I see these activities logged on a fairly regular basis in /var/log/auth.log and was wondering if this is normal activity?
firefox: gethostby*.getanswer: asked for "ftp.cs.rose-hulman.edu IN A", got type "DNAME"
The format is always the same, though sometimes the address is a regular Internet site.
i am investigating on solutions to trace a file deletion on a computer( Linux O/S).i also need to determine weither after a file deletion or download on a computer, the computer clock had not been modified. In case a file has been downloaded on a computer and then transferred to a removable device, i need to find out the file activity. i mean i should be able to tell that the file was downloaded and transferred to a device with possible specifications.
View 2 Replies View Relatedif you go to Edit > prefs > security and choose to show saved passwords they are displayed without entering root pw. This seems to be a huge security hole. How do we fix this?
View 8 Replies View RelatedThe only window that's open is the terminal running this command, no pidgin, skype, samba, torrent or anything I can think of is using the network yet there is ***** load of output from tcpdump. I was hoping to use this to check where certain applications connect to and what messages they send but when I'm doing nothing there is already more output than I can go through. Running tcpdump for less than 10 seconds gives me the following output:
Code:
16:13:22.015683 IP ns.hihkptt.net.cn.domain > desk.local.56598: 46887 1/2/2 (166)
16:13:22.016251 IP ns.hihkptt.net.cn.domain > desk.local.60099: 21168 1/2/2 (166)
16:13:22.016743 IP ns.hihkptt.net.cn.domain > desk.local.42325: 50346 1/2/2 (166)
16:13:22.034733 IP ns.hihkptt.net.cn.domain > desk.local.41441: 63658 1/2/0 (134)
16:13:22.035215 IP ns.hihkptt.net.cn.domain > desk.local.42865: 37537 1/2/0 (134)
16:13:22.036124 IP ns.hihkptt.net.cn.domain > desk.local.35006: 7520 1/2/0 (134)
16:13:22.036569 IP ns.hihkptt.net.cn.domain > desk.local.38480: 51322 1/2/0 (134)
16:13:22.066006 ARP, Reply 192.168.0.1 is-at 00:b0:0c:02:60:9c (oui Unknown), length 46 .....
Was wondering if this is normal. I have a laptop which is about a year old. Recently my battery died (it last 10-15 minutes instead of 3-4 hours as it was before). I ordered a new one. While waiting for the new one I started to investigate power consumers (processes) on my machine. I run slackware64-current. with 2.6.33-rc4-git7 kernel. config - is slightly modified config-generic from -current. I attach t here for any case. Here is the output of powertop:
Code:
PowerTOP version 1.11 (C) 2007 Intel Corporation
Cn Avg residency P-states (frequencies)
C0 (ЦП работает) ( 9,0%) 2,27 ГГц 2,6%
[code]...
How can I decrease number of wakeups?
How can I track down what's using my nic and kill it (if appropriate). There are no applications running which might be authorized to send and receive packages, so I don't really know why the System Monitor shows network activity.
View 9 Replies View RelatedI tried to do a scheduled software update several times today (8/20/11) and nothing seems to download, though I do get the "Downloading" PackageKit dialog message (the System Monitor shows practically no network activity). In between tries I downloaded some 600 MB .iso files (about 10 minutes each) so I know my internet is working properly. That leaves either PackageKit got hosed in my last update, or servers are down.
View 2 Replies View RelatedHow can I make the security applet stop showing an update for firefox 3.5.9? I have a more recent version installed from mozilla repo: firefox 3.6. The mozilla repo already has a higher priority (95 instead of 99), so I don't know what to do.
View 5 Replies View RelatedI like the easy readability of fwlogwatch (as compared to the Log File Viewer). But fwlogwatch doesn't display port number or date when I run it in terminal.
Is there a log viewer that displays clean like fwlogwatch but displays all the information that Log File Viewer does?
Some time back using this computer a SucKit rootkit was found. Having dd urandomed the drive, flattened CMOS battery, flashed BIOS, run Knoppix live CD 6.1,using no flat pack battery (laptop), and memtested the RAM, I am still having problems with what I suspect is a javascript file that tries to reload the rootkit from? firmware. I suspect the firmware as everything else should have eradicated it??
Also it or a hacker via a backdoor then corrupts the drivers so devices malfunction. Windows security programs and rootkit detectors don't seem to pick it up. Fresh install of Windows or linux after the above still show this problem, though internet not used. The person who admitted rootkitting this machine is capable of writing java programs or using javascripts to do all this.
When viewed using Ubuntu 8.4 files and dates on a Windows partition appear normal both in file manager and terminal. However booting using Knoppix CD these files are all green, and I cannot change their permissions, even as root. ie: everything is green including text files etc. If I copy them to a linux partition, I can change their permissions and make them nonexecutable and nonwritable. Also on the Windows FAT32 partition the . directory has the date 1 Jan 1970.
If I disable any green files, I can shutdown and reboot cleanly. If I don't I start having problems shutting down [/usr/sbin/init ?] And always these follow a pattern:
Can't remember details as I have now corralled the beast but error messages relating to:
nfs-server
inet.d/statd
are the start of these.
My system started running at 75 % CPU (its normally 20%), so I opened a terminal and looked at 'top', there are many processes running as root, the one thats sucking the CPU is this:'user'- root, 'pid'-2963, 'command'-X. below that there are a few processes of my user account, then alot more 'root' processes.
View 2 Replies View RelatedI have an auditing problem. I am required to be able to track user account modifications (creates, deletes, password changes, etc.) My team and I implemented auditd 1.7.17 and borrowed an existing rule set from /usr/share/doc/audit-1.7.17/nispom.rules. What we're seeing is that user account activity from the command line is retrievable by doing an 'aureport -m'. However, doing the same through the GUI, 'aureport -m' does not display the activity. So I have two questions:1. Is there another location I should be looking to find the user creation activities when using the GUI?2. Is there a way to make the activity using the GUI be captured in /var/log/audit/audit.log so 'aureport -m' can report it?Someone suggested a PAM configuration change, but was not able to tell me what change to make.
View 3 Replies View RelatedI would like a program that records my desktop activity as a video file. Do you know any nice program to do that? Moreover it would be nice afterward to insert this video the openoffice or microsoft's powerpoint. Do you know what is the "best" video format that guarantees the biggest interoperability (the ability the video to play in different platforms).
View 6 Replies View RelatedI'm on Debian 5 - when I run the w command, it reports 2 users, but I'm the only person logged in. Is this cause for concern?
Code:
curos@histeria:~$ w
16:17:25 up 4 days, 11:56, 2 users, load average: 0.00, 0.00, 0.00
[code]....
I have upgraded from Fedora 14 to 15 (both 64 bit) today.
In F14, I had no problems watching flash movies.
After the upgrade, this fails. I have been through [URL] but still no luck.
Yes, I have ndiswrapper installed. Flash is the 32 bit version (64 bit version is still a bit scary to me, it being beta with known bugs). I can see the plugin in firefox. I have NO gnash installed.
I have xfce on my machine, running lucid lynx. For some weird reason, I can't change my firefox home page. I've changed it to the same one time and again in preferences, but every time I open firefox, it shows all the files in my home directory, including hidden ones. I uncheck the "show hidden files box", change it again in "preferences", but it still does this. And the home page in "preferences" is set to the right page I want; firefox just won't go there when I start it up. I really don't want my home directory in plain view like that; how do I make firefox recognize my settings?
View 2 Replies View RelatedI am using unbuntu as root. I've made all the edits to my etter.conf file as follows:
[privs]
ec_uid = 0
ec_gid = 0
and:
remote-browser = "firefox -remote openurl (http://%host%url)"
I also turn on ipTables. I then start my attack as follows:
ettercap -T -Q -M arp:remote -i eth1 /client-ip/ // -P remote_browser
echo 1 > /proc/sys/net/ipv4/ip_forward
ettercap -T -Q -M arp:remote -i eth0 /target_ip/ /gateway_ip/ -P remote_browser
My problem is Firefox only shows https:// pages and not regular pages like google. I'm stumped. I have no clue why. I've tried other versions of linux. Different computers and still the same result. If I turn quiet off I see in my terminal all the traffic.
I updated and removed some packages that could not be upgraded, and now Firefox and Google Chrome show web pages in bold font by default. By this i mean that all pages not setting font-weight explicitly.
This is on Meerkat, upgraded from long before (Lucid, i believe). I'm guessing the KDE packages are due to me having Amarok and konsole installed some time long ago, so i assumed i could ditch these.The terminal output from the commands above is attached.
My wife was using cryptkeeper fine, then she right-clicked the keys on the panel and did something, I'm not sure what. Anyway, the keys you click on to open the encrypted folder are gone and I can't figure out how to get them back. System monitor shows cryptkeeper running. I can kill it and re-start it, but the keys don't show on the panel. I'm running ubuntu 9.10.
View 1 Replies View RelatedAfter installing ubuntu 10.10 on pc i had it running fine for roughly 2 weeks. i have selected automatic login so i do not need to mess about logging in etc, but recently my pc asks for my password to unlock keyring once it shows my desktop.
View 2 Replies View RelatedDoes anyone know when we'll see Firefox 3.0.19 packaged for 8.04 LTS? I'm still stuck at 3.0.18. And what will happen after this? My understanding is that after .19 Mozilla is dropping support for FF 3.0.
Upgrade policies not withstanding, I find it rather annoying when an "LTS" release doesn't keep up with the most security-critical package in the distro, the browser. 8.04 LTS should have moved to FF 3.5+ a *long* time ago. Now it seems it will be forced to do so or else just forget about browser updates for the last year of 8.04?
I know I can install the current Firefox with ubuntuzilla, I just keep wishing Ubuntu would do it for me.
I'm using fedora 13 x86_64 and firefox. I have installed flash player: flash-plugin-10.1.82.76-release.i386.rpm.
Whenever I open any website having flash content, firefox shows missing plugin symbol and message.
I am running Fedora 13 - 64-bit variety and using KDE as the gui. No real issues asides from machine not exactly flying, but then this is a mere core 2 duo 1.6 with 2 gigs of ram, so not unexpected...
When I run top I see 3 users indicated - which worries me somewhat... I am the only user on this machine.
I come from a Debian / Ubuntu /Gentoo knowledge-base and this laptop is a fresh install, encrypted partitions, temp has own partition (encrypted too) and obviously the firewall is on, with ssh service turned off and ssh access removed in the firewall....
is this 3 users in top normal, or have i managed to be hacked in the 3 - 4 days since I started the install ? In all this time I have been sitting behind a router when on the net.
Am I looking at a fresh install, or are there valid reasons for the extra users?
I just ran "users" in terminal and I show up 3 times - I have only logged in once, through the GUI and no extra access routes
Here is the message:Failed to execute child process "/usr/lib/firefox-3.5.4/firefox" (No such file or directory)Firefox is installed and is there.
View 10 Replies View RelatedFirefox 3.5 has a critical java script vulnerability as noted in the recent news. I had to manually update to 3.5.1 using the mozilla tarball because there's still no Firefox 3.5.1 in Fedora Updates or even Fedora Updates Testing repositories. Is this normal? I didn't want to resort to using the mozilla one because now I can't use flash (my system is 64 bit and mozilla only seems to offer a 32bit tar file of Firefox) and having two Firefoxs means dealing with the ProfileManager, separate bookmarks and so on.
I'm trying to find out if I'm just looking in the wrong place, I tried the normal mirrors for "updates" for Fedora 11 and then updates-testing and also the baseurl for "updates" to get rid of the mirror update delay. None of them seem to have 3.5.1 ?
I have KDE 4.4 and Firefox 3.6. Whenever I click a link from a plasmoid widget, it tries to open Konqueror and another instance of Firefox. The page actually loads in the opened Firefox window, but the task bar shows an instance of Konqueror and another instance of Firefox, that keeps loading for a while then close. See image below:
I currently have setup the browser default application as "firefox". If I set this option to use the default application, it opens in Konqueror and I don't see additional windows in the task bar. If I change the option to "firefox %u", then it exhibit the same issue, but the process is much faster, so the loading windows don't stay for long in the task bar. Additionally, it opens the link on a new Firefox window and opens the page twice. Although Konqueror is not loaded, the bouncing icon next to the mouse pointer shows up and stay for a while.
I have Ubuntu 9.10 installed and up to date.
I have an HP Laserjet 2200 connected via USB with 64MB of memory. When I print page 2 of this document (for example) [URL] the delta-symbol and minus-signs do not show up, although I see them in Adobe reader version 9.3.
I have tried several of the available drivers for the printer (including the "[recommended]" one) and none of them produce these symbols.
I'm guessing this is a font issue. I don't know how to show you what font stuff I have installed.
[Code].....
I didnt used ubuntu till now..and now i decided to start with ubuntu and downloaded the iso file torrent from Complete Download Options List | Ubuntu named ubuntu-9.04-desktop-i386.iso.torrent...but after downloading it shows that its a winrar archive......can i do anything with this rar?
View 3 Replies View RelatedOn FC11 64 bit with Adobe flash plugin for Linux installed, I see segfault errors from "npviewer" in /var/log/messages. The only browser I have tried yet, Firefox, has glitches every now and then. Sometimes it shows the title of a page in a tab, but the page is blank. This can even happen when I try the Google main page. Is it true that npviewer has something to do with Adobe flash? Is there a way to fix the problem? If it is caused by Adobe flash, is there a different plugin that will replace Adobe flash player?
View 1 Replies View RelatedI was just wondering why my Dual-core Processor shows basically a mirror image where CPU core loads cross. On something like a file transfer, shouldn't they both be at the same level?
View 1 Replies View Related