A few days ago I installed F12 and it was working fine very well up until today when I booted my computer from a perfect working order state yesterday to this. Well my wireless was still being sniffed and slowed down to dial up speed but what's new thats been consistant for at least 3 months I can't really do much about it since my brother doesn't like changing the password.
I recently logged onto my new fedora 12, 64-bit, system encrypted (all partitions effected by install), selinux enforced install to find myself in tty4 and some "other" users logged on to the other terminals. My folders would have lock icons on them after opening, my notication menu/toolbar crashed and hasn't returned on system reboot, some data transfers between removable storage returned input output errors while others worked fine(?). I also recieved this kernel bug output from the bug reporting tool but I have no idea what it means.
Also I was not loose with the security either I had removed unconfined login types (After setting up the system as I needed) meaning I couldn't even run root or sudo and neither could anyone else (asfar as I was aware). I pretty much increased selinux to its maximum boolean strictness and limited the _default_(Me included) account to a user from a _default_ unconfined (to actually be able to log in with the selinux boolean in place). Meaning they "the exploiters" were able to bypass selinux as a user account? How is that possible and even if you do root logon is disabled by selinux too?
At the moment I'm on a live cd trying to look for a way to custimise them as it seems it may be my only option.
Just a side note you can't just log in to tty4 by default without actively taking up spaces either by other users or your own use. Meaning since the tty login is automated 3 terminals were in use tty1, tty2 and tty3.
Which commands should I run to find out what is being done?
Edit: Just had my F12 x64 live cd taken down twice and had to hard reset as the toolbar disappeared. Took a photo of the last error message. I was just reading a pdf and using firefox at the time.
Does anyone know any common apache 2.2 exploits and how to stop them? I am setting up a web server and want it to be secure as possible. I currently have a basic lamp server on a ubuntu server.
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
I refrained from posting this in the Kernel Vulns thread earlier, due to its zero-day status. But now that the issue has been Slashdotted, there's no use in keeping us from publicly discussing this vulnerability. The link to the article (from which I quote below) is here. Brad Spengler's original announcement on the Dailydave mailing list is here.Quote:A researcher has published exploit code for a new vulnerability he discovered in the Linux kernel. The vulnerability is an especially interesting one in that the researcher who discovered it, Brad Spengler, has demonstrated that he can use the weakness to defeat many of the add-on security protections offered by SELinux and AppArmor.
1> are the flash exploits are of any use to a Linux operating system like Ubuntu etc. ? 2>are the Microsoft office exploits any risk to libreoffice or open-office software suites? 3>are there exploits for Linux , open-office and libreoffice ?
Recently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?
Trying to install virtualbox in F12 but fails when recompiling kernel module. Output of vbox-install log is:
Attempting to install using DKMS removing old DKMS module vboxdrv version 3.1.6 Deleting module version: 3.1.6 completely from the DKMS tree. Creating symlink /var/lib/dkms/vboxdrv/3.1.6/source -> /usr/src/vboxdrv-3.1.6
DKMS: add Completed.
Error! Your kernel source for kernel 2.6.32.11-99.fc12.i686.PAE cannot be found at /lib/modules/2.6.32.11-99.fc12.i686.PAE/build or /lib/modules/2.6.32.11-99.fc12. code....
I am trying to install the Nvidia Quadro NVS 110 169.04 drivers but am having issues during install. Prior to attempting my install I did install the kernel-devel rpm so it can compile. after running the RPM I get. Quote: No precompiled kernel interface was found to match your kernel; would you like the installer to attempt to download a kernel interface for your kernel from the NVIDIA ftp site [URL]?
which of course does not work. next it says Quote: "No precompiled kernel interface was found to match your kernel; this means that the installer will need to compile a new kernel interface.. i hit okay and move on to. Quote: Error: Unable to find the kernel sources tree for the currently running kernel. Please make sure you have installed the kernel source files for your kernel and that they are properly configured; on Red Hat linux systems, for example be sure you have the 'kernel-source' or 'kernel-devel' RPM installed. if you know the correct kernel source files are installed, you may specify the kernel source path with the "--kernel-source-path' command line option
I downloaded 64-bit version of Fedora 11 and burned the iso on my dvd. When I rebooted the machine it booted up from the dvd but it showed an error message that kernel "image not found". And it stops there itself. Can someone show me some way except downloading the iso again?
Forgive me if I have posted this in the wrong forum, first time poster with Fedora. I have been using Linux for some time now, mostly Mint, but Fedora 12 @ work. Anyway, I receive the following error in my /var/log/boot.log:
Code: nvidia.ko for kernel 2.6.32.9-70.fc12.i686 was not found and the driver does not load (My xorg.conf file is not loaded), but once I am at a
For compiling ArpON on my server the cmake command says 'libpcap not found' when a newer version libpcap-1.0.0-5.20091201git117cb5.fc13.i686.rpm is already exiting which I am unable to erase as other rpms depend on it.
I'm just installed OpenSuse 11.3 (64) on a 30gb SSD, hoping to get virtualbox 4.0 running to virtualize an instance of Windows 7.I went through some pain with my Nvidia video card and actually getting vb to install, but through lots of searching and tinkering got here.I created a vm in the vb control panel, but when I go to start it I get:
Code: Failed to open a session for the virtual machine Win7Main. The virtual machine 'Win7Main' has terminated unexpectedly during startup with exit code 1.
I get the following error message trying to install dazuko on xubuntu 10.04: "headers for target kernel version could not be found" But when I run sudo apt-get install linux-headers-$(uname -r), I get the message that I already installed the headers. My current kernel is 2.6.34-020634-generic
How can I install dazuko withouth having this problem??
I installed the latest kernel liquorix (2.6.35) but when i want to install the Nvidia driver downloaded on the Nvidia website (256.53), i have an error message because Nvidia doesn't found the kernel source tree.
I install linux-image-2.6.35-6.dmz.2-liquorix-686_2.6.35-16_i386.deb, linux-headers-2.6.35-6.dmz.2-liquorix-686_2.6.35-16_i386.deb and build-essential. I don't understand why the installation doesn't works.
I've just installed clean copies of both VirtualBox v4.0.8 and Fedora 15. Now I have followed the instructions here : [url] to install the latest VBox guest additions.
Each time I try I get the following message:
The headers for the current running kernel were not found. If the following module compilation fails then this could be the reason. The missing package can be installed with yum install kernel-devel-2.6.38.8-32.fc15.i686.PAE.
However, if I run that command I am told there is no such package available. The guest addition installer continues seemingly OK, but after a restart they are not loaded.
I've just moved to Fedora from Ubuntu due to major issues with its new version.
Attack Sneaks Rootkits Into Linux Kernel Quote: A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux
Apr 14, 2009 | 04:21 PM By Kelly Jackson Higgins DarkReading
Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says. The /dev/mem "device" can be opened like a file, and you can read and write to it like a text file, Lineberry says. It's normally used for debugging the kernel, for instance.
Lineberry has developed a proof-of-concept attack that reads and writes to kernel memory as well as stores code inside the kernel, and he plans to release a framework at Black Hat that lets you use /dev/mem to "implement rootkit-like behaviors," he says. The idea of abusing /dev/mem to hack the Linux kernel is not really new, he says. "People have known what you can do with these /dev/mem devices, but I have never seen any rootkits with dev/mem before," he says.
Quote: "The problem with kernel-based rootkits is that the rootkit can mitigate [detection] because it has control," he says. "It's a race in the kernel to see who's going to see who first." [URL]
[6867450.202500] hpet1: lost 1 rtc interrupts [6867450.548506] hpet1: lost 2 rtc interrupts May 24 20:20:01 vms2 kernel: [6886829.451310] console-kit-dae[19655]: segfault at 198 ip 00007f4c31b7fe09 sp 000000004036c090 error 4 in libglib-2.0.so.0.1800.2[7f4c31b53000+c3000]"
I recently re0instralled and update ubuntu 10.04 LTS. After installing and running debsecan, I found ALOT of problems. Does anyone have experiance with this tool?
I updated the kernel to 2.6.35.10-74.fc14.x86_64 and had to reinstall and rebuild the kernel module for my ATi driver as usual, so I edited the kernel arguments at the grub splash screen so that I could boot into single user mode and install the driver (i.e appending the relevant line with '1'). The interesting thing is, the system booted directly into single user mode as root when the system started up. No password was required.
Is Linux vulnerable to Java drive-by exploits? Another computer I run on windows 7 just notified me that it was infected through Java, and I'm wondering if my Linux box (ubuntu 10) with Java installed is vulnerable.
I followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
I am trying to setup Slacware 13.1 x86_64 to a encrypted partition. I used the README_CRYPT.TXT howto : [URL] At the step when I create an initrd.gz I get this error: Quote: ERROR: No /lib/modules/2.6.33.4-smp kernel modules tree found for kernel "2.6.33.4-smp"
I tried to look into the directory and there was only modules under 2.6.44.3. So I tried to change the command into: Quote: mkinitrd -c -k 2.6.33.4 -m ext3 -f ext3 -r cryptroot -C /dev/sda2
This command was successful, but I don't know if this is alright. I made the changes in lilo.conf, add initrd = initrd.gz. This is all on unencrypted /boot partition. The boot=/dev/sda1 I also set for the unencrypted boot partition. When I boot the system I get a kernel panic:
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
Today, on my 11.3 machine. the kernel was updated. When I started my vmware 7 workstation, it came up with a message "kernel-headers for 26.34.7-0.7 were not found. enter an alternative location"
I'm attempting to dual boot my computer with Slackware, Debian and Windows. I've installed Lilo to the mbr from Slackware, i've edited my lilo.conf file so I can boot Debian. When I boot debian though, it says it's boot kernel 2.6.37 which is the slackware kernael it fails to load the modules. I think my problem is in the lilo.conf file in the debian line, "image = /boot/vmlinuz", if I've understood correctly I should put the debian kernals name after that line, I've done as I saw on the internet, but it comes up with, "kernel can not be found" or something similar to that. I think it's looking for it in a slackware directory. Is there a place on the debian dvds (i've all eight) I can get the kernel?
Scenario 1. I am doing this from /home/deploy directory I am trying to set up ssh with github for capistrano deployment. this has been an absolute nightmare. when I do ssh git@github.com as the deploy account I get Permission denied (publickey). so may be the key is not being found, so If I do a ssh-add /home/deploy/.ssh/id_rsa Could not open a connection to your authentication agent. (i did verify that the ssh-agent was running) If I do exec ssh-agent bash and then repeat the ssh-add then the key does get added and I can ssh into github. Now I exit from the ssh connection to my server and ssh back in and I can't ssh into github anymore! Scenario 2 if I login to my remote server and then cd into my .ssh directory and ssh into github then it all works fine I guess there is a problem with locating the key and for some reason the agent isn't funcitoning correctly.
