does this look right.......or is my machine hijacked?
root0:0:root:/root:/bin/bash
bin1:1:bin:/bin:/sbin/nologin
daemon2:2:daemon:/sbin:/sbin/nologin
adm3:4:adm:/var/adm:/sbin/nologin
lp4:7:lp:/var/spool/lpd:/sbin/nologin
sync5:0:sync:/sbin:/bin/sync
shutdown6:0:shutdown:/sbin:/sbin/shutdown
halt7:0:halt:/sbin:/sbin/halt
mail8:12:mail:/var/spool/mail:/sbin/nologin
uucp10:14:uucp:/var/spool/uucp:/sbin/nologin
operator11:0:operator:/root:/sbin/nologin
games12games:/usr/games:/sbin/nologin
gopher13:30:gopher:/var/gopher:/sbin/nologin
ftp14:50:FTP User:/var/ftp:/sbin/nologin
nobody99:99:Nobody:/:/sbin/nologin
dbus81:81:System message bus:/:/sbin/nologin
rpc32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
usbmuxd113:113:usbmuxd user:/:/sbin/nologin
rtkit499:499:RealtimeKit:/proc:/sbin/nologin
nscd28:28:NSCD Daemon:/:/sbin/nologin
vcsa69:69:virtual console memory owner:/dev:/sbin/nologin
avahi-autoipd170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache48:48:Apache:/var/www:/sbin/nologin
ntp38:38::/etc/ntp:/sbin/nologin
saslauth498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix89:89::/var/spool/postfix:/sbin/nologin
unbound497:495:Unbound DNS resolver:/etc/unbound:/sbin/nologin
mysql27:27:MySQL Server:/var/lib/mysql:/bin/bash
hsqldb96:96::/var/lib/hsqldb:/sbin/nologin
abrt173:173::/etc/abrt:/sbin/nologin
haldaemon68:68:HAL daemon:/:/sbin/nologin
gdm42:42::/var/lib/gdm:/sbin/nologin
pulse496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
nslcd65:55:LDAP Client User:/:/sbin/nologin
tcpdump72:72::/:/sbin/nologin
Michael500:500:La Schiazza:/home/Michael:/bin/bash
/etc/passwd
Re: /etc/passwd
I don't see anything particularly odd with that file.
Re: /etc/passwd
As long as you don't see any normal user with an ID of 0 I don't think you have a problem.
is there any reason for you to think your machine has been hijacked?
If someone got your root password then the /etc/passwd file wont help you to see it.
is there any reason for you to think your machine has been hijacked?
If someone got your root password then the /etc/passwd file wont help you to see it.
Re: /etc/passwd
Is it your user?
if the timestamp different that it was before your last activities with users/groups you possible have a problem. But the timestamp for files can be changed, so it will not give you 100% ansver
also you may check output:Michael500:500:La Schiazza:/home/Michael:/bin/bash
Code: Select all
ll /etc/passwd
ll /etc/shadow
ll /etc/group