# Root Password Changing Automatically To Blank



## blueaquan (Mar 15, 2013)

Dear *f*riends,

I had one of my *e*ngineer*s* go down to a remote site and install FreeBSD 8.0. The idea was to build a *f*irewall and *g*ateway using PF. *T*he procedure is something I've been doing for quite some time now.

On this *m*achine however, after the initial installation was done, I added the PF options into the kernel file and rebuilt it using

`cd /usr/src`
`make buildkernel KERNCONF=NEWKERNEL`
`make installkernel KERNCONF=NEWKERNEL`

Once this activity completed, I sent the machine for a reboot and I cannot login using my *u*sername / *p*assword combination using SSH. I sent the *e*ngineer to the remote site again the next day and to our utter surprise, I found the root's password was reset to a blank password. *A*ll he had to do was type root at the console and press enter and it came to the # prompt. Everything else was fine, my *n*etworking configuration I did remotely was untouched, the *k*ernel configurations was fine too, but my intial *u*sername was deleted from the system, I di*d*n*'*t find an entry in /etc/passwd.

Alright, so I asked him to set a new password to root and added a new account for myself and left. Today when I log in, my account is there alright, but the root's password has been reset back to a blank password. This problem has never happened to me after a kernel rebuild and is new to me. But I would like to know what's causing this and how to address this permanently.

Thanks for all your time,

Blue


----------



## SirDice (Mar 15, 2013)

FreeBSD 8.0 has been end-of-life since November 2010.

http://www.freebsd.org/security/#unsup


----------



## wblock@ (Mar 15, 2013)

Letting mergemaster(8) overwrite /etc/master.passwd?


----------



## DutchDaemon (Mar 15, 2013)

Install 8.3-RELEASE (supported through April 30, 2014) or 9.1-RELEASE (December 31, 2014).


----------



## SirDice (Mar 15, 2013)

I'm actually thinking this box was hacked within 20 minutes of it being online.


----------



## blueaquan (Mar 15, 2013)

SirDice said:
			
		

> I'm actually thinking this box was hacked within 20 minutes of it being online.



Sir, do you think there's a way to confirm it? I know the version is depreciated, but nevertheless I am keen to know if anybody out there has experienced this problem before? Any clean up procedures?


Thanks, Regards

Blue


----------



## SirDice (Mar 15, 2013)

blueaquan said:
			
		

> Any clean up procedures?


Yes, take it offline, wipe it and install a supported version.


----------



## blueaquan (Mar 15, 2013)

I wonder what's happened all of a sudden to the FreeBSD community? Sometime ago it was so common to see FreeBSD boxes of version 4.x and 5.x, people happily using them for years without any issues and not requiring an upgrade since the requirements have not changed.
It is indeed easy to do what SirDice says, but we are losing out on the knowledge. Knowledge about the latest versions are available everywhere through documentations, but knowledge about the legacy versions are available only through community!

Regards

Blue


----------



## SirDice (Mar 15, 2013)

And what's keeping you from using 8.3?


----------



## chatwizrd (Mar 15, 2013)

blueaquan said:
			
		

> I wonder what's happened all of a sudden to the FreeBSD community? Sometime ago it was so common to see FreeBSD boxes of version 4.x and 5.x, people happily using them for years without any issues and not requiring an upgrade since the requirements have not changed.



Thats called lazy administrators...


----------



## blueaquan (Mar 15, 2013)

SirDice said:
			
		

> And what's keeping you from using 8.3?



Frankly SirDice, my requirements have not changed over the past few years. I've been using 8.0 at a couple of other sites for the same requirement Firewall(PF) and Gateway and its been meeting my requirement very well. I've no further demands from the machine and don't see why an upgrade is required unless I require something more from it.

Regards

Blue


----------



## SirDice (Mar 15, 2013)

blueaquan said:
			
		

> I've no further demands from the machine and don't see why an upgrade is required unless I require something more from it.


Because of these: http://www.freebsd.org/security/advisories.html

Not updating a machine and keeping it on the internet makes you a liability to all of us.


----------



## wblock@ (Mar 15, 2013)

Is "remaining secure" one of the requirements?


----------



## blueaquan (Mar 15, 2013)

SirDice said:
			
		

> liability to all of us.



 Love the above statment. Anyway, the intention was never that! You are only seeing a question that I posted and have no idea about what other technologies and responsibilities I've to fight with on a day to day basis. Some may choose to call it lazy or other as a  liability to the Internet community etc, but in the daily run, the FreeBSD boxes which have a very limited role in my infra at the remote sites were doing their job perfectly and I was happy with what they were doing.

All of a sudden a problem comes up on one remote site and instead of reinstalling it with the latest version (which I don't have any problem with), I was only curious to know what caused the issue.

Anyway, thanks for all your wonderful comments guys! No hard feeling at all 

Thanks, Regards

Blue


----------



## zspider (Mar 15, 2013)

You'd better update it, else it's only a matter of time before it gets owned... Just because it's FreeBSD does not mean it's invincible.


----------



## DutchDaemon (Mar 15, 2013)

A race condition of repetitive reiterations arises. Closed.


----------

