| 1 |
Alan McKinnon wrote: |
| 2 |
|
| 3 |
> experiment to see if it's the new hashes that are doing it. Find an account |
| 4 |
> that can sudo to root on the affected machines and examine the shadow file. |
| 5 |
> See what kind of hashes the affected accounts are using. md5 is 34 characters |
| 6 |
> long and sha512 is 98 in this format: |
| 7 |
> |
| 8 |
> $x$<salt>$<hash> |
| 9 |
> x is 1 for md5 and 6 for sha512. <salt> is 8 characters for both |
| 10 |
|
| 11 |
Thanks for spending time with this. After looking at the shadow file, I |
| 12 |
have accounts with both md5 and sha512. In particular affected accounts |
| 13 |
that have md5 and sha512. |
| 14 |
|
| 15 |
I looked closely at the .bashrc (used echo "made to here" marks to |
| 16 |
follow the login sequence) of the bad accounts and they were all |
| 17 |
sourcing a script from a third-party package that went bad after the OS |
| 18 |
update. Luckily this was not in all accounts and specially not in the |
| 19 |
root account. Otherwise I would have been locked outside the machine. |
| 20 |
After getting rid of that line in the users .bashrc all returned to normal. |
| 21 |
|
| 22 |
One more thing to do was to uncomment the line |
| 23 |
|
| 24 |
PrintMotd no |
| 25 |
PrintLastLog no |
| 26 |
|
| 27 |
in /etc/sshd_config to avoid the double motd/last log messages upon |
| 28 |
login.I guess after the portage update, pam is now printing that. |
| 29 |
|
| 30 |
> |
| 31 |
> Here's mine which works: |
| 32 |
> |
| 33 |
> auth include system-auth |
| 34 |
> account include system-auth |
| 35 |
> password include system-auth |
| 36 |
> session include system-auth |
| 37 |
> |
| 38 |
> And you did confirm that sudo checks for wheel group membership, and that you |
| 39 |
> are still in this group? |
| 40 |
> |
| 41 |
|
| 42 |
This is exactly like mine. |
| 43 |
|
| 44 |
Thanks for all the help. |
| 45 |
|
| 46 |
-- |
| 47 |
Valmor |
Archives