Re: Opinion on this, password changed, nothing suspicious in logs
Am Mon, 28 May 2012 15:49:40 +0200
schrieb Marko Randjelovic <marko.mppa@gmail.com>:
> * I logged in my normal account on desktop PC last time successfuly
> saturday evening and turned off the computer 2 hours after midnight.
> * At Sunday morning I went for a walk.
> At 16 pm I turned on the computer but my password did not work.
> * I checked the logs and found no trace of intrusion, but also no
> entry about password change.
>
> I have Debian 6 desktop and firewall computers. I apply security
> pathes regulary, have active firewall and SELinux. The only problem I
> see could be the custom kernel 3.2 that is not completely patched.
>
> I have logged in several times successfuly with that password,
> including immidiately after power on when there is no possibility of
> alternative keyboard layout and no need to touch caps lock.
>
> For me it is obvious my account was compromised, but don't know if
> root privileges were acquired.
>
> What do you think?
>
if your computer was turned off in the meanwhile it couldn't get
compromised - except somebody with hardware-access turned it on. I
don't know how possible this is in your case. But if somebody is smart
enough to get hw-access to your computer and boot it with a live-system
he wouldn't be such a fool to betray his compromision by changing a
password. so I think its an software or configuration problem, or
something on layer 8 ;)
to change a password with user-rights you need the password of this
user, even he is logged in already
kind regards,
Michael
Reply to: