[Wlug] odd entry in /etc/passwd
freak4uxxx at gmail.com
Tue Apr 28 22:00:34 EDT 2009
Frank Sweetser wrote:
> Eric Martin wrote:
>> So I just found an odd entry in /etc/passwd on one of my servers:
>> Of course I'm not running tripwire on it so I can't be assured of the
>> last time I edited the file / did anything to edit it. etc/shadow
>> doesn't have the entry but shadow is only checked if the second field is
>> x, right?
>> I'm running Suse and I've been using yast lately, could that have
>> anything to do with it? I hope it does as I really hope I don't have to
>> run a full audit on the box.
> Looks like it's part of NIS/NIS+ configuration:
Thanks Frank! I googled +:::::: and nothing came back. I was just
about to go hit my Hacking Exposed books as I though I remembered
something from there. NIS was off in Yast, but it's good to know that
I'm (probably) not hacked.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 899 bytes
Desc: OpenPGP digital signature
Url : http://mail.wlug.org/pipermail/wlug/attachments/20090428/a52fe733/attachment.bin
More information about the Wlug