[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Re: Help: System intrusion through ssh and a weak password



Tom Astle wrote:
A user without an entry in /etc/passwd perhaps?

Jim Christiansen wrote:
Any Idea what or WHO '68' is??


avahi 2854 0.0 0.0 23088 332 ? Ss May08 0:00 avahi-daemon: chroot helper
68        2865  0.0  0.2  27172  4232 ?        Ss   May08   0:01 hald
root 2866 0.0 0.0 17384 928 ? S May08 0:00 hald-runner 68 2872 0.0 0.0 12268 804 ? S May08 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket 68 2876 0.0 0.0 12264 796 ? S May08 0:00 hald-addon-keyboard: listening on /dev/input/event1 root 2888 0.0 0.0 10172 636 ? S May08 0:00 hald-addon-storage: polling /dev/hda root 2904 0.0 0.0 3764 388 ? Ss May08 0:00 /usr/sbin/ltspswapd -s /var/opt/ltsp/swapfiles/



------------------------------------------------------------------------

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


grep 68 /etc/passwd
account is haldaemon, which I suspect being longer than 8 characters was suppressed in that ps display in favor of haldeamon's uid.
It works the same on my fedora system.

Chris

--
  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #804005699817957


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]