HPE Community
Operating System - HP-UX
1833207 Members
3035 Online
110051 Solutions
New Discussion

security question

 
james gould
Frequent Advisor

‎06-27-2002 08:44 AM

‎06-27-2002 08:44 AM

security question

When doing a whoami command as a regular user
the following message appears :
Intruder alert

Does not happen when running the same command
as root.

O/S is 11.00
0 Kudos
Reply
12 REPLIES 12
Giri Sekar.
Trusted Contributor

‎06-27-2002 09:04 AM

‎06-27-2002 09:04 AM

Re: security question

whoami reads the /etc/passwd file for info. check the permissions and if it is not readable for users then you would get this message. Does not happen for root 'coz root will have the permissions on it.
"USL" Unix as Second Language
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-27-2002 09:05 AM

‎06-27-2002 09:05 AM

Re: security question

Hi James:

Make sure /etc/passwd is readable by everyone:

-r--r--r--

Regards!

...JRF...
0 Kudos
Reply
james gould
Frequent Advisor

‎06-27-2002 09:13 AM

‎06-27-2002 09:13 AM

Re: security question

Permissions are open for read only on both
passwd and group files.

When running a password check if anything is
wrong in the file could that cause this error
to appear??
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎06-27-2002 09:15 AM

‎06-27-2002 09:15 AM

Re: security question

the permissions of /etc/passwd fuile are r-- --- --- change it to r-- r-- r-- and you are good to go.


Manoj Srivastava
0 Kudos
Reply
Giri Sekar.
Trusted Contributor

‎06-27-2002 09:17 AM

‎06-27-2002 09:17 AM

Re: security question

The decision would be yours. If you make the /etc/passwd file as 444 then you will not get this error. But you may have turned it off for security.
"USL" Unix as Second Language
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎06-27-2002 09:18 AM

‎06-27-2002 09:18 AM

Re: security question

Also James
check whether there are two or more user having the same user id this wil also cause whoami to give intruder alert.


Manoj Srivastava
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-27-2002 09:22 AM

‎06-27-2002 09:22 AM

Re: security question

Hi (again) James:

Make sure the permissions of '/etc' (and '/') allow read and execute to everyone, too. Do:

# ls -ld /
# ls -ld /etc

Regards!

..JRF...
0 Kudos
Reply
Rob Fisher
Advisor

‎06-27-2002 09:30 AM

‎06-27-2002 09:30 AM

Re: security question

I have permissions -rw-r--r-- on most of my servers. If you set these permissions make sure that the owner is root and the group is root.

Good luck
May the winds of life keep you on the right tack
0 Kudos
Reply
brian_31
Super Advisor

‎06-27-2002 09:49 AM

‎06-27-2002 09:49 AM

Re: security question

Hi James:

Did you get a chance to look into your profile??? 3/125(points alloted). If you feel all the above answers are dumb then put N/A.

Thanks
Brian.
0 Kudos
Reply
james gould
Frequent Advisor

‎06-27-2002 09:49 AM

‎06-27-2002 09:49 AM

Re: security question

All permissions are ok

Will try restoring passwd file from backup and
see if that does the trick
0 Kudos
Reply
Jerry Anderson_1
Occasional Advisor

‎06-28-2002 11:49 AM

‎06-28-2002 11:49 AM

Re: security question

According to what I read online (Google search) this message has nothing to do with file permissions.

If the current user ID is not in the password file, the message Intruder alert is displayed.

I'm not sure under what circumstances you could end up with a UID that is not in the password file, but that appears to be the case here.
0 Kudos
Reply
james gould
Frequent Advisor

‎06-28-2002 11:55 AM

‎06-28-2002 11:55 AM

Re: security question

Restored a backup of the passwd file and it
fixed the problem. Seems that another admin
modifed a user password so they could not login
and deleted the UID by mistake.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.