LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-13-2006, 09:31 AM   #1
xpucto
Member
 
Registered: Sep 2005
Location: Vienna, Austria
Distribution: Mint 13
Posts: 524

Rep: Reputation: 31
Been Hacked! May I get control of my Root user again?


Hi!

It looks like I have been hacked last week. I can't log with neither root or other users with sudo rights. I have physicall access to the server and would like to know if there is a possibility to get control over my server (FC 6) again with the help of any tool like a rescue live cd that would allow me to set up a new root's password?

thanks for any help.
P.S. I would like to get in the machine again in order to get a few datas and have a look at the log files. Then I plan to reinstall the whole stuff again.
 
Old 11-13-2006, 09:35 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
as long as you don't ever plan to *use* the server to any extent again then that's fine... at the bootloader screen go into edit mode, e in grub, not sure what it is in lilo, and just add a "1" into the kernel options and then boot. this will automatically dump you in as root letting you change whatever you want to...
 
Old 11-13-2006, 03:30 PM   #3
Fadoksi
Member
 
Registered: Apr 2006
Location: Finland
Distribution: Ubuntu, Gentoo, Debian
Posts: 88

Rep: Reputation: 15
remember if there is a rootkit present, the hackers files can be hidden from the system. If you want to find them, use a livecd.
 
Old 11-13-2006, 06:45 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
To follow up, once you are able to get access to the system, take a look at the links in the security references thread at the top of the forum. Take a look at the section "Compromise, breach of security, detection", In particular the links to CERT's Intruder Detection Checklist and "Steps for Recovering from a UNIX or NT System Compromise" will likely be useful in diagnosing the source of the compromise. Remember that if you are truly compromised, then a full reinstall from trusted media is the *only* way you can be sure that the system is secure.
 
Old 11-14-2006, 08:46 PM   #5
sfarber53
LQ Newbie
 
Registered: Dec 2003
Location: Blacklick, OH
Distribution: CentOS 4.x; also OS X.4
Posts: 17

Rep: Reputation: 0
Install chkrootkit

You can find chkrootkit at www.chkrootkit.org. It should show you what needs to be deleted, corrected, etc.

I am running CentOS 4.x and install it on all of my machines. I currently have 3 running CentOS.

Cheers!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Control amount of time a user may be logged in. (Parental Control) darrensnospam Mandriva 13 02-18-2006 06:01 PM
Root was hacked d0127810 Linux - Security 5 06-25-2005 02:17 AM
root passwd [hacked] t3gah Ubuntu 12 03-29-2005 08:06 PM
Scanner to work as USER and not forced as ROOT Root (Suse 9.1) 1kyle Linux - Hardware 0 07-10-2004 09:51 AM
IntelliMouse thumb buttons work as root, broken as non-root user, wheel works always digital vortex Linux - Hardware 7 03-02-2004 05:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration