Date: Sat, 26 Apr 2014 05:55:28 -0400 From: Joe Parsons <jp4314@outlook.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: am I NOT hacked? Message-ID: <BAY180-W44C86C61CA8027AC418DD8C4450@phx.gbl>
next in thread | raw e-mail | index | archive | help
I was slow to patch my multiple vms after that heartbleed disclosure. I ju= st managed to upgrade these systems to 9.2=2C and installed the patched ope= nssl=2C then started changing passwords for root and other shell users. Ho= wever I realized that=2C only the root password was changed. For other use= rs=2C even though the "passwd userid" issued no warning=2C and "echo $?" is= 0=2C the password is NOT changed. For more debugging=2C I tried to "adduser"=2C the command was successful=2C= and I can see the new entry "test" in /etc/passwd. However "finger test" c= omplains no such user! Also=2C "rm test" complains there is no such user t= o delete as well. Furthermore=2C the mail server got problem sending email=2C the log file sa= id there is no such user "postfix"=2C and sure enough: # finger postfix finger: postfix: no such user while this "postfix" user certainly existed for years=2C and I can see see = its entry in /etc/passwd. This appeared to all the multiple vms on multiple hosts=2C all running Free= BSD 9.2 now. I was paranoid=2C I really should have patched all these systems immediatel= y reading that heartbleed news=2C as all these servers had the vulnerable o= penssl port installed! Until googling and I found this:=20 https://forums.freebsd.org/viewtopic.php?&t=3D29644 it said "The user accounts are actually stored in a database. It's possible= it got out of sync with your [file]/etc/passwd[/file] file."=2C and it sug= gested running "vipw" to fix it. I ran vipw=2C then saved=2C and quit. No joy. Then ran vipw again=2C made= a change=2C then undid the change=2C save again. Now "finger postfix" fou= nd the user=2C and I can change user password now=2C and all the above prob= lem disappeared. Am I right that=2C that I am NOT hacked? Is the above problem produced by = the freebsd-update process? Is this supposed to happen? I just followed t= he handbook to update from 9.1-RELEASE to 9.2-RELEASE=2C never compiled ker= nel or tweak. Thank you! Joe =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY180-W44C86C61CA8027AC418DD8C4450>