Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

password problems

Status
Not open for further replies.
plook

plook

IS-IT--Management
Apr 1, 2000
33
Hi !

I am having some problems with UNIX passwords on a RedHat 5.2 box. When I change the password of any userids, it keeps it... for a few minutes or hours... Once the password is changed, I can login using the new password... after a little while (we're talking in minutes or couple hours), when I try to login again, the system changed the password to the old one.. And it does that to any logins, even ROOT !!!

Also, when I try to generate a password with mkpasswd, I get (most of the time) a "No DBM Database found" error...

These two problems started at the same time 4-5 days ago


Has anybody seen that problem before ??

Any help would be very appreciated !

Thanks A lot !

Dominic
 
Sort by date Sort by votes
I would look at your /etc/passwd file to see if you have any users you didn't create. I'd say someone broke into your machine and is having a little fun. Are you connected to the net? Is you telnet port and such (rsh, rlogin, etc) open? You can also look at your log files to see if someone unauthorized has broken in.

MWB.
As always, I hope that helped!

Disclaimer:
Beware: Studies have shown that research causes cancer in lab rats.
 
Upvote 0 Downvote
Yes I have looked at it already... and I have only 3 users in /etc/passwd .

I have also tried to unhook the machine from the LAN and Internet to see if I was still getting the problem, and yes indeed, all the passwords get changed back to their respective old passwords all the time...

 
Upvote 0 Downvote
My guess is you've been hacked and someone has cleverly hid a root kit somewhere on your box. If you unplug the box from the network that will do nothing to close the hole. I think you need to start checking your packages with RPM to see if any have been modified. Also check your system files date, time and permissions. If this is critical system, then backup your logs, then your data then rebuild, run any necessary updates, put back online for your users, grab some coffee and start digging into the logs. Also, do your have portmapping turned on?

.02,
war...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
115
feherke
feherke
scon44
  • Locked
  • Question
SSH password less
Replies
4
Views
114
AIXLogician
AIXLogician
SpenceWaller
  • Locked
  • Question
Samba LDAP Domain - Password Expiry
Replies
0
Views
79
SpenceWaller
SpenceWaller
NewtownGuy
  • Locked
  • Question
How do I avoid problems when a file I'm reading changes ? 1
Replies
11
Views
179
feherke
feherke
reinstalled
  • Locked
  • Question
Ports Problems RHEL5
Replies
2
Views
83
reinstalled
reinstalled

Part and Inventory Search

Sponsor

Back
Top