Security :: Fedora System Compromised But No Changes Made?

Jan 25, 2011

The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.

The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.

View 2 Replies


ADVERTISEMENT

Fedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?

Apr 13, 2011

this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:

Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]

[code]....

View 5 Replies View Related

Fedora Security :: "Your System May Be Seriously Compromised"

Feb 21, 2010

I just found these in my setroubleshoot logs and what the hell is going on:

Quote:

Summary:

Your system may be seriously compromised!

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux has prevented semodule from modifying $TARGET. This denial indicates semodule was trying to modify the selinux policy configuration. All applications that need this access should have already had policy written for them. If a compromised application tries to modify the SELinux policy this AVC will be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context staff_u:staff_r:staff_t:s0
Target Context system_u:object_r:semanage_store_t:s0
Target Objects modules [ dir ]

[code]....

This isn't even the half of it either, there are other warnings in between them about netfilter_contexts unlink operations and /usr/sbin/semodule "rmdir" operations on modules.

All I can remember doing earlier was switching into permissive mode to change the type of a WINE application, the legitimacy of which - for system security purposes - I don't doubt. That, and generating policy for it which I tried running the install script for after changing the type didn't work. Neither of those actions seem like they'd try to remove the modules directory.

View 3 Replies View Related

Security :: Signs Of Getting Compromised

Jan 25, 2010

Today any web browser I use has randomly been brining me to URL... at random intervals.I've run chkrootkit from a live cd, and rkhunter, clamav, f-prot, and bitdefender, nothing's unusual.All the definitions were up to date.I'm wondering if its possible that my router got hacked. I'm not sure this is even possible, but it's acting weird. Tried reflashing its firmware, didn't fix it.

View 5 Replies View Related

Ubuntu Security :: Chkrootkit Log, Compromised Box?

Mar 28, 2011

Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected

[code]....

View 6 Replies View Related

Security :: Savannah GNU Site Compromised

Dec 1, 2010

A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings.

View 4 Replies View Related

Ubuntu Security :: Replacing A Possibly Compromised OpenSSH Key?

Sep 22, 2010

I have an OpenSSH server running on Ubuntu 10.04, and it works fine.

I'm concerned that my SSH key may have been compromised and would like to replace it.

I tried replacing keys before and reinstalling OpenSSH and SSH before but ran into terrible trouble so I'm asking for instruction before touching anything this time.

Code:
laeg@skyrocket:~/.ssh$ ls
authorized_keys id_rsa id_rsa.ppk id_rsa.pub known_hosts
Code:
laeg@skyrocket:/etc/ssh$ ls

[Code]....

So can I just synpaptic 'fully' uninstall SHH (although probably even less necessary than..) and OpenSHH, backup sshd_config, delete the two dirs referenced above, reinstall both packages, insert my sshd_config backup, and then start from scratch following the guides linked below?

View 9 Replies View Related

Security :: Compromised Systems Notify Hacker They Are Infected

Dec 4, 2010

I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?

View 4 Replies View Related

Security :: Gmail And Winnow.compromised.ts.jsexploit.5.UNOFFICIAL Malware?

Apr 26, 2010

second time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?

View 9 Replies View Related

Security :: Honeynet Challenge Results: Forensic Analysis Of A Compromised Server

May 7, 2011

I just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.

View 2 Replies View Related

Ubuntu Installation :: Restore System To 10.10 - Using A System Backup Made With REMASTERSYS - Grub Error 15

May 2, 2011

I am trying to restore my system to Ubuntu 10.10, using a system backup made with REMASTERSYS. When I reboot, I get the message: GRUB error:15 I found many threads discussing this issue, most notably here: [URL]

[Code]....

View 7 Replies View Related

Fedora Servers :: MySql Compromised - Access Denial On Really Clients

Feb 16, 2011

My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients.

View 2 Replies View Related

Ubuntu Security :: Monitor A Certain Partition / Folder To See If Any Changes Has Made

Apr 22, 2010

i need a way to monitor a certain partition / folder to see if any changes has made is there anyway of doing that ?

View 4 Replies View Related

Slackware :: App Identifies All Changes That Have Been Made To A System?

Jul 21, 2011

Is there an app that you can run before installing a new package etc and then after the install that will show you all the changes that occurred on your system as a result of installing the new package?

View 9 Replies View Related

Debian Installation :: Alterations Have Been Made To System?

Jul 16, 2010

Greetings to all from a 60-year-old computer hobbyist and Linux rookie making his first post here. Yesterday I completed a successful installation of Debian 5, lenny, and right now I want to learn what alterations or modifications have been made to my system. I have no complaint about anything at all, I just want to become prepared for any problems I might encounter later on.

1) At one point near the end of my Debian installation, I was asked whether the installer could add something into memory and I (hesitantly) let it do so without knowing what was actually being done. I have a multi-boot system with four versions of Windows installed prior to Debian ... and now my Windows 98 is able to see and access my third drive, a SATA.

Question: How did installing Debian make it possible for my Windows 98 OS to now see and access my SATA hard drive? It is my assumption Debian's installer has somewhere placed one or more drivers my BIOS/DOS now passes along at system startup. How can I make a backup of whatever Debian's installer has done there?

2) After installing Debian and my Windows 98 had begun seeing my SATA drive, I had to eventually re-install Windows 98 because the drive letter for its partition had been changed by the insertion of the SATA drive. At that same time, and while just leaving Windows 98 alone for a while, I had used NeoSmart's EasyBCD to add Debian to Windows 7's BCD ... but then my re-installation of Windows 98 over-wrote that and Windows 7's "startup repair" could never again make its own BCD work. After that, however, and after getting XP's "boot.ini" (including 98 and 2k) working again, a re-installation of Debian resulted in GRUB making a startup menu that now includes *all* systems.

Question: Why or how can/did GRUB find Windows 7 and add it in when Windows 7's "startup repair" could not make a working BCD (or could not make a BCD work) on its own? I have more questions ahead, but like I said: For now I just want to know what I have going on here so I can prepare for any problems I might encounter later. I have a lot of time invested in finally getting this multi-boot system running perfectly with Debian as its default OS and I do not want to have to go back to the beginning and do it all over again because something broke and I had no idea how to fix it!

View 10 Replies View Related

Ubuntu :: System Menu Items No Longer Appear After Change Made

Feb 16, 2011

On 10.4 my applications, places, and system menu items no longer appear, after I made a change (do not remember exactly what I changed, unfortunately) to the screensaver settings and rebooted. Tried to add the main menu item back to the menu panel but it is grayed out in the Add Panel dialog.

View 3 Replies View Related

Ubuntu :: Made Dual Boot With XP - System Freeze Or Hang Ups

Jul 15, 2011

I'm migrating from XP to Ubunta 11.04. My PC: Toshiba Sat A30-921 L/top CPU: Pentium(R) 42.84GHz RAM: 512Mb Display Adapter: ATI Radeon 9000 IGP K/board: std 102/103 PS2 Pointing Device: Alps PCMCIA Adapter: ENE CB1410 Cardbus Controller Wireless Adapter: D-LINK GDWA 610

The installation went well from start to finish. Made it dual boot with XP. Hooked in the Eth cable & went online right away. Then enabled the W/less network adapter - all OK. Using 'Classic', so it's just normal screen after boot. Problem is random 'Freeze' or 'Hang Ups'. It's hung 12 - 14 times in 2 days! K/brd T/pad frozen out. Only recovery is to use master power switch & reboot. NEVER hung in XP in 7 years! (done other bad things though) Does Ubunta have switch like Cntrl + Alt + Delete in Win?

Tried many combinations but to no avail. I've tried quite a few Linux flavours (from Live CD) & they all displayed the same fault!! Before it hangs, I've been able to browse around Ubunta Apps: Places: System: Firefox: Internet: etc. Where do I start to track the problem down? I'm vaguely familiar (XP) with Terminal & cmd line processor but dont know any of the codes used.

View 2 Replies View Related

Ubuntu Installation :: Install System Backup Made By Remastersys In EXT4

Feb 2, 2010

I have a question about ext4,remastersys backup : I have upgraded from 9.04 to 9.10 via the upgrade button in synaptics, so it means that the files system was not touched, which means that my system is still ext3 as it was when I installed the 9.04. I can make a backup of my system as it is configured right now (that's how i like it) using remastersys.

Can I install my system backup into my machine after formating it into ext4 or when I create a backup using remastersys it must stay in the files system as it was when it was backed up? The issue is that right now the 9.10 responds from some reason a little bit slower than my 9.04 responded (to everything e.g. open/close windows etc...) and I read in the forum that ext4 makes 9.10 run faster.

View 1 Replies View Related

Debian :: Execute Command Mactime In Order To Control Changes Made To The File System?

Apr 23, 2011

I am trying to execute command mactime in order to control changes made to the file system, but I am getting an error. I am running the shell as root, and it is the first time I run the command in this system - Debian Squeeze up to date. The I/O is as follows:

# mactime 3/1/2011
cannot exec /bin/date: No such file or directory
cannot exec /bin/hostname: No such file or directory
cannot exec /bin/uname -n: No such file or directory
Cannot open /var/cache/tct/data/Amnesiac/body: No such file or directory

The first three lines of output are the ones that are worrying at the moment; I am not concerned with the last. Although error messages suggest the programs date, hostname and uname do not exist in /bin directory, they are available as shown by

[Code]...

View 3 Replies View Related

OpenSUSE Install :: Configure The System To Automaticly Change Wallpaper And The Standard Icon Theme To A Custom Made?

Apr 8, 2010

How do you configure the system to automaticly change wallpaper and the standard Icon Theme to a custom made.

-If Im not mistaken, it must be something to do with the option to make a script at the end of the installation, -Ive seen the option in the creation,

View 4 Replies View Related

Fedora Security :: How To Become The Root On System

May 8, 2009

i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?

View 9 Replies View Related

General :: Checking If Computer Is Compromised?

Feb 5, 2010

I run Ubuntu 9.04 and was recently told by my university that my computer is massively port scanning the network. I am interesting in learning more about figuring out what is happening to stop it, but I am lost at where to begin. What steps should I take (or files to look at) to figure out what is happening?

View 3 Replies View Related

Fedora Security :: Encrypt System During The Installation

Jan 17, 2010

Is the encrypt system during the install part of the SE Linux or is a whole other thing and another question maybe a sounding a little conspiracy but SE linux is made by the NSA can I trust SE linux and it not be a backdoor to my stuff

View 4 Replies View Related

Fedora Security :: How To Viruses Infect A System?

May 25, 2010

I am a very new Linux user. My first OS is Fedora 12, which I just recently installed into my laptop. So far, I am thoroughly enjoying it. I do have a question bugging my mind though. Linux systems are known to be very safe from viruses, mainly due to programmers targeting the Windows platform. In Windows, common methods for virus infections are from infected executable files, external drives autorun... ETC.

Now my question is how do viruses spread into a Linux system? And with so few viruses known to exist for Linux systems, do I really need to be aware and take precautions for viruses (For example in Windows, disabling autorun function for external drives)?

View 14 Replies View Related

Fedora Security :: Slow - No System Updates ?

Oct 4, 2010

My system went for three days w/o a software update... Is this normal(anyone experiencing this?)...?

It seems like to me.. Fedora 13 has a longer update interval than Fedora 12.. I remember back in Fedora 12 I get security updates like every other 12 hrs.. (I know as with security patches the less the "better"(in some way))..

But I am still concerned.. security updates has been slow for me.

View 3 Replies View Related

Fedora Security :: Check If There Are Intruders Or Hackers In System?

Apr 17, 2011

I'm using FC14_64

How can I check if there are intruders or hackers in my system and how to boot the hell out of my system?

View 9 Replies View Related

Fedora Security :: Make The Root File System Read-only

Jun 23, 2009

I am interested in making the root file system is read-only. I've moved /var and /tmp file systems to another partitions. There are two files in the /etc directory that need to be writable.

These are:

I've moved this files to /var and linked it. I've added command to the /etc/rc.d/rc.local file:

That's it. Are there other solutions to make the root file system is read-only?

View 1 Replies View Related

Fedora Security :: System Is Continuously Hang When Log To Yahoo Webpage?

Dec 6, 2009

i am afraid that some one palying in my fedora 12 system , " hacked " first i got this message when i log to my broadband internet provider

Quote: You have asked Firefox to connect securely to ******, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

[Code]...

then when i log to yahoo mail , my system hang for a while then continue. how do i know that my system is secure ? what are the steps i should follow to secure my system ? i am still newbie and i dont have time to spend it in search in google or reading blogs

View 2 Replies View Related

Fedora Security :: Log Files Empty - System Does Not Allow Root To Login ?

Feb 2, 2010

For a month or so now, I have been enabling ssh and opening port 22. I cron'ed the start and stop commands to leave them open only a few hours a day. After a bit, I checked my logs to find that some IP or another was attempting to brute force my root account.

I took little real threat by the offense.

(1) my system does not allow root to login and

(2) it would cut them off sooner than later when my system issued the stop command.

fast forward

Today I log in to find that all of my log files, as viewed from the gnome log file viewer, were empty of entries from about noon yesterday and prior.

Though I haven't noticed anything at all out of the ordinary with my system, I would like to get more opinions on the matter. Would there be any conceivable way that this was an automatic system routine, a clean up action of something? Additionally, if I was indeed the victim of a hack, what can I do to further protect my system (keeping in mind that I do want to access my system via ssh from time to time)?

View 4 Replies View Related

Fedora Security :: Encrypt Ext3 / Ext4 File System?

Jan 6, 2011

I want encrypt my fedora file system.
How to i can encrypt ext3 or ext4 file system.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved