Security :: Unusual Directories Appear On One Of Mounted Arrays - "samba_symlink_dir_traversal_nasl-#"
Jul 27, 2010
I recently started having unusual directories appear on one of my mounted arrays. I did not create them (intentionally) and I have no clue what they are. They all have the this in the name of the folder "samba_symlink_dir_traversal.nasl-<10-digit number>" they all have the same time-stamp for the date modified column (see pic).
What are these folders? Why are they appearing? And how can I make it stop? It doesn't do this on my other mounted arrays and disks. I recently grew my two attached arrays, this started right after that, but only on one of them. Connection? Also, it may be relevant, the folders are different today in their modified date(reflecting today's date) and the numbers in the name of the folder are different too.
View 13 Replies
ADVERTISEMENT
Apr 25, 2010
I'm running sendmail in FC6. For the last 3/4 days I'm geeting the following unusual message in my maillog:
Code:
Apr 25 04:03:54 mail sendmail[20827]: o3OLq515020827: from=<info@efcc.com>, size=8084, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr 25 04:03:54 mail sendmail[20827]: o3OLq516020827: ruleset=check_mail, arg1=<info@efcc.com>, relay=localhost.localdomain [127.0.0.1], reject=451 4.1.8 Domain of sender address info@efcc.co
m does not resolve
Apr 25 04:03:54 mail sm-msp-queue[20769]: o3N6XIQd029543:
[Code]...
View 2 Replies
View Related
Apr 9, 2011
Sometimes when I try to open some chat application i get a strange warning message asking for password. The message is that /usr/libexec/mission-control is trying to gain access of the system, please provide the password. On top of the message box it shows "Unlock Keyring".
This very weird, as I am also unable to do a print-screen when this message box is up.
what this message is all about and what does the executable /usr/libexec/mission-control do?
I am using Empathy as my chat application
View 2 Replies
View Related
Jul 3, 2010
I did a port scan on my own network and found the following port open on my Ubuntu:
Particularly, I have no idea what/why the following is open: 8081/tcp open blackice-icecap
View 4 Replies
View Related
Aug 10, 2010
I'm not sure this is the correct place for this post, but since it involves a keyring, I'm making my best guess. Feel free to move it if I am in error. I have had a "tmp" directory appear under Places in the first grouping which contains "Home", "Deaktop", "Documents", etc. When I open this folder I find the attached png file.
When I look for this folder I find it is owned by root, but it appears in what should be my home directories. The only guess I have as to it's origin is that I recently formatted a USB stick as an encrypted device. I don't know if that is when it appeared or not.
Can anyone shed any light on what this folder is, and why it appears where it does? Somehow it just doesn't seem a correct placement.
View 3 Replies
View Related
May 1, 2011
Last night my old Sony Vaio laptop which connects via wired Ethernet and runs Ubuntu 10.10 started hammering the network out onto the Internet. Fired up Wireshark and found lots of traffic between my machine and 174.129.193.12 which I did a whois on and found belonged to Amazon EC2 Cloud Server. The port on my machine was an unknown 5000+ but the port on the remote system was 443 the port used by https, however no browser was running. Did a search and put together a couple of iptable commands to block this IP address which stopped the traffic. I then used nmap and netstat and found port 3000 open and another connection to IP address 91.189.89.76 which I also blocked. Unusually no info exists on this IP when you do a whois. At first I thought it might be some sort of sync as this machine has Ubuntu One running on it, however it could also be something else.
View 3 Replies
View Related
Dec 26, 2010
I go to places-acces server-ssh and connect to a remote server with Nautilus.All ok.But I prefer to use vifm as my main file manager: I try to find the ssh-mounted devices in /mnt or /media but cannot fin them.Does anybody know where they are?
View 2 Replies
View Related
Dec 8, 2010
I am trying to copy my /home directory to a separate partition. I have seen a lot of info on this on the internet. Most of the information uses cpio to copy the files. The destination partition has been successfukky mounter.
View 2 Replies
View Related
Sep 10, 2010
My university has a system set up where each class has its own directory for the professors to publish and receive files. These directories reside under a directory in /home which happens to be a mounted disk and are accessible anywhere in the system by referencing ~csXXX where csXXX is a sub-directory within that home directory. How are they doing this and how can I do it on my own systems?
View 2 Replies
View Related
Jul 9, 2010
I work on machines with different architectures, all of which share the same home directory(what is the technical term for it -- network mounting ?). Since I don't have admin privileges on these systems, I have installed programs in /home/<my_id>/bin. A program compiled for one architecture doesn't work when I login into another system. I'm thinking of creating architecture specific directories which would contain inaries/libraries specific to that architecture and creating a softlink to it t /home/<my_id>/bin. The only problem with this solution is that I can't work on two systems at the same time.
View 1 Replies
View Related
Dec 24, 2010
If /tmp and /dev/shm partitions are mounted with the noexec flag then this prevents someone from executing something in those partitions.
Example:
You will get permission denied
However if you execute that same script like this:
Then the script gets executed which makes the noexec flag useless.
If there any way to prevent this bug/vulnerability?
View 3 Replies
View Related
Jul 4, 2011
Is there a way I can change the security context of only the directories, & only files, recursively, in bash?
View 11 Replies
View Related
Apr 12, 2011
I am implementing hard drive encryption. I wish to pass a key file to the crypttab from an NFS mounted location. But I could see that the disk encryption process starts very early during the booting process, before fstab is run. I could not find which script, in rc5.d, starts this service. And I am confused on how nfs mount are performed from fstab, as the network service starts at a very later stage than after fstab is called to mount the local partitions/disks. In my case, I have to wait until the nfs is mounted and then call the /dev/mapper mount (in fastab) to mount the encrypted partition.
View 2 Replies
View Related
Sep 20, 2010
Hello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
View 6 Replies
View Related
Aug 24, 2010
I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?
Here is what I want:
username:client1
password:12345
home directory: home/server1
username:client2
password:12345
home directory: home/server2
View 1 Replies
View Related
Feb 1, 2010
I just found that I could perform write operation using a normal user account to a file system I mounted with the commands as followed:
sudo mount -t ntfs /dev/sda1 /mnt/disk/
This is the corresponding entry in the output of "mount" command:
/dev/sda1 on /mnt/disk type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)
As far as I remember, when using a normal user account, I had to use "sudo" to perform any write operations (mkdir, rm, etc) to a device mounted using "sudo". But now it seems to be changed.
Do I remember wrong, or did Karmic have any updates change this setting? (I never manually changed user settings, except that I added a root user, but I never used it.)
OS: Karmic(up2dated)
Kernel: Linux stephen-laptop 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009 i686 GNU/Linux
View 4 Replies
View Related
Dec 19, 2009
I am trying to set up Protected Web Directories on my server Fedora8 32bit I have webmin 1.5 and there is Protected Web Directories option, so I follow instructions and setting up all what is asked, in dir what I need to protect shows up 2 files:
[Code]...
View 6 Replies
View Related
Apr 13, 2010
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies
View Related
Jun 5, 2010
Is there a way to encrypt existing home directories in lucid so that they will unlock with pam-encfs when the user logs in? Or must you do this when the directory is created?
View 1 Replies
View Related
May 4, 2010
I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]
I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.
my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?
/bin
/boot
/dev
/etc
[Code]....
-I and the other users use the pc for internet, open office and email mainly.
-It does not run server(s) like smb/cif or NFS.
-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.
View 3 Replies
View Related
Jan 4, 2011
Is it possible to forbid a non-root to umount a partition that was mounted via fstab-entry?
View 2 Replies
View Related
Aug 1, 2010
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
How do I get rid of this suspicious file?
View 4 Replies
View Related
Apr 3, 2009
I have several directories, each owned by root and a group of the same name,By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.I'm not on samba or NFS, I have to do this for SSH users.The filesystem is ext3.I started to fool around with ACLs, but couldn't find what I was looking for.
View 3 Replies
View Related
Dec 19, 2009
i am in need of linux help. iam at college and i need this back/restore script to pass this final part of an assessment. i require a backup script that will not only backup but also restore files to the relevent directories. e.g. users are instructed to store all wordprocessor files in a directory named wp. so i am needing to create a backup directory and 3 directories within that and some files within the 3 directories and then back them up ot restore them. l know i should/have to do this myself by been trying to get/understand info for the last few days and came up with zero.
View 14 Replies
View Related
May 15, 2011
I want to make a webserver with multiple users allowed to login through SFTP to a specific folder, www.Multiple users are added, lets say user1 and user2, and all of them belonging to the www-data group. The www directory has an owner www-data and a group www-data.
I have used chmod -R 775 on the www folder, but after I try to create a folder test through my SFTP server (using Filezilla) the group of the directory created has only r and x permissions, and I am not able to log in with the second user user2 and create a directory within www/test due to a lack of w permission to the group.
I also tried using chmod 2775 on www directory, but without luck. Can somebody explain to me, how can I make it so that a newly created directory inherits the root directory group permissions?
View 2 Replies
View Related
Sep 29, 2010
I've been dual booting Lenny and Squeeze but after replacing Lenny with a fresh Squeeze using ext4, the video display has been strange. The effect is similar to running a live CD, where a click does nothing for a few seconds while the CD winds up and gets to the application, but slower than that. Sometimes the display has patches of several windows all mixed up, zig zag patterns like a TV that is too far from a transmitter to receive a good signal and sometimes the mouse freezes in moving around. When I boot and don't start X, everything works perfectly, no delays, no messed up windows.
My video is ATI x1300 with Radeon driver. What is the best way to get the system to use only vesa, to see if that works, instead of ati or radeon? is possible to use grub.cfg or /etc/defaults/grub or /etc/grub.d/ ? I couldn't find any reports of problems with Xorg used by Squeeze, so it seems to be the ATi driver or the radeon driver.
View 3 Replies
View Related
Jun 11, 2011
i think i changed some settings in my system.now everything is big in my laptop how to get rid of this.
View 7 Replies
View Related
May 18, 2010
i need help in this issue how to find files with unusual size and with unusual names of EX : just dots, names ending with space(s),names containing shell wildcard characters, names containing non-ASCII (control) characters
View 3 Replies
View Related
May 30, 2010
I have a simple class that encrypts strings. It seemed to be working fine until I tried to compare the decrypted values to the original. below is the output of the php code. It appears to be decrypted but the length is incorrect.
String Before Encryption: a text string
String Length Before Encryption: 13
String After Encryption: rew2iSYotruIpmJ3llos3A==
[code]...
View 7 Replies
View Related
Feb 10, 2010
Finally got around to updating from 2.6.31.8 and was surprised at the slew of warnings issued during the install. Rather than post them here, see:
pastebin - Someone - post number 1792805
I would have bet money that the machine wouldn't boot after this, but it in fact did (whew). Since the kmp modules were not updated with this new kernel, I have merely suspicions....any one have the real reason for these warnings? Same type of warnings occured (thou I didn't copy the output) when I installed the ATI prop driver rpm. everything seems to work as normal so far, but it was so very different than many previous updates that I'm a bit leery.
View 3 Replies
View Related
