Had a couple of problems with one of my leased web/mail servers, including mail was having trouble and it was reporting disk full (when a df showed it wasn't). I did a chkrootkit and got this:
Checking `ifconfig'... INFECTED
Checking `netstat'... INFECTED
Checking `pstree'... INFECTED
Checking `top'... INFECTED
[code]....
[URL] This web page says: "The team set up weak security on four Linux computers with Internet access, then recorded what happened as the individual machines were attacked. They discovered the vast majority of attacks came from relatively unsophisticated hackers using "dictionary scripts," a type of software that runs through lists of common usernames and passwords attempting to break into a computer."
How did they "record what happened as the individual machines were attacked"? How did they figure out that "the vast majority of attacks came from relatively unsophisticated hackers using 'dictionary scripts'"? What I am really getting at is that I've searched the net and found lots of advice on how to detect if your computer has been hacked but I haven't found ways to know if your computer is being attacked. Obviously, this group did that.
How does one know if an intruder had secretly accessed one's system? Does system log help? It seems it does but I am yet to figure out how to understand those files. Can anybody please help? Or are there other ways to confirm that. It may happen that the intruder had accessed some vital information but so far had not done anything malicious.
View 2 Replies View RelatedAdvised on another forum to install XP pro then Linux on HD. Decided to try it. Not that savy with computers and have a mini-laptop in addition to desktop that was attacked. Virus
cause most programs to fail. Disc was nearly full (250GB) so I'm buying a refurbed Seagate (500GB) and need to learn to back up files onto flash drive or something. Lost a lot of photos and emails that were good reference material. Heard a lot about Linux so I'm going to give it a try.
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
Is there a way to to check if the system has the available security updates installed? Specifically, I am looking to do this programmatically.
View 1 Replies View RelatedI am using ubuntu 11.04 in my home desktop. Is it necessary that firewall should be active inorder to avoid hack? I heard that we will not be given static ip address, only paid one will get static ip address that can be used for web server implementation. If my system doesnt have static address then can others access my system?
View 9 Replies View RelatedI often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..
Which is the best remote linux hardening GUI tool.Is it possible to use that tool from windows system?
View 8 Replies View RelatedUsing slackware 12.2, xfce, Firefox 3.0.16 and for the past few days i have been getting Persistent System Security Window that looks like MS Firewall and you can't click on the X or Cancel because then it activates a so called security analysis with green progress bar. I open a terminal real quick and issue pkill firefox command.I have been trying to get to the basicconfig site to follow tutorial on firefox security update but that window keeps comming back.I emptied out my /tmp files but i am still having same problem and don't know what to do
View 4 Replies View Relatedi still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?
View 9 Replies View RelatedI have a 6yo laptop...z60m. Solid little thing that I knocked around so much the hinge broke. My dad jerryrigged it so it can stay open.
So now I use it as a glorified DVD player. Then, around February the hard drive died. I put it in fresh, loaded a couple of regular games and the DVD modifications to play DVD's. So, besides the basic upgrade to 9.1 not much as been done.
Well, last week my panel disappeared. I procrastinated and last night I got on the computer. I did F2 and "xfce-panel" and my panel reappeared exactly how I'd last tweaked it.
With on exception. This blue globe, "Akonadi" had mysteriously appeared.
Thing is that I haven't installed or updated anything for 8 months...why? becuase I haven't had this thing connected to the Internet. The wireless tower has been on. (my bad) but all of the signigals in my neck of the wood are encripted so I just let it be.
I don't know where this program came from. Is it loaded in xubuntu? Why would it show up? And furthermore if there was someone with malicious intent (unfortunatly I do have to take that into consideration) have put this on for data collection?
As part of server hardening process i would like to know the Best way of System Logging and Auditing.Following pointould be taken into consideration.Logging of critical eventsLogging access to critical accountsSecure storage and availability of logsReview of logsSecurity of logs
View 2 Replies View RelatedQuote:
In this video, Tim Armstrong, a malware researcher at Kaspersky Lab talks with Ryan Naraine about the strengths and weaknesses of the Android operating system. Armstrong looks at strengths and weaknesses of the open-source platform and warns about the risks associated with jailbreaking/rooting Android devices.
Is the encrypt system during the install part of the SE Linux or is a whole other thing and another question maybe a sounding a little conspiracy but SE linux is made by the NSA can I trust SE linux and it not be a backdoor to my stuff
View 4 Replies View RelatedI am a very new Linux user. My first OS is Fedora 12, which I just recently installed into my laptop. So far, I am thoroughly enjoying it. I do have a question bugging my mind though. Linux systems are known to be very safe from viruses, mainly due to programmers targeting the Windows platform. In Windows, common methods for virus infections are from infected executable files, external drives autorun... ETC.
Now my question is how do viruses spread into a Linux system? And with so few viruses known to exist for Linux systems, do I really need to be aware and take precautions for viruses (For example in Windows, disabling autorun function for external drives)?
My system went for three days w/o a software update... Is this normal(anyone experiencing this?)...?
It seems like to me.. Fedora 13 has a longer update interval than Fedora 12.. I remember back in Fedora 12 I get security updates like every other 12 hrs.. (I know as with security patches the less the "better"(in some way))..
But I am still concerned.. security updates has been slow for me.
I just allowed Update Manager to install the latest security updates to the Linux kernel, header and xorg and clicked on restart system. After selecting Ubuntu from the system's boot manager I'm dropped into a Grub command line and don't have any idea what to do next.
I'm running Ubuntu 9.10 inside Windows Vista on a Toshiba L500 laptop using the Wubi setup.
what happened to the Security tab that used to be located in System/Administration/Log in Window I'm trying to figure out how to get a Live USB to boot to my user name and password.
View 9 Replies View RelatedI installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
View 9 Replies View RelatedBasically in addition to the first installation account on my system (my account) ive also set up another user alongside my own. Its not a admin account but 'desktop user' account but in the group id section this account comes as '1001'-what does this 1001 mean? Furthermore are there any risks i should know about arising from setting up another account on my pc?
View 9 Replies View RelatedCan I set a master password for the system and I am the main user and have my password and then set password for all the other user
View 3 Replies View RelatedMy 10.04 system just crashed for 'no reason' .
Looking through the system logs the rtkit daemon was started up a bout a minute before the crash. Is there a better place to see if my system has been compromised? What should I look for?
I am wondering if there any any key loggers in the repository or on my system that I could setup and view. I would prefer a terminal only application that would require root permissions to get at.
Are there any that people use?
FYI I have Ubuntu 10.10 64bit.
I got BT's repo's set and ready to install, tho I haven't installed them all just yet cause I not wanna crash the system, so I guess what I am asking has anyone sucecfully done this and what are the specific risks here. I have uploaded crunch and that works fine if I do it manually from the command line. the kernal seems to be update-able as well to BT's Kernal, I am not sure if I should do this or not in fear it might crash the Ubuntu system somehow. I guess what I might do next is install everything but the Kernal and install the executable links to the drop down menu by hand per the menu structure.
What I would ideally want is to have all the functionality of BT in Ubuntu which is pretty close to where I am at. Also, when I am done I want to make a live CD of this system so that I not have to do this ever again as it is very time consuming. What program would be used for that? Would any of my user data transfere? I don't want my user data to be transferred to the live CD just the raw system data etc. Anyone done this and would like to chat via skype? that would be best, but I'll take any help I can get at this point. I am using Ubuntu 9.10 for all this.
Windows have many firewalls to prevent the system. But Ubuntu have few. Why is it so? Is it not needed to prevent Ubuntu or if it is prevented?
View 5 Replies View RelatedIs there any way in linux that user & group security can be set ?
excluding the owner & group permissions.
I have already developed file type filtering functions through squid. Now I want to deal with content filtering aspects... What tools are available there for so in linux?
View 6 Replies View RelatedThe infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.
The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.
I'm using Ubuntu Lucid Lynx and every time I search for updates it ask for authentication. I'd like to search and apply updates without confirmation. Is it possible in some manner?
View 5 Replies View Related