Results 1 to 2 of 2

Thread: Weird behavior of Kali Linux / Intrusion?

  1. #1
    Junior Member
    Join Date
    Aug 2015
    Posts
    1

    Weird behavior of Kali Linux / Intrusion?

    Hello everyone,

    actually adding "1" to the boot parameter should make any Linux system boot into Runlevel 1 (Single-User-/Rescue-Mode). I'm renting a VPS and my hoster offers a Kali Linux image one can mount and boot from. For some reasons I wanted to boot into Runlevel 1, but this didn't work, and the according error message "the root account is locked", followed by "Error getting authority" looks quite strange to me:

    kali_1.jpg

    Kali just boots into the default runlevel (multi-user + GUI), where I noticed the next strange thing after having entered "who":

    kali_2.jpg

    Obviously six root users are logged in besides my own login. I wanted to find some explanation for this, so I took a look at the journal:

    kali_3.jpg

    It shows how multiple root sessions were opened, which took place before the GUI started up.


    The kernel messages during early boot, especially the messages related to memory mapping, ACPI and PCI interrupting look somehow suspicious to me:

    http://pasteboard.co/JSDmyABCS.png

    http://pasteboard.co/JSE1oxRdw.png


    Finally this is my /var/log/auth.log:

    http://pasteboard.co/JSz724GZe.png


    This behavior could not be considered as being normal, isn't it? Any ideas on this?


    Kind regards and thanks in advance

  2. #2
    Senior Member
    Join Date
    Apr 2013
    Location
    in a computer
    Posts
    551
    Seems odd to me, but I've never run Kali other than on a box under my control. Has this image always behaved this way?

    This almost feels like your hoster custom-built a Kali install, then tinkered with it. Purely a guess on my part, though.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •