mattdorais@gmail.com wrote:
> Hi, I have limited experience with Linux security so I'm hoping
> someone can help me. We had a complaint that there were attacks being
> launched from one of our servers (Ubuntu OS). I did a "lsof -i" as
> root and sure enough saw pages & pages of processes by this user
> launching attacks. Before killing the processes I tried deleting the
> user but I always got an error saying that he's not in the /etc/passwd
> file (which he is not). Every google search I did said to delete a
> user, delete them from the /etc/passwd file (quite frustrating!). I
> was able to finger this user's account. So my question is, how do I
> delete a user's account if they're not in the passwd file?
>
> Just FYI I have blocked access to this server via firewall so it will
> no longer be a problem but I'd still like to know how to delete a user
> like this.

Accounts can also be defined in NIS and LDAP.
If you have Linux servers in an enterprise, it's probably wise to get
someone who isn't a novice to administer security.