Date: Fri, 15 Mar 1996 17:51:02 -0800 (PST) From: Doug White <dwhite@riley-net170-164.uoregon.edu> To: "Aaron D. Gifford" <agifford@infowest.com> Cc: Richard Chang <richardc@CSUA.Berkeley.EDU>, questions@FreeBSD.org Subject: Re: Passwords Message-ID: <Pine.BSF.3.91.960315174929.7867A-100000@riley-net170-164.uoregon.edu> In-Reply-To: <2.2.32.19960315233819.006d2e4c@infowest.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Mar 1996, Aaron D. Gifford wrote: > At 11:43 AM 3/15/96 -0800, you wrote: > >Hi there, > > > > We are running a site that had security breakins and the hacker > >managed to changed the root password and the edited both the /etc/passwd > >and /etc/master.passwd file and deleted pretty much everything in it. It > >seems the pwd.db and spwd.db are the original ones since apparently the > >person didn't use vipw on the DES encrypted system. I was wondering if > >there was a way to use the pwd.sb and spwd.db even if the encrypted passwd's > >in master.passwd don't match.... Thanks. > > > >Richard > > > > Hi, > > I've trashed my master.passwd file before, so I wrote me a perl script to > regenerate my master.passwd file from the spwd.db file. It has worked for > me. maybe it will work for you. Also, backups (two of them) are kept in /var/backup, and they are diff'd against the master files every night, so concievably you could reverse diff from the mail message if it got to that point. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960315174929.7867A-100000>