01-15-2013
Hi,
There are some ways to enter a compromised system even if you have changed the root password. Probably the hacker has modified the system, so he can enter without being asked a password.
Your best bet to solve the problem is backup everything valuable and get a new server installed. The only way I know of investigating a compromised server that can lead anywhere is taking it offline to avoid more interference from the hacker.
Think that probably the hacker is inside your system and you could not detect it.
All the tools like rkhunter tell you to not relay only on them. And they are good for detection, but they don't serve for more than that.
Hope you get it solved
jmanel
This User Gave Thanks to jmanel For This Post:
9 More Discussions You Might Find Interesting
1. IP Networking
/* Linux Slackware */
looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful..
Body of Messages log... (1 Reply)
Discussion started by: LowOrderBit
1 Replies
2. Solaris
Hello!
I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
Discussion started by: sap4ever
3 Replies
3. Windows & DOS: Issues & Discussions
Hi All,
I need your expertise in finding a way to solve my problem.Please excuse if this is not the right forum to ask this question and guide me to the correct forum,if possible.
I am a DBA and on a daily basis i have to ftp huge dump files from my company server to my laptop and then... (3 Replies)
Discussion started by: kunwar
3 Replies
4. Shell Programming and Scripting
Dear Friends,
Sorry for this basic request. But I just started learning Ksh recently and still I am a newbie in this field.
Q: I have files on one server and the date format is 20121001000009_224625.in which has year (yyyy) month (mm) and date (dd). I have these files on server A. The task... (8 Replies)
Discussion started by: BrownBob
8 Replies
5. Shell Programming and Scripting
I need to connect to a ftp server-1 from linux server-2 and copy/get a file from server-1 which follows a name pattern of FILENAME* (located on the root directory) and copy on a directory on server-2. Later, I have to use this file for ETL loading... For this I tried using as below
/usr/bin/ftp... (8 Replies)
Discussion started by: dhruuv369
8 Replies
6. Shell Programming and Scripting
Hi ,
Is there any script to copy a files (weblogic bianary + silent.xml ) from one server (linux) to another servers and then execute the copy file.
We want to copy a file on multiple servers and run the installation.
Thanks (1 Reply)
Discussion started by: Nawrajesh
1 Replies
7. UNIX for Dummies Questions & Answers
I have 3 servers A, B, C and server B is having some files in /u01/soa/ directory, these files i want to copy to server C, and i want to run the script from server A.
Script(Server A) --> Files at Server B (Source server) --> Copy the files to Server C(Target Server).
We dont have RSA key... (4 Replies)
Discussion started by: kiran_j
4 Replies
8. Solaris
Hi,
I am trying to automate the process of fetching files from remote server to local server through sftp. I have the username and password for the remote solaris server. But I need to give password manually everytime i run the script.
Can anyone help me in automating the script such that it... (3 Replies)
Discussion started by: ssk250
3 Replies
9. UNIX for Dummies Questions & Answers
Hi everyone,
I hope I am posting in the right spot and I really need some help. I am going through a horrible divorce and I am afraid that my husband has compromised . He set up my mac computer and router and for my job set up remote access for me. I caught him cheating on me and I think he... (6 Replies)
Discussion started by: kk243665
6 Replies
LEARN ABOUT REDHAT
ypchsh
yppasswd(1) General Commands Manual yppasswd(1)
NAME
yppasswd, ypchfn, ypchsh - change your password in the NIS database
SYNOPSIS
yppasswd [-f] [-l] [-p] [user]
ypchfn [user]
ypchsh [user]
DESCRIPTION
The standard passwd(1), chfn(1) and chsh(1) cannot be used under Linux to change the users NIS password, shell and GECOS information,
because they only modify the password file on the local host. For changing the NIS information, they are replaced by their NIS counter-
parts, yppasswd, ypchfn and ypchsh.
These commands are the same program, linked to different names. Using the command line switches, you can choose whether to update your
password -p, your login shell -l, or your GECOS field -f, or a combination of them. yppasswd implies the -p option, if no other option is
given. If you use the -f or -l option, you also need to add the -p flag. ypchfn implies the -f option, and ypchsh -l.
When invoked without the user argument, the account information for the invoking user will be updated, otherwise that of user will be
updated. This option is only available to the super-user. If the yppasswdd daemon on the server supports it, you can give the root password
of the server instead of the users [old] password.
All tools will first prompt the user for the current NIS password needed for authentication with the yppasswdd(8) daemon. Subsequently, the
program prompts for the updated information:
yppasswd or -l
Change the user's NIS password. The user is prompted for the new password. While typing the password, echoing is turned off, so
the password does not appear on the screen. An empty password is rejected, as are passwords shorter than six characters. The user
will then be requested to retype the password to make sure it wasn't misspelled the first time.
ypchsh or -l
Change the user's login shell. The user is prompted for a new shell, offering the old one as default:
Login shell [/bin/sh]: _
To accept the default, simply press return. To clear the shell field in your passwd(5) file entry (so that the system's default
shell is selected), enter the string none.
ypchfn or -f
Change the user's full name and related information. Traditionally, some applications expect the GECOS field (field 4) of the
passwd(5) file to contain the user's real name (as opposed to the login name) plus some additional information like the office phone
number. This information is displayed by finger(1) and probably some other tools, too.
When setting the full name, ypchfn displays the following prompts, with the defaults in brackets:
Name [Joe Doe]:
Location [2nd floor, bldg 34]:
Office Phone [12345]:
Home Phone []:
To accept a default, simply press return. To clear a field, enter the string none.
SEE ALSO
chfn(1), chsh(1), finger(1), passwd(5), passwd(1), ypcat(1), yppasswdd(8), ypserv(8), ypwhich(1)
AUTHOR
yppasswd is part of the yp-tools package, which was written by Thorsten Kukuk <kukuk@suse.de>.
YP Tools 2.7 May 1998 yppasswd(1)