On Fri, Apr 05, 2002 at 06:35:46PM +0100, Nathan wrote:
> >
> >Does your login have the correct parameters? On my Debian system, login
> >is SUID root.
> >
> [root@celia bin]# stat login
> File: "login"
> Size: 17740 Blocks: 40 IO Block: 4096 Regular File
> Device: 302h/770d Inode: 635552 Links: 1
> Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
> Access: Fri Apr 5 18:25:42 2002
> Modify: Sun Aug 26 23:51:37 2001
> Change: Thu Jan 10 14:39:31 200
It try setting it SUID root. (although interestingly, even if I
chmod u-s /bin/login I can still login, so this may not be it.)
You on a fixed IP? What's the security like? Wireless LAN? It might
be worth searching for "..." files, weird files in /dev and elsewhere,
evidence of root kits? netstat -anp see if anything weird is listening.
Do you run tripwire or similar. Though to be honest, I doubt it is
a crack.
Sorry for the bad wording. My eyes are not liking being awake. Agh...
Matthew
--Matthew Sackman Nottingham England
BOFH Excuse Board: Cosmic ray particles crashed through the hard disk platter -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------
This archive was generated by hypermail 2.1.3 : Fri 05 Apr 2002 - 20:22:12 BST