Security :: The File Was Located Under /dev/ And Named "httpd" Totally Blank?
Sep 6, 2010
Iam currently having a security issue due to a uninvited intrusion happen few days back. I've been checking the server for any possible backdoor but i could not find any. anyway i've finally found a weird SSH login logger which will log any successful SSH connection"id & password" (scary). The file was located under /dev/ and named "httpd". Im totally blank now. Dont know where to start troubleshooting.
Mandriva 2009, BIND 9.5.0-P2. Named will start however I'm getting the above error as well as these:
14-Mar-2009 15:45:37.084 general: error: zone 0.in-addr.arpa/IN: loading from master file /var/lib/named/var/named/reverse/named.zero failed: file not found 14-Mar-2009 15:45:37.084 general: error: zone 0.0.127.in-addr.arpa/IN: loading from master file /var/lib/named/var/named/reverse/named.local failed: file not found
[code].....
Named shows to be running but with the errors above I know it's not running correctly. I also copied the above dir's over to /var/lib/named/var/lib/named which is where I 'believe' it's chroot'd at, though I could be wrong since I'm unfamiliar with chroot.
accidentally I do something wrong with my server and the httpd folder missing and I need it to setup my mail server and anyone can help me what can I do without reinstalling my Cent OS? Here is the error msg :
[root@mydomain etc]# service httpd stop Stopping httpd: [FAILED] [root@mydomain etc]# service httpd restart
I am using Cent OS 5.5 and i want configure DNS, but while configuring bind i am getting below error.
#/etc/init.d/named restart Stopping named: [ OK ] Starting named: Error in named configuration: /etc/named.conf:57: open: /etc/named.root.hints: file not found[FAILED]
After upgrading to Jessie (AMD64) I have a totally blank screen, not even a blinking cursor. The video card is a GeForce 6200 and I have nouveau loaded. I originally had an nvidia module in Wheezy. I decided to use the instructions at the Debian NvidiaGraphicsDriver wiki to install the NVIDIA legacy package. That was worse. The nvidia module was unloaded in the X.org log, and the screen presented as a login console.
I tediously removed all NVIDIA components, and reverted to nouveau since its report in X.org log says it supports GeForce 6 series cards. That brought me back to a totally blank screen. The nouveau module lists as "video" doing lsmod. Both gdm3 and the X server processes are up and running. Other than reporting that "nv" couldn't be loaded, there is nothing in X.org log that appear abnormal. The .xsessions_error log is troubling however, but I don't have the knowledge to interpret.
Currently working on the targeted policy, I need a help in doing the following things as quick as possible:
1- How to create a totally new SELinux user (not mapping new linux user to SELinux user) I want a new user with no roles or with a maximum of 1 role. I also need how to compile the new user so I can used it for mapping users. At the time, I've tried creating a new file inside /etc/selinux/targeted/contexts/users similar to the other users inside this directory, but it did not actually seem to appear when using the command semanage to list SELinux users : semanage user -l 2- How to create a totally new SELinux role (empty for now) ? and how to make the relation between this new role and domains or types. 3- How to create new domain, actually following some old instructions I created the .fc and .te files, but not the .if file, which is more complicated than the other 2 file.
Is an ubuntu live cd totally secure from intrusion? Stated another way, even if someone knows my ip address, can the live cd environment be hacked into in any way so that another could monitor what I am doing on my computer? From my understanding the live cd is read only, so that would prevent anything malicious being installed on it. I am curious if there are other ways a box running a live cd could be tapped into.
I installed ubuntu 10.10 alongside Win7 recently, absolutely new to this OS.
Experiencing problems with firefox browser. A plain White blank screen appears only with the titile bar named Firefox. Actually when the web-browser icon is clicked, just a cursor BAR appears stuck inside the extreme left end of the screen (cursor bar something like the one we find in word processors or this blinking line while I type this). I manually have to expand the bar in order to get the firefox browser, which is the plain white screen.
Initially had problems with the missing wireless firmware, reading through this forum I activated the Broadcom driver. But before that, I wired in my laptop to the router and then FIREFOX worked fine, after an update which installed bout 214 updates the firefox got conked.
I've been trying to figure out how to set up my Apache 2 running on Ubuntu 9.10 to provide a reverse proxy so I can see my wifi network camera monitoring my dogs and still have access to my family website. First, I followed the suggestions from this thread on Ubuntu forums: [URL]. I set up a similar rule set at the end of my /etc/apache2/sites-available/default, restarted apache -- from which I got a response saying that Apache2 could not determine the server name -- and then tried logging into my server through its ip address. When I tried http://192.168.2.80/dogCam, I just got a 404 error. Here's what I added: (I also tried my domain name, but it also didn't work.)
When I looked at many other threads, I get recommendations to have my setup in httpd.conf. But, in both this server and a freshly installed Ubuntu laptop, my httpd.conf file is empty! I tried copying and pasting the recommended contents of the following thread, with the example proxy paths replaced with the ones I needed: [URL]. Straight-forward tutorials don't seem to apply, as Ubuntu has a blank httpd.conf file. I figured out that Ubuntu seems to load its modules by simply adding soft-links to the modules of interest from modules-enabled to modules-available. But, after a full day of trying to figure out what looks to be fairly simple and well-documented, I am at a loss for setting up this reverse proxy or even figuring out where to set ServerName to define my domain name to Apache2 in Ubuntu.
I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
what happened to the Security tab that used to be located in System/Administration/Log in Window I'm trying to figure out how to get a Live USB to boot to my user name and password.
I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
One of our web servers has logged many of the same "setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files /boot (boot_t). For complete SELinux messages. run sealert -l e143c369-a72d-453e-84fe-6b62b7f05c5f" recently. This looks suspicious. We'd like to map these sealert to the httpd access log to see if there's any malicious activity. We added a '%P' option to the Apache combined logformat, so the httpd process id could be logged too. Then we grep'ed all the Apache access logs using the pid from the above sealert -l command. There are not many of them, so we can test them one by one.
Shockingly, none of the access served by the specified pid can repeat the same sealert.
The server was installed a Centos 5 (x86_64) and upgraded to the 5.3 version two days ago. The main components are as following:
Is there any other way we can try to find out the real access which triggered these alerts? The sealert -l output is attached.
I have a mount command that I want executed every single time the computer reboots so that the folder is always mounted when I need it. What file would I have to edit in order to accomplish this?
this i am sure is a very newbie question i have been using linux for a while now Fedora 14 and am still stuck on one issue even though i have trolled the internet for hours. i want to install the 7300 gs driver however when i go to terminal and type: sh NVIDIA-Linux-x86-260.19.12.run i get the error you must be root. so simple i type su --login add my password then when typing the run command i get the error that the file is not located in root and can not run. so my question is how do i do it. if i cd to home i loose root permissions if i try sudo sh file.run i get the error it is not one of the sudoes.
suppose i have two file with same name fstab one file is located in /etc and the other is located in /root/ If i make a change in /etc/fstab file the changes has to reflect in /root/fstab . Is there any command to do this?
In the gmd3 greeter.conf-defaults file its tells me the themes are located /desktop/gnome/interface/gtk_theme, but wheres that directory actually at, like how I can find it?
Btw, I know I can go back to gdm, but I'd rather understand how to theme this, before. I might just.I'm using compiz, btw, if that makes any difference.
Is it possible to locate the Firefox file that retains "Search" history (not particularly "Browser" history)?I have lost a hardcopy list of authors and titles of books/ebooks that I search the web for. However, most of the time when I would enter a name or title a drop down list would have that entry I wanted, and I could just click on it. That drop down list is what I am calling "Search" history.
the following security alert made me checking my httpd.conf:
Code: Summary:
SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Even though in httpd.conf there is a line that reads
Code: LoadModule userdir_module modules/mod_userdir.so in the same conf-file the access to home-dirs is disabled: Code: <IfModule mod_userdir.c>
I am setting up a web server and SElinux keeps stopping httpd/appache and making it fail. Everything works fine when SElinux is set to permisive, so I know it is SElinux causing the problem. I have all the apache/httpd items allowed in the SElinux bool and even added the line the troubleshooter told me to add but the problem still persists. Here is what SElinux puts out:
[Code].....
several times and it does nothing. I have all the permissions set to Apache as owner and group and allow execution on all the files.
I am trying to read from a file named matrixA.dat that contains a matrix formatted like this:
2 x 3 1 0 2 -1 3 1
I am reading the lines in, and this is the source that I have so far: Code: #include <stdio.h> #include <string.h> #define DATALIMIT 17 #define DIMLIMIT 5 #define NAMELIMIT 40
[Code]...
was stored in dataA, so when I print it all I get is a newline. Why didn't it grab the 1 0 2 -1 3 1 line?
I have installed fedora 13 in my system. httpd server is also installed. when I tried to start the service of httpd, following error message displayed: Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
I have a site's url. I have it's ftp admin username and passwd..How can I upload there ( in / directory ) a file named app.log using curl ?I read the manual but I understood nothing
How do you find out what the bootloader configuration file is named? I am setting file permissions...would it be wise to set the entire boot directory to 700?
i created a script file named myscript.shi ran this by typing sh myscript.sh and i got my outputbut,when i tried to execute by typing ./myscript.sh i received permission denied errori gave permission as chmod 777 myscript.shthen i executed by typing ./myscript.sh . It worked fineso i wanted to know whether using sh and ./ with permissions are same.. ?or did it work for only this.. are there any differences
