tty login no password asked drops into bash prompt
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
tty login no password asked drops into bash prompt
I have a really strange problem that has been wreaking my brains for days.
On one of our Linux servers (Linux version 2.6.10)
Once in a blue moon on boot up, login to tty via serial port as ROOT, will NOT ask for password and drop into bash with default bash prompt.
Kinda like as if it was in runleve 1, but it is not.
Normally it will have a custom prompt, path env etc...
But when this weirdness happens, env isn't sourced etc...
This only happens once out of 20-30 reboots, so it is very hard to catch.
Anyone provide ideas where to start looking?
Once I login under this condition, everything seems to be running fine.
All usual log files (messages / boot) show nothing out of ordinary.
I tried debugging PAM - not a problem, TTY security files - not a problem.
Losing my mind.
I'm pretty sure it's not a virus or trojan because the bzImage and rootfs are loaded from CD.
The first place I would look is the /etc/inittab file. That is the
place where ttys are defined. Here is a sample section from my
LMDE host. Look for lines with ttyS{0,1,2,3}.
Code:
# /sbin/getty invocations for the runlevels.
#
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
#
# Format:
# <id>:<runlevels>:<action>:<process>
#
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
1:2345:respawn:/sbin/getty 38400 tty1
2:23:respawn:/sbin/getty 38400 tty2
3:23:respawn:/sbin/getty 38400 tty3
4:23:respawn:/sbin/getty 38400 tty4
5:23:respawn:/sbin/getty 38400 tty5
6:23:respawn:/sbin/getty 38400 tty6
# Example how to put a getty on a serial line (for a terminal)
#
#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
# Example how to put a getty on a modem line.
#
#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3
Last edited by carltm; 04-16-2011 at 06:43 AM.
Reason: fixed typo
OK - but what am I looking for?
I see that
-l login_program
Invoke the specified login_program instead of /bin/login. This
allows the use of a non-standard login program (for example, one
that asks for a dial-up password or that uses a different password
So I guess it is possible that /bin/login was not specified and that dropped me into bash prompt?
I still think the system could have dropped me into runlevel 1 because of the bash prompt.
But none of the processor were killed so I can't say 100% that we changed runlevels.
I need to check that the next time it happens.
Is there any known trojans or rootkit that has this kind of behavior?
TIA
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.