT2 FS - Installer wiped it (??) facets Linux - Newbie 2 06-26-2004 06:53 AM
help - MBR wiped out linuxify Linux - General 10 03-21-2004 02:01 PM
/tmp wiped automatically? rob19 Linux - General 4 12-14-2003 09:00 PM
wiped out lots of files :( skull_crusher Linux - Newbie 0 04-10-2003 04:10 AM


All times are GMT -5. The time now is 08:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration