[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] "-" user on solaris

* Michel Loos (loos@qt1.iq.usp.br) spake thusly:
> Hi,
> I know it is not Debian related,but if anybody has an idea...
> I just found a user with username -
> on a sparc/solaris, he has both an entry in /etc/passwd and /etc/shadow
> in shadow he is locked (*LK* as passwd)
> NIS should not be running, (and it would be a + entry, I think)
> any idea ?

You may have been r00t3d. Try nmap'ing the box (inc. udp scan), 
chkrootkit etc.

All I can tell you is that there's no "-" user on full OEM (or
whatever it's called) install of Solaris 7 and 8. What's the
UID of "-"? If it's 0, be very afraid.

One distinguishing characteristic of BOFHen is attention deficit disorder.  
Put me in front of something boring and I can find a near-infinite number 
of really creative ways to bugger off.                                   -- ADB

Reply to: