Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User called “internet”

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 7 Posters 991 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @Phonix66
      last edited by Gertjan

      @Phonix66 said in User called “internet”:

      I'm really interested to know how it got there, I hope to exclude any security issue...

      pfSense itself, and none of the packages you can add, creates such a user - that name, or another.
      That said, I can't confirm for 100 %, as there are packages that I never installed.
      The fastest end easiest way out : change your admin password.
      Never ever share it anymore with some one else.
      Done, no more new users.

      Btw : look at the /etc/passwd file.
      Package can craete system user accounts, I - ad you - have several of them :

      avahi:*:558:558:Avahi Daemon User:/nonexistent:/usr/sbin/nologin
      nut:*:316:316:Network UPS Tools user:/nonexistent:/usr/sbin/nologin
      freeradius:*:133:133:FreeRADIUS Daemon:/nonexistent:/usr/sbin/nologin
      polkitd:*:565:565:Polkit Daemon User:/var/empty:/usr/sbin/nologin
      snmpd:*:344:344:Net-SNMP Daemon:/nonexistent:/usr/sbin/nologin
      

      Packages like Avahi, NUT, Freeradius etc. run under their own user ID (and not root) for safety.

      But not pfSense "GUI User Manager users".

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      P 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Phonix66
        last edited by

        @Phonix66 is this some pfsense you took over? As already mentioned, I am not aware of any package that would create such a user, nor have I ever seen a package create a user that would show up in the user manager gui.. As @Gertjan mentions some users can be created to run packages under - but have never seen one create one that would be listed in pfsense gui.

        If you took this over - someone else might of created that for some use.. What permissions did it have in the gui if not a member of admin group.

        Have you installed any 3rd party packages - ie outside the pfsense repo?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          Phonix66 @Gertjan
          last edited by Phonix66

          @Gertjan thanks. yeah, one of the first things I did was to change my administrator account password 😊

          I'm really curious about the root cause, I'm using Pfsense for many years now and I'm very positive about the solid secure design of pfsense, so I'm quite positive it had something to do with what I did, or alternatively one of the 3rd party packages.

          @johnpoz, thank you too. the answer is NO, I didn't inherit my pfsense from anyone.
          I suspect the ntopng package, I didn't login for a while and tried now to login with the "internet" user, but couldn't, nighter with my Administrator account.

          Thanks @Gertjan, luckily the internet"user is not root or even privilege, so I'm less worried then I was in my initial reaction.

          Edit: found the login credentials for ntopng, it wasn't that!

          johnpozJ dennypageD 2 Replies Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Phonix66
            last edited by

            @Phonix66 said in User called “internet”:

            alternatively one of the 3rd party packages.

            Again have you installed anything out side the repo as far as a package goes.. Like something available for freebsd, but not included in pfsense repo? Or there are some packages about that people have put together to install stuff, crowdstrike the latest example of this that I recall seeing.. But there are for sure others. I do recall a while back someone put together a way to install the unifi controller software on your pfsense, etc.

            You have not played with any such sort of packages..

            My guess is you at one point created it, maybe when testing out captive portal or something and forgot about it.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            P 1 Reply Last reply Reply Quote 0
            • P
              Phonix66 @johnpoz
              last edited by

              @johnpoz, sorry, missed the question, the answer is NO, absolutely nothing outside of the official packages from the repo, nighter any custom configuration.

              1 Reply Last reply Reply Quote 0
              • E
                ebcdic
                last edited by

                Did the user have a home directory? Was there anything in it? Did it have a password?

                P 1 Reply Last reply Reply Quote 0
                • P
                  Phonix66 @ebcdic
                  last edited by Phonix66

                  @ebcdic I don't know where to check for the directory.
                  here are the details from the /etc/passwd:
                  internet:*:2000:65534::/home/internet:/sbin/nologin

                  nologin would probably mean no home directory, am I right ?

                  E T 2 Replies Last reply Reply Quote 0
                  • E
                    ebcdic @Phonix66
                    last edited by

                    @Phonix66 said in User called “internet”:

                    here are the details from the /etc/passwd:
                    internet:*:2000:65534::/home/internet:/sbin/nologin

                    nologin would probably mean no home directory, am I right ?

                    The home directory is specified as /home/internet. /sbin/nologin should mean that the user can't log in.

                    2000/65534 are the user and group id you would get the first time you created a user through the user manager page. The directory /home/internet would then contain files called .hushlogin, .profile, .shrc, and .tcshrc.

                    I think the most likely explanation is that at some point you inadvertently created the user yourself, perhaps mistaking the page you were on in the user interface.

                    1 Reply Last reply Reply Quote 0
                    • T
                      tedquade @Phonix66
                      last edited by

                      @Phonix66 Possibly an OpenVPN roadwarrior account you set up at some point.

                      Ted

                      P 1 Reply Last reply Reply Quote 0
                      • P
                        Phonix66 @tedquade
                        last edited by

                        @tedquade I guess it could be the case. actually I don't have any idea since the PFsense is installed for quite a while now.
                        I'll just remove the stale user and I have changed the admin password already.
                        So I guess that ok. I'll keep an eye on the users for a while, just to make sure.

                        Thanks everyone, really appreciate that.😊

                        1 Reply Last reply Reply Quote 1
                        • dennypageD
                          dennypage @Phonix66
                          last edited by dennypage

                          @Phonix66 said in User called “internet”:

                          I suspect the ntopng package, I didn't login for a while and tried now to login with the "internet" user, but couldn't, nighter with my Administrator account.

                          The ntopng package does not create such a user. What made you suspect it?

                          [Edit: You can ignore this -- I just saw that you subsequently determined that it wasn't ntopng]

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.