Re: trying to create a backdoor super user account

pedliz11 · ‎12-18-2007

does anyone know how to setup a backdoor account
incase the root password get reset or the root file system gets full. Pls send details

Mike Shilladay · ‎12-18-2007

Hi,

Set up any user with a user id of 0 will probably do what you want, although it must be emphasized that it is not recommended and goes against the grain having a security policy.

To do this copy the first line of /etc/passwd to the next line and change the user name. Even the password stays the same.

There are other ways to do what you want other than have another root back door.

Mike

Torsten. · ‎12-18-2007

>>"...the root password get reset ..."

How should this happen?
This could be done by root - just like many, many other bad things. You cannot prevent all unless you are very, very carefully when you are root.
You may consider to use sudo to prepare some commands for emergency ...

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Victor BERRIDGE · ‎12-18-2007

Greetings,
I tend to think like Torsten...
So I use sudo (an alias in .kshrc for sudo ksh...) without passwd (because the day you will need it urgently being stressed you may not want the people behind you seeing you passwd...
And give yourself sam privileges (especially shutdown/reboot the box...)

All the best
Victor

pedliz11 · ‎12-18-2007

can you elaborate on this ewith examples

Mike Shilladay · ‎12-18-2007

Hi,

If you wanted an example, my method involved invoking passwd editor.

# vipw

This brings up the passwd file. Copy the first line which contains root as the user with the yy, use the p command to insert below. Change the username 'root' to your own choice. (use vi commands to change this) and then save it. (ESC : wq!). You should now have a copy of the root user.

Mike.

Victor BERRIDGE · ‎12-18-2007

In the sudoers file:

e.g. with me (vbe)

vbe ALL=(ALL) NOPASSWD: ALL

To edit use visudo (/usr/local/sbin/visudo but depends on what version you are using...)

in .kshrc:

alias 1mking='/usr/local/bin/sudo ksh'

Be sure to have put in your .profile:
export ENV=$HOME/.kshrc

For sam priviledges:
as root call sam -r
select your account
Give yourself all priviledges
save!

All the best
Victor

Matt Hearn · ‎12-18-2007

We used to have a customer that had a funny way of doing it; probably predated the invention of "sudo." Everybody who needed to be able to do administrative tasks on the servers had their usual personal account PLUS an administrator account, which was just named their initials+.root. My account was, thusly, mh.root. It had UID 0, so it could do pretty much everything it wanted, and it was prevented from telnetting or sshing in; you could only su to it.

I would think nowadays your best bet is to get the latest version of sudo, preferably in depot form from http://hpux.cs.utah.edu .

That way you can configure exactly what users can do specific things. Pretty slick.

Bill Hassell · ‎12-18-2007

> or the root file system gets full...

The 'backdoor' (duplicate root user) will be useless. The system doesn't care what your login name is -- root, rooty, secret9 -- the UID=0 user names (including root) will not be allowed to login just like any other user.

Note that one of the first attacks that a hacker will try on your system is to change an ordinary (and existing) user to UID=0. That way, this user still logs in without knowing about the compromise and the hacker has root access. This situation is easily detected with the command:

logins -d

So a duplicate UID=0 account doesn't help. The root password can only be changed by a root user so the fix is to eliminate sharing the root password. Change the password and then never login as root unless absolutely necessary. Contractors and system operators are forbidden to have the password. Delegate root responsibilities with restricted SAM or the better solution, download sudo from HP.

The root filesystem can only be filled by root mistakes. The first is leaving root's home in /. Move root's home to /home/root and remove all the junk files from /. The / directory should have no files at all.

The best security is to use /etc/securetty and allow root login ONLY from the console.

Bill Hassell, sysadmin

Yogeeraj_1 · ‎12-18-2007

hi,

I agree with Bill. You should go for sudo.

Opening backdoors is not wise decision for any reasons. You should find the root cause of the problems that you have mentioned. These do not happen just like that. These are causes of exceptional conditions that you should be able to locate.

good luck!

kind regards
yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: trying to create a backdoor super user account

trying to create a backdoor super user account