Can you tell if the su file (/bin ?) has been changed? Years ago (I imagine people are too advanced for this now) a hacker would move login, replacing it with a script that did nothing more than look like login, trapping the password and doing something nefarious with it, show a login failure, and then call the real login to allow things to run normally. Probably has nothing to do with these days and times, but I thought I'd toss it out anyway. Ed -----Original Message----- From: tclug-list-bounces at mn-linux.org [mailto:tclug-list-bounces at mn-linux.org]On Behalf Of Erik Anderson Sent: Tuesday, December 30, 2003 5:11 PM To: TCLUG Mailing List Subject: [TCLUG] wierd rh8.0 behavior I have a Redhat 8.0 box that recently started asking for the root password twice when I "su -". Any ideas? -Erik _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list