Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anyone with ideas? I'm almost ready to wipe out my disks in order to avoid the risk "being compromised". If anyone can say something about this found I'll
greatly appreciate it.
EDIT:
I ran chkrootkit from the SystemRescueCD service distro and it didn't find anything suspicious. Also the file times are identical if I see them from my running SuSE and from the SysRescCD. The .bash_history file has length zero, but the folder (/etc/skel) is accessed each time the box starts.
Also the Samhain logs does not contain anything suspicous excetp the complain about missing policy for /etc/skel/bin
Distribution: SuSE Pro Releases 7.3, 9.0, CentOS 4.0, Kubuntu 6.0x
Posts: 103
Original Poster
Rep:
Okay,
simply and probably (?!) false alarm - since I'm such total noob I missed the knowledge of useradd and the /etc/skel local user skeleton.
Also I gave improper meaning of the record in the Samhain log - it is not a CRIT (complain) but is just simple INFO (notification).
Well, it is alway good to learn something new.
Anyway, thanks for the attention and excuse me for the spam.
To elaborate a bit more, the skel directory contains files that are copied to every *new* users home directory when you add new users. It's a great place for sysadmins to put anything they want every new user to have. Whether they be scripts or ssh keys, or anything really.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.