am I NOT hacked?

[Joe Parsons]

I was slow to patch my multiple vms after that heartbleed disclosure.  I just managed to upgrade these systems to 9.2, and installed the patched openssl, then started changing passwords for root and other shell users.  However I realized that, only the root password was changed.  For other users, even though the "passwd userid" issued no warning, and "echo $?" is 0, the password is NOT changed.

For more debugging, I tried to "adduser", the command was successful, and I can see the new entry "test" in /etc/passwd. However "finger test" complains no such user!  Also, "rm test" complains there is no such user to delete as well.

Furthermore, the mail server got problem sending email, the log file said there is no such user "postfix", and sure enough:

# finger postfix
finger: postfix: no such user

while this "postfix" user certainly existed for years, and I can see see its entry in /etc/passwd.

This appeared to all the multiple vms on multiple hosts, all running FreeBSD 9.2 now.

I was paranoid, I really should have patched all these systems immediately reading that heartbleed news, as all these servers had the vulnerable openssl port installed!

Until googling and I found this: 

https://forums.freebsd.org/viewtopic.php?&t=29644

it said "The user accounts are actually stored in a database. It's possible it got out of sync with your [file]/etc/passwd[/file] file.", and it suggested running "vipw" to fix it.

I ran vipw, then saved, and quit.  No joy.  Then ran vipw again, made a change, then undid the change, save again.  Now "finger postfix" found the user, and I can change user password now, and all the above problem disappeared.

Am I right that, that I am NOT hacked?  Is the above problem produced by the freebsd-update process?  Is this supposed to happen?  I just followed the handbook to update from 9.1-RELEASE to 9.2-RELEASE, never compiled kernel or tweak.

Thank you!  Joe