My User ID wiped out???
I currently use Slackware 10.1 running Kernel 2.6.10...
Well last night I ran slapt-get to upgrade various packages... Using the --dist-upgrade option... It upgraded a few things, cant remembet exactly what... But these are the recent security advisories on the slack site, that slapt-get probably would have downloaded and installed: 2005-07-22 - [slackware-security] gxine format string vulnerability (SSA:2005-203-04) 2005-07-22 - [slackware-security] fetchmail (SSA:2005-203-05) 2005-07-22 - [slackware-security] zlib (SSA:2005-203-03) 2005-07-22 - [slackware-security] Mozilla/Firefox (SSA:2005-203-01) 2005-07-22 - [slackware-security] kdenetwork (SSA:2005-203-02) 2005-07-20 - [slackware-security] emacs movemail POP utility (SSA:2005-201-02) 2005-07-20 - [slackware-security] dnsmasq (SSA:2005-201-01) 2005-07-14 - [slackware-security] tcpdump DoS (SSA:2005-195-10) 2005-07-14 - [slackware-security] XV (SSA:2005-195-02) Well it went thru that, installed them all with no errors, I logged off root (I was using su, not actually logged in as root), and the machine worked fine all last night... And when I went to bed I shut off the monitor like I always do, leaving the PC running as my normal account... I wake up this morning and use it as normal (browsing the web, checking forums and such) and it seemed fine... Until I went to hit play on my XMMS (which was loaded all night as well), the sound file played for a few seconds and stopped, and an error message came up saying something about arts... And this is where it all began... I logged out of my user ID and when I went to log back in, it wouldnt accept my password... Which I thought was weird... So I logged in as root, checked the passwd and shadow files, somehow there were 3 files for both, 'shadow' (didnt have my user ID listed), 'shadow-'. & 'shadow.orig' (had my user ID listed), and for passwd there was 'passwd' (which didnt have my user id in it), 'passwd.bak', & 'passwd.orig' (had my user ID in it)... So I figured I would just rename the ones contaning my name to the original file names, passwd and shadow respectively... And rebooted... Well that didnt work I still couldnt log in... So I tried a few different things, manually changing my password from root, adding a new user, removing my old name and keeping my home dir, and then recreating the name... And now I can log into my old name, but on the command line my name shows up as 'I have no name!@home#~", and I get error messages saying something about "cannot find user name for ID 500" when I get into KDE (its 3.4.x)... Root logs in fine, only now I dont have any internet at all on any name, and when this first started it did work... I ran f-prot, didnt find anything... I also (before my internet went down) downloaded and ran chkrootkit... And it didnt find anything... Oh I also checked the logs and found some weird entry in /var/log/messages there saying: Quote:
So in short, did someone root my PC? Or did some program installed with slapt-get screw up my accounts? And is it fixable, or even worth fixing? :scratch: Thanks in advance... |
eddited
|
All times are GMT -5. The time now is 04:13 AM. |