Re: [OT] "-" user on solaris
* Michel Loos (loos@qt1.iq.usp.br) spake thusly:
> Hi,
>
> I know it is not Debian related,but if anybody has an idea...
> I just found a user with username -
> on a sparc/solaris, he has both an entry in /etc/passwd and /etc/shadow
> in shadow he is locked (*LK* as passwd)
>
> NIS should not be running, (and it would be a + entry, I think)
>
> any idea ?
You may have been r00t3d. Try nmap'ing the box (inc. udp scan),
chkrootkit etc.
All I can tell you is that there's no "-" user on full OEM (or
whatever it's called) install of Solaris 7 and 8. What's the
UID of "-"? If it's 0, be very afraid.
Dima
--
One distinguishing characteristic of BOFHen is attention deficit disorder.
Put me in front of something boring and I can find a near-infinite number
of really creative ways to bugger off. -- ADB
Reply to: