SunOS 5.8.


Recommended Posts

Hi,

I have a weird problem.. running SunOS 5.8. A few users are added to the system... recently I've had one user come up to me and say that they couldn't access shell and that they got the error message " > Could not chdir to home directory /home/umabh: Permission denied" . I tracked it down... they seem to of (or someone else on the system) have used chown to set the owner to root and the permissions to nothing. Here's a log of it:

d--------- 41 root testm 2048 Apr 2 19:02 umabh

Now, what i don't understand is ONLY root can chown and i've checked everything. i don't understand how this has been changed without root access... and no looking at the logs the server wasn't hacked or anything.

Link to comment
Share on other sites

Two things worth thinking about, just because something isnt logged, doesnt mean it didnt happen. Its all too easy for skript kiddies to get hold of a root-kit that will turn logging off, or wipe the logs of a certain entry altogether.

What exactly does this server do, and is it locked down?

Mayb some sort of IDS is needed?

The other thing is, are you the only root or root-equivalent, or does someone have your passwords (althought the logs would probably show if root had changed anything... :blink:)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.