Security :: Netfilter Hook - Kernel Module - Skb_transport_header - Tcphdr Fields Wrong Values

Apr 1, 2010

We are trying to implement a firewall as kernel module through netfilter hooking (in C). In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet. On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.

We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).

[Code]....

View 1 Replies


ADVERTISEMENT

General :: Install Module U32 Into The Netfilter Module For Kernel 2.6.27

Jan 30, 2011

I need to install module u32 into the netfilter module for kernel 2.6.27.

I did not see the source code in the kernel version I have. where can I find the code for U32 module.

I have checked "netfilter.org" and looks like POM is discontinued. Is the u32 module committed to kernel version 2.6.27 or need to patch it. If yes, where can I find the patch?

I building the kernel for a MIPS processor.

View 3 Replies View Related

Security :: Errors: Jan 24 04:15:03 Servername Kernel: Iptables: Loop Hook 1 Pos 464080 00000022

Jan 24, 2011

I have a few mail servers (CentOS 5.5) that are running OSSEC Active Response (2.5.1) on Iptables (1.3.5-5.3.el5_4.1). We are currently having a problem where we get loop hook errors:Jan 24 04:15:03 servername kernel: iptables: loop hook 1 pos 464080 00000022 this is the firewall-drop.sh we are currently using:

Code:
#!/bin/sh
# Adds an IP to the iptables drop list (if linux)
# Adds an IP to the ipfilter drop list (if solaris, freebsd or netbsd)
# Adds an IP to the ipsec drop list (if aix)

[Code]...

View 4 Replies View Related

Security :: Netfilter Conntracking For P2P Protocols - Edonkey - Bittorent

May 17, 2009

I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.

View 3 Replies View Related

Fedora Security :: SELinux Is Preventing /usr/libexec/abrt-hook-ccpp From Using The Sys_ptrace Capability?

Jul 15, 2011

This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:

Code:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:

[code]....

View 3 Replies View Related

Ubuntu Security :: Hardened Baseline - Hook The Logins Into Either Enterprise Kerberos Or Active Directory (yuck)

Dec 14, 2010

I'm tasked with creating a base image of ubuntu (one for server, one for workstation) that is locked down and has all the fluff taken out (naturally workstation will have more fluff left in it than server). Task list looks about like this:

1. Create list of deb packages "allowed", write script to list/uninstall everything else.

2. Hook the logins into either enterprise kerberos or Active Directory (yuck).

3. Write scripts to check things like setuid/setguid, disabling su, checking sudo permissions, configure iptables, etc.

4. Use a scanner to scan the system from outside the system (was thinking of using backtrace).

5. Custom-compile the kernel to strip out all the unneeded modules.

Before embarking on this awesome task I figured I'd check with you guys to see if you know of some resources that would make this task easier/quicker. I'm sure someone out there has already headed down this branch.

PS My boss *loves* ubuntu and isn't to keen on going with a deb (or other) distro that is already "security trimmed" without some serious convincing. I'm sure there are some out there, and if you want to pass along a couple for consideration, I'll check them out, but no guarantees he'll let me use it.

View 4 Replies View Related

General :: Adding A New Kernel Module To Wireless Driver Module?

Apr 22, 2010

I want to add some code in existing linux2.6.33.2 to enhance kernelI want to know how to start and where to add code.

View 2 Replies View Related

OpenSUSE Install :: Time Wrong In XEN Kernel But Right In Desktop Kernel?

Feb 11, 2010

I have a system running openSUSE 11.2 with Desktop and XEN kernel, as well as Windows 7 (not by choice though...). I have noticed a strange time issue, with Windows 7 and the desktop kernel the time is correct (like for example now: 1:32 PM) but in the XEN kernel it is ahead several hours (6:32 PM). If it was an issue between openSUSE and windows then I would think that it is a problem with the system clock but I don't know what would cause a time issue between kernels like that.

View 6 Replies View Related

General :: What Is Default Kernel Parameter Values

Mar 3, 2010

What is the default kernel paramtre valus for linux RHEL Machine?

View 5 Replies View Related

Security :: Change Of Umask Values In Fedora 11

Feb 4, 2010

Recently I was going through some chmod manipulations and found the umask values to be 0002 by default in Fedora 11 distro. What I knew about the default values to be 022. I don't know whether this is a kernel modification in this distro or my system is in compromise(I doubt for the latter option, but not confirmed).

View 4 Replies View Related

OpenSUSE :: Kernel Module / Building VirtualBox Guest Additions Kernel Modules - Failed?

Feb 10, 2010

I installed openSUSE 11.2 on virtualbox. My host is windows 7. I tried to install the guest additions, but i get an error saying

Code:
Building VirtualBox Guest Additions Kernel Modules...Failed
(Your system does not seem to be set up to build kernel modules)

How should i go about to let my system build kernel modules?

View 7 Replies View Related

Fedora Security :: Restore Default Boolean Values?

Jul 5, 2010

I think I've messed my SELinux boolean values. How to restore default boolean values?
Modified boolean values are stored in

Code:
/etc/selinux/targeted/modules/active/booleans.local
Can I just delete the file and reboot to get the defaults?

View 1 Replies View Related

Debian Configuration :: Nvidia Kernel Module With Custom Kernel

Jan 24, 2010

I have a problem with my custom kernel when I want to create the Nvidia kernel module.After this finished I installed the image and headers and created the Nvidia kernel module. Everything worked fine.However, if I remove the linux-source from my home directory then I can't create the kernel module.Even though I have the headers for the kernel installed.

View 2 Replies View Related

Ubuntu :: VirtualBox Kernel Module Breaks After Each Kernel Update?

Jan 6, 2010

I'm running Virtualbox from the Sun website (need the USB support) and it breaks after each kernel update.The problem is that I installed a lot of Ubuntu systems for transitioning windows users with Windows in virtualbox to ease the migration but I have to rerun vboxdrv setup after each kernel patch.

View 2 Replies View Related

Security :: Interpreting Zenmap Results: Network Distance And Traceroute Hop Values

Apr 18, 2011

I ran two scans in Zenmap: 1) Quick scan plus and 2) Quick Traceroute. Quick scan plus, under the Nmap Output tab, has a field called "Network Distance". The Quick Traceroute report under the same tab lists the HOP and RTT time. I was thinking that for a given server, the value for the Network Distance would be the same as the HOP field when initiating the scans from the same server, but they are not.

View 5 Replies View Related

General :: Getting Error "invalid Module Format" And "insert Kernel Module" / What Is This?

Feb 22, 2010

What is the error "invalid module format" and the message "insert kernel module" mean? And whats the reason for the same?

View 8 Replies View Related

Fedora :: Wrong Kernel On Version 11

Jul 26, 2009

When I installed fedora 11 the other day using the live CD it installed the i586 kernel and not the i686, despite the fact that smolt seems to know that that the hardware is i686 (well, actually it's x86, but I'm not going to argue because I forgot to get that one...). Why would it install the i586 one though? (uname -r 2.6.29.6-213.fc11.i586) But more importantly, are there any specific issues which this version can cause that I should be aware of? I can't really be bothered to change it at the moment if there is no real issue with it but I'm not too sure what difference it makes? Is it slower? It seems to know that I have a quad-core processor and seems to use them fine.

View 10 Replies View Related

Security :: Mouse Pointer Wrong / What To Do?

Aug 19, 2010

I've snort_inline2.4.5 and didn't found snort rules-snapshot-2.4.5.tar.gz at snort home what i do

View 2 Replies View Related

Security :: Change Values Of Parameters For Iptables "recent" Match?

Dec 8, 2010

According to the man page, the "recent" match of iptables accepts certain parameters (e.g. "ip_list_tot"). I'd like to change the values of some of them.
All the solutions found on the web were about changing parameters for module, but my kernel was compiled without modules support (such that it can be used for installation booting as well).
How can I change the match parameters for my non-modular kernel ?

View 2 Replies View Related

Fedora :: Wrong Kernel Files In /usr/src/kernels?

Jan 9, 2010

Just installed Fedora 12 on my Dell Precision M4400 and I'm trying to install the Broadcom wireless driver. When I try to compile the driver, I get:make: *** /lib/modules/2.6.31.5-127.fc12.i686/build: No such file or
directory. Stop.So I followed the link and /lib/modules/2.6.31.5-127.fc12.i686/build is a soft link:lrwxrwxrwx. 1 root root 47 2009-11-09 14:17 build -> ../../../usr/src/kernels/2.6.31.5-127.fc12.i686But in /usr/src/kernels all I see is:

total 12
drwxr-xr-x. 3 root root 4096 2010-01-09 11:56 .
drwxr-xr-x. 4 root root 4096 2009-11-09 14:10 ..

[code]....

View 5 Replies View Related

Installation :: Grub Points To Wrong Kernel

Mar 5, 2009

It points to the old Fedora kernel, and needs to be directed to the pre-installed kernel. What will the new menu entry be after it loads?

View 1 Replies View Related

Red Hat / Fedora :: Grub Pointing To Wrong Kernel

Aug 7, 2010

My distro is ClearOS, which is RHEL so I assume this is the right place.I moved my sytem from an old PATA-drive to a bigger SATA. ClearOS uses LVM for the root directory and the swap directory, so this VolumeGroup was moved using lv-commands. I left the old hda drive in for the time being and hda also remained the BIOS start up disk. /boot is at hda2.Now, clearly there are 2 VolGroup00/ LogVol00 's: on hda and sda.

Eventually I wanted to unload my hda. I copied /boot from the hda disk to sda, changed (hd0,1) to (hd0,0) as /boot is in different locations, later found out that I needed to do the same for the location of the splash image and did that as well, but I don't get access to my new VolGroup.I did an /sbin/mkinitrd and a grub-install on the new sda but no luck. I have seen various error messages. The latter one is that grub loader 1.5 is active, giving me a grub prompt.

View 2 Replies View Related

General :: Kernel Dumps To The Wrong /var/crash?

May 2, 2011

I'm running Scientific Linux 5.5 (equivalent to CentOS 5.5), and over the past two weeks, I have had a problem with my root partition filling up, preventing anyone from logging into the server.After searching for large files, and finding none, I was mystified when du told me that the root partition had only 660 MB of disk space used, whilst df showed it full. The problem was this: the /var/crash directory had been filled up by an 8GB crash file. Now, I'm a 'proper' sysadmin and make sure that /var has its own mount point, so the crash should not have touched the root partition at all. Except it did - instead of writing to /var/crash on /dev/mapper/VolGroup00-LogVol04 which is mounted as /var, it wrote the file to /dev/md0 directly, so when all the file systems were mounted, those files were hidden under the mounted /var.

View 4 Replies View Related

Hardware :: Kernel 2.6.35 - Get Wrong Readings On Lm_sensors

Sep 16, 2010

With kernel 2.6.35 I get wrong readings on lm_sensors. They are about 20C off than the real values (e.g. if the CPU is at 50C, lm_sensors will show 70C). If I boot with any other kernel (like 2.6.32) I get the correct values. I'm using the 'coretemp' module on an Acer 7720 laptop. My distro is 64-bit Arch Linux.

View 2 Replies View Related

Server :: Kernel-2.6.18-92.el5: Schedule_timeout: Wrong Timeout

Dec 7, 2010

I have two HP Quard core high end server.

OS : Red Hat Enterprise Linux Server release 5.2 (Tikanga)
Kernel : kernel-2.6.18-92.el5

From last couple of days I found entry in dmesg:

###########################################
Oct 11 15:03:46 kernel: schedule_timeout: wrong timeout value ffefda64 from c05a784e
Oct 11 15:03:46 last message repeated 2 times

[code]...

View 4 Replies View Related

Slackware :: Kernel Tries To Mount Wrong FS Type?

Aug 13, 2010

I just installed Slackware 13.1 x86 on a new laptop (you probably remember me from my audio post). I am having one other issue. My root file system is formatted as EXT4. When my computer boots, it tries to mount it as EXT3 then EXT2, fails both types and then tries EXT4. Here are the messages.

Code:
EXT3-fs (sda2): error: couldn't mount because of unsupported optional features (240)
EXT2-fs (sda2): error: couldn't mount because of unsupported optional features (240)
EXT4-fs (sda2): mounted filesystem with ordered data mode
So, eventually / is mounted correctly, but I think this is slowing down my boot time. Does anyone know how to fix this.

View 13 Replies View Related

Ubuntu Security :: If Password Is Wrong Then Run A Command

Aug 23, 2010

I want that in the phase of "login" and in the phase of "lock screen", if password is wrong, then Ubuntu runs my custom command.

View 3 Replies View Related

Ubuntu Security :: Shutdown On 3rd Wrong Password?

Feb 7, 2011

Is there a way to have the system shut down automatically after a set number of wrong user password entries? Am using ubuntu and kubuntu on two different machines. Am thinking it would make sense to have this feature on an encrypted laptop system in case someone were to take it whilst it's on suspend, screenlock, hibernate or login screen and hence the disk is vulnerable.

View 6 Replies View Related

Ubuntu Security :: Sysadmin - Wrong Su Password ?

Mar 9, 2011

I am starting to learn how to create and manage users in my computer. I created a new user and changed users

I then tried to install a package with this user to confirm that it needs su rights, and when asked for the password, I entered it wrong

john is not in the sudoers file. This incident will be reported.

It says that the incident will be reported, but where can I find the information of this incident? where is it stored or how is it reported?

View 3 Replies View Related

Fedora Security :: Can't Add Any Module

Aug 18, 2009

I'm trying to add simple policy to system - Fedora 11 x86_64 updated.Where is my error? I can't add any module.

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved