Bill Campbell wrote: > On Sun, Apr 05, 2009, Ralph Angenendt wrote: >> Michael A. Peters wrote: >>> Ralph Angenendt wrote: >>>> Frédérique Da Luene wrote: >>>>> Useradd newuser : ok >>>>> passwd newuser : ok >>>>> >>>>> The password is not MD5, only 3DES. >>>> Again: Have you looked if passwd on your machine is the one from CentOS? >>>> >>> I would suggesting copying the binary to a known clean machine to check >>> the md5sum to verify. If you might have been hacked, you can't check >>> the md5 on that box. >> Yupp. The last times I had to handle/help in such situations, the binaries >> were clearly way off for the machines - often a comparing ls -l is enough, but >> not all the time. > > This will tell if the program is different and works on any RPM > based system regardless of their package contents. > > rpm -V `rpm -qf /bin/login` This assumes that rpm and the library it uses have not been compromised. I personally suspect the machine has been compromised.