[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Opinion on this, password changed, nothing suspicious in logs

* I logged in my normal account on desktop PC last time successfuly saturday evening and turned off the computer 2 hours after midnight.
* At Sunday morning I went for a walk.
At 16 pm I turned on the computer but my password did not work.
* I checked the logs and found no trace of intrusion, but also no entry about password change.

I have Debian 6 desktop and firewall computers. I apply security pathes regulary, have active firewall and SELinux. The only problem I see could be the custom kernel 3.2 that is not completely patched.

I have logged in several times successfuly with that password, including immidiately after power on when there is no possibility of alternative keyboard layout and no need to touch caps lock.

For me it is obvious my account was compromised, but don't know if root privileges were acquired.

What do you think?

Marko Ranđelović, B.Sc.
Software Developer
Niš, Serbia
GnuPG Key: 11FF 0703 1C7A 8FB1 48C0  B63E 4D1C 0D3F 7281 F4B7

Reply to: