Re: ".forward" in mail logs

From: Wojtek Walczak (gminick@hacker.pl)
Date: 11/26/02


From: Wojtek Walczak <gminick@hacker.pl>
Date: Tue, 26 Nov 2002 20:29:55 +0000 (UTC)

Dnia 26 Nov 2002 09:30:57 -0800, richard napisał(a):
> Thanks! In an RH 7.x system, any chance this (and "logon") were
> created as a part of the pop3 daemon set-up (from the imap package)?
No. I'm sure - no (well, maybe in case of backdoored pop3d package).

> Coincidentally, after I finished changing these things, the pop
> service (but not sendmail) died. A reboot got all up and running
> again.
Nice :)

> I'm not sure how to edit a line in shadow directly.
You need to change read-write rights.
man chmod
man chattr
man lsattr

> However, again,
> the entry for "logon" got blown away.
I'm assuming blown away by you ;)

> I am presuming the passwords
> coded for "operator" (now userid 11, with a shell of /sbin/login) got
Well, the best way is to put nothing in this part of passwd entry,
but it isn't obligatory.

> changed by the passwd command.
A line for operator in /etc/shadow should look like this:

operator:*:9797:0:::::

Well, If I were you I would delete logon user absolutely.

-- 
[ ] gminick (at) underground.org.pl  http://gminick.linuxsecurity.pl/ [ ]
[ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]