[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
FC9 Compromised...
- From: Jack Lauman <jlauman nwcascades com>
- To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list redhat com>
- Subject: FC9 Compromised...
- Date: Fri, 27 Feb 2009 12:49:32 -0800
On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
were compromised. All had the latest patches applied.
1. Only the installed user accounts are on these machines. The root user
password is long with upper/lower case characters with numerals &
punctuation. It is unlikely this was cracked.
2. All log files were deleted.
3. The following users were deleted 'root':
mysql
apache
sshd
dbus
haldaemon
dovecot
gdm
smmsp
4. The machine can only be accessed in 'single user' mode. Using
'passwd' to reset the root password fails with: "passwd: User not known
to the underlying authentication module."
Any help on resolving this would be appreciated. I need to get data off
these before re-installation.
Have any other incidents like this been reported lately?
Thanks,
Jack
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]