LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-04-2005, 09:19 AM   #1
shanenin
Member
 
Registered: Aug 2003
Location: Rochester, MN, U.S.A
Distribution: Gentoo
Posts: 987

Rep: Reputation: 30
two users with uids of 0


I am sure this is probably nothing, but not really sure. This morning on my bsd box I had a mail message for root. It mentions having two users with an uid of 0. The second user had a login id of toor (root backwards). Is this something I should worry about? Below is the message.

Code:
From root@devil.roc.mn.charter.com Fri Mar  4 03:01:38 2005
Return-Path: <root@devil.roc.mn.charter.com>
Received: from devil.roc.mn.charter.com (localhost [127.0.0.1])
	by devil.roc.mn.charter.com (8.13.1/8.13.1) with ESMTP id j2491cWN000425
	for <root@devil.roc.mn.charter.com>; Fri, 4 Mar 2005 03:01:38 -0600 (CST)
	(envelope-from root@devil.roc.mn.charter.com)
Received: (from root@localhost)
	by devil.roc.mn.charter.com (8.13.1/8.13.1/Submit) id j2491cg0000414
	for root; Fri, 4 Mar 2005 03:01:38 -0600 (CST)
	(envelope-from root)
Date: Fri, 4 Mar 2005 03:01:38 -0600 (CST)
From: Charlie Root <root@devil.roc.mn.charter.com>
Message-Id: <200503040901.j2491cg0000414@devil.roc.mn.charter.com>
To: root@devil.roc.mn.charter.com
Subject: devil.roc.mn.charter.com daily run output


Removing stale files from /var/preserve:

Cleaning out old system announcements:

Removing stale files from /var/rwho:

Backup passwd and group files:
no /var/backups/master.passwd.bak
no /var/backups/group.bak

Verifying group file syntax:

Backing up mail aliases:
no /var/backups/aliases.bak

Disk status:
Filesystem  1K-blocks    Used   Avail Capacity  Mounted on
/dev/ad0s4a   5550798 2523816 2582920    49%    /
devfs               1       1       0   100%    /dev

Last dump(s) done (Dump '>' file systems):

Network interface status:
Name    Mtu Network       Address              Ipkts Ierrs    Opkts Oerrs  Coll
vr0    1500 <Link#1>      00:50:2c:a6:64:e7    46405     0    33848     0     0
vr0    1500 fe80:1::250:2 fe80:1::250:2cff:        0     -        4     -     -
vr0    1500 192.168.1     192.168.1.101        46313     -    33834     -     -
plip0  1500 <Link#2>                               0     0        0     0     0
lo0   16384 <Link#3>                               0     0        0     0     0
lo0   16384 your-net      localhost                0     -        0     -     -
lo0   16384 localhost     ::1                      0     -        0     -     -
lo0   16384 fe80:3::1     fe80:3::1                0     -        0     -     -

Local system status:
 3:01AM  up  6:21, 2 users, load averages: 1.21, 1.08, 1.07

Mail in local queue:
/var/spool/mqueue is empty
		Total requests: 0

Mail in submit queue:
/var/spool/clientmqueue is empty
		Total requests: 0

Security check:
    (output mailed separately)

Checking for rejected mail hosts:

Checking for denied zone transfers (AXFR and IXFR):

-- End of daily output --

From root@devil.roc.mn.charter.com Fri Mar  4 03:01:38 2005
Return-Path: <root@devil.roc.mn.charter.com>
Received: from devil.roc.mn.charter.com (localhost [127.0.0.1])
	by devil.roc.mn.charter.com (8.13.1/8.13.1) with ESMTP id j2491c01000426
	for <root@devil.roc.mn.charter.com>; Fri, 4 Mar 2005 03:01:38 -0600 (CST)
	(envelope-from root@devil.roc.mn.charter.com)
Received: (from root@localhost)
	by devil.roc.mn.charter.com (8.13.1/8.13.1/Submit) id j2491cwf000367
	for root; Fri, 4 Mar 2005 03:01:38 -0600 (CST)
	(envelope-from root)
Date: Fri, 4 Mar 2005 03:01:38 -0600 (CST)
From: Charlie Root <root@devil.roc.mn.charter.com>
Message-Id: <200503040901.j2491cwf000367@devil.roc.mn.charter.com>
To: root@devil.roc.mn.charter.com
Subject: devil.roc.mn.charter.com security run output


Checking setuid files and devices:

No /var/log/setuid.today

No /var/log/mount.today

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

No /var/log/dmesg.today

devil.roc.mn.charter.com login failures:

devil.roc.mn.charter.com refused connections:

-- End of security output --
 
Old 03-04-2005, 09:26 AM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
So long as you have a password set for toor so it isn't an open door to your system, it is fine It isn't uncommen to have a toor acount incase you somehow lock yourself out of your root account.
 
Old 03-04-2005, 09:57 AM   #3
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 75
I am sure FreeBSD does this by default, so that if anything goes wrong with your root account, you still have access using toor.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SIDs and UIDs and RIDs! Oh My! (SAMBA) calabash Linux - Networking 0 08-10-2005 07:18 PM
How can I find and change UIDs k2merlinsix Linux - Networking 5 12-28-2004 03:15 PM
Multiple UIDS at the same time ? SiLiCoN Linux - General 3 12-17-2004 04:20 AM
samba - map winbind users to nis uids and gids bkurnik Linux - Networking 0 09-20-2004 06:47 AM
Help with UIDs please :) gponto18 Linux - Newbie 5 10-22-2002 02:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration