On May 1, 1:21 pm, Allen Kistler <ackist...@oohay.moc> wrote:
> mattdor...@gmail.com wrote:
> > Hi, I have limited experience with Linux security so I'm hoping
> > someone can help me. We had a complaint that there were attacks being
> > launched from one of our servers (Ubuntu OS). I did a "lsof -i" as
> > root and sure enough saw pages & pages of processes by this user
> > launching attacks. Before killing the processes I tried deleting the
> > user but I always got an error saying that he's not in the /etc/passwd
> > file (which he is not). Every google search I did said to delete a
> > user, delete them from the /etc/passwd file (quite frustrating!). I
> > was able to finger this user's account. So my question is, how do I
> > delete a user's account if they're not in the passwd file?
>
> > Just FYI I have blocked access to this server via firewall so it will
> > no longer be a problem but I'd still like to know how to delete a user
> > like this.
>
> Accounts can also be defined in NIS and LDAP.
> If you have Linux servers in an enterprise, it's probably wise to get
> someone who isn't a novice to administer security.

Yep, turns out the Linux boxes use LDAP so I was able to locate the
account. I appreciate the help.