Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been happily running Slack 10 on my laptop for about 9 months now, and beyond a few configuration hiccups I still havn't fixed, it's been working nicely as my day to day computer. I shutdown last night, and this morning I started up and logged in as my individual user, as always, without any problems.
Now, since I have returned from school, I have had to su and use the package 'switchto' to change from my school default settings to that of my home network. Problem is, it wouldn't accept my root password. Yes, I have ensured the password is actually being entered correctly.
After rebooting, and trying some different configurations, I still cannot login as root, or su, while my main user account works fine. From a prompt, it says "Login incorrect", and when trying to su from a console within X, "Authentication failure".
Any ideas why this may have changed all of a sudden, and what I can try to fix it? Searching hasn't turned up anything like my situation, and yes, I am very new at this.....thanks in advance!
Ok, so I passed the arguement "single" to my usual kernel config at boot with lilo, and after waiting a few minutes for my network connection attempts to timeout, it said switching to runlevel 1, which is single user mode.
I ended up booting off my cd and changing /etc/shadow to reset my root password (and having to learn some vi along the way ), so all is working for the moment.
but, the lingering question is still, why would the root password suddenly change like that? It was SOmething, as it had an encrypted form in the /etc/shadow, but it certainly wasn't anything of my setting. What exactly should I consider looking for?
Did you do any upgrades to your dropline installation
recently? I'm not saying that you haven't been rooted,
it's just that Slack normally doesn't use PAM at all ...
Originally posted by Tinkster Did you do any upgrades to your dropline installation
recently? I'm not saying that you haven't been rooted,
it's just that Slack normally doesn't use PAM at all ...
Cheers,
Tink
Hmm. I'd be a bit concerned about this. Seeing as the standard user passwords work, it appears that PAM's authentication mechanisms are working properly. Seems more likely that someone has either taken over your machine or the password was changed/forgotten.
There wouldn't be any recent Dropline updates because we stopped building for Slackware 10.0 some time ago, but an update can certainly be forced. Have you been keeping up with the Slackware security updates?
Originally posted by zborgerd
There wouldn't be any recent Dropline updates because we stopped building for Slackware 10.0 some time ago, but an update can certainly be forced. Have you been keeping up with the Slackware security updates?
I have not updated in a LONG while. This machine is mostly offline, so I havn't been very good about it. I've been going through things now with a rootkit detector, and havn't found anything so far, so I think I shall keep digging. Anything else worth checking for that anyone can think of off the top of their head? Very odd...
Originally posted by patrick-slack I have not updated in a LONG while. This machine is mostly offline, so I havn't been very good about it. I've been going through things now with a rootkit detector, and havn't found anything so far, so I think I shall keep digging. Anything else worth checking for that anyone can think of off the top of their head? Very odd...
So you normally keep any services open to the outside? SSH? FTP? HTTP? Anything?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.