Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: i think i'm hacked - SOLVED

From: Ken Connelly <ken.connelly () UNI EDU>
Date: Thu, 17 Nov 2016 07:18:54 -0600
Permitting guest logins is almost always a bad thing.  Even if the shell
is extremely limited and the session is chrooted, it's asking for
trouble.  I'd look very seriously at eliminating the guest login capability.

- ken

On 11/17/16 12:10 AM, Lentes, Bernd wrote:

Hi,

i think i found it out:
When logging on as guest on the GUI, a user is created on-the-fly. And this one is called 
guest-"and-some-cryptical-character-sequence".
That's the user i found in /etc/passwd. And when logging off this user is deleted. Someone must have logged on twice 
as guest, what my collegue normally does not, but i will ask him ...
And the apparmor and rtkit stuff is always started when logging on as guest on the gui.
So it seems to be normal.

Maybe a bit overreacting of mine, but better to be a bit paranoid when dealing with computers.

Thanks for any help.


Bernd 



-- 
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!
Previous By Date Next
Previous By Thread Next

Current thread: