0

We are using Unbuntu Server 10.10 (64 bit) and have deployed number of instances in our network.

Servers work normally for a day or two and after that the super user is not able to login. Server works normally, services can be accessed - but no user can login from shell. We have to recover the password via password recovery procedure. This is observed on all the deployed instances.

Has anyone faced similar issue?

Thanks in advance.

Rutesh Makhijani
  • 103
  • 2

1 Answers1

1

I'm not a fan of sudo. You could run passwd root on one box and eliminate sudo to see if that helps. What does /var/log/auth.log say at the times the is access denied ?

Do you have any home made scripts running on Cron that change permission on /etc by accident ?

Jonathan Ross
  • 2,173
  • 11
  • 14
  • We are not having any home made scripts. It is pretty simple implementation - vanilla flavored Ubuntu Server 10.10 and we run Tomcat server on that - just install Java and Tomcat – Rutesh Makhijani Mar 29 '11 at 06:19
  • Any time-limited logins with PAM ? You could check "/etc/pam.d/" files. Hopefully "var/log/auth.log" will shed some light. – Jonathan Ross Mar 29 '11 at 06:20
  • Thanks for the input, we had a look at /var/log/auth.log and found that there was attack on the server from external systems. Eventually the password of our system was not strong enough - and administrators were using same password for backup account. The auth.log revealed that certain external IPs had tried logging in with default common accounts like Oracle/ftptest/student etc. We have hardened the server passwords and now monitoring the same. – Rutesh Makhijani Mar 29 '11 at 06:46
  • Glad you got to the bottom of it. – Jonathan Ross Mar 29 '11 at 06:50