LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Mandriva 2007, login help - I am being locked out of my admin and root accounts (http://www.linuxquestions.org/questions/linux-newbie-8/mandriva-2007-login-help-i-am-being-locked-out-of-my-admin-and-root-accounts-514641/)

uzimadawa 12-29-2006 11:44 AM

Mandriva 2007, login help - I am being locked out of my admin and root accounts
 
Hi all!

Can someone help.

I have used mandrake since few years now and I am having a serious problem with Mandriva 2007.

After doing a fresh install and tetting up all my websites which are already working without trouble for few weeks now.

Being busy doing other things felt I need to reboot the server because it has run for few weeks without being rebooted. Today I
rebooted it and I was unable to login in my admin account. I tried loging in as root and was also refused.

The only other way to be allowed login was to log in using one of my clients' account.

I changed the password for my admin account four times, but each time I try to log on the server using my admin account I am not being allowed. This happened again log time ago and I was forced to do a new install. At that time I had thought the problem happened because I did not do a fresh install but just upgraded the server from Mandrake 2005 to Mandriva 2007. Now I am worried that that one may have hacked my system. The chkrootkit which was installed immediately after the server finished being configured shows the following:

chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not found
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.8/i386-linux/auto/Pod/Parser/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux/auto/Mail/SpamAssassin/.packlist /usr/lib/ooo-2.0/program/.testtoolrc /usr/lib/latex2html/docs/.latex2html-init

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for OBSD rk v1... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... Checking `rexedcs'... not found
Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 3013 tty7 /etc/X11/X -br -deferglyphs 16 -nolisten tcp :0 vt7 -auth /var/run/xauth/A:0-k3icYl
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
! -DHAVE_VERSION 0 USERDIR -DHAVE_VHOST_ALIAS
chkutmp: nothing deleted

Below are my questions:

1. Can someone tell me if they see any normalities anywhere in the report above.

2. I noticed the following, that this mean the system is infected :

Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected

I checked the server and found that it is using xinetd instead on inetd. Please note that my security is set at legal 5.

3. Can someone advise as to what I should do to be able to login again in my admin account at boot console.

Thanks!

Uzimadawa

Mara 12-29-2006 03:25 PM

Let's start from simple things. Is the root account the only one that does not allow you to log in? Does login for all other users work? Does the root's password work after logging in as a normal user and using su? If so, you may simply have a system configured not to allow direct root logins. Check that.

johngreenwood 12-29-2006 05:21 PM

Mandriva does not allow graphical root logins by default. At your login manager you can select "console login" or something to that effect. After which you should be able to login as root, and if you really want to have a root X session, type "startx" but you will be given warnings about it being dangerous to login graphically with root.

uzimadawa 12-30-2006 08:56 AM

Quote:

Originally Posted by Mara
Let's start from simple things. Is the root account the only one that does not allow you to log in? Does login for all other users work? Does the root's password work after logging in as a normal user and using su? If so, you may simply have a system configured not to allow direct root logins. Check that.

Hello Mira,

To answer your questions: No, it is not the root account alone. Two other user accounts which I opened when installing Mandriva 2007, have refused to be logged in.

Besides root and the two other accounts I mentioned, I am logging in using another user account. Yes I am able to use su, enter my root password and reach the root account. Yes my system is configured in such away that it does not allow direct root logins. It is set at level 5 security and does not allow root login at boot-console.

Using an other user account, after logging in and reaching root using su. I entered webmin to change the passwords for the two accounts which have refused login, then I booted the system. When I try to logging using the new password, I get a error message saying: "user does not exist." Is this normal?

I have started thinking that maybe the accounts have expired without giving me a warning and because of that the login capability in the accounts were deactivated. My only problem with this is that, I just did the install two months ago.

If it is an expiration problem what do I go to reactivate the two accounts. They are the two admin accounts which have wheele and other administration capability.

Thanks for you quick reply.

Uzimadawa

Mara 12-30-2006 03:15 PM

Quote:

Originally Posted by uzimadawa
Using an other user account, after logging in and reaching root using su. I entered webmin to change the passwords for the two accounts which have refused login, then I booted the system. When I try to logging using the new password, I get a error message saying: "user does not exist." Is this normal?

It's not. Do you use standard login method or LDAP etc? If standard, every setting should be in /etc/passwd and /etc/shadow.

What may be interesting: First, /etc/passwd: UIDs - numbers of the users who can't login. Are they low? Then /etc/shadow. The expiry data is here (if you're not familiar with that, man shadow has meanings of the fields).

I'd also look into /var/log/auth.log and see the error messages. Maybe there's a hint. Extra messages may be also in /var/log/messages.

uzimadawa 01-16-2007 12:00 AM

Quote:

Originally Posted by johngreenwood
Mandriva does not allow graphical root logins by default. At your login manager you can select "console login" or something to that effect. After which you should be able to login as root, and if you really want to have a root X session, type "startx" but you will be given warnings about it being dangerous to login graphically with root.

Hello john and everyone,

I need your help. I install Mandriva 2007 free yesterday. The installation went very well but I can't seem to enter the desktop screen after boot.

After every boot, I am being taken to a black log screen. I am able to su and enter the root section. I have read many posts after googling to try to resolve the problem. Only commend "startx" is able to get me to the root desktop. Using control center I have tried to selected the revolution required. The video car I use is ATI XPERT 2000 Pro. What is strange is that when I do the testing, the test screen shows the color page and I click yes. But at boot am being prompted to a black log screen.

It does matter what I do, I am not able to boot to my admin user desktop. I used command "lilo -C /etc/lilo.conf without success. I will appreciate to here from you guys who have solved such a problem. It is the first time I have faced it.

Thanks.

Mara 01-28-2007 01:18 PM

Look at the monitor carefully when it finishes booting. Does the screen blink for a while (switching to graphical mode, then to text)? It shows if it tries to switch to GUI (and probably launch a login screen) or it just switches to text mode without trying (that happens by configuration).

wildar 01-28-2007 02:04 PM

Seems Xorg is not set to start on boot up. Next time you get to the Mandriva Control Center, look under Hardware > Set up the graphical server > Options. Graphical interface at startup should be checked. Click ok, reboot to test.

Hope this helps.


All times are GMT -5. The time now is 07:31 AM.