LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 03-31-2005, 01:00 PM   #1
12jewels
LQ Newbie
 
Registered: Mar 2005
Posts: 6

Rep: Reputation: 0
Lost Suse 8.0 Root Password


I was working from my server performing certain task in suse 8.0 and all of the sudden my root password doesn't work anymore and my internet connection has slowed down as well as my router lights are blinking non stop as if I am being attacked.

This has happened to me in the past and I had to reinstall. Now I want to find out once and for all what is going on and how can I fix this and prevent this from happening again.


Thanks in advance
 
Old 03-31-2005, 01:17 PM   #2
Technoslave
Member
 
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
Well, if you're not doing any network traffic, do a tcpdump -i eth0 ( assuming that's your outbound net connection ). That will tell you what's going on and where.

Another thing to do is to go get chkrootkit ( http://www.chkrootkit.org/ ) and check that out too.

The root password. If it's been changed you'll have to boot off of an install CD, mount the / partiton and edit your passwd file directly. From there change the hash of the password and reboot. However, that probably won't stop whoever it is from coming back in again, so in order to maintain some type of root privelege, make sure you have sudo installed.

From there it's all a matter of checking all of your files to see what's been chagned/added. Usually you'll find directories with a . prefix, so a regular ls -l won't show it. Likewise, you may also see directories labeled ".. " that's two periods and a space, you may just glance right over that and not see it for what it is.

It's a good bet that the majority of your log files have been changed already, however, if you wanted to play the waiting game, you could always upgrade your syslog functioning so that everything is recorded and then push those logs somewhere else, or use virtual terms to tail -f the log files, etc...but that's not a guarntee.

Anyway, hopef I gave you a good starting point for some of the things you've asked.
 
Old 03-31-2005, 02:48 PM   #3
12jewels
LQ Newbie
 
Registered: Mar 2005
Posts: 6

Original Poster
Rep: Reputation: 0
tcpdump

the tcpdump says that it is a bad command, if i have to be logged in as root to run, i can't log in as root. out in the / directory there is a folder there labeled .qt and there is also one of the same name in the temp folder. is that normal.

Let me ask another question. Is this situation a normal situation or is it just me going through this.
 
Old 03-31-2005, 02:58 PM   #4
Technoslave
Member
 
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
*shrug* totally depends, qt could be quite normal, it's the name of a package on my linux box. Yeah, I forgot that you have to be root in order to do it, in which case, see the part about changing the root password back to something you know. Install sudo, that way even if root passwd is changed you might be able to execute commands as root while still being your regular user.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
root password is lost!!! :( alaios Linux - General 3 11-07-2005 05:48 AM
Lost root password zillah Solaris / OpenSolaris 10 05-24-2005 05:28 PM
lost root´s password on SuSE 9.0 Adrian13 Linux - Networking 13 11-27-2004 01:06 AM
Lost Root Password ThaMainframe Mandriva 4 11-12-2004 05:27 PM
lost root password papitu76 Mandriva 12 10-31-2004 10:40 AM


All times are GMT -5. The time now is 09:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration