Security :: Intruder Alert In /var/log/messages
Dec 13, 2010I have noticed some possible security issues in my /var/log.messages log but i'm not sure how to read the messages.
I'm getting the following lines:
Code:
ADVERTISEMENT
Ubuntu Security :: How To Know If An Intruder Had Attacked Computer
Aug 2, 2011How does one know if an intruder had secretly accessed one's system? Does system log help? It seems it does but I am yet to figure out how to understand those files. Can anybody please help? Or are there other ways to confirm that. It may happen that the intruder had accessed some vital information but so far had not done anything malicious.
View 2 Replies View RelatedUbuntu Security :: Malware Alert In Chromium?
May 20, 2010I was on funnyjunk.com yesterday, looking at funny pictures. I clicked the next button, and a page popped up displaying that the website had malware hosted by hit.d1.net, however when I had Windows XP the MacAffee Siteadvisor Displayed that there was no malware. Is this Real or Fake? Just wondering if it is one of those fake spyware alerts, like from windows.
View 2 Replies View RelatedSecurity :: Email Alert On Password Change
Jan 18, 2010I wanted to know if anyone had an idea or has heard of creating an email alert when a user changes the password on a samba user?I would like to be able to receive and alert if a user changes their samba password. Could anyone point me in the right direction? I will be attempting this on Arch Linux.
View 2 Replies View RelatedSecurity :: Stop Particular Messages In /var/log/messages?
May 30, 2009More than 7 G bytes were logged to the messages file last three weeks I got this message in /var/log/messages I want to stop this messaging cause it takes to much space
Quote:
Apr 30 20:25:18 TEST-NODE kernel: IPT: IN_NOMATCH IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:a4:a7:3d:a2:08:00 SRC=172.26.16.27 DST=172.26.16.255 LEN=104 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=10100 DPT=10100 LEN=84
[code]...
Fedora :: SELinux Trouble Shooter About A Security Alert?
Jul 30, 2010I sue Fedora 13. Since a few times ago, every time when I start the computer, it appears a message of SELinux trouble shooter about a security alert. But most of times there are no errors to show.
View 9 Replies View RelatedUbuntu Security :: No Alert Found In Result From Snort
Mar 3, 2010I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
Security :: Ossec HIDS: Alert Timestamp Is Not Human Readable?
May 23, 2010i have installed Ossec and save it on my sql database but the timestamp of alert is not human readable, how to make it readable ? is there algorithm to make it readable?
View 1 Replies View RelatedFedora Security :: SELinux Troubleshooter Flags New Alert, ... But List Is Empty?
Feb 6, 2010Everytime I login the SELinux Troubleshooter panel applet alerts me that I have 1 alert to view, however when I click on the icon and bring up the Troubleshooter there are no alerts
View 2 Replies View RelatedSecurity :: Script To Monitor Sizes Of List Of Files And Send Alert If Size Changes?
Mar 28, 2011I am looking for a utility that would do the following:1. Be run manually on a list of files whose sizes should not change, to get a control file containing the sizes of each file.2. Subsequent manual runs would report any changes in size of any of the files in the list, and allow option to accept the new sizes.3. Be run as a cron job to check for changes in the file sizes and send an email alert if a change has occurred since the last time it was run.The purpose is to detect possible hacks of key files on a website. It would not include files expected to change, but just those that should not change. It would be run manually a few times to get the control list one wants to monitor.
View 3 Replies View RelatedUbuntu Networking :: NS2 Intruder Detection Code Required
Feb 25, 2011I am working on comparitive study of mobility models on intruder detection. An ns2 code for detecting an intruder is required.
View 2 Replies View RelatedSecurity :: Mail Kernel - Messages
Mar 11, 2011My /var/log/messages file is being flooded by messages like these.
Code:
Security :: Strange Messages In The Secure Log?
May 12, 2011Suddenly, I'm getting lots of messages in my CentOS 5.6 secure log : -
May 12 13:07:49 CentOS55 webmin[14538]: Successful login as root from 192.168.0.203
May 12 13:10:03 CentOS55 userhelper[14698]: pam_timestamp(system-config-securitylevel:session): updated timestamp file `/var/run/sudo/root/unknown'
[code]....
Security :: Send Syslog Messages Through SNMP?
Aug 3, 2010Is there a way to send syslog messages through SNMP? I'm not finding much info online around this. A co-worker said it was easy to do. RHEL5.5
View 1 Replies View RelatedSecurity :: UFW Messages (Hundreds Of Thousands) In One Hour
Sep 18, 2010I am newbie in Linux using Mint 9 Isadora. I am flooded with UFW messages. I would like to how to interpret these messages. I am a bit scared..
View 3 Replies View RelatedSecurity :: Configure Shorewall To Allow Syslog Messages From Router?
Jan 29, 2011I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
View 1 Replies View RelatedSecurity :: Filter Pam_rhosts_auth Messages To Prevent The Logs Filling Up?
Mar 8, 2010I have a batch job which logs in to the server every 10 minutes via windows rsh. The job checks to see is there are any files that need to be send via a EDI serverto a supplier.The following logwatch report is swamped with the login messages and would like to either suppress the logging in PAM? or suppress the entry in the logwatch report?But I still want logging id the username is not username1.Connections (secure-log) Begin rshd[1754]: pam_rhosts_auth(rsh:auth): allowed to username1@10.0.0.1 as myedi
View 2 Replies View RelatedProgramming :: Logging Messages From Program Doesn't Reach /var/log/messages?
Jul 13, 2011I have a syslog-ng running and kernel build of 2.6.34.8 I use a syslog API in my program with facility LOG_LOCAL5 and and levels debug err and crit and info. when I ran on the older syslog facility I had everything logged fine as I intended. now I have written these rules into the syslog-ng.conf:
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
[code]....
the last two rules show my program gnssapp. the result is all debug levels or crit or err levels I don't see any of them !
Security :: "Outbound" Messages And Checksecurity.log Setuid Changes
Aug 11, 2010I am using ubuntu 10.04 on an iMac 7.1. What do the following log entries mean? I recently had a "sbin/init infected" alarm with chkrootkit (or rkhunter, I forget which) and reinstalled, and I thought I was rid of the problem, whatever it was (could have been a kernel panic), but now the checksecurity setuid stuff reappeared (the checksecurity.log only appears in the log file viewer after resetting it with gconftool-2 --recursive-unset /apps/gnome-system-log, which seems suspicious; why is the log hidden by default?); also there are "outbound" messages that I don't understand. I have another ubuntu install on another Mac which seems to be unaffected (and also has checksecurity installed; I just ran it manually and also got setuid stuff, but there is no "outbound" and ufw.log is empty). I can't really think I have a rootkit (I don't notice any effects except these anomalous logfiles, and my browsing habits don't include sleazy websites). And what exactly are bound sockets? There is a lot of information about sockets on the net but it's all rather technical. I continue to look of course. I ran chkrootkit and rkhunter again, and they read clean (if I can trust them).
Is it possible that the trouble is related to the Mac's BIOS emulation? (Apple does not seem to take security very seriously; Snow Leopard does not even ask for a password for Software Update - I asked my premium reseller and he confirmed it. I should not be surprised to find out that the iMac's BIOS emulation is unsafe. I'll need to get a real computer). The MacBook Pro 5.1 has a newer firmware (for instance, it will boot ubuntu from external disks which the iMac will not), and as I said that install seems to be unaffected (The setuid stuff is probably normal, but I'm not sure the "outbound" messages are). I use grub legacy, which seems to install to the Mac's EFI partition as /dev/sda (GParted shows 18.1 MB of 200MB used on both computers with ubuntu on them, whereas an HFS+ disk without ubuntu, or with GRUB in a partition, will show 3.09 MB used).
Does it make sense to reconfigure checksecurity to check for setuid changes daily (change CHECK_WEEKLY="SETUID" in /etc/checksecurity.conf to CHECK_DAILY="SETUID")?
checksecurity.log:
messages (part):
There also was a lot of terminal output similar to the iMac's which I forgot to save, and when I ran checksecurity again it was blank. (Incidentally, the list of setuid programs on Mac OS is a lot longer)
Fedora :: Getting Alert BIOS Broken?
Feb 2, 2011getting this bug report on starting fedora 13 in hp laptop
WARNING: at drivers/pci/dmar.c:647 check_zero_address+0x96/0x19b()
Hardware name: HP Pavilion dv6 Notebook PC
Your BIOS is broken; DMAR reported at address zero!
BIOS vendor: Hewlett-Packard; Ver: F.42; Product Version: Rev 1
Modules linked in:
[Code]...
Ubuntu :: Alert! /dev/sda/uuid Does Not Exist On 9.10
Apr 27, 2010I would get the message that the uuid file does not exist. I've been online looking for fixes since yesterday morning and nothing has helped at all. I've read online that I should run fdisk -l to obtain info to share with others, but that command doesn't work in any command prompt I open. I am running Ubuntu 9.10 with the latest patches and I'm sure you guys know that it runs Grub2 loader...if that helps at all.
View 9 Replies View RelatedUbuntu :: Disable Any Upgrade Alert In 10.10?
May 20, 2011I'd like to avoid normal users from getting alerts about upgrading to newer Ubuntu versions.
Mostly because they are not allowed to do any upgrades.
Server :: Email Alert For Ftp Uploads?
Sep 16, 2010Can we create alert whenever a upload to ftp server happens. We have redhat 5
View 1 Replies View RelatedCentOS 5 :: Selinux Alert After Upgrade?
Jun 30, 2009I have a selinux alert every time I print to cups_pdf after upgrading to Centos 5.3 from 5.2. This never happened before. This is the alert I get
SELinux is preventing sh (cups_pdf_t) "search" to ./sbin (sbin_t)
It tells me to allow the access I need to run the cmd
restorecon -v './sbin'
I have tried it but nothing happens.
Ubuntu :: Alert /dev/disk/by-uu... Doesn't Exist?
Apr 30, 2011long story, I upgraded my system from maverick to natty, didn't like it so restored my system with a backup that I had done recently. after it rebooted I used gparted live CD to expand my partition, moving swap to the end of the HD, then when I rebooted grub didn't work so I booted with ubuntu live cd and reinstalled grub. then I booted normally but nautilus didn't work and had lots of problems. So I installed ubuntu again with ubuntu live cd, formating the partition and expanding it, no problems at all.But, I wanted my files back, so restored the system again, now the message that I get isQuote:
Gave up waiting for root device. Common problems:
-Boot args (cat /proc/cmdline)
-Check rootdelay= (did the system wait for the right device?)
[code]....
Ubuntu :: Sending Alert Via Text Message?
May 8, 2011is it possible to send text message alerts instead of emails to a phone from ubuntu?...
View 2 Replies View RelatedUbuntu :: Thunderbird Elmail Alert Sound?
Jun 19, 2011I have learned a bunch about Ubuntu in the last few days but I am stuck now. I can't get a wav file I selected for new mail to play in fact the default one either. My sound is fine otherwise. Other files play OK. I have googled and wore my fingers up to the knuckle and still haven't found a clear solution. One poster even said Ubuntu does not allow a file other than the system ones. I can't accept that. If it wasn't possible why is the option there to select your own wav file?
View 3 Replies View RelatedGeneral :: Doubt In Echo A For Beeping An Alert?
Feb 6, 2010Below is the shell script that I am writing to beep an alert but listen to nothing.
Code:
#!/bin/bash
echo Listen to the alert!
echo -e "a"
echo listened ?
General :: Oracle - Reading Alert Log File?
Mar 2, 2011My requirement is that I wanted a shell script which should read the alert.log(oracle) and should send the alert to my email if any error encountered on daily basis. I have a script which does the same job but at the same time it creates a new alert.log whenever any error occur. But I don't want the new alert log I wanted to read the same alert log daily and if any new error come should alert as email.
View 3 Replies View RelatedServer :: Set Up Alert Notification When Services Startup?
Jun 11, 2011I have tomcat server that requires restart to clear some java issues. I would like the system to send out an email alert that the tomcat got started everytime when it does. Anyway to achieve this whenever someone fires off a service?
View 1 Replies View Related