[SunHELP] Solaris 8: Unable to login
Bret Adams
bret at fabrikant.com
Mon Aug 16 10:54:49 CDT 2004
Charu:
At this point I agree with everyone that you need to reinstall your system
fresh.
For the future, you may also want to think about chkrootkit package from
sunfreeware. This will examine your system and look
for signs of tampering against known hacker rootkits. Rootkits are used by
hackers to modify ls or ps so you dont see the hacker process or hacker
files. It checks passwd file tampering and such. Especially very useful
for mail servers or any server that has any ports open to the outside.
You may also want to look at NMapWin which you can use to "sniff out open
ports" on your servers. One, it can help you diagnose which services you
dont need and can disable.
I use this tool from the outside of my firewall to make sure any ports that
have to be open on the inside are not seen from the outside.
You also need to make sure for the future that you are patching your system
on a regular basis because certain vulnerabilities will get fixed over time
and you need to make sure that you are fixing those things.
Also, what version of sendmail are you running? Make sure you are on
8.12.x at least. There was a huge vulnerability in 8.11 and below.
Hope this helps. Good luck.
Bret
At 01:29 AM 8/13/2004, you wrote:
>Saily/Phil,
>
>Thanks.I re-installed the machine and again have enabled tcp_wrappers and
>disabled SMC as well.
>What other precautions to be taken to protect the machine from hackers?? Pls
>suggest.
>I dont want to take risk moreover I am newbie.
>
>Seek ur help.
>Regards Charu
>
>-----Original Message-----
>From: Saily Cedre [mailto:saily at etecsa.net]
>Sent: Wednesday, August 11, 2004 5:54 PM
>To: The SunHELP List
>Subject: Re: [SunHELP] Solaris 8: Unable to login
>
>
>Hi! Phil is rigth, the problems is not the SMC. I sent that page to you,
>because maybe the person who got to your system used the vulnerability of
>the SMC, but of course, the solution is to reinstall the machine.
>
>
>----- Original Message -----
>From: Phil Stracchino
>To: The SunHELP List
>Sent: Wednesday, August 11, 2004 12:19 AM
>Subject: Re: [SunHELP] Solaris 8: Unable to login
>
>
>On Wed, Aug 11, 2004 at 09:46:41AM +0530, Charu Kamath wrote:
> > Hey Saily,
> >
> > Thanks a ton. I disabled SMC server.
> > By the way could this be a problem for my sendmail service not being able
>to
> > start. I got the error -
> > #/usr/lib/sendmail -bd -q1m
> > sendmail:SYSERR(root): sasl_server_init failed! [generic failure]
> >
> > And now it has started. Thanks to you.
> > Can I join any mailing list or site to get the info on latest
> > patches/vulnerabilities pertaining to Solaris 7 & 8.
>
>
>The latest patch clusters are always available from sun.com.
>
>In the meantime, starting sendmail is the least of your worries. Your
>machine was *rooted*. Turning off SMC Server will not undo that. Your
>safest course of action is to reinstall the machine cleanly. Keep in
>mind that your /etc/passwd and /etc/shadow files were probably stolen by
>whoever rooted your machine, and that person may well be running a
>password cracker against them at this moment.
>
>
>--
> ========== Fight Back! It may not be just YOUR life at risk. ==========
> alaric at caerllewys.net : phil-stracchino at earthlink.net : phil at novylen.net
> phil stracchino : unix ronin : renaissance man : mystic zen biker geek
> 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
> Linux Now! ...Friends don't let friends use Microsoft.
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
>http://www.sunhelp.org/mailman/listinfo/sunhelp
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
>http://www.sunhelp.org/mailman/listinfo/sunhelp
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
>http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list