Security question - uids of 0
James A. Coulter
jacoulter at jacoulter.net
Mon Aug 16 10:28:39 PDT 2004
On Mon, Aug 16, 2004 at 05:01:51PM +0200, Volker Kindermann wrote:
> Hi James,
>
>
> > The following appeared in my latest daily security run output:
> >
> > Checking for uids of 0:
> > root 0
> > toor 0
> >
> > This is the first time I've seen this message.
> >
> > I checked /etc/passwd and found this:
> >
> > root:*:0:0:Charlie &:/root:/bin/csh
> > toor:*:0:0:Bourne-again Superuser:/root:
> >
> > I am running FreeBSD 4.10 as a gateway/router/firewall with IPFW for a
> > small home LAN.
> >
> > I ran ps -aux and looked for any processes owned by "toor" but didn't
> > find any.
>
> did you install bash? Normally, the bash from ports or packages will
> install the "toor" account so you don't have to change root's shell.
>
> If you installed bash then there's nothing to worry about this entry.
> If you don't need it, just use vipw and delete it.
>
> -volker
Thank you Volker - I did install bash several weeks ago, so the sudden
appearance of the message in my daily security run caught my attention.
Thanks to everyone who sent the http://www.freebsd.org/doc/faq/security.html#TOOR-ACCOUNT
link.
Jim
More information about the freebsd-questions
mailing list