[SunHELP] Possibly hacked?
Peter Stokes
peter at ashlyn.co.uk
Fri Mar 15 02:17:31 CST 2002
Hi
Have you looked at the global login scripts in /etc to see if there is an
entry modifying USER?
Peter
-----Original Message-----
From: sunhelp-admin at sunhelp.org [mailto:sunhelp-admin at sunhelp.org]On
Behalf Of Thomas.Cameron at CameronTech.com
Sent: 14 March 2002 17:38
To: sunhelp at sunhelp.org
Subject: Re: [SunHELP] Possibly hacked?
Yes, it sounds flaky.
Have you checked all the scripts in /etc/rcX.d?
--
Regards,
Thomas Cameron, RHCE, CNE, MCSE, MCT
Cameron Technical Services, Inc.
http://www.camerontech.com
Matt Goebel wrote:
> Hello,
>
> One of our solaris 7 boxes exhibited a sudden (according the users)
> behavior change. They had been using $USER to set their prompts
> and some other stuff during the login process. Now $USER is being
> set to root, but $LOGNAME is still being set correctly.
> I've checked (inetd, in.telnetd, login, etcetc) and everything seems
> to be okay. Does this sound particularly ominous to anybody else?
>
> Thanks for any help,
> Mattias
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list