0

This server was hacked, the hacker gained full access, including changing the root password. I have already identified the breach and fixed it, however it may still have access to a user with root privileges.

I want to run a script to change the password for all users, including system users.

The question is, can changing the password of system users generate any problems for the server?

The script:

cut -d: -f1 /etc/passwd > allusers
while IFS= read -r user; do  
    echo "nwepass" | passwd --stdin $user
done < allusers

Thank you!

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Gabriel Henrique
  • 1

1 Answers1

2

To answer the question "can changing the password of system users generate any problems for the server?", the answer is yes. Don't do that.

The real answer is in Michael's comment, that instead of setting passwords for all users, you should remove the password so no one, especially root, has a password. Make sure you've got at least one account with sudo privileges and ssh public key access though so you can get in and manage the system. (Unless you build everything with Infrastructure as Code like CloudFormation or Terraform.)

But, you've been hacked, so the real real answer is that you don't know what all has been done on that server, and it should be taken offline and wiped. Reformat all the drives, reload the operating system, and restore the data from a known-good backup, if you know how far back the unauthorized access goes.

Obviously, that's a disruptive process, so it's up to you how much risk you want to accept. For security, I tend to err on the side of caution and assume that everything is compromised.

Jon Buys
  • 244
  • 2
  • 5