Newsgroups: comp.unix.sysv386
Path: utzoo!telly!druid!darcy
From: darcy@druid.uucp (D'Arcy J.M. Cain)
Subject: Re: HELP root password unknown
Organization: D'Arcy Cain Consulting, West Hill, Ontario
Date: Wed, 21 Nov 90 17:05:04 GMT
Message-ID: <1990Nov21.170504.10243@druid.uucp>
References: <1990Nov20.094505.896@ceres.physics.uiowa.edu>

In article <1990Nov20.094505.896@ceres.physics.uiowa.edu> rlm@ceres writes:
>Someone (a hacker I suppose) has changed the root password on our ESIX system 
>- is it possible to access the system to reset this?

Resume breathing, it can be done.  Reboot from your distribution floppies.
When you see the following;

    strike <ENTER> to install the ESIX System on your hard disk.

take a deep breath and press enter.  It won't wipe out your system.  If you
have an existing system (as you obviously do) you will see the following:

    You may select a quick recovery procedure ...
    ...
    (Strike y (quick recovery) or n (skip) followed by ENTER)

If you say yes to this a whole bunch of files will be moved to ones
called <basename>.SAV.  A list will be displayed for you.

Now reboot from the fixed disk and login as root with no password.  At
this point do not pass go, do not collect $200 but go straight to /etc
and remove the root password from the old shadow file and restore the
two files.  Run Passwd to give root back its old password.

Now you have the task of finding the security leak and plugging it before
this happens again.  A good start is the Cops program which finds a lot
of the more obvious stuff.  Good luck.

-- 
D'Arcy J.M. Cain (darcy@druid)     |
D'Arcy Cain Consulting             |   I support gun control.
West Hill, Ontario, Canada         |   Let's start with the government!
+ 416 281 6094                     |