[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

FC9 Compromised...



On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines were compromised. All had the latest patches applied.

1. Only the installed user accounts are on these machines. The root user password is long with upper/lower case characters with numerals & punctuation. It is unlikely this was cracked.

2. All log files were deleted.

3. The following users were deleted 'root':
  mysql
  apache
  sshd
  dbus
  haldaemon
  dovecot
  gdm
  smmsp

4. The machine can only be accessed in 'single user' mode. Using 'passwd' to reset the root password fails with: "passwd: User not known to the underlying authentication module."

Any help on resolving this would be appreciated. I need to get data off these before re-installation.

Have any other incidents like this been reported lately?

Thanks,

Jack


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]