SLUG Mailing List Archives - [SLUG] Weird login behaviour

To: slug@xxxxxxxxxxx
Subject: [SLUG] Weird login behaviour
From: Robert Holmes <sarney@xxxxxxxxxx>
Date: Tue, 22 Feb 2005 22:07:21 +1100
User-agent: KMail/1.5.1

Dear list,

When logging in to my hitherto trusty SuSE8.2 after issuing the password 
nothing happens for a few seconds, then the screen fills with:

/bin/grep: too many arguments
/bin/ls: too many arguments
/bin/manpath: too many arguments
/bin/sed: too many arguments 

etc

I can kill the process with ctrl c; but then get a bash prompt:

-bash2.05$

(the minus sign is intentional) 

I can spawn a bash shell from this prompt (with /bin/bash), where my 'normal' 
prompt appears.

The output of ps ax, shows there is indeed a stopped process called -bash.  If 
I kill it I'm back to the login prompt.

This behaviour is for runlevels 2,3 & 5 (I guess, 'cause after the xdm login 
the system hangs).

Any clues as to what's going on here?

I'm rather suspicious, & in rescue mode found a few setuid & setgid files on 
my system, as recommended in: 
www.cert.org/tech_tips/intruder_detection_checklist.html

Should all these be setuid (ignore the HD, I mounted the drive here in rescue 
mode)?

/HD/bin/su
/HD/bin/ping
/HD/bin/eject
/HD/bin/mount
/HD/bin/ping6
/HD/bin/umount
/HD/opt/kde3/bin/fileshareset
/HD/opt/kde3/bin/kgrantpty
/HD/opt/kde3/bin/artswrapper
/HD/opt/kde3/bin/kcheckpass
/HD/opt/kde3/bin/kpac_dhcp_helper
/HD/usr/bin/at
/HD/usr/bin/rcp
/HD/usr/bin/rsh
/HD/usr/bin/ssh
/HD/usr/bin/bing
/HD/usr/bin/chfn
/HD/usr/bin/chsh
/HD/usr/bin/sudo
/HD/usr/bin/crontab
/HD/usr/bin/chage
/HD/usr/bin/mandb
/HD/usr/bin/ziptool
/HD/usr/bin/rcp
/HD/usr/bin/rsh
/HD/usr/bin/ssh
/HD/usr/bin/bing
/HD/usr/bin/chfn
/HD/usr/bin/chsh
/HD/usr/bin/sudo
/HD/usr/bin/crontab
/HD/usr/bin/chage
/HD/usr/bin/mandb
/HD/usr/bin/ziptool
/HD/usr/bin/ncplogin
/HD/usr/bin/ncpmount
/HD/usr/bin/expiry
/HD/usr/bin/ncpmap
/HD/usr/bin/newgrp
/HD/usr/bin/ntping
/HD/usr/bin/passwd
/HD/usr/bin/gpasswd
/HD/usr/bin/rlogin
/HD/usr/bin/nwsfind
/HD/usr/bin/ncpumount
/HD/usr/bin/cdrecord
/HD/usr/lib/news/bin/inndstart
/HD/usr/lib/news/bin/startinnfeed
/HD/usr/lib/pt_chown
/HD/usr/sbin/isdnctrl
/HD/usr/sbin/suexec
/HD/usr/sbin/plpnfsd
/HD/usr/X11R6/bin/dga
/HD/usr/X11R6/bin/v4l-conf
/HD/usr/X11R6/bin/XFree86

Regards, Robert

Follow-Ups:
- Re: [SLUG] Weird login behaviour
  - From: mlh
- Re: [SLUG] Weird login behaviour
  - From: Howard Lowndes

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Best document management system for small org
Next by Date: [SLUG] Data Posting Work Available!
Previous by thread: [SLUG] February Meeting 25th + CodeFest 26th
Next by thread: Re: [SLUG] Weird login behaviour