General :: How To Trace And Remove Intruders
Jan 9, 2010
When I log into Mint8 ,for example, the bottom bar (task bar) shows activity I did not start eg, keyboard amongst others. System logs are suspicious:
an 9 22:23:24 patti-desktop dhclient: DHCPACK of 192.168.0.100 from 192.168.0.1
Jan 9 22:23:24 patti-desktop dhclient: bound to 192.168.0.100 -- renewal in 40777 seconds.
Jan 9 22:23:24 patti-desktop NetworkManager: <info> DHCP: device eth0 state changed preinit -> bound
[code]....
'patti-desktop' is not the user I'm trying to login to but its was and still exist a group (ops). Also having difficulty using sudo but that might be my error. Is there a program I can use see what is going wrong correct it.
View 12 Replies
ADVERTISEMENT
Mar 23, 2010
Well I have been using linux for sometime, and have kept strong passwords for every user account. But recently I noticed when we boot into run level 1, it does not ask for any password.This means that anyone can turn on my computer in my absence, on grub menu press a, then 1 to append 1 to the kernel arguments, which will make my system boot in run level 1.It won't ask for any password. Once in run level 1, the intruder can easily access my files, copy them, change their permissions, change even the root password.
Now how can I make my system more secure? Is there a way to get detailed info of each log in session, like which user, which run level, for how long and things like that?
View 4 Replies
View Related
Jun 3, 2010
I am planning a trip for a few days and I will be staying at an inn with Wifi access. All the guests are allowed to use it. A friend of mine has been there, he told me there are several other private spots around the house, i.e. lots of other people using Wifi. My friend told me the inn uses WEP, so who knows how many times their access point has been hacked and accessed without permission...
My concern is that I will be there for a few days with my notebook, I will have to work once in a while, connected to the Internet. Is there some precaution I should take to protect my notebook from intruders? Is it advisable to install a firewall in my notebook (iptables?) or am I just overreacting? Is it possible for one of the guests or neighbors to break into my notebook?
View 8 Replies
View Related
Oct 14, 2010
Is it possible to add support for POSIX Trace to my Ubuntu?
# getconf _POSIX_VERSION
200809
# getconf _POSIX_TRACE
undefined
View 2 Replies
View Related
Jun 20, 2011
I am trying to turn Trace off on Apache/2.0.52. From one of the previous postings on this site it was stated that TraceEnable should be used for newer version of Apache (1.3.34+ or 2.0.22+). However, when I tried to use the man pages to get some information on how to use the command I got "No manual entry for TraceEnable". Can you tell me what version(s) of Apache supports this command?
View 8 Replies
View Related
Apr 17, 2011
I'm using FC14_64
How can I check if there are intruders or hackers in my system and how to boot the hell out of my system?
View 9 Replies
View Related
Oct 1, 2010
Many of us maybe are afraid to by the fact that others are using our wireless connection (without permission of course). What is the command I have to run on the terminal in order to list possible logs of intruders?
View 2 Replies
View Related
Feb 20, 2010
if we wish to know who connect what time and from what host or ip address and logout and what he did, or what was activities.
View 9 Replies
View Related
Mar 28, 2011
I've taken a project to work upon tracing of runtime activities on unix system into a log file. Like, to implement a program which will show the log of everything happened in past, including many requirements, like applications i used (with the time of access), kind of files/directories i opened, closed, created, deleted(with the time), etc.
View 2 Replies
View Related
Aug 11, 2010
Kernel 2.6.21.5, GNU (Slackware 12.0).
The following are two extracts from /var/log/messages.
Code:
Aug 10 17:29:52 darkstar sshd[11675]: reverse mapping checking getaddrinfo for 116.214.25
-66.del.tulipconnect.com [116.214.25.66] failed - POSSIBLE BREAK-IN ATTEMPT!
Aug 10 17:29:52 darkstar sshd[11675]: Invalid user plcmspip from 116.214.25.66
Aug 10 17:29:52 darkstar sshd[11675]: Failed password for invalid user plcmspip from 116.
214.25.66 port 40032 ssh2
[Code]...
View 3 Replies
View Related
Jan 13, 2010
I am trying to send a mail using sendmail, status says sent and quied for delivory but I am unable to find the message where it gone to or where it is.
I am using Redhat 5.4
My domain is -- mydomain
my host - redhat
Jan 13 23:41:05 redhat sendmail[4116]: o0DIB3bE004116: from=root, size=53, class=0, nrcpts=1, msgid=<201001131811.o0DIB3bE004116@mydomain.co.rw>, relay=root@localhost
[Code]....
I dont understand this last line (I think) it says the mail sent but and quied. Where is he quing, is it on the remort mail relay or in the local machine
I used mailq and mailq -AC both shows 0 entries
View 2 Replies
View Related
Sep 3, 2009
OS :red hat 4.2 oracle EBS SUITE Applications:11.5.10
Iwould like to install Proxy(Apache) server on linux.is it possible?
I would like to trace the user activities by proxy server. we are running many applications on that.How to trace that.is there any server better than Apcache?
View 3 Replies
View Related
Jan 1, 2010
I just did a fresh install of Kubuntu 9.10. The GUI regularly locks up. I can SSH to it from another machine everytime it locks up. Top shows Xorg consuming 99% cpu. I think downgrading the nvidia driver to 173 from 185 helped reduce the lockups. Before they seemed very random and very often. Now it seems to happen when copying a large amount of files over the network but I'm not entirely sure. It ran the electricsheep screensaver all day today with no problems and the RSS euphoria GL screensaver all day yesterday. If I copy 2GB of files from one local directory to another no problem, if I do it through cifs mounted samba shares it will lock up for sure. Small amounts seem ok. Apt-get install has had some lock ups too.
I don't really know how to trace what's going on beyond installing ssh and finding out that it's totally alive inside. I don't know what to look for in log files nor which ones to look at. I didn't recognize anything wrong in Xorg log. In the system log I look for the time gap between when it locked up and I shut down and when I rebooted but I didn't notice anything.
View 1 Replies
View Related
Dec 2, 2010
I manage a dedicated webserver running OpenSuse 11 which is currently hosting about 30 sites. I have never had any big problems until these last 2-3 months. One site after the other was being hacked and the unwanted visitor installed all kind of php shell scripts followed by torrent servers, ... etc. All hacked sites were sites using Joomla, so what I did was to close down those sites one by one. Well, I guess we all know Joomla is not a great solution if you just install it out of the box like those users were doing.
When trying to trace the intruder only some african junk IPs and IPs from a company selling VPN connections thru paypal show up (yeah great, love those guys ... do they really think that serious VPN users will pay with paypal) I checked all apache and FTP logs (yes, he even managed to get some FTP login) but only those damn 'proxy' IPs come up. The weird thing is that the guy seems to know how the server was 'build' since he manages to copy stuff from one site to the other. That is why I am suspecting someone who worked for a clients company, but I need proof. One way would be to let him hack a site and try to feed him something that would make him traceable, but what?
View 9 Replies
View Related
Jan 20, 2010
I am using pidgin for google chat. Is it possible to know the IP of the person i am chatting with?
View 4 Replies
View Related
Jan 11, 2010
How to trace the energy information from the trace file. also how to change the energy drain in faster manner.
View 2 Replies
View Related
Dec 30, 2008
I fear that an attack or an entry in my PC has occured, how to find the trace of the attacks.
View 3 Replies
View Related
Feb 14, 2010
Does Linux have a way to trace writes to a file?
For each write, I would like to know the time, date, process id, user, file position, byte count, and the data written.
I could use this with a script to replay the writes to a backup of the original file, and reproduce the file contents as they were at a point in time.
View 4 Replies
View Related
Jun 10, 2011
This is a trace-all the files so that you can imagine my trace file format.
Code:
+ 0.1 1 0 cbr 164 ------- 1 1.0 0.0 0 0
- 0.1 1 0 cbr 164 ------- 1 1.0 0.0 0 0
r 0.111312 1 0 cbr 164 ------- 1 1.0 0.0 0 0
[code]....
View 10 Replies
View Related
Sep 6, 2010
it is possible to trace ipaddress manually.Wondering whether a bash script could do the same without manual intervention. Kindly enlighten on this topic.
View 2 Replies
View Related
Mar 23, 2010
Slackware 12.2.0, 2.6.27.7,ibm thinkpad a21m, current patches, xfce 4.6 laptop runs continuously uptime 261 days once till power outage it was running, opened the lid, couldnt get any response from xfce, tried to ssh but couldnt, checked logs after reboot, couldnt see anything weird, message log set a mark a few minutes before i powered down and rebooted is there anything else i can check for possible lock up?
View 6 Replies
View Related
Dec 5, 2014
The usual answer is debian's ldd(1) and I found broken things due to past lib abuses I previously hadn't understood I'd did - or rather hadn't realized because by looking it "looked ok and worked" - but i had problems. many i fixed.
After I ran a new script: it showed some i'd STILL missed after carefully re-doing /lib by hand (and using /var/lib/dpkg/info/libs.list)
I just made something that might be nice. seems to be the only thing that does it. but its' small and quick and has (tty/stdout) output still.
the had part isn't finding info, objdump(1) does that wonderfully : it's using it..
View 4 Replies
View Related
Jul 26, 2011
I'm trying to install Fedora as part of a tri-boot system on my desktop machine. This machine has been running Windows 7 since launch and now I've decided to free up some space on my primary HDD to test out both Gnome 3 (I've used Gnome 2.32 and earlier before and it wasn't for me) and KDE to see which of these desktops suit me better and whether they can effectively replace my Windows install. With Ubuntu going the way of Unity, I decided that Fedora was the choice for me.I proceeded to setup a Fedora live USB using UNetBootin and booted it up, and followed the install instructions, ensuring to set Windows as the default boot option as it is to remain my primary install. I set up my primary Fedora partition with 100000MB, my swap partition with 2410MB and a 1GB boot partition (leaving me with around another 100GB of unpartitioned space for a future KDE install). This, I hoped, would allow me to see the lovely GRUB splashscreen defaulted to Windows, and if I wanted to try out Fedora I could simply change the option by scrolling down, similar (but reversed) from my dual boot debian/vista laptop.
However, upon booting up the system I was greeted with only the standard boot I had previously had before the Fedora install, with no hint that any change had occurred. I have confirmed that the Fedora install does exist however via the Disk Management tool on Windows. Can someone please help me in getting a GRUB boot/splash screen so that I can boot the Linux partition if I want?
View 11 Replies
View Related
Dec 14, 2010
I installed NoScript and Allowed some pages. I clicked RESET and then uninstalled NoScript via the Firefox AdOns window. But when I "reinstall" it it still has sites from my previous browsing Allowed plus settings from my old install. How do I completely erase all its settings so that when I reinstall it it is like it is a fresh/brand new install? I used to be able to do this with CCleaner for Windows.
View 1 Replies
View Related
Mar 21, 2011
I am using kernel 2.6.29 on my embedded device, and enabled config option Support for tracing block io actions after compiling kernel making its zImage (for porting to device) the folder block compiled all files of blktrace and created .o files.... After porting zImage to my embedded device when i try to run blktrace on it, it give me response "blktrace : not found" Any body have an idea? how to trace any embedded device using blktrace?
View 2 Replies
View Related
Apr 28, 2011
I'm using Firefox on 10.10. I haven't installed crazy stuff on my machine as far i can recall (i used the repositories, except for gtk+3) and i didn't go to any weird website either, same traffic as usual. The only weird thing was that my internet connection was abnormally slow this morning.
Today though some "http://www.browsersearch.org/" imposes itself on my browser even though my homepage is set to www.google.com. I can't figure how this happens nor how i can get rid of it.
Can anyone help me trace this?
View 3 Replies
View Related
Aug 31, 2010
In a kde terminal, apt-get was installing gem when it asked me to restart the kmn daemon (i'm not sure about the "kmn"...) and i hit "yes" when the gui dissapeared and fell back to tty1. I waited a while and then restarted the system but kde didn't start automatically (it used to be so). I tried "startx" and "startkde" but they are unknown.
I don't know linux this deep so i don't know what to check or how to trace down this problem.
View 10 Replies
View Related
May 11, 2011
i have a usb pen (kingstone 8 gb) the sistem does not recognize it, maybe due to the fact i have not safely removed it the last time. i do fdisk -l but it does not appear in the list in /dev no trace of it.
View 3 Replies
View Related
Jul 28, 2010
Alright, I have a network trace file that I want to parse through.
The file looks like this:
+ 1.002 /NodeList/1/DeviceList/0/$ns3::PointToPointNetDevice/TxQueue/Enqueue ns3::PppHeader (Point-to-Point Protocol: IP (0x0021)) ns3::Ipv4Header (tos 0x0 ttl 62 id 0 protocol 6 offset 0 flags [none] length: 40 10.2.1.1 > 10.1.1.1) ns3::TcpHeader (49153 > 26 [ SYN ] Seq=0 Ack=0 Win=65535)
- 1.002 /NodeList/1/DeviceList/0/$ns3::PointToPointNetDevice/TxQueue/Dequeue ns3::PppHeader (Point-to-Point Protocol: IP (0x0021)) ns3::Ipv4Header (tos 0x0 ttl 62 id 0 protocol 6 offset 0 flags [none] length: 40 10.2.1.1 > 10.1.1.1) ns3::TcpHeader (49153 > 26 [ SYN ] Seq=0 Ack=0 Win=65535)
[Code]....
View 2 Replies
View Related
Sep 10, 2010
I want to create VBR traffic,I created file which contain two 32 bit fields.But When I execute tcl program with this.No pkt transfer is shown.When same program I tried with example-trace ,i saw pkt transfer.Containt of my traffic trace file is as follows :
[Code]...
View 4 Replies
View Related
