/etc/shadow

[Kod]

Hello,

Someone got on one of my servers using some method i'm still investigating.
The guy got to see the /etc/shadow file. but he didn't get root access i guess.

I was wondering if this can be dangerous, in case the guy bruteforces the md5 hashes etc


Let me know.

 

[scsi]

Anything is possible. You can change passwords if you think they will be guessed by a md5 scanner.

 

[Kod]

I don't know if it's best to reinstall the whole thing from scratch or find how he got to list the shadow file and change all passwords, both are time consuming