I was just wondering wether a directory (I know thats just a special file) could be a security problem, as they have execute permissions? Could an exploit be attached to a directory. Has this ever happened?
View 1 Replies
I've got a user getting heavily spammed but other users on the same domain are fine, it all started last night here's some info...
-rwsr-xr-x 1 root root 700492 Jun 8 18:18 exploit
I've got loads of these in 'top'
5975 dovecot 15 0 3712 1712 1432 S 0.0 0.2 0:00.00 imap-login
and these in ps dovecot
dovecot 5250 5533 0 13:05 ? 00:00:00 pop3-login
root 5533 1 0 11:21 ? 00:00:00 /usr/sbin/dovecot
root 5534 5533 0 11:21 ? 00:00:00 dovecot-auth
dovecot 5663 5533 0 12:15 ? 00:00:00 pop3-login
ps exim i've got
Code:
mail 19725 32303 0 15:03 ? 00:00:00 /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
mail 19732 19725 0 15:03 ? 00:00:00 [exim] <defunct>
mail 20142 19725 0 15:03 ? 00:00:00 [exim] <defunct>
[code]....
I've been looking awhile now, but no patch for this is yet to be found. Does anyone have more info, or better, a fix? Last version from GNU's ftp server is also vuln as of this writing.
View 3 Replies View RelatedA researcher at security firm Alert Logic has published code that could be used to compromise some versions of Google's Android Operating System. The exploit, if properly adapted, could make Android phones vulnerable to remote attacks and compromises.
View 2 Replies View RelatedI've scanned my computer (I'm using Ubuntu 8.04 Hardy Heron) and ClamAV has issued it has found a virus called Exploit.PDF-9669. What seems strange to me is that such a warning always happens (or, at least, in the most cases) in the same folder tree "sys" and ClamAV issues the very same virus/malware warning (Exploit.PDF-9669).
An example:
sys/devices/virtual/vtconsole/vtcon0/uevent: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/address: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/broadcast: Exploit.PDF-9669 FOUND
sys/devices/LNXSYSTM:00/device:00/uevent: Exploit.PDF-9669 FOUND
My ClamAV version is 0.94.2/10275/Fri Jan 8 22:06:46 2010. It has been not updated since I installed Hardy in my computer last year. Is my computer in danger?
I read this morning that MicroSoft and Adobe Flash released a huge security update to counter the threat of malicious apps taking over systems. Included in the fix was Excel spreadsheets. Apparently a hacker could send a spreadsheet that if opened could remotely take over your machine. I opened my update manager and there was a sizable Open Office and Java update.
Question: Are Linux/Ubuntu machines susceptible to the security flaws?
Question: Since Adobe Flash is considered proprietary and not updated through the Ubuntu update manager, do I have to manually update that package?
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
Dan Rosenberg has issued another Linux Kernel Exploit with PoC described in LWN [URL] I have tested that this exploit is not working on -Current (custom kernel, 2.6.36.1), which is good sign that Slackware is already immune of those problems.
View 12 Replies View RelatedI am a student taking part in a comptition. We have a set of questions to complete within today. Can anyone please help me out with it. I have a custom written "echo" program in C, running on port number "1220" which echoes back the first 16 characters of whatever is given as the first command line argument. But somehow, my brother had got unauthorized remote root access. The program is given below. How did he do it? Please give the exploit code and explain how it works.
#include
#include
void echo(char* input) {
[code]....
Exim user can get owned by a remote exploit [URL].. I was running Exim 4.63 5.el5_5.1 on CentOS 5.5 x86_64 and my Exim user got owned by that exploit.
Now I ran yum update and exim updated to 4.63 5.el5_5.2 I cannot find anywhere if this updated fixes the exploit.
CentOS using yum to update Exim. Exim is configured to not allow remote connections using the local_interfaces config option.My old version was 4.63-5.el5_5.2 and after using:
yum update exim
I'm concerning about my web server, I use nikto to see where should I improve my configurations, then I just know my web server is enable directory indexing. I have searched and found that I should just put
Code:
Options -Indexes to disable directory indexing. I have already restart apache but directory indexing still enable here is my httpd.conf Where did I wrong ?
Code:
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
[code]....
Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?
View 4 Replies View RelatedI create music and usually gets sold world wide. I have some distributors that have been able to access a private server and get the new tunes I make to download via ftp. Well that server is getting full and I was trying to create another directory on my website itself.I created the directory. made the ".htaccess" file. Then I tried to make the htpasswd file but my server just keeps saying no command by that name.
View 8 Replies View RelatedI am having trouble installing root kit hunter. I have downloaded and unpacked the package.It is in /tmpWhen I try and execute the command:
Code:
cd /tmp/rkhunter-1.3.6
I get an error message:
[code]....
I have created my own custom ubuntu distro using the alternate installation cd and doing a command line install. I'm using ubuntu 10.04 as my base and am also using thunar as my file browser and am trying to create a secure desktop environment and to do that I'd like to restrict thunar to a certain partition. Is it possible to do that?
View 9 Replies View RelatedA Javascript has crept into all my hmtl, php files in my shared hosting account. I have SSH access.How can I use sed to remove that line from all files in a directory recursively ?sed doesnt change the original file.And I need to specify *.php and *.html
View 4 Replies View RelatedWhat, if any, significance is there to the following message shown in the rkhunter.log?
Code:
[21:11:58] Checking for hidden files and directories [ Warning ]
[21:11:58] Warning: Hidden directory found: /etc/.java
[21:11:58] Warning: Hidden directory found: /dev/.udev
[21:11:58] Warning: Hidden directory found: /dev/.initramfs
What need would there be for hidden directories to exist in /?
I recently installed Ubuntu Linux and did not encrypt the home directory during the install. Now I want to encrypt my home directory, or even better the whole hard drive.
View 2 Replies View RelatedI have a major major issue with an encrypted /home directory. I had used encryption on my home directory when I installed 9.10. However, I had not noticed that I needed to store the automatically generated passphrase anywhere. Now, upon installing 10.04, my home directory would not decrypt. I checked my .encryptfs directory and the wrapped-passphrase file is GONE. I only have the Private.sig files from my 9.10 installation and of course know the login password I binded to the passphrase. I can see my .Private directory with filenames starting with ECRYPTFS_FNEC_ENCRYPTED. Now, my PhD thesis which I have to deliver in 2 weeks is in there. With no backups. How to recover my data. If no 'normal' method would work, is it possible to use a brute force attack and feed it my login password?
View 3 Replies View Relatedlets say I install Ubuntu 10.10 on my laptop. I check the box that says encrypt my home directory, and my password is a randomly generated 10 character password using uppercase and lowercase letters and numbers. The next day my laptop gets stolen or something. How hard would it be for someone to decrypt the home directory if that were the goal?
View 5 Replies View RelatedI had a student, and she has done some work on her account on my lab computer, but has left the country and is un-contactable.
I have full administrator privileges for this machine, and it is running Ubuntu LTS 10.04
She has a folder which was copied from a windows formatted external hard drive (Probably NTFS) onto her home partition on my machine.
I can open all of her files, except for those in this folder.
As I see it the problem is either something to do with the permissions of the files (coming from NTFS), or some kind of Ubuntu security that I am unaware of?
Here are my attempts to open it code...
I have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
View 1 Replies View RelatedI've set up ssh passwordless logins using keygen etc.before so I know the routine.
The problem I'm currently having is setting passwordless logins when I don't have write permission to my "root" of the remote machine. More specifically the slice provided by a commercial web hosting provider. I can ssh and sftp just fine keying in the password manually but since I'm unable to create a .ssh directory in my "root" I'm unsuccessful in scripting logins. What I'm wondering is if the .ssh directory and associated security files can be placed in an alternate location such as the httpdocs directory and pass that location to ssh in a command line parameter.
After some time i always see a trojan virus in my ubuntu machines shared folder. It is an exe detected by ClamAv as Trojan.Autokit-77 I thought i was getting it from some windows machine on the network but that isn't the case. I deleted the virus and removed my computer from the network and still the virus comes back. My computer however, is still connected to the internet through an independent mobile broadband usb stick.
So where is the virus coming from and why is it going to my shared folder. I thought ubuntu would not allow the virus to do something like this without me giving it permission. I am running 10.4.
I have carefully made daily backups using rdiff-backup, so in the case of needing to restore I can do so.
But I deleted a directory yesterday, and made a backup in the evening. Therefore, the directory is not in the latest mirror, but in the incremental backup from yesterday.
Now I need to restore the directory. But I cannot figure out how to!
I can see the directory in yesterday's incremental backup; i.e., the following works:
Code:
Where [backupdir] is the backup (mirror) directory, and [nameofdir] is the name of the directory I'm trying to restore.
So, I have tried to restore. This is the type of thing I have tried:
Code:
Where to-restore.lst holds the name of the directory to restore (in rdiff-backup's format) and [restoredir]is where I want the restored directory to go to.
But, I get errors like:
Code:
Useful file specifications begin with the base directory or some pattern (such as '**') which matches the base directory. Well, obviously the file specification doesn't exist in the [restoredir]. That's because I'm trying to restore it! If I try to create an empty directory first, it complains:
Code:
How do I restore a deleted directory from a previous day's backup to a designated destination?
Running Ubuntu 10.04 I logged into (sudo?) (root?) using:
Code:
sudo -s
and then entering my password.
I navigated into the home folder and viewed the long listing of it's contents using:
Code:
root@host:~# cd /home; ls -l
total 4
drwxr-xr-x 65 uname uname 4096 2011-05-22 17:14 uname
[Code]...
I want to create a shared folder in a ubuntu sistem but I want to know if I can get access to some users of my domain active directory windows 2003 server?If I can, I would give that security in some of the subfolders of that shared folder as explained at the example:XAMPLE:
Backups (all have access and it's shared)
Mail of Charles (Can only have access Charles that have an account on domain)
Mail of John (Can only have access John)
[code]...
jump into a Linux class in college with only 3 weeks left in the course. I thought I would be able to catch on, and go figure, it didn't exactly happen that way. I was given an assignment to do, and I am so far lost it isn't even funny. I need to create a directory structure, set up file security, create a step by step instruction manual on how to copy/delete said files, and create a guide to common Linux commands. How would I create these files in root and share them with the other users? and where can I find a list of common commands and their functions?
View 5 Replies View RelatedI use ubuntu 10.04 as my OS. Im in the look for a good and simple application in order to password protect a folder or two on my portable hard drive. I really dont need high levels of encryptions but I wouldnt mind if the usage is not so complicated.
View 5 Replies View Related
