Security :: Credentialed Foundstone Scan Against RHEL5.5 Won't Connect
Oct 27, 2010
Our org uses Foundstone. I gave them a wheel user and verified connectivity with putty from their server to my RH box. Foundstone never makes it in and I don't see anything from faillog, sshd logs, etc.
how to automount USB devices read-only for security in RHEL5? I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.I've hunted around and I can't find a clear answer and my various attempts have failed. I've looked at /etc/auto.misc, UDEV, and HAL. Here's where I'm at which isn't working.I have RHEL5 and from what I can tell HALD manages the automounting. HAL seems to have 2 primary directories:
/etc/hal/fdi -and- /usr/share/hal/fdi
The difference between the two is unclear to me.Based on some examples, I created the following file:
No matter what I call this file or where I put it, any USB device still mounts RW. How do I fix this? Am I correct that HAL is the right place? Looking through dmesg, it sure looks like HAL controls this, but maybe I'm wrong? I've also made various attempts to solve this with UDEV and /etc/auto.misc, so if it is one of those, I clearly don't know the correct thing to do there.
I've read that there are a lot of rootkits that exist for linux. MS Windows has tools where you can boot a "portable" scanner from a CD and scan your whole Windows installation for rootkits. This way you can even scan boot sectors because you are never actually starting your installed Windows.
Is there anything available like this for Ubuntu? Is there a scanner I can run off the LIVE CD for example to scan my ubuntu installation for rootkits?
I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .
Name of File /usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4 Name of Problem Heuristics.Broken.Executable Status Loose
I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.
1). What is the console command to scan all of Fedora, not just a specific directory, but the entire computer?
2). Even tho I have consulted the CLAM AV site on how to update to the latest virus signature database, I don't either understand what they are telling me to do, or I am not "getting" how to do it.
I've installed ClamTK on my Kubuntu 9.10 installation, since it's connected to a Windows7 machine.When I ran a scan, it found 9 'viruses', but they are all within my home directory > Opera/mail/store and are either status Phishing.Heuristics.Email.SpoofedDomain OR HTML.Phishing.Bank-593.I recently synced my Hotmail into Opera, so I checked the corresponding dates in my Hotmail account and deleted the emails which I thought were related, however, after clearing down my Opera history, etc., re-booting my PC and re-scanning, the results are the same.How do I clear down these files?
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
I am a newbie in ubuntu. I did clamscan on my ubuntu /, and I got the result message as follow. it shows "486 errors" I am wondering if the result is OK or I need to do some action on it.
Known viruses: 968595 Engine version: 0.96.5 Scanned directories: 28067 Scanned files: 131696 Infected files: 0 Total errors: 486 Data scanned: 9020.40 MB Data read: 17800.31 MB (ratio 0.51:1) Time: 1349.479 sec (22 m 29 s)"
Also, my engine is 0.96.5. The latest version is 0.97. But "aptitude upgrade" can not upgrade the engine to 0.97. I understand 0.97 is still on testing. I am wondering if I can just stay with 0.96.5 and wait for the 0.97 passing all tests. if so, does it cause any security issue?
I had a hack on my oscommerce website recently. I have put in the relevant security patches but I need to check whether the hacker left any code changes in my files. What is a good file comparison software for linux? I need it to scan though the current files and folders and compare it the original default oscommerce installation so I can check the code.
Ok, so a few weeks back my 6 year old daughter wanted to scan a picture she had made for a school project, I hadn't used my AGFA snapscan e20 for years, Infact it had been in a box for more than 5 years.
anyhoo I thought I'd give it a go and with some doubt plugged it in. Much to my joy and my daughters joy it just worked, there was life in the old dog still So two or three weeks on after I've installed a kernel update as well as others on my daughters Dell Optiplex GX620 Ubuntu 10.04 LTS (2.6.32-30-generic #59-Ubuntu SMP), my multi operating system literate 6 year old has drawn another master piece and popped it in the scanner only to recive the following error from simple-scan
What I'd like to know is, 1, How do I remove the entry for the scanner in simple-scan (ahh the old reinstall never fails) 2, why am I getting nothing back from my tail 3,Why did it break in the first place? 4, how to fix it (if not with a reinstall)
Please help as I don't want to break the "My Dad can fix anything" illusion my daughter has just yet.
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
I use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.
So I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.
Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.
How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?
I have network shares automounted in /media and I want to exclude them from my automatic scheduled ClamAV scan in Maverick. How do I do this? I can't find any CRON link or script that actually starts the scan. Is it the Daemon that does this?
I am working to create a new base image for our RHEL5 setups, and I wanted to make sure we are creating a functional, but secure, image. Can anyone point me to some writeup's that might provide some illumination on this potentially daunting task? Basically, I'm concerned about what packages are okay, which should be avoided, and what other caveats that I might not think of when putting this together.
I have an Atheros ar2427 chip in my Asus EEE 1001P and I'm using WICD to configure it. I can scan for wlans, but I can not connect. I installed the compat wireless package from yast and I downloaded the source from the compat wireless site and tried to compile it (which seems to be the solution for Ubuntu) but I got an error and an interesting warning
I bought this wireless card because alot of people said it worked out of the box and it almost worked... Ubuntu recognizes it and the wireless module is activated I just can't seem to scan for networks or connect to them... So I am listing some outputs for you guys and hopefully there is an easy fix.
How to connect disks from iSCSI array and from SAN network. I found that it is possible to establish iSCSI on solaris by using COMSTAR [url]
Questions: Could you give me some tutorial how to do this ? I don't have of course SAN network in my home lab and iSCSI array too, is there some way I can simulate this on VBOX or VMWARE ?
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
I'm looking for a virus scanner to scan some removable media (USB drives, mp3 players, etc). Since there's so many choices to choose from, can anyone recommend any?
I've heard a lot of people recommending clam av, but everything I've read suggests that clam av is better used for scanning e-mail servers and not home desktop application...
I have a Cent OS dedicated server, not sure what version though as I'm new to Linux. How do I find out what version I have? Is there an anti virus or security package that I can install on my server which can use Cron Jobs to do a scan every 12 hours.
I installed squeeze on my eeepc 1015ped and downloaded the correct firmware-brcm80211 drivers but every time I scan for my network using iwconfig wlan0 scan or wicd, my computer completely freezes. I previously had a solid install running xmonad, and wicd was working like a charm (using the same broadcom driver) but i tinkered too much with it and decided to do a fresh install. I haven't quite run into a problem like this before.
This is the difference in the output of a port scan using Zenmap on the same system with UFW turned off and then with it turned on. It is obvious that UFW works.