SUMMARY: Security problem - su not working correctly!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks to everyone's help I got this licked quickly! 

Most people suggested I'd been hacked.  I had considered this myself 
although due to our firewall config it would have been somewhat difficult 
plus I'm very good about keeping everything patched.  In the end it turned 
out to be a configuration error. 

The first hint was when I started checking the pam config (thanks to 
everyone for that hint).  /etc/pam.d/system-auth turned out to be the 
trouble.  I replaced this with a copy from another server which wasn't 
having issues and suddenly everything started working properly again.  
However I came in today and I was having problems again!  Eventually I 
tracked everything down to msec, a package distributed with Mandrake to help 
with security checking and configuration.  msec had its security level set 
to '0' and was changing pam's configuration to basically have no 
restrictions.  My fault, I was trying to figure out some errors that msec 
was throwing into my system log about the same time I did the webmin update 
last week.  Pays to keep notes of what you've changed! 

Other helpful hints I got: 

 - make sure root has a password set (it did)
 - make sure that su hasn't been replaced with a trojan
 - verify rpm packages to make sure files belonging to them haven't been 
altered
 - check to see if the UID field has been changed to '0' for any users 

Thanks to everyone for their help! 

Original problem: 

su stopped asking for a password when switching to root or any other user.
_______________________________________________
LinuxManagers mailing list - http://www.linuxmanagers.org
submissions: LinuxManagers@linuxmanagers.org
subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers

[Index of Archives]     [Kernel]     [Linux SCSI]     [Video 4 Linux]     [Linux Admin]     [Yosemite News]

  Powered by Linux