HPE Community
Operating System - HP-UX
1837893 Members
3021 Online
110122 Solutions
New Discussion

Re: Intruder Alert

 
Edward J. Duranty_2
Advisor

‎06-06-2001 12:01 PM

‎06-06-2001 12:01 PM

Intruder Alert

I have a question concerning security using HP-UX 10.20. A user logged in and his prompt name had changed from the "systemname/username" to "systemname.Intruder.alert". It seems as if we have been hacked. Can anyone give me infomation on this message, as well as possibly issues that can cause this? Thanks!
0 Kudos
Reply
3 REPLIES 3
John Poff
Honored Contributor

‎06-06-2001 12:07 PM

‎06-06-2001 12:07 PM

Re: Intruder Alert

Hi,

I got this once a while back. I think it was the permissions on the /etc/passwd and/or /etc/group files. Make sure they are world-readable. If they are ok, you might try running pwck to check the password file for any problems.

JP
0 Kudos
Reply
John Poff
Honored Contributor

‎06-06-2001 01:12 PM

‎06-06-2001 01:12 PM

Re: Intruder Alert

Edward,

Now I remember. I've had this problem before when somehow the /etc/passwd file lost read permissions for the world. The 'whoami' command will return 'Intruder alert' when that happens.

In our case, we were using 'whoami' to put the user name into the shell prompt, so everyone who logged in got the 'Intruder alert' message as part of their shell prompt. It's kind of scary when it happens but it is easy to fix.

JP
0 Kudos
Reply
Jens Ebert
Frequent Advisor

‎06-07-2001 01:48 AM

‎06-07-2001 01:48 AM

Re: Intruder Alert

We got the same after creating a recovery tape with ignite in single-user mode (multiuser is recommended though) and rebuilding the system with this tape. After changing the permissions as described above, it worked.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.