Ask Your Question

Revision history [back]

Root password doesn't work, I think i've been hacked. How can I check?

Is there a way to changer the root password using sudo or forcing a password reset? Also installed programs are missing (rkhunter) and the logfiles for security pgms (denyhosts, ssh) are gone, or do not allow access as user 'sg' (only user acct installed during setup)

Rebuild from scratch is not a bfd since it's a new install from a couple days ago - would just like to find out what happened before I wipe all the evidence. I've rescued the '/var/log/messages' file and about to parse it into a spreadsheet in Windoze to find out if any remote logins, etc

Thanks in advance