Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If someone changed your root password without your consent then taking the box off the 'net as Ppuru suggested is the best thing to start with, but I'd reboot from a bootable CDR (maybe your distro provided you with one, else try Knoppix for starters) and manually mount the partitions read-only. That will keep you from changing the system while you look at it. When you've done that you've gotta find out when it happened, who did it and why it succeeded. Please read up on what you've gotta do, look at the LQ FAQ: Security references, post #1 under "Compromise, breach of security, detection". It ain't the easiest thing, but if you want to learn you gotta try it. Anyway you're not alone, we're here to help you if you get stuck.
Do you know how it happend??? or is it just that you can't log in any more?
Anyway... search google for toms root boot, it's great and It's only 1.5 MB (if fits in a floppy) From there you can change it... You just have to log in with the floppy, then mount your / partition, the chroot there and passwd root. I've done it a dozen times... thus I learnt that a secure password should be easy to remember for me...
Re: someone changed my root password. what do i do?
Quote:
Originally posted by budds hello everyone!
need i ask more?
HEEEELLP!!!!!
well, you'll definitely need to re-install unless you have some way of verifying every system file for modifications, like with an md5sum log on a non-compromised machine/medium, for example... if you have nothing like that, then you can never trust that compromised install again... you need to retrieve your personal files from the disk, and then format and re-install everything... of course you can also analyse the disk and stuff (or make a copy for later analysis) if you want to figure-out how you got OWNED... but whatever you do, make sure you re-think your security strategy and tactics, as there is obviously an issue with them...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.