root user password reset

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • wolfjmt
    New Member
    • Jan 2009
    • 10
    #1

    root user password reset

    Hi all

    I am new to Linux, I have worked on it a little before (on Redhat 8 ), but still consider myself a novas and open SUSE is completely new to me.

    I was told that there are setting that can be applied to the SUSE system that will remove(delete) a specific folder on the system if a threat is defected - see example below

    If the "root" user password is reset throw the single user mode (using the passwd function); will the setup (or settings on SUSE 11.1) automatically remove a "encrypted"(spe cific) folder and uninstall software. I was told that the guy that installed the SUSE OS had used the root user as a "super master" type of admin user - I personally think he removed the data and did not think anybody would have noticed.

    My questions are as follows: is the above possible? and can it someway be revised & how?


    Thanks in advance for any and everybody that can help.
    Tags: linux, root, security, suse
    • sicarie
      Recognized Expert Specialist
      • Nov 2006
      • 4677
      #2
      I've never heard of that program, but I'm not a SuSE user. Assuming that program exists (which would probably be REALLY easy to make - take a baseline of the /etc/shadow, then use the /etc/rc or /etc/init.d to check it on startup to see if that hash has changed - sounds like a 4 line shell script (with comments)) it's very possible for someone to do that.

      Then again, that begs the question: why would he set it up that way in the first place? Is this in a 'corporate' environment?

        Comment

        • wolfjmt
          New Member
          • Jan 2009
          • 10
          #3
          Hi Sicarie

          Yes its a corporate environment - but is on a local network only accessed by the development team - so I am not sure why it was setup like that.

          Is there a way to get the files and programs restored? I know the the UNIX environment isn't like windows with recycle bin and 100 questions to confirm a delete.

            Comment

            • sicarie
              Recognized Expert Specialist
              • Nov 2006
              • 4677
              #4
              Hmmm, I would highly suggest reworking current policy so that the root password is shared amongst trusted admins and at least one level of management.

              As for the file, there may be a trash function in SuSE, but as I said, I"m not a SuSE admin - are you taking regular backups?

                Comment

                • wolfjmt
                  New Member
                  • Jan 2009
                  • 10
                  #5
                  backups ... sure, the guy that left, was so paranoid about the system that he was the only one that used the root user and did not want any of us near it. He was also the only one that was allowed to make backups and once he left the backups mysteriously disappeared.

                  So guest I would have to start over.Tx for the help thou

                    Comment

                    • sicarie
                      Recognized Expert Specialist
                      • Nov 2006
                      • 4677
                      #6
                      It is possible but costly to send the server out to a data recovery warehouse - there may be a few guides online that would be able to help as well with Open Source tools.

                      However, if the admin was paranoid, ti's likely he'd delete the temp files or overwrite anything that he really cared about.

                        Comment

                        Previous template Next
                        Working...