Today any web browser I use has randomly been brining me to URL... at random intervals.I've run chkrootkit from a live cd, and rkhunter, clamav, f-prot, and bitdefender, nothing's unusual.All the definitions were up to date.I'm wondering if its possible that my router got hacked. I'm not sure this is even possible, but it's acting weird. Tried reflashing its firmware, didn't fix it.
View 5 Replies
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies View RelatedLooks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
[code]....
A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings.
View 4 Replies View RelatedThe infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.
The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.
I have an OpenSSH server running on Ubuntu 10.04, and it works fine.
I'm concerned that my SSH key may have been compromised and would like to replace it.
I tried replacing keys before and reinstalling OpenSSH and SSH before but ran into terrible trouble so I'm asking for instruction before touching anything this time.
Code:
laeg@skyrocket:~/.ssh$ ls
authorized_keys id_rsa id_rsa.ppk id_rsa.pub known_hosts
Code:
laeg@skyrocket:/etc/ssh$ ls
[Code]....
So can I just synpaptic 'fully' uninstall SHH (although probably even less necessary than..) and OpenSHH, backup sshd_config, delete the two dirs referenced above, reinstall both packages, insert my sshd_config backup, and then start from scratch following the guides linked below?
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
View 4 Replies View Relatedsecond time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?
View 9 Replies View RelatedI just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.
View 2 Replies View RelatedI just found these in my setroubleshoot logs and what the hell is going on:
Quote:
Summary:
Your system may be seriously compromised!
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux has prevented semodule from modifying $TARGET. This denial indicates semodule was trying to modify the selinux policy configuration. All applications that need this access should have already had policy written for them. If a compromised application tries to modify the SELinux policy this AVC will be generated. This is a serious issue. Your system may very well be compromised.
Allowing Access:
Contact your security administrator and report this issue.
Additional Information:
Source Context staff_u:staff_r:staff_t:s0
Target Context system_u:object_r:semanage_store_t:s0
Target Objects modules [ dir ]
[code]....
This isn't even the half of it either, there are other warnings in between them about netfilter_contexts unlink operations and /usr/sbin/semodule "rmdir" operations on modules.
All I can remember doing earlier was switching into permissive mode to change the type of a WINE application, the legitimacy of which - for system security purposes - I don't doubt. That, and generating policy for it which I tried running the install script for after changing the type didn't work. Neither of those actions seem like they'd try to remove the modules directory.
I'm trying to follow this guide http://tech.blog.box.net/2007/06/20/how-to-debug-php-with-vim-and-xdebug-on-linux/ and I need to compile Vim with signs and python options.I have: downloaded the latest source with hg clone https://vim.googlecode.com/hg/ vim uncommented the signs feature in src/feature.hran ./configure --enable-perlinterp --enable-pythoninterp with no errorsran make with this output and errors that I don't understand and can't find on google:
$ make
gcc -c -I. -Iproto -DHAVE_CONFIG_H -DMACOS_X_UNIX -no-cpp-precomp -g -O2 -D_FORTIFY_SOURCE=1 -o objects/ex_cmds.o ex_cmds.c
[code]....
I'm having problems with the Empathy MSN on Ubuntu 10.10.I have searched the web but haven't found anything particular about this.I'm trying to log in but it stays on "Connecting" forever, doesn't go anywhere else.But it's still logging in, how do I know that?When I'm on msn on my other computer (which runs W7) and I try to log in into Empathy, I get signed out from my W7 MSN. This happens because I happen to log in from another place. In this case, that means that Empathy is logging me in, but it's still stucks on "Connection".
View 2 Replies View RelatedIs there a command for showing only the readable signs uit of /usr/bin/passwd?
View 1 Replies View RelatedIn my sudoers file, there are lines that begin with #, lines that begin with % and lines that begin with neither. The # is definitely being used to comment out lines, but what does the % do? Is it a comment marker too?
View 2 Replies View RelatedI run Ubuntu 9.04 and was recently told by my university that my computer is massively port scanning the network. I am interesting in learning more about figuring out what is happening to stop it, but I am lost at where to begin. What steps should I take (or files to look at) to figure out what is happening?
View 3 Replies View RelatedMy Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients.
View 2 Replies View RelatedI accidentally deleted the linux mint 8 that was on there due to a small issue discussed on another thread(long story followed by a stupid mistake). after then i reinstalled linux using the .iso i found on the website. all is well. I boot up linux on the external and it runs great. then i turn off the laptop and try to plug it into another laptop( which i used the external hard drive on before and worked) and it went through the bios screen but then after slight lag(5 seconds longer then usual) the blinking cursor in the top left corner would not display anything, anything meaning "booting GRUB" or any other signs of activity. after waiting some time i quit and tried it back on the other laptop, which it was just working on, only to get the same result. I am confused about why it would work the first go around but nothing past that.
The only thing i altered on the external after i installed linux was that i put my home directory into it( from another version of linux mint)
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies View Relatedubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View RelatedTo avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View Related1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies View RelatedDuring a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies View RelatedIs it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies View RelatedIs there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies View RelatedConky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center
IBM Internet Security Systems
Symantec Threatcon
McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
View 2 Replies View RelatedI already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
