[Wlug] odd entry in /etc/passwd

Eric Martin freak4uxxx at gmail.com
Tue Apr 28 22:00:34 EDT 2009


Frank Sweetser wrote:
> Eric Martin wrote:
>   
>> So I just found an odd entry in /etc/passwd on one of my servers:
>>
>> +::::::
>>
>> Of course I'm not running tripwire on it so I can't be assured of the
>> last time I edited the file / did anything to edit it.  etc/shadow
>> doesn't have the entry but shadow is only checked if the second field is
>> x, right?
>>
>> I'm running Suse and I've been using yast lately, could that have
>> anything to do with it?  I hope it does as I really hope I don't have to
>> run a full audit on the box.
>>     
>
> Looks like it's part of NIS/NIS+ configuration:
>
> http://www.cyberciti.biz/faq/plus-minus-sign-in-unix-linux-passwd-file/
>
>   
Thanks Frank!  I googled +:::::: and nothing came back.  I was just
about to go hit my Hacking Exposed books as I though I remembered
something from there.  NIS was off in Yast, but it's good to know that
I'm (probably) not hacked.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
Url : http://mail.wlug.org/pipermail/wlug/attachments/20090428/a52fe733/attachment.bin 


More information about the Wlug mailing list