Re: ".forward" in mail logs
From: Wojtek Walczak (gminick@hacker.pl)
Date: 11/26/02
- Next message: Jack Smits: "Security C2 certified Linux"
- Previous message: Phil: "Re: Strange PORTFORWARDING problem"
- In reply to: richard: "Re: ".forward" in mail logs"
- Next in thread: S.J.Clifford@work.it.out.invalid: "Re: ".forward" in mail logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Wojtek Walczak <gminick@hacker.pl> Date: Tue, 26 Nov 2002 20:29:55 +0000 (UTC)
Dnia 26 Nov 2002 09:30:57 -0800, richard napisał(a):
> Thanks! In an RH 7.x system, any chance this (and "logon") were
> created as a part of the pop3 daemon set-up (from the imap package)?
No. I'm sure - no (well, maybe in case of backdoored pop3d package).
> Coincidentally, after I finished changing these things, the pop
> service (but not sendmail) died. A reboot got all up and running
> again.
Nice :)
> I'm not sure how to edit a line in shadow directly.
You need to change read-write rights.
man chmod
man chattr
man lsattr
> However, again,
> the entry for "logon" got blown away.
I'm assuming blown away by you ;)
> I am presuming the passwords
> coded for "operator" (now userid 11, with a shell of /sbin/login) got
Well, the best way is to put nothing in this part of passwd entry,
but it isn't obligatory.
> changed by the passwd command.
A line for operator in /etc/shadow should look like this:
operator:*:9797:0:::::
Well, If I were you I would delete logon user absolutely.
-- [ ] gminick (at) underground.org.pl http://gminick.linuxsecurity.pl/ [ ] [ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]
- Next message: Jack Smits: "Security C2 certified Linux"
- Previous message: Phil: "Re: Strange PORTFORWARDING problem"
- In reply to: richard: "Re: ".forward" in mail logs"
- Next in thread: S.J.Clifford@work.it.out.invalid: "Re: ".forward" in mail logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
