We received today a strange email about:
New account [root] has been created with uid:[0] gid:[0] login:[/root] shell:[/bin/bash]
But on the server everything seems to be fine, user not missing, wasn't deleted, scanned with rootkit hunters, etc and it doesn't seems to be compromised.
Code: Select all
grep '0:0' /etc/passwd
root:x:0:0:root:/root:/bin/bash
chage -l root
Last password change : never
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7