Ubuntu Security :: Replacing A Possibly Compromised OpenSSH Key?
Sep 22, 2010
I have an OpenSSH server running on Ubuntu 10.04, and it works fine.
I'm concerned that my SSH key may have been compromised and would like to replace it.
I tried replacing keys before and reinstalling OpenSSH and SSH before but ran into terrible trouble so I'm asking for instruction before touching anything this time.
Code:
laeg@skyrocket:~/.ssh$ ls
authorized_keys id_rsa id_rsa.ppk id_rsa.pub known_hosts
Code:
laeg@skyrocket:/etc/ssh$ ls
[Code]....
So can I just synpaptic 'fully' uninstall SHH (although probably even less necessary than..) and OpenSHH, backup sshd_config, delete the two dirs referenced above, reinstall both packages, insert my sshd_config backup, and then start from scratch following the guides linked below?
View 9 Replies
ADVERTISEMENT
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Mar 28, 2011
Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
[code]....
View 6 Replies
View Related
Jan 25, 2010
Today any web browser I use has randomly been brining me to URL... at random intervals.I've run chkrootkit from a live cd, and rkhunter, clamav, f-prot, and bitdefender, nothing's unusual.All the definitions were up to date.I'm wondering if its possible that my router got hacked. I'm not sure this is even possible, but it's acting weird. Tried reflashing its firmware, didn't fix it.
View 5 Replies
View Related
Dec 1, 2010
A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings.
View 4 Replies
View Related
Jan 25, 2011
The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.
The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.
View 2 Replies
View Related
Dec 4, 2010
I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?
View 4 Replies
View Related
Apr 26, 2010
second time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?
View 9 Replies
View Related
May 7, 2011
I just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.
View 2 Replies
View Related
Aug 10, 2010
I have Ubuntu 10.04 and I used my ssh to connect to a webserver. This is the version that I have installed.
Quote:
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
Apparently the server was hacked using my user and the server admin suggested the my ssh can be tainted.
do a checksum of the ssh, but I cannot find this file on my system.
Code:
md5sum /usr/sbin/sshd
And I will need a md5 hash from a good untainted version and I cannot find that as well on the openssh website.
View 7 Replies
View Related
Mar 7, 2011
I've read that blowfish encryption is much faster and still safe enough to transfer files between hosts.What's the default encryption used by openSSH? (if not already blowfish)
View 2 Replies
View Related
Jan 27, 2011
i have openssh on my box with kubuntu 10.10, i didn't install it and would like to know it's purpose being on here
View 4 Replies
View Related
Feb 21, 2010
I just found these in my setroubleshoot logs and what the hell is going on:
Quote:
Summary:
Your system may be seriously compromised!
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux has prevented semodule from modifying $TARGET. This denial indicates semodule was trying to modify the selinux policy configuration. All applications that need this access should have already had policy written for them. If a compromised application tries to modify the SELinux policy this AVC will be generated. This is a serious issue. Your system may very well be compromised.
Allowing Access:
Contact your security administrator and report this issue.
Additional Information:
Source Context staff_u:staff_r:staff_t:s0
Target Context system_u:object_r:semanage_store_t:s0
Target Objects modules [ dir ]
[code]....
This isn't even the half of it either, there are other warnings in between them about netfilter_contexts unlink operations and /usr/sbin/semodule "rmdir" operations on modules.
All I can remember doing earlier was switching into permissive mode to change the type of a WINE application, the legitimacy of which - for system security purposes - I don't doubt. That, and generating policy for it which I tried running the install script for after changing the type didn't work. Neither of those actions seem like they'd try to remove the modules directory.
View 3 Replies
View Related
Feb 15, 2011
I suppose that my main Linux user account password serves as my SSH password as well. Is there a way I can modify this? As it turns out, I'd like to have a REALLY secure SSH password for obvious reasons, but a less secure local password, as it makes typing in passwords a heck of a lot easier on a machine. Is there a way I can change my account password in SSH without changing my Linux user password?
View 2 Replies
View Related
Jan 12, 2010
im using firefox 3.5.7 with ubuntu 9.10 but firefox since 3.5.6 and 3.5.7 keeps crashing a lot-just now it crashed my entire system-the whole screen went black. So to that end is use of opera or chrome secure for ubuntu?
View 9 Replies
View Related
Feb 5, 2010
I run Ubuntu 9.04 and was recently told by my university that my computer is massively port scanning the network. I am interesting in learning more about figuring out what is happening to stop it, but I am lost at where to begin. What steps should I take (or files to look at) to figure out what is happening?
View 3 Replies
View Related
Feb 16, 2011
My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients.
View 2 Replies
View Related
Dec 4, 2010
I'm a bit concerned about this. I've installed Kubuntu 10.10 tonight, and had tried it a week ago briefly without updates. Both times I've had this really loud sound which I'm guessing is the fan going a bit mad. Is this related to a newer kernel or something? Is it dealt with easily? This is a Toshiba Equium laptop from 2 1/2 years ago. I've got the Powersave setting on now in the hope this might stop it happening while I'm trying to read up on this and get advice.
After all the observed Linux progress since I've been using it I'd be quite annoyed if something botched in the OS kills my laptop. The computer got quite hot, even though its feet are rested on a wooden board that normally prevents this.
View 3 Replies
View Related
Oct 28, 2010
had 10.04 and one day the pictures on facebook stopped showing up. like the display pics. i figured it was an error so i finally got the error fixed, but the facebook picture problem was still there. i thought upgrading to 10.10 would fix it, but it didn't. anyone know why the pictures won't show up? this never happened using windows and they ppear on every other windows computer i use
View 4 Replies
View Related
Feb 13, 2011
I have an HP laptop. I had Ubuntu 9 running perfectly for months and now it won't boot at all. When I start the computer it begins with the BIOS screen (and option to enter startup/boot menu). Then, that's it! Black screen, no matter how long you wait. I am running Ubuntu live off of a USB stick so I know all my hardware is fine.
When it crapped out:
I was doing basic things such as I had Gedit, FireFox and Chrome (for emails) running. I wanted to do some image, batch edits and after googling a bit decided to install Picasa. The install seemed fine and I had Picasa up and running. All of a sudden a text file I wanted to edit with Gedit gave me an insufficient permissions error warning.
I do not remember exactly what I did from there but basically I closed out everything and shut down the computer, it hasn't booted since.
I really don't want to have to reinstall/reconfig my whole computer again. However I am not all that savvy with computers let alone Ubuntu, so if it's going to be a long, drawn out process trying to recover...
View 3 Replies
View Related
Apr 12, 2011
I recently followed a tutorial on how to get OpenLDAP running with Samba on Lucid. It worked pretty well.Here's my very frustrating problem with it. For the first 5 - 10 minutes after rebooting, password handling (possibly PAM?) is hosed, including for users in LDAP authenticating via Samba.In fact, I think the only reason I can SSH into the machine during that window is because I happen to have certificate authentication enabled and my client uses that.When I try to do a sudo command after logging in, though, and have to enter the password, it hangs. I've searched logs and haven't come up with much.I *think* it's related to this bug, but I'm not sure.And here's what's killing me ... it's not easy for me to figure out how to ensure that slapd starts before smbd and rsyslog (I read somewhere else that it needs to start before that for some reason) b/c most of the jobs are upstart jobs, but slapd is not.By default it runs at S19 in rc2.d, and I've tried manually lowering that as far as S05 or S07, but I'm still having trouble.
View 1 Replies
View Related
Aug 19, 2010
I recently acquired an HP Pavilion 7845 and have since installed XUbuntu on it. The onboard video, which is shared with the main system memory, is OK. But I am wondering if there are any compatible PCI video cards (possibly with DVI output) so that I can use it with a 32-inch LCD TV I have.
View 1 Replies
View Related
Jun 28, 2010
Currently have multiple small DNS-323 NAS-in-a-box that need to be replaced with a single storage server.
Since the setting is for an advanced home server (2-3 simultaneous clients max) that will hold movies and application/game ISO's, I was originally going to go with a simple RAID6 on freenas. As I learned about silent data corruption, and with a max of 3 simultaneous users, I don't see a need for a hardware raid processor. So I gathered that software RAIDZ (RAIDZ2) based on ZFS or BTRFS that prevent silent data corruption would be a better match (please correct me if I am wrong).
NEEDS: The needs (in addition to prevention of silent data corruption) are basically online capacity expansion (OCE), and 2+TB volumes (64bit LBA); with a preference for the ability to spin down idle drives. I'm going to make the assumption that any solution I go with will allow me to read/monitor actual SMART drive data.
STUMBLING BLOCK(S):
1. Would someone validate the (perhaps mistaken) assumption that since BTRFS is integrated into the latest Linux kernel, it is mature enough for NAS candidacy.
2. Please validate: Forward-compatibility of BTRFS has been stated (no need to reformat with subsequent BTRFS updates).
3. Am I missing any NAS software (open-source or otherwise) that would meet these requirements and provide a nice pretty graphical interface?
4. What software solution would you recommend? (btrfs on xxxxx? zfs-fuse? linux+xfs (+mdadm)? ..?)
5. What are my next steps?
Accumulated hardware for project:
SERVER: 3u chassis with 16hot swap trays. Tyan S5360G2NR i7520 mainboard. Single Intel 2.8Ghz CPU (dual-capable). 4GB ECC RAM (do i need more?). Dual hot-swappable 550W psu. CD-ROM
DRIVES: Eight 1.5Tb SATA drives, plus an additional four that are in-use in the DNS323 that I will migrate over using OCE. Four 750 SATA drives that are also in-use and can be migrated over via OCE. One 16Gb SATA SSD, intended for Boot OS and logs.
INTERFACE CARDS: Two 3Ware Escalade 9500S-8 8Port SATA RAID (PCI-X, 64bit) [can change these to something else].
UPS: 1500VA
View 3 Replies
View Related
Apr 1, 2010
I got a full system crash each time I try to do anything with network. Been fighting with this problem for weeks now. What I did: -tried every driver for broadcom4312 and it turned out that it even crashes with cable net
-got rid of networkmanager
(
Mar 11 08:01:43 geburah NetworkManager: <info> Activation (eth1) successful, device activated.
Mar 11 08:01:43 geburah NetworkManager: <info> Activation (eth1) Stage 5 of 5 (IP Configure Commit) complete.
)
used:
ifconfig eth1 up
[Code]...
View 2 Replies
View Related
Jun 25, 2010
I've been using Linux for a few years and have managed to find what I need searching (including this great site) until now. I have managed to mess up a substantial partition and don't want to possibly make a bad situation worse by bungling around an area I know next to nothing about. I'll try to explain it fully.I finally built a new PC (750GB internal HDD, 4GB RAM). I'm used to Kubuntu so I installed that (10.04 x86_64bit); partitioned sda1 1GB swap / sda2 OS 20GB ext4 / balance sda3 home ext4 for time being. Everything runs sweet. My old PC (very, PIII, but more recent 500GB internal HDD) partitioned sda1 486.31MB swap / sda2 OS 22.82GB ext4 / balance (442.46GB) sda3 home ext3 (ext3 because /home was inherited from an earlier install prior to Kubuntu going ext4). Old PC was having PSU prob. I don't have an external HDD or any other large HDD and not enough DVDRs for 280GB or so of data current in /home. So I backed up what I could risking the old PC working long enough. Got the critical stuff, business etc. There remained some 150GB or so, years of pictures, videos, info on car repairs etc (some but by no means all on semi annual DVDR backups). Free space current in new PC's /home partition ~500GB. So I took out the HDD from the old PC and put it in the new in order to copy the remainder then use it in the new PC; made sure BIOS of new PC indicated this 2nd drive did not have boot priority. The correct install booted.
To my surprise (maybe not yours?) during boot with zero indication, Kubuntu decided to use the 2nd HDD's /home partition for its new 442.46GB swap partition instead! I was horrified. I unmounted it immediately but... according to GParted the partition with all those files to copy is now:/dev/sbd3 File System: unknown 442.46GB Used: --- Unused: --- no flags
I was surprised by kubuntu changing its partitions without input and assuming a ext3 file system on a secondary HD for a 442.46GB swap partition. But, mistake's on me. Call it a lesson. Now I need to know more but don't want to experiment unduly on this drive and possibly make things worse: What should I do next?
View 4 Replies
View Related
Nov 5, 2010
I'm trying to RMA a month old SSD, and they're giving me a hassle about it. The drive currently seems to work just fine, but I'm 95% sure that a few blocks went bad and corrupted some data about a week ago. I was able to mostly recover the data and correct for the bad blocks, but I don't really trust the drive anymore.
I'm running an up to date Debian Squeeze install with ext4 on this drive. My system started doing some bizarre things, to the point that it was unusable, so I rebooted it. As it was booting up, it complained about needing an fsck, which found dozens of non-trivial errors that it was mostly able to fix. It then proceeded to boot normally, except the drive mounted itself as read only (due to errors). Another fsck turned up a similar number of problems. This happened a couple of times before I ran fsck with '-c', which is supposed to scan for and work around bad blocks. That seemed to fix the problem, it hasn't given any more problems since then.
The manufacturer is refusing to RMA the drive unless it's completely unmountable right now this minute, saying that it was a one time problem that could have been caused by anything. Am I right in thinking that the problem has to have been with the drive if 'fsck -c' fixed it, or could something else be going on? If it was the drive, am I somehow being unreasonable in asking for a new one while the current one is "working"?
View 5 Replies
View Related
Dec 16, 2010
Is there a way to possibly launch a terminal by using a keyboard shortcut?
View 4 Replies
View Related
Oct 7, 2010
I need to write a script (possibly awk) that is able to process 2 files, but I am very new to awk and I have problems in how to process 2 files at the same time.The first input file is samples.txtthe formattime_instant measure
Code:
903.0 -
906.43 18.4
[code]....
View 2 Replies
View Related
Oct 3, 2010
I wrote a script that easily runs it in the same directory as it was run below: #for f in *.MTS do ffmpeg -i "$f" -acodec copy -vcodec libx264 -threads 2 -deinterlace -vpre slow -b 20000k -bt 3000k -refs 4 "${f%.MTS}.mp4" ; #done
I want to be able to use the find command so it will recurse through all the videos in my videos folder. Is there a painless way to do this. Here is the start of my find command but it doesn't work. Any help appreciated:
find . -name "*.MTS" -exec ffmpeg -i 'basename{}' -acodec copy -vcodec libx264 -threads 2 -deinterlace -vpre slow -b 20000k -bt 3000k -refs 4 'basename{%.MTS}.mp4'
View 8 Replies
View Related
Oct 5, 2010
last week I encountered the following problem: The update manager suggests a distribution upgrade (strange enough since I already have 10.4 and 10.10 is not released yet). The even worse part is that 24 packages shall be removed from my system, including acpi, cryptsetup, network-manager, nvidia-current, plymouth-x11, samba and wine. About 5 weeks ago I experimented (without success) with disabling plymouth because I wanted textmode during booting. I found some warnings that one should not completly remove plymouth because lots of dependencies including cryptsetup (which is vital to my system). So I did not remove plymouth (a look in Synaptic confirms this), but I may have changed some settings concerning plymouth.I am not sure what this upgrade is about.
View 3 Replies
View Related
