Weird behavior of Kali Linux / Intrusion?
actually adding "1" to the boot parameter should make any Linux system boot into Runlevel 1 (Single-User-/Rescue-Mode). I'm renting a VPS and my hoster offers a Kali Linux image one can mount and boot from. For some reasons I wanted to boot into Runlevel 1, but this didn't work, and the according error message "the root account is locked", followed by "Error getting authority" looks quite strange to me:
Kali just boots into the default runlevel (multi-user + GUI), where I noticed the next strange thing after having entered "who":
Obviously six root users are logged in besides my own login. I wanted to find some explanation for this, so I took a look at the journal:
It shows how multiple root sessions were opened, which took place before the GUI started up.
The kernel messages during early boot, especially the messages related to memory mapping, ACPI and PCI interrupting look somehow suspicious to me:
Finally this is my /var/log/auth.log:
This behavior could not be considered as being normal, isn't it? Any ideas on this?
Kind regards and thanks in advance
Seems odd to me, but I've never run Kali other than on a box under my control. Has this image always behaved this way?
This almost feels like your hoster custom-built a Kali install, then tinkered with it. Purely a guess on my part, though.
Tags for this Thread