HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Be Hacked: what is the login-authentication-f...
Operating System - Linux
1829566
Members
1284
Online
109992
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2002 06:48 AM
08-12-2002 06:48 AM
i was bee hacked, one account can be login by telnet for root shell directory, but the others can't.
for normal root account can not login yet, so i think all of the secureety for telnet in /etc/ might have not bee admended;
the second, the /bin/login file is normal wich size and date,
third, once i delete the account and add the same account with the same password again, all the privious previleges disappear, so, it seems not bybass admend in login file.
now the question is : where the hacker revised so as for root telnet login?
in other words, what is the login-authentication-flowchat? i think it is pam-login-util, anything else? where can i get the source and documents?
thanks for your tips;
fredeick
ps: i do not want to reinstall my system at once, and i ususaly use ssh in place of telnet, i only want to know how the hacker can do that, and found the method to defend him.
tha
for normal root account can not login yet, so i think all of the secureety for telnet in /etc/ might have not bee admended;
the second, the /bin/login file is normal wich size and date,
third, once i delete the account and add the same account with the same password again, all the privious previleges disappear, so, it seems not bybass admend in login file.
now the question is : where the hacker revised so as for root telnet login?
in other words, what is the login-authentication-flowchat? i think it is pam-login-util, anything else? where can i get the source and documents?
thanks for your tips;
fredeick
ps: i do not want to reinstall my system at once, and i ususaly use ssh in place of telnet, i only want to know how the hacker can do that, and found the method to defend him.
tha
frederick
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2002 02:39 PM
08-12-2002 02:39 PM
Solution
Checkout http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html for information on PAM
Also Checkout http://ctdp.tripod.com/os/linux/howlinuxworks/linux_hllogin.html for how login works.
If you have infact been compromised you should do a complete format and reload if that is possible. If that is not an option then run a check for installed trojans and rootkits as well as other exploits. Also you may want to run nmap to see what ports are open and close anything that you don't want open for traffic. You can get these tools from the internet, one for rootkits is http://www.chkrootkit.org/
Use google to find any other security scanners that you may need.
Hope it helps.
Also Checkout http://ctdp.tripod.com/os/linux/howlinuxworks/linux_hllogin.html for how login works.
If you have infact been compromised you should do a complete format and reload if that is possible. If that is not an option then run a check for installed trojans and rootkits as well as other exploits. Also you may want to run nmap to see what ports are open and close anything that you don't want open for traffic. You can get these tools from the internet, one for rootkits is http://www.chkrootkit.org/
Use google to find any other security scanners that you may need.
Hope it helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2002 08:46 PM
08-12-2002 08:46 PM
Re: Be Hacked: what is the login-authentication-flowchat
Hi,
For Defending a system against hacking , you
have understand the methods of hacking . This
will give you enough knowledge for selecting
proper firewalls or tools for the your network
security.
go through this site.
http://www.hackinglinuxexposed.com/
In your case I advise to reinstall the sytem as
soon as possible as lot of binaries will trojaned by the hacker. Some trojans may even launch a attack against some other innocent servers in internet. And prevent future attacks by knowing hacking methods from above said link.
regards,
U.SivaKumar
For Defending a system against hacking , you
have understand the methods of hacking . This
will give you enough knowledge for selecting
proper firewalls or tools for the your network
security.
go through this site.
http://www.hackinglinuxexposed.com/
In your case I advise to reinstall the sytem as
soon as possible as lot of binaries will trojaned by the hacker. Some trojans may even launch a attack against some other innocent servers in internet. And prevent future attacks by knowing hacking methods from above said link.
regards,
U.SivaKumar
Innovations are made when conventions are broken
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2002 08:15 PM
08-13-2002 08:15 PM
Re: Be Hacked: what is the login-authentication-flowchat
i have assign points to both of you, why it always display "unsigned"?
frederick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2002 06:21 AM
08-15-2002 06:21 AM
Re: Be Hacked: what is the login-authentication-flowchat
Did you find out how the attacker got in? What method did he used? Please reply, so this way the rest of us can learn from it and secure our systems from future attacks regarding this exploit. Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2002 07:01 PM
08-15-2002 07:01 PM
Re: Be Hacked: what is the login-authentication-flowchat
seems it comes from openssh, i use the ssh which come with RH73, version 3.1, may be it is the problem, whether it use one account(with bash of nologin) and password, can attached via openssh weakness?
where is the source and documents?
thanks
frederick
where is the source and documents?
thanks
frederick
frederick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2002 08:51 PM
08-15-2002 08:51 PM
Re: Be Hacked: what is the login-authentication-flowchat
Hi,
Have a look at this advisory
http://www.cert.org/advisories/CA-2002-18.html
regards,
U.SivaKumar
Have a look at this advisory
http://www.cert.org/advisories/CA-2002-18.html
regards,
U.SivaKumar
Innovations are made when conventions are broken
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP