I run Ubuntu 9.04 and was recently told by my university that my computer is massively port scanning the network. I am interesting in learning more about figuring out what is happening to stop it, but I am lost at where to begin. What steps should I take (or files to look at) to figure out what is happening?
View 3 RepliesFedora 14 xfce
HP Mini 210
I am looking to buy some memory for my netbook. Currently I have 1 GB of DDR3 memory. However, the specification says that 2 GB of memory is the max. However, when I do the following it says that 4GB is the max:
[Code].....
Sometimes at startup I get this message "Checking disk 1 of 1". Does that mean it's checking all partitions on the hd? After a bad shutdown there is no prompt for fsck to run and the system just boots up. In fstab I have both options set to "1" for the partition Ubuntu is on, all others set to "0". Any ideas on both?
View 3 Replies View RelatedToday any web browser I use has randomly been brining me to URL... at random intervals.I've run chkrootkit from a live cd, and rkhunter, clamav, f-prot, and bitdefender, nothing's unusual.All the definitions were up to date.I'm wondering if its possible that my router got hacked. I'm not sure this is even possible, but it's acting weird. Tried reflashing its firmware, didn't fix it.
View 5 Replies View RelatedLooks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
[code]....
A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings.
View 4 Replies View RelatedThe infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.
The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.
I have an OpenSSH server running on Ubuntu 10.04, and it works fine.
I'm concerned that my SSH key may have been compromised and would like to replace it.
I tried replacing keys before and reinstalling OpenSSH and SSH before but ran into terrible trouble so I'm asking for instruction before touching anything this time.
Code:
laeg@skyrocket:~/.ssh$ ls
authorized_keys id_rsa id_rsa.ppk id_rsa.pub known_hosts
Code:
laeg@skyrocket:/etc/ssh$ ls
[Code]....
So can I just synpaptic 'fully' uninstall SHH (although probably even less necessary than..) and OpenSHH, backup sshd_config, delete the two dirs referenced above, reinstall both packages, insert my sshd_config backup, and then start from scratch following the guides linked below?
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
View 4 Replies View RelatedMy Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients.
View 2 Replies View Relatedsecond time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?
View 9 Replies View RelatedI just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.
View 2 Replies View RelatedI chose Mint 8 Fluxbox and have the iso. I cannot figure out how to check the iso for errors and the MD5 signature.I'm using Windohs XP so I tried to install MD5sum.exe. When I double click on it to run it all it does is flash and then nothing.When I type in the commands it says it can't find it or it can't read it or something.I may be typing the commands incorrectly. I'm just not understanding.I need to check the iso for errors but can't understand how to check it.
View 5 Replies View RelatedI'm trying to determine if IE is viewing my web page with the following HTML code:
Code:
But I don't see anything except "Test for IE". It is like the tests are being treated as comments? Do I need to turn something on in the server?
I'm writing and correcting API documentation in Sphinx using reStructuredText. Does anyone know of a good spellchecker that will handle this format, or a bunch of Unix/Linux tools that will allow me to use Aspell with it?
View 1 Replies View RelatedI am using Red hat on my laptop and normally playing in the console. As I only plug in the battery supply when the battery is down and going form console to GUI just to check the battery status is quite cumbersome , So was wondering if the status can be checked form the console itself.
View 5 Replies View RelatedCan I have parity checking without a raid? I would like to have parity checking but I want to maintain separate and independent drives so that if one day I decide I want to bring one of my drives to Bob's house I can do so. I Do understand that when I bring the drive to Bob's house it would at that point mess up the parity checking.
View 5 Replies View RelatedI need to check the file name e.g. testbla_word.txt
Is theire a command to search for only "bla_"?
So mainly, to check a part of a filename (not the entire filename, only a part of it)
I am logged in as root to my server and trying to get to the mail of a particular user (not root). I have created a mailbox in the 'prohosters' interface (a bit like cpanel) for johnny@john.com (under linux user: 'j0hn' I think) but when running the 'mail' command from the command line only seem to get mail for the root user ... ?I'd like to get any new emails as well for johnny and output their contents -
View 1 Replies View RelatedI am trying to load a driver (xxx.ko) and uncertain if the path given is correct.
I do not have any direct access to my linux device, so I need a small script that will create a text file telling me if the file was found or not.
The free Windows application Speccy returns very useful information about the hardware + software installed on a computer. Before installing Linux as double-boot, I was wondering if there were an up-to-date Linux hardware database so that I could tell users to run Speccy, and then somehow check against that database to make sure their hardware is supported, so that I don't waste time trying to install Linux on unsupported hardware?
View 8 Replies View Relatedhow can i check from console where folders are mounted?
i want to be able to check what partitions certain folders are on.
now i have installed libqt3-mt-dev this error is solve but new error is comming this is followingly i didn't understand------------->checking for KDE... configure: error:in the prefix, you've chosen, are no KDE headers installed. This will fail.So, check this please and use another prefix!
View 8 Replies View Relatedchecking of services in Nagios. You all know the check_[service] command right? In the commands.cfg and windows.cfg. To check for the different types of services/ports, we just replace the [service] in check_[service] with the name of the port? I only know of check_http, check_ssh, check_ftp etc. Some ports like Finger, snmp etc, all these we also write it as 'check_finger', 'check_snmp'? 2) And, if that is the case, do we have to install additional plugins to monitor the ports defined earlier? 3) Lastly, if i want to monitor finger,snmp in windows server, would i need to download any software?
View 2 Replies View RelatedLooking for a command line tool for Windows / linux environment that can check a PDF file for any errors (not for repairing).
View 3 Replies View RelatedI need to know which files were added/modified/moved/deleted after compiling and installing an application from source code, ie. the command-line, Linux equivalent to the venerale InCtrl5.
Is there a utility that does this, or a set of commands that I could run and would show me the changes?
The following is sort of OK, although it includes the lines where changes occured
(eg. "@@ -2,6 +2,7 @@"), and "." and ".." that I don't need: Code: # ls -aR /tmp > b4.txt
# touch /tmp/test.txt
# ls -aR /tmp > after.txt
# diff -u b4.txt after.txt
Kernel 2.6.21.5, slackware 12.0
(Mozilla) Firefox 2.0.0.4
where the option to disable spelling checking is in FF? I think Edit>Preferences contains all of the settable options.
I need to know which files were added/modified/moved/deleted after compiling and installing an application from source code, ie. the command-line, Linux equivalent to the venerale InCtrl5.Is there a utility that does this, or a set of commands that I could run and would show me the changes?
View 2 Replies View RelatedI have one file called test.sh and in that file I have the below code. All this code is, is paths to three directories (as you can you can clearly see!).
Code:
#!/bin/bash
BACKUP="Documents /bin /sbin"
Now I have this other file which reads the directories (by using $BACKUP) and creates a tar file of everything in that folder. But what I am unsure of what to is create a bit of code that will simply look in test.sh, read all the directories and print a line saying either they all exist or some are missing. If possible it would be good to know which directories are missing too!
I have fiddled around with using -d but I can only get it to work for one directory or manually having to write out each directory.
I have installed thunderbird sometime back on Ubuntu.I want to know the date and time of installation. How can i get this information. I tried "stat thunderbird", but it did not give the installation time
View 6 Replies View Related