Ubuntu Security :: Break In Through Disabled Root Account?
Nov 11, 2010
If root is disabled by default, how is it possible that someone managed to SSH into my computer using root? I never enable/set password for root, it's always left as the default as per a fresh install and I always use sudo for any admin tasks.Auth.logFirst there are a whole load of failed attempts then...
Code:
Nov 8 11:07:32 Morris-Desktop sshd[3601]: Failed password for root from 94.243.50.53 port 4360 ssh2
[code]...
View 9 Replies
ADVERTISEMENT
Aug 25, 2010
Can i login to my server using my root account and create a public+private key for one of my users and then manually paste it into his authorized_keys file and give him the private key?
The user im giving it to has a chrooted FTP account...
Is it still ok that i used the root account to create it? He is not going to have root access or nothing is he? This is not a security breach in any way is it?
The user doesn't have shell access to create their own so this is the only way i can think of doing it...
Also what access should the user have to their .ssh folder + the authorized_keys file...?
Are they allowed to read the key? What about write?
View 9 Replies
View Related
Jun 25, 2011
I am trying to use a guest account in Ubuntu 10.10 however I am unable to stop the guest account from authenticating as a superuser and gaining root permissions dispite removing all permissions from the user-group control panel. The new guest account I created is not part of the admin group. However, with my new guest account I am unable to start a guest session from the panel, AND if I use the guest session from the panel I dont have the problem with the guest session being able to authenticate. How do I prevent super user authentication from an account in this situation? It seems that any account can authenticate and my /etc/sudoers file looks like this:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
View 9 Replies
View Related
Feb 19, 2011
I was using the latest stable release of Debian, dual-booted alongside Windows Vista, with the GNOME desktop, installed via netinst, trying to build and install a library that I knew and trusted, when suddenly I couldn't open the Root Terminal. I clicked the link (in Applications->Accessories (I think, whatever the top one is)->Root Terminal), and in the taskbar I saw an item that said "Starting Root Terminal". A few seconds later, that went away, but the terminal still wasn't open. I tried the regular user terminal, to see the same thing happen. Unsure of what was happening, I tried restarting my computer, since that's always the first step you should take in computer problems.
When I restarted, GNOME wouldn't start. The screen would flash a bit for a few seconds, then a dialog box would appear over a background of static that said "The greeter application is crashing. Attempting another one...".t would then go back to the DOS-style kernel, wait a second, and then the same thing would happen. After several of that, I would get a blue screen which said something to the effect of "It has been detected that the desktop environment has crashed six times in the past 30 seconds.
Waiting two minutes before trying again." When it did that, I tried logging in as root to assess the problem. I gave it the correct password, but it said that it was an incorrect login. After several tries (to ensure I didn't mistype the password), I logged in as myself. Same problem. I tried the su command, with the correct password, and it said it couldn't authorise it.
After a lengthy conversation with a friend of mine who was very good with computers, he basically summarised that he had no clue, but that his best guess would be a virus. Upon running the Linux installer, I found the Repair option. Not being particularly familiar with Linux, I used it simply to backup my important files onto a flash drive. I then tried running the Install option, in an attempt to simply write over my existing Linux and make it new again. The installer, however, consistently froze up when trying to start the partitioner, on the "Checking disks..." stage. I figured it was a problem with my partition. In my naivete, I simply used the Windows tools to clear that partition... It destroyed GRUB too, so I couldn't run any OS. I figured my computer was pretty well screwed, and at that point just decided to bring it into the shop and have them completely wipe it.
my computer was backed up onto an external hard driven I brought it back, I reinstalled Windows. Upon restart, it said that it was still looking for GRUB, which made no sense to me. After messing around with it a bit, I decided to just reinstall Linux too. To my lack of surprise, that fixed the problem. Both OS' now ran just fine. The first thing I did on Debian was to install the Clam Anti-Virus, which I understood to be one of the best Linux anti-viruses. However, within about 10 hours, got the same problem as originally. I wasn't doing any of the same things, and between the lack of consistency in activities and the fact that I had an anti-virus running,figured it wasn't a virus. Not knowing what to do, I just left it and have been using Windows since.
View 8 Replies
View Related
Dec 7, 2010
I have RHEL 5 installed on my PC.After lots of efforts i manage to put it into a domain(by configuring kerbose,winbind and smb).I can see all domaind groups (wbinfo -u/-g).Whenever i tried to login into this machine using domain login, for a first time it create folder in /home/DOMAIN/ and then displays "system sdministrator has disabled your Account"
View 1 Replies
View Related
Jul 16, 2010
I noticed a very very high cpu usage on my webserver. All four CPUs were running on 100%.
Top shows several perl processes from apache that run for a long time, with a high %CPU.
Since the server was fc10, I did a fresh installation to fc13, and the fresh installation didn't have this issue. Then I loaded back all the user-data, and it started again.
Several, 4, 6, 8, ... 100 perl processes from apache.
lsof -p with the pid of such a process
Code:
The estabilished connection is sometimes "proud2pirate.com" wich is a non-existing domain.
View 14 Replies
View Related
Jul 9, 2010
As soon as I enable an AIM account, it becomes disabled for 'Unknown reason'.
Version
pidgin:
Installed: 2.7.1-1
[code]...
View 3 Replies
View Related
Apr 4, 2011
The libxml2 update specified by CVE-2010-4494 causes a notification that it will break Adobe AIR and TweetDeck on my machine.How can I blacklist this update so it won't keep showing up in the Updater applet?The applet says I should go into Yast and manually apply the update. When I do that and tell it not to apply the update, Yast exits and the Updater applet just tells me the update is still pending. I want to get rid of the update at least temporarily until Adobe fixes the dependency (assuming they ever do).
This is a major problem for me as I clearly don't intend to uninstall TweetDeck and AIR just for some security patch. Why didn't openSUSE test this patch for AIR compatibility?
View 6 Replies
View Related
Aug 2, 2010
Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?
View 9 Replies
View Related
Feb 5, 2011
i am having problems with privileges i have created a new user with my name, but i cant get root privileges on it. i need the same privileges as the root profile.
View 9 Replies
View Related
Jul 14, 2011
I've started to get emails that would typically come from [URL] as [URL]. These emails come from services that send out emails (backup programs) directly, or from cronjobs. I've logged in as the non-root account and either sudo su - or su - to root and the restart the service at one point or another. If I login directly as root and bounce the service or cron the emails come across as from root. I don't see anything in my environment variables after I su to indicate what would cause this. I'm not sure where else to look? A pam setting? This seems to have happened between Fedora 10 and 14 (did a bunch of overdue upgrades recently) I've only got Fedora so I don't have anything to compare to. In Fedora 10 I did not have this problem.
View 2 Replies
View Related
Oct 22, 2010
On my server I some times login from my home where I have an internet connection which does not have a static IP each time I switch on my modem a dynamic IP isgenerated.I see in auth.log logs of following lines Quote:reverse mapping checking getaddrinfo forkkts-kk-dynamic-01.1.168.192.some_broadband.in [192.168.1.2] failed - POSSIBLE BREAK-IN ATTEMPT Accepted publickey for root from 192.168.1.2 port 22852 ssh2when ever I login to my server from home.In this case I do know that it was me who logged in but still why do I see such a log.What is this complaining about?
View 11 Replies
View Related
Feb 10, 2010
I am trying to log into a server with a particular account. Let's say I don't know the password for that account. Can I do this using ssh? I am wondering if it is possible to do it in one command, instead of logging in as root and running su.
View 4 Replies
View Related
Feb 5, 2011
I was changing my GUI settings in XFCE in my root user account on Xubuntu when suddenly I was logged out and the computer shut down.
(I have done this before with no such trouble...)
Now I can't log into my root account all I get is a blank screen for a few seconds then I'm back at the log-in screen, the other account works fine.
(This is on my Xubuntu 10.10 laptop BTW...)
View 5 Replies
View Related
Mar 3, 2011
I try to use FTP to put new files and catalogs on my server and I always run into problems that I have not the right to create catalogs and files in the named catalogs and so on, it is very annoying.Is there a way around this problem or do I have to activate root account to not run into these problems all the time? I have worked with different UNIX-versions and variants for the last 15 years at least and have always had access to root account, why is it so dangerous to have access to root account in ubuntu?
View 3 Replies
View Related
Apr 9, 2010
I'm having a CentOS 4.4 X86_64 server. Without any warning all users account including root got disabled. As the server was still logged in as root, i was able to enable all the users account. But for root i couldn't.Without thinking i rebooted the server and except root, other users can log in to the server. I should've tried to enable root account from the /etc/passwd. But now i realize its too late for that.Now i want to change from root: x:0:0:root:/root:/bin/false to root: x:0:0:root:/root:/bin/bash. Can anyone guide me to accomplish this or is there any other way to fix this?
View 2 Replies
View Related
Jun 26, 2010
There seems to be much disagreement between distros regarding how ipv6 is disabled, even between different versions of the same distro. Rather than just follow instructions for disabling ipv6 for a given distro, I would like to also test that ipv6 is not used any more. Any software or executable that relies on ipv6, that I can use to confirm that ipv6 has been successfully disabled?
View 9 Replies
View Related
Mar 17, 2010
How can I enable the root account (for login) in ubuntu 9.10?
View 9 Replies
View Related
May 11, 2010
I unlock the root usr accout, but how can i log it on?
View 3 Replies
View Related
Oct 8, 2010
A while back I don't know what I did but I messed up my root user account and now the password that I think is supposed to be for the account doesn't work anymore.In an attempt to fix it I rebooted and went into recovery mode and then edited the sudoers file. This appears to have been good enough to be me by but now I'm running into problems installing or changing configurations in gnome. For example, I just installed Asterisk via the terminal the other day and had no problems because I could use sudo. But just now I tried installing Gastman via the Ubuntu Software Center and of course it asked for the root password.I entered my usual root password when I use sudo and it doesn't work.
I then went to the terminal and entered sudo apt-get install gastman and it worked fine becuase I used my sudo password for my account. So it seems I can do things just fine via the terminal but when in gnome it doesn't work. I went into the Users and Groups section in Gnome to attempt to set or change the root password but of course I have to unlock the application which requires the root password.
View 4 Replies
View Related
Nov 10, 2010
I just installed ubuntu 10.10. i downloaded java and was about to install before i realise i don't have root account.
View 2 Replies
View Related
Mar 30, 2011
I've got an old computer around that I've put Ubuntu server 8.04 on.At the moment, this is only a little hobby of mine purely for educational purposes. (Great for learning Linux!) After using this tutorial:URL...for setting up a LAMP-server, I'm trying to figure out is whether or not setting up a root-password is necessary or not. I think the tutorial is really great for a newbie, but it consistently uses su instead of sudo.I'm aware of the fact that setting a root-password isn't recommended in the documentation, but don't you need a root-account to be able to run tools such as webmin?
View 8 Replies
View Related
Aug 31, 2010
I'm trying to use my root account for the ftp. Now, he can connect but when i come in the map "home" its empty (in the ftp) but he can't get the information.
whats wrong whit my conf
vsftpd.conf:
Code:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
[Code].....
View 10 Replies
View Related
Jan 20, 2011
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies
View Related
Jan 2, 2010
Is there a way to grant 'root' privileges to my user account? My account name ... I'll call it 'masterskop' as it is my forum name here, but not on my computer.Would it look like this in the sudoers' file?My purpose is to get access to all the folders and files in the 'File System'. The root and lost+found folders have 'Xs' on them...No access! And for example, under properties of the 'var' folder it states that 'you are not the owner, so you cannot change these permissions.' How can I get access to all of it everytime I login as the main user of my computer? I do not have anyone else using this computer.I did edit this file and used my real user name ... logged out and logged back in and still I do not have access/edit these folders and files.
View 4 Replies
View Related
Jan 6, 2010
I recently made a computer for someone who decided to get a new one instead.. so i thought i'd make a server out of it lk i had it before. so i deleted their account (while on their account) and made me an account.. but now when i try to login to my account it's.. not there? such as when i type my username and pass it says i entered an invalid user/pass. any idea how i can get my user accounts back or atleast logon to this system? i know the root password if there's any way i can login under the root account.
View 8 Replies
View Related
Sep 26, 2015
I came to debian from fedora so there I used ( su - ) to become root user. So my question is that in debian, is it same using ( su ) and ( su - ) or here also using ( su - ) is preferred with slash or without slash. What is the correct and secure way in debian with full root status.
One more question relating gedit sources.list
I use as root account : gedit /etc/apt/sources.list (and then enter and sources file in gedit open)
Is this correct method or any other way as when save after changing entries inside it says error.
View 3 Replies
View Related
Oct 6, 2010
I deleted the root line in passwd and shadow and then tried to copy the backup and was able to put it all back to normal from rescue mode. However when i get to my login screen i can not login as root anymore or even after logged in as another user i can not su - or su root, it tells me that root user does not exist......
View 14 Replies
View Related
Jul 16, 2010
I have set up my crontab and whilst Im logged in and it works (It runs my shell script), however when Im not logged in, the script does not run. Initially I set the time/date to 0 0 * * * (Midnight every day), as this did not work, I tested it with to 0 * * * * (every hour) whilst logged in and the script starts.
I use crontab -e to set it up under the root account..Im sure you dont have to be logged in for it to run?, but maybe im missing a step or just overdosing on Linux and need a holiday:-)
View 3 Replies
View Related
Mar 11, 2010
I want to add a new user. For that purposeI switch to su and give root passwd. There I gave a command " useradd ". [smith@localhost smith]#adduser when i press enter key by typing adduser command it say me "Command not found" .Then i log off from my own account and login again from root account. The command "useradd" is then accepted.is there any way that without logging off from normal user account I may enter my roor accout and work as a root account instead to log off from normal user account.
View 5 Replies
View Related
