Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!uunet!in2.uu.net!204.73.178.32!chippy.visi.com!news-out.visi.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news.mathworks.com!news1.best.com!nntp1.ba.best.com!not-for-mail From: dhawk@best.com (David Hawkins) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: PANIC! FreeBSD box still hosed Date: 16 May 1997 07:59:40 -0700 Organization: Decline to State Lines: 46 Message-ID: <5lhsos$3ba$1@shell3.ba.best.com> References: <Pine.LNX.3.95.970515184110.29195A-100000@cirrus.axxis.com> NNTP-Posting-Host: shell3.ba.best.com Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41048 In article <Pine.LNX.3.95.970515184110.29195A-100000@cirrus.axxis.com>, Q. Wade Billings <blitz@axxis.com> wrote: >I have posted a message to this newsgroup concerning a rebel FreeBSD box >that refuses all attempts to log into it. I have checked the password >file, and it is working as my dialup customers can still authenticate >through RADIUS, but I can not login. This would not be such a problem, but >I need to get on the machine to do work on it. What's the exact error message you get? [Lots of details would help: version of freebsd, how many users, etc.] Are you trying to login as root? It may be that your console is set to 'secure' and won't take root passwords across the network. If you are at the console then that's not the problem, of course. If you are at the console then you can boot to single user (contrl-alt-del) and -s (I think). In single user mode you type passwd and change the password. Hmm, you might want to make copies of the /etc directory first in case the problem is a crack. tar cf /root/etc.tar /etc One possible problem if you can't login as root at the console is that your root password includes the # character, which is backspace at the console on some unix systems. Once you get the problem fixed (hopefully some of the above helped) create an account for yourself and use sudo to grant yourself root access. Make sure your password and the root password are hard to guess. It may be that your system has been cracked and the root password changed. Once you get into the system check for root logins and 'su' usage, as in last -20 root At that point you'd need to make sure that other root accounts (user: 0) accounts haven't been created. Remove the 'toor' account if it's not being used. If you have automated backups then you might be able to find what's been changed once you get into the system. Restore a backup from before your problems and compare the files that have changed. later, david -- David Hawkins dhawk@best.com http://www.river.org/~dhawk There seems no plan because it's all plan. There seems no center because it's all center. -- C. S. Lewis