Frank Sweetser wrote:
Eric Martin wrote:
So I just found an odd entry in /etc/passwd on one of my servers:
+::::::
Of course I'm not running tripwire on it so I can't be assured of the last time I edited the file / did anything to edit it. etc/shadow doesn't have the entry but shadow is only checked if the second field is x, right?
I'm running Suse and I've been using yast lately, could that have anything to do with it? I hope it does as I really hope I don't have to run a full audit on the box.
Looks like it's part of NIS/NIS+ configuration:
http://www.cyberciti.biz/faq/plus-minus-sign-in-unix-linux-passwd-file/
Thanks Frank! I googled +:::::: and nothing came back. I was just about to go hit my Hacking Exposed books as I though I remembered something from there. NIS was off in Yast, but it's good to know that I'm (probably) not hacked.