JasmineCorp Directory   
Usenet News Group Archives!!!

Usenet Groups:






user not in passwd launching attacks
Newsgroup: comp.os.linux.security
Posted by: mattdorais@gmail.com
2008-05-01 18:03:54

Hi, I have limited experience with Linux security so I'm hoping
someone can help me. We had a complaint that there were attacks being
launched from one of our servers (Ubuntu OS). I did a "lsof -i" as
root and sure enough saw pages & pages of processes by this user
launching attacks. Before killing the processes I tried deleting the
user but I always got an error saying that he's not in the /etc/passwd
file (which he is not). Every google search I did said to delete a
user, delete them from the /etc/passwd file (quite frustrating!). I
was able to finger this user's account. So my question is, how do I
delete a user's account if they're not in the passwd file?

Just FYI I have blocked access to this server via firewall so it will
no longer be a problem but I'd still like to know how to delete a user
like this.




More >> 

Domain Registration:
.com .org .net
.info .biz .us