Open adrian15 opened 8 years ago
Given /etc/passwd:
root:x:0:0:root:/root:/bin/bash ...
I have seen some viruses changing its first line (the root one) with something like:
virususer:x:0:0:root:/root:/bin/bash
We should be able to:
1) Backup original file 2) Remove every line that has: 0 UID . 3) Put the default root line at the passwd top
So that our older root access is available again.
EXTRA: Deal with SELinux specific permissions. EXTRA: Recreate more lines. EXTRA: Check what passwd looks like in different distro families
Given /etc/passwd:
I have seen some viruses changing its first line (the root one) with something like:
We should be able to:
1) Backup original file 2) Remove every line that has: 0 UID . 3) Put the default root line at the passwd top
So that our older root access is available again.
EXTRA: Deal with SELinux specific permissions. EXTRA: Recreate more lines. EXTRA: Check what passwd looks like in different distro families