I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:
I'm new here and still searching how this forum works, but can anybody tell me where i can find the temporary internet files? In windows it was easy, but ubuntu 11.04 is totaly diferent. I use it now for 5 days and i'm happy i changed to ubuntu.
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.
I have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.
My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):
- BitDefender Rescue CD (removed infections, now detects nothing), - Kaspersky Rescue CD 10 (removed infections, now detects nothing), - Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).
Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.
So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.
Question: I want to rescue the files I need. My idea was:
1) Install Xubuntu with dual boot. 2) Copy over files from Windows XP partition using Xubuntu. 3) Back up files to an external drive using Xubuntu. 4) Reinstall XP Pro and format hard drive. 5) Reinstall Xubuntu with dual boot. 6) Use Xubuntu for daily use. 7) Only use XP for those tasks that require it (TomTom updates ...)
Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?
Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.
I am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).
I have setup a postfix mailserver and it seems to be working ok, we are only using this to relay mail to our forum users. Its not being used to recieve any email only send them out to the internet.
What is the difference between the mail.log and mail.info files? Can I turn one or both off? I see alot of messages like...
Just wondering what this string of log entries means? Also I am getting duplicates in the syslog file as well.
I have to administer a few mail servers, a mail log server, 4 nameservers and a web server -all running on Centos 5 server distributions. Now I have a task: to avoid accidental crashes on the production servers while installing updates, my boss asked me to do clones (these clones will all be VMware virtual machines) of the servers (EXCLUDING the actual e-mails and mail log contents) and then to run those clones on VMWare Server. This way, first I will install and test updates on the clones and - if they will be running without crashes - I will apply the updates on the real production servers themselves. I have already installed VMWare Server 2.0 I have a few questions:
- How do I build the virtual machines to exclude the actual mail files and mail logs? Can I use VMware Converter for this purpose, or do I have to use another program? - How do I actually do this cloning? Is there a tutorial on how to do this?
I would like to monitor a RedHat via snmp. I would like to make available data via snmp. The data that I would like to graph are only present in logs file. Is it possible to parse data from applicative logs and have them available for my cacti server via snmp? I already monitor CPU, mem, and others with cacti using the standard MIB.What would be the logical step I would need to achieve that?
I am trying to grep a particular string from the files of 2 different servers without copying and calculate the total count of its occurence on both files. File structure is same on both servers and for reference as follows:
I Have RHEL4 running on IBM X3550 server, we request IBM support regarding issues with this server, they will request for IBM DSA logs. The logs are quite extensive and cover almost all server config & can identify hardware issues with drivers...etc. I want to know if there is a way to analysis those logs offline without sending them to IBM support?
Some time ago I did something on my laptop in Ubuntu 10.4 which enabled the Ctrl key to create concentric rings around the cursor so I could find it. I still have that, and it's very useful. But I discovered that it also created very pretty ripples in my wallpaper, as if a stone had been thrown into a pond, and that additional effect has suddenly gone away.I can't remember where this keybinding was set up, and I have searched in vain in CompizConfig for it.
Using fedora, when I try "ftp" I get command not found. I have tried "which ftp" and and get "no ftp in" then the bin dir's. I have tried the "locate ftp" but also can't see it: I see lftp, but never heard of it before, is this new and replaced ftp.
I was wondering how could I specify for how long the logs will be kept. Rsyslog doesn't have such an option (at least I didn't find it).Do I have to use logrotate for this, or is there some other option?
how to check maillogs for previous days. wht is command to check log for yesturday in sendmail8.14 .fedora os i know /var/log/maillog.this gives o/p for today but wht abut yesturday.?
Iam looking security specific event ID on Linux .hear are thousnds of event ID in Microsoft Windows/XP and VISTA etc. Similar way looking for Linux,unix ,Solaries,AIX etc event ID. I would to correlate and implement with Arcsight.
We are forwarding logs (perl script executed logs) to one Red Hat Linux box. We have to get 97 logs for each time the script runs. But we see inconsistent number of logs coming to Linux box. Like one time we got 56, other time 3 , other time 43.. like this.. We are sure that 97 logs are being forwarded. Checked the Rsyslog.config filer any filters and couldn't see any filter dropping them. When we run the tcpdump, we can see 97 connections, but logs are not there in specified location.
I am in process of installing a VMware tools PKg and am being asked for the path to the C headers for the kernel. I've browsed every folder, found lots of 'C' header files and tried these paths but none are being taken by the script. which path I need to provide for 'the C headers' for my kernel? running Piapix, Deb5. The os is running perfectly so I doubt there is error other than I am not 'wise' enough to locate these little buggers!
I'm trying to run a "Garry's Mod" game server on my dedicated server. I'm using a very helpful tutorial on the Gmod wiki (I cannot post a link to it as I don't have 15 posts or more ).
Now I have very, very little experience with Linux (I am running Debian on it). However, I've gotten quite far in the tutorial, and everything looks to be perfect. I am using putty to access my server, but I also have FTP on it.
Basically, when I need to access a certain folder called "orangebox" (using cd orangebox), an error comes up saying this:-bash: cd: orangebox: No such file or directory.
However, I know that there is such a folder, as I can see it fine on FTP.
I need to locate a file in my system having to do with backing up the hard drive. I have the file name, but where do I place it to find the appropriate file?
I am installing RHEL 5.5 to be a syslog server to collects logs from servers (HP-UX, Linux, Windows and Cisco Network Devices). and i can now collect logs from my windows PC on syslog linux server by using Datagram SyslogAgent software. can collect logs from HP-UX 11.23 server. and i configuring the Unix server as in the steps below:
1. Log in as root
2. Go to /etc/syslog.conf
3. Add a line: *.*<tab>@<Sentinel Server IP Address>
