changing root pbuttword with Knoppix

I recently just had a FC2 box hacked. Unfortunately we simply can't take it offline at the moment because we have outside people needing to use files on it. I'm in the process of rebuilding the box over the next couple of days, but in the meantime, I have to keep the compromised machine up.

While the crackper appeared to simply install a spam relay (didn't even delete the bashhistory or anything,) I don't want to take any chances and need to change pbuttwords on it, hoping he doesn't have bash storing information.

It was recommended I use Knoppix to change the root pbuttword. I found a thread where Lew P. instructed someone how to delete the root pbuttword:

Boot up with Knoppix, and log on as root Mount your hd somewhere Edit the HDetc-pbuttwd - delete the second field of the 'root' pbuttword entry (the text between the first and second colons), so that the entry looks something like root::0:0::-root:-bin-bash - save this change, and exit the editor Unmount your hard disk Log out Reboot from your HD

But, when I boot back up with the system, IF bash IS being logged, when I change the root pbuttword won't it be logged? Will Knoppix only allow me to delete the pbuttword and not change it?

Unrelated note, if I want to run "badblocks" on the PC with Knoppix, I mount the drive in question and run it like this, right?

mount -t ext3dev-hdc1hdc1 badblocks -s -vhdc1

Like that? (LOL I love this from the badblocks man: "This can be overriden using the -f flag, but should almost never be used --- if you think you're smarter than the bad-blocks program, you almost certainly aren't.")