Showing results for 
Search instead for 
Did you mean: 
Level 7

Hips disabling root password change


Is there any way hips can disable users from changing the root password on Linux?

0 Kudos
1 Reply
McAfee Employee

Re: Hips disabling root password change

I would say no.  Signature 3021 protects the passwd files, but doesn't prevent proper password changes.

This event indicates an attempt to modify or remove the "passwd" or "shadow" files by a process other than passwd(1)

This is indicative of an attack. Attackers sometimes write directly to this file to add privileged users to the system, or change permissions of these files to a world-writable state for malicious reasons.                                      

0 Kudos