LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-08-2004, 03:41 AM   #1
budds
LQ Newbie
 
Registered: Sep 2004
Location: Benguet. Philippines
Distribution: Fedora
Posts: 2

Rep: Reputation: 0
Unhappy someone changed my root password. what do i do?


hello everyone!

need i ask more?

HEEEELLP!!!!!
 
Old 09-08-2004, 03:47 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 46
you will need to take the system down, bring it up in single user mode.

if you are usnig grub, press e at the menu and edit the line that reads kernel. append a 1 at the end of the line and boot

if you are using lilo, type linux single
 
Old 09-08-2004, 04:26 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,279
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
If someone changed your root password without your consent then taking the box off the 'net as Ppuru suggested is the best thing to start with, but I'd reboot from a bootable CDR (maybe your distro provided you with one, else try Knoppix for starters) and manually mount the partitions read-only. That will keep you from changing the system while you look at it. When you've done that you've gotta find out when it happened, who did it and why it succeeded. Please read up on what you've gotta do, look at the LQ FAQ: Security references, post #1 under "Compromise, breach of security, detection". It ain't the easiest thing, but if you want to learn you gotta try it. Anyway you're not alone, we're here to help you if you get stuck.
 
Old 09-09-2004, 03:42 AM   #4
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Rep: Reputation: 30
Do you know how it happend??? or is it just that you can't log in any more?

Anyway... search google for toms root boot, it's great and It's only 1.5 MB (if fits in a floppy) From there you can change it... You just have to log in with the floppy, then mount your / partition, the chroot there and passwd root. I've done it a dozen times... thus I learnt that a secure password should be easy to remember for me...
 
Old 09-12-2004, 12:09 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Re: someone changed my root password. what do i do?

Quote:
Originally posted by budds
hello everyone!

need i ask more?

HEEEELLP!!!!!
well, you'll definitely need to re-install unless you have some way of verifying every system file for modifications, like with an md5sum log on a non-compromised machine/medium, for example... if you have nothing like that, then you can never trust that compromised install again... you need to retrieve your personal files from the disk, and then format and re-install everything... of course you can also analyse the disk and stuff (or make a copy for later analysis) if you want to figure-out how you got OWNED... but whatever you do, make sure you re-think your security strategy and tactics, as there is obviously an issue with them...

here's an informational link:

http://www.cert.org/tech_tips/win-UN...ompromise.html

just my two cents...

Last edited by win32sux; 09-12-2004 at 12:10 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
My root password has changed?!!! defa0009 Linux - Security 35 05-18-2005 04:49 PM
system changed my root-password supersucker Linux - Software 2 01-16-2005 01:12 PM
Help Root password changed!!! UmneyDurak Fedora 4 09-28-2004 01:47 PM
Allright, changed root password and questions about adding users RIOMX Linux - Newbie 2 10-30-2003 03:28 PM
Somebody changed my root password. Help needed Heartz Linux - Newbie 1 04-13-2002 04:44 PM


All times are GMT -5. The time now is 07:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration