have a script that will report whenever a file is copied? Some useful information would be the time/date, user, and destination whenever a file is copied. I've looked into the stat command, but it does not distinguish between copy and access.
View 4 RepliesSome time back using this computer a SucKit rootkit was found. Having dd urandomed the drive, flattened CMOS battery, flashed BIOS, run Knoppix live CD 6.1,using no flat pack battery (laptop), and memtested the RAM, I am still having problems with what I suspect is a javascript file that tries to reload the rootkit from? firmware. I suspect the firmware as everything else should have eradicated it??
Also it or a hacker via a backdoor then corrupts the drivers so devices malfunction. Windows security programs and rootkit detectors don't seem to pick it up. Fresh install of Windows or linux after the above still show this problem, though internet not used. The person who admitted rootkitting this machine is capable of writing java programs or using javascripts to do all this.
When viewed using Ubuntu 8.4 files and dates on a Windows partition appear normal both in file manager and terminal. However booting using Knoppix CD these files are all green, and I cannot change their permissions, even as root. ie: everything is green including text files etc. If I copy them to a linux partition, I can change their permissions and make them nonexecutable and nonwritable. Also on the Windows FAT32 partition the . directory has the date 1 Jan 1970.
If I disable any green files, I can shutdown and reboot cleanly. If I don't I start having problems shutting down [/usr/sbin/init ?] And always these follow a pattern:
Can't remember details as I have now corralled the beast but error messages relating to:
nfs-server
inet.d/statd
are the start of these.
After running
Code:
nessus-fetch --register <Activation Code>
I got
Code:
nessus-update-plugins could not be found in your $PATH
When I try to run a scan on localhost I get the message "nessusd returned an empty report".
Here's the entry in nessusd.messages
Code:
[Mon May 25 00:30:03 2009][13188] user mickey.harvey : testing 127.0.0.1 (127.0.0.1) [13189]
[Mon May 25 00:30:04 2009][13189] Finished testing 127.0.0.1. Time : 0.03 secs
[Mon May 25 00:30:04 2009][13188] user mickey.harvey : test complete
[Mon May 25 00:30:04 2009][13188] Total time to scan all hosts : 1 seconds
[Mon May 25 00:30:04 2009][13188] user mickey.harvey : Kept alive connection
I would like to get the scan working and make sure that nessus is updating the plugins. I have been looking though the nessus documentation and tried searching on Goggle without any success.
I've been trying to make sense out of this error report. I get it every once in a while on startup of my machine.
Code:
Summary:
SELinux is preventing /usr/sbin/ntpd access to a leaked netlink_route_socket
file descriptor.
Detailed Description:
[ntpd has a permissive type (ntpd_t). This access was not denied.]
SELinux denied access requested by the ntpd command. It looks like this is either a leaked descriptor or ntpd output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the netlink_route_socket. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ [URL]
Additional Information:
Source Context system_u:system_r:ntpd_t:s0
Target Context system_u:system_r:firstboot_t:s0
Target Objects netlink_route_socket [ netlink_route_socket ]
Source ntpd
Source Path /usr/sbin/ntpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ntp-4.2.6p2-7.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-3.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.35.6-45.fc14.i686
#1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686
Alert Count 1
First Seen Fri 21 Jan 2011 02:01:09 AM PST
Last Seen Fri 21 Jan 2011 02:01:09 AM PST
Local ID fb73799a-8d3c-4d9a-8c06-a0c1b6d4814e
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1295604069.730:15): avc: denied { read write } for pid=1731 comm="ntpd" path="socket:[14643]" dev=sockfs ino=14643 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket
node=localhost.localdomain type=SYSCALL msg=audit(1295604069.730:15): arch=40000003 syscall=11 success=yes exit=0 a0=8a1ad60 a1=8a1b040 a2=8a1b2c8 a3=8a1b040 items=0 ppid=1730 pid=1731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
I've been having problems with pdf files made using latex (dvi->ps->pdf). I found a reported bug in bugzilla by searching the error message and made a comment. The 'problem' is that the bug is filed under evince, but I'm pretty sure it is in ghostscript. Should I file another bug in the ghostscript section, or will the clever people at bugzilla work it out once they get round to this particular bug (it's marked as low priority)?
The bug report can be found here[URL]..The bug is more annoying than anything else, so any advice is welcome.
I have an embedded linux system (Debian 'Lenny') which booting from a microSD flash. If I make a copy of a file on the flash file system (cp test test1) and then power off (disconnect power spontanious). Connects power again and the system come up, but the file test1 is gone. How can I secure that test1 is NOT disappear if the power get lost?If I copy file and then restart system with reboot command, the file test1 does not disappear.
View 7 Replies View RelatedI have been messing with diff and grep for 2 days now without result
I am trying to match a file consisting of words to many separate other wordfiles in a specific directory. one by one.
What i want the script to do is to report how many matching words my main file has with every file in the directory, each in turn
setup:
Each of em are plain text files with 1 word per line
Output should be something like:
SCRIPT REPORT:
parsing xml file using shell script and generate report in a PDF file
Xml file input:
<report>
<student name="x" father name="x1" class="first" Address="xyz">
<property name="sports" value="yes"/>
<property name="drawing" value="no"/>
[code]....
I wanted to make a simple script that would trigger on certain environment events. For instance, I want the script to trigger whenever a new file gets copied or placed on the Desktop, and cut that file and place it somewhere else. Sort of cleaning the Desktop process. Here's the thing: I want to trigger on it's own, not requiring me to open shell and invoke it from there
View 7 Replies View RelatedI'm sure that the issue I'm having is easily solvable once I gain some understanding about copying files - and file permissions in Ubuntu. Here's my situation:
I have an external HDD where I like to back up some files (I mess around with distros on my main machine and feel less stressed knowing the important stuff is backed up). I have an ext4 partition on the external drive where I have copied files, both through the terminal (cp 'filename' /dev/sdc3) and by drag and drop (gnome-terminal).
The problem is, once the files are copied, most are inaccessible. I can view them, but some directories and individual files say I do not have permission to open them. Others are accessible. This is from the same user profile that copied them.
How do I see what's going on? More importantly, how do I make files on external drives available to any user or OS (that can handle ext4)? I want to make sure that if my whole system gets effed that I could still do a reinstall of my OS and then access those backup files.
I've been giving the task to go to a Linux console as root. and generate a ssh rsa 4096bit key, and copy the private key to a USB drive.
1) What command should I use here? ssh-keygen -t rsa -b 4096 ?
2) Do I need to append the new private key to the authorized_users file? Which file exactly must be appended there? Would this be sufficient?
mkdir -p /home/myuser/.ssh
cat id_rsa_LOCAL.pub >> /home/myuser/.ssh/authorized_keys
Should any special permissions be applied to this file?
3) Which file must be sent to my usb drive so that I can take it home to connect with?
I can see my Suse 11 severs, ftp to it and sit up share folder but can't login as user from workstation as users. It IBM eServer 235 2X3.8Ghz Xeon, 6GB of memory with 6X73.6 Hard Drive got this message error; The following security events occurred since Thu Jan 20 19:29:40 2011:
type=APPARMOR_DENIED msg=audit(1295580702.142:653): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/var/lib/samba/unexpected.tdb" pid=4873 parent=1 profile="/usr/sbin/nscd"
type=APPARMOR_DENIED msg=audit(1295580702.234:654): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/var/lib/samba/unexpected.tdb" pid=4873 parent=1 profile="/usr/sbin/nscd"
Charles E. Hightower
Ht280@yahoo.com
charles@santech.net
Charles E. Hightower - LinkedIn
Working fine: ==> scp my_log-bin.01393[0-9] root@192.168.103.66:/backup/ error - No such file or directory: ==> scp my_log-bin.0139[30-99] root@192.168.103.66:/backup/
View 4 Replies View Relatedwe have two work computers, one with windows and one with Ubuntu. We are going to change the windows computer to Ubuntu, and put them on a network. So we copied all of the documents on the windows computer to the Ubuntu computer as a first step. The problem is, with the documents and folders that we copied, if they have spanish accents we can't open them.I tried looking on the forum but I didn't find anything about exactly that problem. One post suggested that the "locale" might be the problem, but our locale seems to be the correct one for our country and language.
The accents show up as white question marks inside a black diamond. If I open a file inside a folder with an accent, or a file with an accent, it tells me that the file doesn't exist.But when I change the name of the containing folder or the file, and replace the question marks with accents, I can open the folders and files.But we have lots and lots of documents, and it would take a really long time to change the name of all of the folders and files. How can I fix all of them at the same time?
Is there a way to report the contents of the file cache held on RAM?
View 1 Replies View Relatedhost Fedora 12 64bit
KVM virtualization software
I have 8 VMs on this virtual machine running different OS. Can VMs be moved/copied to another PC of similar hardware config running Fedora 12 (64bit) as host and KVM
If Yes, whether copying following files,
e.g. copying following files and paste them on the same /path/to/directory
[root@fedora12 satimis]# ls -l /etc/libvirt/qemu/
Code:
total 52
...
-rw------- 1 root root 1293 2010-01-14 22:48 vm01.xml
-rw------- 1 root root 1293 2010-01-11 17:19 vm02.xml
-rw------- 1 root root 1302 2010-01-11 19:11 vm03_ub9164.xml
[Code]....
### TO DO: Determine the report file name based on the source directory name and current date### The report name and thumbnail directory must follow this pattern: source-%j-%H### for example, for pictures in /home/you/pictures, the file name will be: pictures-%j-%H### HINT: Use sed to extract the directory name from the path and combine it with date command output
View 1 Replies View RelatedI finnaly put my hand on a mini-itx board with the AMD E-350 2 cores Zacate CPU with ASROCK E350M1 E350 A50M R with 4 GB ram. I installed fedora 14 64 bits first, than 32 bits lastly and in both case, linux fedora 14 reported only 2.6GB of my 4GB ram. On the bios, I read 4096MB with 384MB shared.
I booted a cd with memtest86 V4.20, and it reported 3709MB of ram, that seems ok. under linux fedora 14: free -m, show: 2637MB, under monitor, we can read, 2.6GiB
Is is possible to create a report which contains every Disk usage status, Exim mail q , and etc and generate it into the excel files monthly.
View 4 Replies View RelatedI don't know what bugzilla wants to know. I tried to create a new report, but I failed at the first page/question. THe page ask me to enter a classification. But I don't know want that could be. I check multible times but I got always just a big red EM. What's to enter at 'named tag' and at 'to bugs'?
View 4 Replies View RelatedI've been running Fedora since core 6, am on 13 now, always with KDE. I upgraded but also did fresh installs.I'm typing, in oo.org, Kile or Kate. Suddenly, without warning, the File menu is selected - mind you, without me clicking the mouse or pressing alt-F or anything. Just typing text.
Or how about this: I'm typing again. All of a sudden the direction changes from the normal left to right to the Hebrew right to left. I think I only pressed ctrl-s to save... Did I?
I can't reproduce any of it, although it seems to be related to Kate based editors and using alt-tab to switch windows. Like the alt key hangs digitally. Is it Linux, Fedora, KDE or Kate? (it can't be the computer, this has happened to me on several distinct machines) Where do I report this, to get a fix?
when i am prompted to send a bug report i am given two choices. either i ll use bugzilla or logger. which one should i be using?
View 2 Replies View RelatedI don't need to be advised if a printer job failed on my screen. I am sitting beside the printer. I know someone needs that feature but how do I turn it off.What software is responsible for putting a printer icon up and then giving me this output? And will that software accept a request to change the default behavior?
View 3 Replies View Relatedjust installed Fedora 13 on a pentium 4 laptop by Dell, with 1 Gb RAM.
As I opt for Compiz, it cannot start, there is a black pop up saying Crash, and some numbers follow. How can this be fixed?
Should I install KDE?
Is there an update of software?
I can opt for Compiz but worry that it will be faulty. That is the second attempt also produced the crash warning pop up but gave me the option of keeping it or going back after about twenty seconds, with the figures on the screen. I played it safe. Also can I try it, and manually go back?
Error report shows Compiz killed by Signal 11 SIGSEGV, this was added after post 9.
I coundn't log in fedora anymore. Everytime i try, i receive the report "unable to open session".
View 6 Replies View RelatedWondering if anyone knows what the range specification is meant to do for the colonHAIN at the top of the iptables file? e.g. what is the 1:76 range mean for :OUTPUT ACCEPT [1:76] ?
# Generated by iptables-save v1.4.1.1 on Sat Dec 19 12:28:00 2009
*filter
:INPUT ACCEPT [0:0]
[code]...
since I upgraded to F15 I noticed that "su -l" is very slow, it takes about 20sec before it gives the prompt. I traced it down to a problem with "xauth" as su asks for the authorization for the display running "xauth nlist :0" which times out with an error. Actually, the command "xauth nlist :0" by itself gives:
xauth: timeout in locking authority file /home/user/.kde/tmp-host.domain/xauth-200-_0
If I put SELinux in permissive mode both command work without problem so I suppose SEL is the problem. I checked the permissions and settings of the file which is "unconfined_u:object_r:config_home_t:s0" but I have no idea if this is the right value, running "restorecon" on the file, directory or the whole /home/user didn't change anything.
why I can't open this file.
[root@localhost fedora]# gedit /etc/var/log/rkhunter/rkhunter.log No protocol specified (gedit:24869): Gtk-WARNING **: cannot open display: :0.0 [root@localhost fedora]# gedit /var/log/rkhunter/rkhunter.log No protocol specified
There is absolutely no reason why it can't be opened. I opened it just fine earlier and now it won't open up for inspection.
I was wondering how to password protect certain file folders?
View 6 Replies View RelatedHow to do an easy file integrity checking on fedora 11 ? just to make sure that the necessary core os files are not corrupted using rpm and yum.
View 2 Replies View Related