A while back there was a lkm called sebek, which is designed to work in a honeypot for finding and studying internet hackers, but its very outdated and wont work with newer 2.6 kernels. Anyone know of any projects currently in the works to mod the kernel source to get it it work again? I know it's easily detected but thought that someone might still be working on somewhere.
View 1 Replies
Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.
Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.
Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?
I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.
i am already a little bit familiar with linux and now i want to know better the linux OS. i have downloaded the source code of the krnel from the kernel.org and i dont understand the linux source trees organization, so can somebody do me a favor and give me a link to some internet page (or at least a book) that explains that?? i have searched in the internet with the tag:::linux source trees organization and i have not found nothing interesting
View 1 Replies View RelatedIt sounds like he's making a difference between the kernel "source code" and the kernel itself(as in the downloaded file/ files) but the way he talks about both is the same.So then, if one had already "installed" the "kernel sources code," why would he need the "tarball with the newest Linux kernel?" He's already "installed" a kernel, right?
View 3 Replies View RelatedTrying to install virtualbox in F12 but fails when recompiling kernel module. Output of vbox-install log is:
Attempting to install using DKMS
removing old DKMS module vboxdrv version 3.1.6
Deleting module version: 3.1.6
completely from the DKMS tree.
Creating symlink /var/lib/dkms/vboxdrv/3.1.6/source ->
/usr/src/vboxdrv-3.1.6
DKMS: add Completed.
Error! Your kernel source for kernel 2.6.32.11-99.fc12.i686.PAE cannot be found
at
/lib/modules/2.6.32.11-99.fc12.i686.PAE/build or /lib/modules/2.6.32.11-99.fc12.
code....
I am running an Hp Pavillion dv6000 with the Broadcom card that never seems to work for Linux. I recently talked with my friend who said he found a way to get it work.following his instructions I opened Synaptic and checked the package bmcwl-kernel-source to be installed.I went through the process of it all and it said it had install successfully. I restarted the computer and when I tried to enter my operating system I got this error "Kernel panic - not syncing : VFS : Unable to mount root fs on unknown - block(8,1)"
I have previous versions of Linux on my computer so I can still get in to those if need be but I don't know how to undo what I did or why it isn't working for that matter. Does anyone have any ideas as to why I am getting this error and how I can fix it?
I've been trying to install nvidia drivers yesterday, so I went to runlevel 3, ran the .bin installer and it came up with error: missing kernel-devel and kernel-source.
So I go yum install kernel-devel, it does, but it doesnt find anything like kernel-source.
How do I fix this issue? I have Fedora 12, and I ran drivers from:[URL]..
I installed the latest kernel liquorix (2.6.35) but when i want to install the Nvidia driver downloaded on the Nvidia website (256.53), i have an error message because Nvidia doesn't found the kernel source tree.
I install linux-image-2.6.35-6.dmz.2-liquorix-686_2.6.35-16_i386.deb, linux-headers-2.6.35-6.dmz.2-liquorix-686_2.6.35-16_i386.deb and build-essential. I don't understand why the installation doesn't works.
I'm running CentOS 5.3 and would like to know what the "best" or "proper" method is to build a custom kernel using the generic kernel sources from kernel.org. Most of the references I've found talk about modifying the current CentOS kernel using the RPM way. I really want to have the latest kernel due to some important security issues that haven't been addressed in the current CentOS 5.3 kernel.
View 6 Replies View RelatedI have installed the fedora 14, but there is no kernel source tree.I read the doc "building a custom kernel".But I don't want to rebuild a new kernel.I just want to install the source tree of current kernel.Could someone tell me the way?
View 6 Replies View Relatedhow efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies View RelatedI was trying to install VPN client for my Ubuntu 9.10 64-bit. During the installation process the terminal reads:
"Directory containing linux kernel source code [/lib/modules/2.6.31-21-generic/build]"
On that I pressed enter for the default option (in bold). After a few more steps I reached the following error:
Making module
sh: Can't open ./driver_build.sh
Failed to make module "cisco_ipsec.ko".
[/lib/modules/2.6.31-21-generic/build] is the location where the installer expects the kernel source to be (I am guessing). So unless I correct the terminal (by providing the location of the kernel source), I think I will keep on getting the same error message.
So to get the kernel source I visited: [URL]From there I copy pasted the command:
sudo apt-get build-dep --no-install-recommends linux-image-$(uname -r)
apt-get source linux-image-$(uname -r)
Everything went fine, but even now I don't know if at all I have a kernel source and where it exists on my machine.
I want to modify the source code of the kernel so that the new compiled kernel should disable USB ports.
View 4 Replies View RelatedCode: apt-get source linux-image-2.6.32-21-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
Picking 'linux' as source package instead of 'linux-image-2.6.32-21-generic'
NOTICE: 'linux' packaging is maintained in the 'Git' version control system at:
kernel.ubuntu.com/git-repos/u...untu-lucid.git
Need to get 86.7MB of source archives.
Get:1 pt.archive.ubuntu.com/ubuntu/ lucid-updates/main linux 2.6.32-24.39 (dsc) [5,568B]
Version 2.6.32-24 is downloaded instead...
What command can I use to download 2.6.32-21 - and not a newer one?
I want to restrict SSH so that its only accessible via the machines I own on this network. Obviously need to secure user authentication/host authentication, that aside though is the following sufficient at a network level given technical users also use this network? IP addresses are static, though I know they could be spoofed.
Code:
Chain INPUT (policy DROP)
target prot opt source destination
existing-connections all -- anywhere anywhere
allowed all -- anywhere anywhere
[Code]....
I have the kerne-devel and kernel-headers installed
How can i see the source code from the kernel?
First my uname -a
Code: Linux quad 2.6.33 #1 SMP Sun Mar 7 18:22:02 CET 2010 x86_64 GNU/Linux I am using Trisquel GNU/Linux 3.0. I am asking my questions here, since this involves non-free drivers. I succesfully installed the nvidia driver on the default kernel. But the default kernel has removed all support for DVB USB sticks, so I had to compile my own kernel.
I got the newest version from kernel.org. Saved the archieve to /usr/src/. unzipped the file in the directory (so my kernel source is now in /usr/src/linux-2.6.33/.) Made a symlink with ln -s linux-2.6.33 linux. I compiled the kernel succesfully. Did a "make install" and "make modules_install" and ran "update-grub". Restarted system. Cd'ed to my source directory and ran "make headers_install" succesfully. Looking at my timestamps, it looks like the kernel headers has been installed to /usr/src/linux-2.6.33/usr/include/linux/. I downloaded the latest x86_64 drivers from nvidias website. Went to console 1 and closed up X. If I start the installer without any parameters (sh NVIDIA*.run) I get the following error:
Code: ERROR: Unable to determine the version of the kernel sources located in '/lib/modules/2.6.33/source'. Please make sure you have installed the kernel source files for your kernel and that they are properly configured; on Red Hat Linux systems, for example, be sure you have the 'kernel-source' or 'kernel-devel' RPM installed. If you know the correct kernel source files are installed, you may specify the kernel source path with the '--kernel-source-path' command line option. lib/modules/2.6.33/source is a symlink which point to /usr/src/linux-2.6.33
I get the same error if using --kernel-source-path=/usr/src/linux/, /usr/src/linux-2.6.33/ and similar options which link to this directory through symlinks. If I use --kernel-source-path=/usr/src/linux-2.6.33/usr/include, I get the following error:
[Code]....
I am trying to install ubuntu on an old machine and no matter what version I try to install I get this same error.
"No installable Kernel was found in the defined APT sources"
The versions I have tried are (9.04server. 9.10desktop, 10.04 server).
I have swapped both the CD drive and HDD drive becuase, well i don't know why, but I have. This didn't work.
I have read [URL] and have tried changing my BIOS settings so that i have my config is:
IDE Primary Master : Maxtor 6Y080L0 (HDD)
IDE Primary Slave : HL-dt-st-sl8480b (CD-DRIVE)
This didn't work.
I have also tried doing the instructions posted by migraineman on the second page of the thread mentioned above but this also didn't work.
My specs are:
Cyrix 6x86 Processor
80Gb Maxtor HDD
LG-GCE CD-ROM Drive
319Mb RAM - 8Mb Shared
enabling parallel compilation of kernel source.I've read that setting the CONCURRENCY_LEVEL environment variable should do that. The problem is that I see only one instance of a running gcc in top, notwithstanding I have set "export CONCURRENCY_LEVEL=5".
View 1 Replies View RelatedI haven't used Linux very much, so I'm not sure how to do this. I'm presently running the 2.6.24-26 version of the Linux kernel on Ubuntu. However, I need to upgrade to 2.6.32. I have the source files (arch, block, firmware, drivers, kernel, include, etc), but I have no idea how to change the source of the kernel, or if there's an easier/automatic way to do this, and I specifically need the 2.6.32 version.
View 2 Replies View RelatedI'm seeking for a site to manually download the source of the kernel 2.6.31-14-generic for Ubuntu 9.10. I did search through the addresses listed in my /etc/apt/sources.list file but that was of no help. So could somebody please give me a precise address to download from?
View 4 Replies View RelatedI followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
I am trying to find the source code behind mkpasswd which I apt-getted from universe. I am trying to code a similar app in Java and want to see how the salt is implemented in the /etc/shadow file.
Bu I just can't seem to find any source about that particular program...
i've been looking around on the web as well as here on the forums for a cain and abel source code or a dpkg if i'm lucky LOL. It's getting to be a pain in the butt to go from ubu to my win7 partition for other security tools... I'm trying to look good for an internship here and this is getting to be a pain in the butt. Some people have said in outside forums there is source code and i have build-essentials installed so i figured i'd try that but i'm sitting here at almost 1am still trying to find it!
View 3 Replies View RelatedTrying to get the kernel source ...
rpm -ivh kernel-2.6.29.6-217.2.16.fc11.i686.PAE.src.rpm
error: open of kernel-2.6.29.6-217.2.16.fc11.i686.PAE.src.rpm failed: No such file or directory
rpm -ivh kernel-2.6.29.6-217.2.16.fc11.i686.PAE.src.rpm
No package kernel-2.6.29.6-217.2.16.fc11.i686.PAE.src.rpm available.
What am I doing wrong?
probably an obvious error so I apologise in advance - trying to install vmware player, and it needs the kernel-source to build drivers. I've gone out and downloaded kernel-source for my running kernel.
However it's complaining that the kernel-source (2.6.31.12-0.1) does not match the running kernel (2.6.31.12-0.1-desktop).
Presumably there's something I need to do in order to get the 2.6.31.12-0.1 aligned to 2.6.31.12-0.1-desktop?
I just recently installed SUSE onto my computer because I'm sick of Windows crashing frequently.
Now I'm trying to setup my hardware, seems like everything is fine except for my graphics card.
I have an NVIDIA Quadro FX 540, and I'd downloaded the suitable driver from their site.
However, upon installation, I received some kind of error that mentioned it can't find my kernel.h or something like that. Someone said I would need the kernel source to proceed.
What is the best way for me to set this up?
Here is my system info when uname -a is ran: Linux namid 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100 x86_64 x86_64x86_64 GNU/Linux
How to install kernel-source and gcc? Because if i want to compile module for installing Linux* Base Driver i've to install them first.
View 5 Replies View RelatedDuring installation of one of driver i needed to
Remove any earlier version drivers using
make clean -r command.
Where i m getting following error code...
Which is the best way to install kernel from source?
I want to download it here:
http://kernel.org/
But it is tar.bz2
How can I install it to my debian?
I know I have kernels in backports and repos, but I want to test and install it from source.
It is good idea to convert it to deb and install it with dpkg -i kernel.deb?
O maybe there are better way?
