Server locking root account
mwalker at kydance.net
Sun Mar 8 08:32:20 MDT 2009
On Sun, March 8, 2009 12:38 am, Dave Smith wrote:
> Matthew Walker wrote:
>> Several servers I help manage have recently developed a somewhat alarming habit. They
>> have started modifying the root account to have no shell account, which of course
>> it impossible to log into root.
> Is there any hint in the logs?
Not that I've been able to find. There's no evidence of anyone else being on the box. No
unusual processes, no SSH logins from unknown IPS, or anything like that. I also can't
find any log entries that correspond with the modification of the account.
I'm highly suspicious that something in cPanel is responsible, since the way it locks
out users is to remove their shell as well. But I haven't been able to confirm that.
Kydance Hosting & Consulting, Inc. - http://www.kydance.net/
PHP, Perl, and Web Development - Linux Server Administration
More information about the PLUG