LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-30-2011, 12:56 AM   #1
aishwarya2
LQ Newbie
 
Registered: Jun 2010
Posts: 2

Rep: Reputation: 0
Fedora root password is changing autmatically


Fedora11 root password changing automatically ,
not able to login as a root.
 
Old 08-30-2011, 01:12 AM   #2
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,699
Blog Entries: 23

Rep: Reputation: 405Reputation: 405Reputation: 405Reputation: 405Reputation: 405
One word : rootkit.
Other option : you're not the only Root in the system and someone "bugs" you...
Passwords do not change like that, someone changes passwords. Had the very same issue with a colleague...

I suspect someone in your organisation to sabotage you.

Of course, distilling that from what meager details you provided.

If this does not answer your question, expand with more details so we can help further if need be.

Thor
 
Old 08-30-2011, 01:13 AM   #3
0men
Member
 
Registered: Mar 2011
Location: Brisbane
Distribution: Windows 10, Red Hat, Debian
Posts: 183

Rep: Reputation: 22
Is this a server or your home computer ?
Static or Dynamic Ip address ?
Have you changed anything recently or installed new software ?
Have you checked your logs for suspicious activity ?
Has anything been altered apart from the root password ?

We need as much information as possible to help, as this could be a serious problem for you.

Are you yourself a 'sudoer' ?
If you are quickly do a sudo passwd root and take the machine offline, its highly possible that if your root password is changing you've been cracked.
 
Old 08-30-2011, 05:43 AM   #4
aishwarya2
LQ Newbie
 
Registered: Jun 2010
Posts: 2

Original Poster
Rep: Reputation: 0
no it is a home computer,
I am added in a sudoer file , still it is not taking passwd, when m trying sudo.

Also , i have reset passwd in the shadow file, means , i stated passwd for root as '*' in the shadower file, & then changed the root passwd from runlevel 1, still it is not logging as root, "Authentication failed" !!!
 
Old 08-30-2011, 06:39 AM   #5
0men
Member
 
Registered: Mar 2011
Location: Brisbane
Distribution: Windows 10, Red Hat, Debian
Posts: 183

Rep: Reputation: 22
So you cant even use sudo ? I'm guessing you cant use sudo anymore because you've been wiped off the sudoers file and the root password has been changed.

I would say someone has definitely cracked your machine. Was it up to date with a firewall ? Well doesn't matter now anyway...... If i were you, i would definitely take your machine offline right now (if you haven't already done so) i would then chroot the machine and change the password. You could then get log files, but i doubt they would be there anymore, most probably wiped into cyber oblivion.

Another option would be to chroot and copy all the important files and wipe the system.

Sorry to be the bearer of bad news.
Dont worry though - i became part of Chinese botnet once !!!!
 
Old 08-30-2011, 07:00 AM   #6
Skyer
Member
 
Registered: Aug 2011
Posts: 113

Rep: Reputation: 6
Wait.
So, you are allowed to use sudo? Does your sudo authentication work? It requires your password, not the root's one. (That's one of more differences between su and sudo).
Also, does the password change more times automatically, or just once after your change?

Now, in case that sudo does not work, to regain root access, you can try this:

1. Disable network on machine (the best approach is to plug out network cable).
2. Check root's password hash in shadow file.
3. Change root's password to something simple.
4. Did hash change? Can you log in now?

5. If not, try to encrypt your password the system way by yourself, and compare it with the hash in shadow file. Do they match?

As other stated, it is possible that there is another root person at that computer (possibly just trying to figure out what is happening to root password). Rootkit/&etc is also possible. The bad thing is, that if it's really something like that, you can't trust what you see. Try booting different kernel then.


Skyer
 
Old 08-30-2011, 09:28 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,482
Blog Entries: 16

Rep: Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206Reputation: 3206
Trinity Rescue Kit includes rootkit hunters.

http://trinityhome.org/Home/index.ph...g=en&locale=en

TRK is designed primarily for Windows, but the rootkit hunters should also work on Linux.
 
Old 08-31-2011, 02:17 AM   #8
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,699
Blog Entries: 23

Rep: Reputation: 405Reputation: 405Reputation: 405Reputation: 405Reputation: 405
Look into the /etc/passwd file, what other users have root rights, you could for startersd wipe that line...

Just rambling...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
changing root password sunlinux Linux - Security 2 03-21-2006 06:24 AM
Root Password Keeps Changing jameskilbane Linux - Security 4 10-14-2005 04:51 PM
changing root password minm Linux - Newbie 9 08-31-2004 03:03 AM
Changing the root password divsky Linux - Newbie 4 04-03-2004 10:02 PM
Changing root password Gibby Mandriva 1 10-02-2003 10:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration