so... here I am trying to change my resolution (something that I need to do every time I boot up since I installed the ATI drivers) and boom, my password doesn't work. It's not that I forgot it, it's too simple for that, something fishy is going on.
Now, I noticed that there are some tutorials...
so... here I am trying to change my resolution (something that I need to do every time I boot up since I installed the ATI drivers) and boom, my password doesn't work. It's not that I forgot it, it's too simple for that, something fishy is going on.
Now, I noticed that there are some tutorials out there telling you how to reset your password, and I will try that, but I am new to Linux, I want to know how something like that could have happened!
I read that /etc/passwd and /etc/shadow are the two files that hold the password data so I tried to investigate:
$ls -al /etc/passwd
-rw-r--r-- 1 root root 1754 2012-02-01 23:55 /etc/passwd
$ls -al /etc/shadow
-rw-r----- 1 root shadow 1067 2012-02-18 15:17 /etc/shadow
Sooo passwd didn't change at all, but shadow did... today! Now, I haven't changed the password at all today and nobody had access to this computer in that time (well, unless my pet hamster somehow managed to escape his cage and hack my PC).
How can I investigate this? could it be possible that somebody ssh-ed to my PC and did some funky business? (my password is rather weak). How could I check for that?