A hacked account or normal
Hi all
I am using suse 9.1 and I sometimes turn off the firewall and I have discovered many accounts that dont show in kdm even if I make them unhidden the accounts are: @audio @dialout @users @uccp @video I have searched for the meaning for uucp = unix-to-unix Copy system I use so many p2p progs to download linux iso are they normal accounts? and thanks |
With the exception of uucp, those aren't normal users. However they are normal group IDs. Are you sure you're looking at the proper table? Take a look at /etc/passwd just to be sure (those group names will be in /etc/group).
|
hi and thanks for your respond
this my /etc/group root:x:0: bin:x:1:daemon daemon:x:2: sys:x:3: tty:x:5: disk:x:6: lp:x:7: www:x:8: kmem:x:9: wheel:x:10: mail:x:12: news:x:13: uucp:x:14:eminaga,light,clamav shadow:x:15: dialout:x:16:eminaga,light,clamav audio:x:17:eminaga,light,clamav floppy:x:19: cdrom:x:20: console:x:21: utmp:x:22: at:x:25: public:x:32: video:x:33:eminaga,light,clamav games:x:40: xok:x:41: trusted:x:42: modem:x:43: ftp:x:49: postfix:x:51: localham:x:56: maildrop:x:59: man:x:62: sshd:x:65: ntadmin:x:71: distcc:x:101: nobody:x:65533:nobody nogroup:x:65534:nobody users:x:100:light zope:!:102: clamav:!:52: IS IT ALL NORMAL? |
In SuSE, it is normal to have users belong to the video, audio, dialout, and uucp groups. Are eminaga & light users on the system? The user and group clamav are added by the clamav antivirus software, so I'm assuming that you have it installed? The user eminaga looks a little odd (doesn't appear as a member of "users" and I can't think of any software that installs a system user with that name).
Also take a look at /etc/passwd and make sure that you don't have any users other than root (particularly eminaga) with a UID or GID of 0 or any other abnormal users. |
dont worry eminaga ist a normal account - it is even my last name - and also light and yes i have installed clamav 2 days ago - who asked-
I didnt find any user with 0 id gid and this my passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false mysql:x:60:2:MySQL database admin:/var/lib/mysql:/bin/false zope:x:64:102:Zope:/opt/zope:/bin/false sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false vdr:x:100:33:Video Disk Recorder:/var/spool/video:/bin/false distcc:x:101:101:Distcc Daemon:/etc/distcc:/bin/false nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash light:x:1000:100:Light:/home/light:/bin/bash eminaga:x:1001:100:eminaga:/home/eminaga:/bin/bash clamav:x:52:52:ClamAV Daemon:/:/bin/false ganz normal |
Looks like you're in good shape then. :D
|
veilen dank
|
All times are GMT -5. The time now is 06:51 AM. |