Re: [OT] "-" user on solaris

To: debian-user@lists.debian.org
Subject: Re: [OT] "-" user on solaris
From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>
Date: Fri, 22 Feb 2002 12:35:34 -0600
Message-id: <[🔎] 20020222183534.GA12834@bmrb.wisc.edu>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: dmaziuk@yola.bmrb.wisc.edu
In-reply-to: <[🔎] 1014399083.23402.7.camel@californio>
References: <[🔎] 1014399083.23402.7.camel@californio>

* Michel Loos (loos@qt1.iq.usp.br) spake thusly:
> Hi,
> 
> I know it is not Debian related,but if anybody has an idea...
> I just found a user with username -
> on a sparc/solaris, he has both an entry in /etc/passwd and /etc/shadow
> in shadow he is locked (*LK* as passwd)
> 
> NIS should not be running, (and it would be a + entry, I think)
> 
> any idea ?

You may have been r00t3d. Try nmap'ing the box (inc. udp scan), 
chkrootkit etc.

All I can tell you is that there's no "-" user on full OEM (or
whatever it's called) install of Solaris 7 and 8. What's the
UID of "-"? If it's 0, be very afraid.

Dima
-- 
One distinguishing characteristic of BOFHen is attention deficit disorder.  
Put me in front of something boring and I can find a near-infinite number 
of really creative ways to bugger off.                                   -- ADB

Reply to:

References:
- [OT] "-" user on solaris
  - From: Michel Loos <loos@qt1.iq.usp.br>

Prev by Date: RAID 1 setup on woody
Next by Date: Re: lilo problem
Previous by thread: [OT] "-" user on solaris
Next by thread: Re: [OT] "-" user on solaris
Index(es):
- Date
- Thread