Fedora Security :: Finding The Source Of A Break In ?
Jul 16, 2010
I noticed a very very high cpu usage on my webserver. All four CPUs were running on 100%.
Top shows several perl processes from apache that run for a long time, with a high %CPU.
Since the server was fc10, I did a fresh installation to fc13, and the fresh installation didn't have this issue. Then I loaded back all the user-data, and it started again.
Several, 4, 6, 8, ... 100 perl processes from apache.
lsof -p with the pid of such a process
Code:
The estabilished connection is sometimes "proud2pirate.com" wich is a non-existing domain.
View 14 Replies
ADVERTISEMENT
Oct 17, 2010
How i know who is pinging me or trying?
View 1 Replies
View Related
Nov 16, 2010
I am looking for openssh 5.1 and 4.3 source rpms. Where can i download them ?
View 3 Replies
View Related
Nov 11, 2010
If root is disabled by default, how is it possible that someone managed to SSH into my computer using root? I never enable/set password for root, it's always left as the default as per a fresh install and I always use sudo for any admin tasks.Auth.logFirst there are a whole load of failed attempts then...
Code:
Nov 8 11:07:32 Morris-Desktop sshd[3601]: Failed password for root from 94.243.50.53 port 4360 ssh2
[code]...
View 9 Replies
View Related
Apr 4, 2011
The libxml2 update specified by CVE-2010-4494 causes a notification that it will break Adobe AIR and TweetDeck on my machine.How can I blacklist this update so it won't keep showing up in the Updater applet?The applet says I should go into Yast and manually apply the update. When I do that and tell it not to apply the update, Yast exits and the Updater applet just tells me the update is still pending. I want to get rid of the update at least temporarily until Adobe fixes the dependency (assuming they ever do).
This is a major problem for me as I clearly don't intend to uninstall TweetDeck and AIR just for some security patch. Why didn't openSUSE test this patch for AIR compatibility?
View 6 Replies
View Related
Oct 22, 2010
On my server I some times login from my home where I have an internet connection which does not have a static IP each time I switch on my modem a dynamic IP isgenerated.I see in auth.log logs of following lines Quote:reverse mapping checking getaddrinfo forkkts-kk-dynamic-01.1.168.192.some_broadband.in [192.168.1.2] failed - POSSIBLE BREAK-IN ATTEMPT Accepted publickey for root from 192.168.1.2 port 22852 ssh2when ever I login to my server from home.In this case I do know that it was me who logged in but still why do I see such a log.What is this complaining about?
View 11 Replies
View Related
Aug 2, 2010
Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?
View 9 Replies
View Related
Oct 20, 2009
I have been receiving attack alerts. And I would like to root out the source of the problem. I'll give you the messages. If you could help me prevent this hacker from even being able to attempt these things please any advice is helpful. There have been memory stack attempts, failed sys_admin conversion attempts, password file write attempts etc.....
[Code]...
View 5 Replies
View Related
Feb 21, 2010
I just finished installing Debian 2.1 on a very old laptop for some light word processing and web browsing, and am trying to get apt working so I can use it and dselect to install packages. Whenever I run apt-get update as a first step, I get stuck at 0% with an eventual timeout (this also happens when running the update step of dselect).
I know that my network card (a Farallon EtherWave) is working because I can ping my local gateway and remote sites. In my sources.list, I have this line for the Debian archive for this release: deb [url]contrib main non-free
Can anyone think of why I can ping the archive successfully, but apt will not read it? Do I need to change some network configuration, or my source line?
View 4 Replies
View Related
Jan 28, 2011
I am trying to decrease volume of noise coming from computer as much possible, till one point from where I don't know exactly what's the source of noise.
"That noise" starts coming out of computer few seconds about booting, not while POST test, and then it's constant. To me it seems like it's coming out of cpu, but not fan. (I have disconnected all hard drives, have gpu with passive cooling installed, and it's still there. Cpu is AM3 socket AMD Phenom II 810 processor, and motherboard is Asus M4A78T-E.
Also, my other computers with Intel and other AMD processors does not produce such a noise.
Does that noise come out of CPU? is it some "computing sign" of processor (assuming that during first seconds of booting are perfectly quiet), or kind of general problem of AMD (or AM3 socket) cpus.
View 14 Replies
View Related
Apr 14, 2011
where can i find linux kernel source code?
View 4 Replies
View Related
Nov 23, 2010
I'm looking to install, and perhaps create a SlackBuild) for an application that I think might be interesting.
The dependencies listed are:
libx11-dev, libxt-dev, libimlib2-dev, giblib-dev, and libxinerama-dev
I've checked to see if the packages are installed w/:
Code:
I've also looked for any existing SlackBuilds, but the only one that showed up in the database is: "giblib"
Where can I look to find these dependencies, their sources, or determine whether they're already installed in Slackware64 13.1?
Also, how would one determine if this can compile for a 64bit, non multi-lib install?
View 3 Replies
View Related
Jun 23, 2010
First of all, I am pretty new to linux and I have 2 install a USB OVer IP software. I downloaded the software for UBUNTU n I really do not know where to find the installer. I want to find the source code in the package too.. its an open source project. So I believe the source codes are included in that .
View 5 Replies
View Related
May 23, 2011
After several days of searching, reading and re-installing, I'm at a complete loss as to why autofs has suddenly stopped working.
Basically, I can see the shared folders on the host computer but as soon as I try to cd into the folders I get "-bash: cd: [directory]: No such file or directory" (where [directory] = shared drive).
The setup was working before and the same exact setup is being used and is fully functional on another computer.
I'm running Ubuntu 11.04
Here is the content of auto.cifs:
Code:
Here is the content of auto.master
Code:
And credentials are stored in /etc/auto.smb.goblin (where goblin = name of windows computer sharing folders).
When I do "ls -l /home/shoryuken/TerraDrive/goblin" I get:
Code:
Now if I try to "cd" into any of the shared drives (like D-Drive, GW_Share or TerraDrive) I get the following:
Code:
A second or subsequent attempt at "ls -l" results in:
Code:
Note the question marks that are now everywhere.
I'm not sure where to look to find out why this is failing. The shared drive are visible, but then disappear when I try to access them. The same exact setup, on another machine works perfectly fine.
View 7 Replies
View Related
Mar 7, 2011
I have a server (RHEL 4.7) with an mqueue that keeps growing over a two or three day interval. Then I have to manually flush the queue by removing all the mail in the spool directory as the sendmail flush command doesn't work. I've looked at the mail queue manually with a sendmail -bp command and it seems to show an occaisional mail item in the queue. On the other hand, there seems to be a lot more non-legitimate emails in the queue spool. how do I find out the source of the email in the main queue? Next, how do I stop it from building the queue? Next, is there anyway to automatically flush the queue once it builds if I need to?
View 2 Replies
View Related
Jun 7, 2011
I have a situation where I need to install the following packages manually:
libstdc++ (including libstdc++6)
glibc
libgcc
All I can find online are rpms... anybody know where I can get these as tarballs?
View 3 Replies
View Related
May 23, 2011
After several days of searching, reading and re-installing, I'm at a complete loss as to why autofs has suddenly stopped working.
Basically, I can see the shared folders on the host computer but as soon as I try to cd into the folders I get "-bash: cd: [directory]: No such file or directory" (where [directory] = shared drive.
The setup used to work and the exact same setup on another computer computer works flawlessly.
I'm running Ubuntu 11.04
Here is the content of auto.cifs:
Code:
Here is the content of auto.master
Code:
And credentials are stored in /etc/auto.smb.goblin (where goblin = name of windows computer sharing folders.
When I do "ls -l /home/shoryuken/TerraDrive/goblin" I get:
Code:
Now if I try to "cd" into any of the shared drives (like D-Drive, GW_Share or TerraDrive) I get the following:
Code:
A second or subsequent attempt at "ls -l" results in:
Code:
Note the question marks that are now everywhere.
I'm not sure where to look to find out why this is failing. The shared drive are visible, but then disappear when I try to access them. The same exact setup, on another machine works perfectly fine.
View 4 Replies
View Related
Apr 22, 2010
What is the most well know Open Source Bussiness Intelligence application?
View 1 Replies
View Related
Jan 3, 2011
Is there a good open-source Unicode string library for C++ (or C)?
View 4 Replies
View Related
Jan 19, 2009
Looking for a Open Source music composition editor similar to Sibelius. I found and settled on Rosegarden. Sound card is Creative Audigy 2 Platinum EX. I also have a midi keyboard which I would like to use with rosegarden. After downloading rosegarden, I found out in order to use the MIDI sequencer, I have to compile and install a real time kernel.
I finally got my kernel configured and installed, recompiled all the video/Ethernet drivers etc (after about a dozen tries ) Now on to the issue... As root, I can run the JACK audio server with realtime priority (as it is needed by Rosegarden) with the command
jackd -R -dalsa &
it starts up and seems to run. Then as a regular user, I try to connect to the JACK audio server using the qjackctl application. Qjackctl loads, but cannot seem to connect to the jack server, giving me the message "UNABLE TO CONNECT TO SERVER AS CLIENT"
HOWEVER, using the same procedure above as root, I can connect to the jack audio server with qjackctl. Rosegarden will start as a regular user but will also not connect to the JACK audio server (therefore: no sound or midi sequencer) Ive tried running Rosegarden as root (I didnt like having to do that), but get a similar error.
Through some googling, I�ve found that JACK clients (qjackctl, rosegarden etc.) must be executed by the same user who launched the JACK server. -- no problem...Except I cannot run a realtime application as a regular user. I read online that regular users can start realtime applications using the LSM module (whatever that is, I couldn�t find all that much).
how do I start the jack audio server in realtime mode as a regular user? if that is not possible...Is there a way to configure JACK so that it is started by root, but allows clients launched by regular users to connect?
View 9 Replies
View Related
Aug 4, 2011
I have installed the following packages:
[Code]....
You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
View 3 Replies
View Related
Mar 15, 2010
downgrading PPP, NetworkManger, and NetworkManager-gnome. This worked but is there an easy way to know when it is safe to apply the updates that are available?
View 2 Replies
View Related
Mar 10, 2011
I am using Nautilus To re-create the problem:
Make a new user
Delete the "$HOME/Templates" folder
Create a "$HOME/Templates" folder
Now, no new templates will be recognized in the right-click menu.
problems: Files created in the Templates folder are not found in the menu of <Right-Click> -> New Document.
In Nautilus, Go -> Templates sends me to /home/$USER/.
Non-solutions:
Restarting the computer does not solve this. I have done about an hour of searching on the internet and I have searched through the Nautilus source code.. I an not good enough with Linux to be able to understand the Nautilus source.
View 3 Replies
View Related
Sep 1, 2010
I have the typing break enabled through the keyboard preferences, and when the break ends, I hear an alarm beep (sounds like the alarm on a wristwatch) through my speakers.
For the life of me, I cannot figure out how to turn this off.
It did not always do this, but started when I upgraded my system to Fedora 12, and it persisted through to the upgrade to F13.
There are three computers in my office running F13, and mine is the only one that does this. I can find no trace online of anyone else having this problem.
Can anyone tell me how to turn this off?
I'm running Gnome 2.30.0 on Fedora 13 (x86_64)
View 5 Replies
View Related
Jul 5, 2010
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies
View Related
Aug 15, 2010
There are far too many 'events' in Firestarter's log. I can't find which file contains the log either by searching my file system or the internet.
View 4 Replies
View Related
Mar 24, 2010
Please let me know:1. What LDAP logs are typically available2. How to find them3. How to Parse them
View 3 Replies
View Related
May 2, 2010
my ufw rules have been loaded and active yet using iptraf i see tcp connections on ports that were never allowed by ufw. can anyone explain this too me does ufw just not work?
View 6 Replies
View Related
Feb 19, 2010
installed the fedora 12, but dont know how to use the source dvd to install the source package.
View 3 Replies
View Related
May 28, 2011
I searched Using my User Name and did not find the post post made for this problem.Still the search using the User name does not return the first post or this.
View 4 Replies
View Related
