Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
we have a Redhat Linux 9 box in our office. Somebody have played with that box and as a result no user is able to login to the box on any TTY console. When we put a user name to log in (root and non-root also), it doesnot ask for password, and simply login prompt appears again. Whereas I can log in as root user through ssh (pseudo terminal). I tail to /var/log/message and /var/log/secure to see what is prohibiting users from logging in to TTY console, but no log appears.
I have checked basic things like....
1) all terminals are allowed in /etc/securetty
2) permission of the /etc/securetty is 600 which should be
3) /etc/nologin file does not exist
4) root and other user account can login through ssh session
5) there is no setting in /etc/security/access.conf
What else I missed to check........ can anybody help me.......
If you mean hacked, I'm not surprised if you've got the orig RH9 (Shrike?). Support for that was discontinued yrs ago, so its wide open to exploits.
Try RH Fedora 8 (9 just came out) which is free, or Centos, which is a free version of RH Enterprise Linux.
If you want to stick with what you've got & if you've got the time & expertise, you can try to fix it/make notes, but frankly a clean re-install is the only safe way (after backing up any key data).
Thanks for your suggestions, The syslog service is running on the box and it is loggin all the login event from remote host through ssh in /var/log/secure but it is not loggin a single login attempt from TTY terminal.
And I dont mean to say that somebody has hacked the machine, but somebody working in my organization previously has done something nasty for some reason that has caused this thing.
I think I should work out on logs first which will give me direction to troubleshot the problem.