Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
If someone changed your root password without your consent then taking the box off the 'net as Ppuru suggested is the best thing to start with, but I'd reboot from a bootable CDR (maybe your distro provided you with one, else try Knoppix for starters) and manually mount the partitions read-only. That will keep you from changing the system while you look at it. When you've done that you've gotta find out when it happened, who did it and why it succeeded. Please read up on what you've gotta do, look at the LQ FAQ: Security references, post #1 under "Compromise, breach of security, detection". It ain't the easiest thing, but if you want to learn you gotta try it. Anyway you're not alone, we're here to help you if you get stuck.
Do you know how it happend??? or is it just that you can't log in any more?
Anyway... search google for toms root boot, it's great and It's only 1.5 MB (if fits in a floppy) From there you can change it... You just have to log in with the floppy, then mount your / partition, the chroot there and passwd root. I've done it a dozen times... thus I learnt that a secure password should be easy to remember for me...
Re: someone changed my root password. what do i do?
Originally posted by budds hello everyone!
need i ask more?
well, you'll definitely need to re-install unless you have some way of verifying every system file for modifications, like with an md5sum log on a non-compromised machine/medium, for example... if you have nothing like that, then you can never trust that compromised install again... you need to retrieve your personal files from the disk, and then format and re-install everything... of course you can also analyse the disk and stuff (or make a copy for later analysis) if you want to figure-out how you got OWNED... but whatever you do, make sure you re-think your security strategy and tactics, as there is obviously an issue with them...