Hi,
This is my first post here. Hopefully it is in the right part of this forum.
The problem.
I have a remote server FC3 protected with APF firewall and bastille.
Firewall set to block IP addresses after 20 failed access attempts and allow access from my fixed IP address.
Remote root login disallowed, su to root required.
Bastille set up to prevent console root access.
All worked well until I changed broadband provider and hence had a new fixed IP address,this combined with me getting muddled with passwords APF jumped and I am now locked out.
Went away, did some reading, sent following mail to the hosting company.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Please boot system from FC3 disc 1
Enter "linux rescue" as command
Choose 'english' for language
Choose UK for keyboard
Do not setup network
at prompt type chroot /mnt/sysimage
Then:
type nano /etc/shadow. (I am presuming the pw is in the shadow file)
In the /etc/shadow file please enter the password string below as the encrypted password (between the two colons to replace existing entry) for root.
root:this is the password:13181:0:99999:7:::
('this is the password' was in fact a copy of password obtained from my FC3 local test machine, changed for posting to this board)
Type ctrl-x to exit, Y to agree to changes and enter to save.
If encryption is machine dependent then
Copy the password element of the entry for admin in the shadow file into the root entry.
Finally with reference to the APF firewall:
Type nano /etc/apf/allow_hosts.rules
please place my home IP address 12.234.45.57 (changed for posting)
in the file, remove existing contents and save as above.
Please empty /etc/apf/deny_hosts.rules
Then reboot and hopefully this will get me back in.
+++++++++++++++++++++++++++++++++
The response I have had is :-
I tackled this last night/this morning. I managed to clear the root password, then get access to single-user mode to change it. That all went well, however as soon as I boot into normal mode, the password appears to be changed - I can't then get back in to single user mode again. I'm wondering if either the firewall or DA is doing some sort of password sync that's designed to stop other people from changing the password. Have you got any ideas?
++++++++++++++++++++++++++++++++++
I have no ideas of my own! From research I wonder if it could be to do with PAM and how it handles passwords, I don't know if DirectAdmin or Bastille alter the way passwords are created/tested, it could be something to do with crypt vs. hash. I don't even know if the default install of FC3 uses PAM authentication.
I have come across the following instructions at linuxgazette . net/issue50/tag/4.html which may do the trick but would like advice on whether or not they are likely to work; are there known features of Bastille and DirectAdmin likely to defeat attempts from the console?
Quoting from the above link:
For Linux all you have to do is:
1. Reboot
(try [Ctrl]+[Alt]+[Delete])
2. During the LILO prompt type:
(kernel/image name) init=/bin/sh rw
... note that's usually going to be just:
linux init=/bin/sh rw
3. This should start the Linux kernel,
with the root filesystem mounted in read/write mode. The cool thing is that none of your normal init processes (like the gettys that ask for your name and call the login program) will be started.
4. (Maybe) mount your /usr filesystem with a command like:
mount /usr
5. Change your root password with a command like:
passwd
6. Flush the cache buffers:
sync; sync; sync
7. (Maybe) unmount /usr:
umount /usr
8. Remount the root fs in readonly mode:
mount -o remount,ro /
9. Let init clean up and reboot the system:
exec /sbin/init 6
... there is a "6" (six) at the end of that command.
+++++++++++++++++++++++++++++++
Any help would be gratefully received,
Many thanks,
Tony