Hi All,
Thanks to all who replied with suggestions and commiserations to those
who've been in the same place. A trawl through the system produced no
further evidence of abuse apart from the name change and a printcap
file alteration. However, since the hostname change requires root access
I'm going to assume someone got in therefore the system's integrity can
no longer be trusted. It will get a rebuild.
A number of people pointed out that "hostname -s" is a valid command in
linux and that certain linux-centric install programs use it.
Issuing that command would produce the results seen. I notice that
hostname -s also produces a result on NT4. Although I know of no mechanism
for it the server is running ASDU 4.1 and I think I have to consider the
possibility that someone with admin rights gained through the LanMan server
may be the cause of the problem.
Cheers
Joe
--------------------------- original follows ---------------------------
> All of a sudden the login prompts on an ES40 system have changed to
> -s> for everyone. I'm thinking it's been hacked but so far I've not found
> anything. Any and all suggestions welcome.
>
> Just to make things more fun, the machine is at a remote site and the
> network links have chosen now to go out to lunch. Can't you just tell it's
> Friday?
Received on Sun Mar 05 2000 - 18:34:08 NZDT