http://bugzilla.opensuse.org/show_bug.cgi?id=1043536
http://bugzilla.opensuse.org/show_bug.cgi?id=1043536#c4
Stakanov Schufter changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(astieger@suse.com
| |)
--- Comment #4 from Stakanov Schufter ---
Well the problem is: this was a totally standard install. And the thing
happened yesterday: system did not accept the password input anymore. After a
reboot the mess.
So, what logfiles from yesterday should I provide to look into it?
X-errors?
journal?
If the system is compromised by this (which is obvious) I will do a total new
install. Maybe the best is to use a virtual machine every time I am on the web
and throw the image away once done. Normally I am using a hardware solution,
but currently it is physically broken so I need to buy a new one. Then
passwordless export of kgpg is not a problem as the key cannot be exported from
the token.
Sincerely I think for the sake of safety and usability, it would be good to
understand what is happening here.
There is one anomalous warning in rkhunter:
mercurio (the new post account) is 1001
olpost (the renamed old post account is 1004
In rkhunter there is the following warning:
Warning: Changes found in the passwd file for user 'scard':
Warning: Changes found in the passwd file for user 'mercurio':
The UID has changed from '1001' to '1004'
Warning: User 'oldpost' has been added to the passwd file.
Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version
1.
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
This is strange because mercurio cannot change to 1004 as it is an old and
invalid account.
See also:
cat /etc/passwd | grep "/home"
connectix:x:1000:100::/home/connectix:/bin/bash
entropia:x:1002:100::/home/entropia:/bin/bash
hanyu:x:1003:100::/home/hanyu:/bin/bash
mercurio:x:1001:100::/home/mercurio:/bin/bash
oldpost:x:1004:100::/home/oldpost:/bin/bash
lastlog does not show anything strange.
--
You are receiving this mail because:
You are on the CC list for the bug.