*BSD News Article 96699

Return to BSD News archive 

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.lava.net!news.he.net!news.maxwell.syr.edu!news-was.dfn.de!news-fra1.dfn.de!news-ge.switch.ch!feed2.belnet.be!news.belnet.be!feed1.news.innet.be!INbe.net!stns.news.pipex.net!warm.news.pipex.net!pipex!tank.news.pipex.net!pipex!news.utell.co.uk!usenet
From: brian@shift.utell.net (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Am I being hacked?
Date: 2 Jun 1997 08:56:52 GMT
Organization: Awfulhak Ltd.
Lines: 38
Message-ID: <5mu1sk$n4a@ui-gate.utell.co.uk>
References: <5mt1g2$asd@vixen.cso.uiuc.edu>
Reply-To: brian@awfulhak.org, brian@utell.co.uk
NNTP-Posting-Host: shift.utell.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:42030

In article <5mt1g2$asd@vixen.cso.uiuc.edu>,
	Dannyman @ stumpy <dannyman@stumpy.ncsa.uiuc.edu> writes:
> Jun  1 16:24:05 stumpy inetd[1645]: login_getclass: unknown class 'root'
> Jun  1 16:38:06 stumpy inetd[1662]: login_getclass: unknown class 'root'
> Jun  1 16:38:35 stumpy inetd[1663]: login_getclass: unknown class 'root'
> Jun  1 16:40:38 stumpy inetd[1675]: login_getclass: unknown class 'root'
> Jun  1 16:42:49 stumpy syslog: /etc/pwd.db: Invalid argument
> Jun  1 16:42:49 stumpy last message repeated 7 times
> Jun  1 18:29:52 stumpy inetd[1815]: login_getclass: unknown class 'root'
> Jun  1 18:37:06 stumpy inetd[1841]: login_getclass: unknown class 'root'
> 
> 	Now, that login_getclass shit I've seen ever since I upgraded to
> 2.2.2 ... that pwd.db ... ? Should I be scared? :) At least, does anyone know
> about that freakin' login_getclass ? :)

You should really read this news group or search on dejanews before
asking questions.

Download ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/etc/login.conf
into your /etc directory (it was missing from the bin distribution), or
copy it from /usr/src/etc on your own machine.

The pwd.db bit sounds like someone's been playing with your passwd
file.

$ cd /etc
$ pwd_mkdb -p master.passwd

will remove the problem, but check your master.passwd file first.

> 
> TIA.
> 

-- 
Brian <brian@awfulhak.org> <brian@freebsd.org>
      <http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !