/etc/passwd

Support for security such as Firewalls and securing linux
Post Reply
truevc
Posts: 1
Joined: 2016/07/23 22:46:29

/etc/passwd

Post by truevc » 2016/07/24 18:54:21

does this look right.......or is my machine hijacked?


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
rtkit:x:499:499:RealtimeKit:/proc:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
unbound:x:497:495:Unbound DNS resolver:/etc/unbound:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
pulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
nslcd:x:65:55:LDAP Client User:/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
Michael:x:500:500:La Schiazza:/home/Michael:/bin/bash

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: /etc/passwd

Post by avij » 2016/07/24 19:28:12

I don't see anything particularly odd with that file.

Nirel
Posts: 8
Joined: 2016/01/17 19:47:55

Re: /etc/passwd

Post by Nirel » 2016/07/25 09:09:24

As long as you don't see any normal user with an ID of 0 I don't think you have a problem.

is there any reason for you to think your machine has been hijacked?
If someone got your root password then the /etc/passwd file wont help you to see it.

azbest
Posts: 22
Joined: 2016/08/16 07:50:57

Re: /etc/passwd

Post by azbest » 2016/08/29 19:56:08

Is it your user?
Michael:x:500:500:La Schiazza:/home/Michael:/bin/bash
also you may check output:

Code: Select all

ll /etc/passwd
ll /etc/shadow
ll /etc/group
if the timestamp different that it was before your last activities with users/groups you possible have a problem. But the timestamp for files can be changed, so it will not give you 100% ansver

Post Reply