Is there anything suspicious about this auth.log? I find the many CRON outputs and the part with gconftool weird. Also, why don't I have the permission to view "/var/log/btmp1". It has never happened before.
I'm using GNOME's log viewer.
[Code]...
I have been running rkhunter but how do i view the /var/log/rkhunter.log? I have tried using: sudo /var/log/rkhunter.log but all i got was "Command not found?
View 6 Replies View RelatedWhat the most harmful thing can malware program started as separate limited user account do if it has access to the X server? Network and filesystem things are already considered by chroot and netfilter.
It obviously can lock the screen and I will need to switch to other vt and kill it manually. Can it for example disrupt other GUI programs on the same X server (access a root terminal in nearby window)?
I know that it is safer to run it in separate X server, for example, in Xtightvnc or even some virtual machine, but how dangerous is to just run it like other programs?
I got this warning in the log of rkhunter:Quote:
Checking /dev for suspicious file types [ Warning ]
[13:37:16] Warning: Suspicious file types found in /dev:
[13:37:16] /dev/shm/pulse-shm-43136623: data
[code]....
I come to Ubuntu with the notion that it is much more secure than Windows. In XP I had an anti-virus, third-party firewall and sundry softwares against spybots, rootkits etc. The anitivirus blocked the suspicious web pages while browsing. I generally avoided public networks, carrying a portable internet device Do I need similar stuff with Ubuntu.
View 9 Replies View RelatedI know this post isn't strictly linux based, but since the system in question appears to be using Linux and I am as well I decided to post this here. In doing other network playing with Ubuntu Sever 10.10 I noticed that on all traceroutes I did to any IP the second hop from my house jumped through a connection on IP 24.96.153.61 which I think should only be another dynamic IP Knology.net customer...
In scanning the IP I now know that its a Juniper Junos Router 9.2R1.10 (Probably running on some VMware based on googling?) Open ports show: 22 ssh openSSH 4.4 v. 1.99 23 telnet Openwall GNU/*/Linux telnetd
At first I thought this was just a legit Knology.net DNS server or something, but using such outdated versions and freeware... I feel suspiciously like this is something else. Also, why in the world would knology allow remote access to their mainframe equipment? Seems that if it were ever breached it would be beyond terrible for the ISP...
Finally, why can't people not SSH into my box from the outside if I have MAC address filtering on? Anyone know anything about this or am I just being paranoid? I'm a noob, so knowing too little about all this is probably more the problem?
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
How do I get rid of this suspicious file?
I have suspicious requests in my haproxy logs from multiple sources to the same target. I could deny them in /etc/hosts.deny, but there are too many to keep track of. Is there a way to deny all requests to a specific target either in haproxy or through iptables?
Here's an example of the request: Apr 12 15:11:37 127.0.0.1 haproxy[28672]: 41.105.42.150:27072 [12/Apr/2011:15:11:37.315] web_servers frontend_farm/######## 3/0/1/1/169 404 1073 - - --NI 3/3/2/1/0 0/0 "GET /images/comment_icon.gif HTTP/1.1"
I've commented out my amazon instance id for security purposes. The request is for comment_icon.gif which does not exist. All requests go to that. The source IPs are from different countries as well. Blocking a certain country won't work either. Basically, if there was a way to send all requests for comment_icon.gif to /dev/null or something it would work.
My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ...
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
[code].....
I have setup sharing on my macbook and my desktop pc. The sharing folder has all my music on my mac in it. It comes up on my desktop (ubuntu) as 'my name's public folder on my names's macbook' and i can go into it as get as far as the music folder but when i try to access it i get the folder contents can not be displayed you do not have permission to access this folder. How can i access it?
View 3 Replies View Relatedubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies View RelatedIs there some way to view the an openssh servers auth logs in real time?
View 2 Replies View RelatedWhat are all the ways you could think of that someone could view your browsing history, upstream from your machine? They don't have physical access, there's nothing on the computer itself and the person trying to hack has skill so I'm thinking like monitoring a proxy somehow, using the ip address somehow, compromising the modem in some way, possibly having access to google account etc. I am new to ubuntu and have really dug it so far but I want to figure how this is/was being done
View 9 Replies View RelatedI have received an email with a .csv attachment from a bank, and need to know how to view the attachment without risk. Using View>Message Source I see a large solid block of random upper and lower case characters, whereas I would expect to see some readable text mixed in. The email subject and the attachment name both contain data specific to me, but the text of the email consists largely of disclaimers with no mention of my name or any clue as to the nature of the attachment. I am using Thunderbird as my email client.
View 8 Replies View RelatedI am having issues with using OpenSSL. How do I view the currently used certificate? Also, do you know of a good site that has instructions on how to install a certificate. The previous user installed a GoDaddy cert for an FTP server and I need to update it because it's expiring real soon.
View 10 Replies View RelatedI recently installed Ubuntu 10.4 on an Intel machine. The machine also has Windows 7. So some of the partitions of the hard drive are Windows compatible (NTFS). They are all mounted when system is booted with Ubuntu and all files are accessible. However, when I try to change permission or limit access to a group, CHMOD command does not work. It doesn't return any error and everything seems to work fine but I can't change any permission.
View 8 Replies View RelatedI can do easily sudo, gksu and gksudo in terminal, but when I click for update but in the software center:
screenshot1.png
and my password don't work I does this with update manager too
I would like to allow a user to login through SSH but with differentpermission coming from different ipaddress.For example, a user "tester" login to SSH through 192.168.1.1 andanother user login with the same login id "tester" but from differentip 192.168.1.2.How do I restrict 192.168.1.2 to only allow for viewing the content inthe home directory while giving 192.168.1.1 full access?I got a suggestion from some oneApproach 1) Based on the ip you change the shell. If it's just for read only ajail would be fine.but how do I change shell based on IP?Approach 2) to have two ssh instances. Let's say port 22 and port 24. Port 22 isfor read only, while port 24 is for full accessso how can it be possible to give port 22 only read only access to SSH
View 1 Replies View RelatedI am using Ubuntu 10.04-alternate-amd64 for full disk encryption. After getting my updates which i get as soon as they are released. I am getting the issue temp root (sudo) password is not being revoked. After using any app that requires the use of sudo the permission for it does not get removed like it normally does.
I have tried logging out then back in, which usually removes the permission, this no longer works, also tried waiting and even after 1 hour permission still there. The only work around I have found is to use the terminal to execute the required programs then after closing terminal the temp permission is now removed like it should be. This issue has effected all of my systems and a friend of mine as well, (friend uses same distro).
To replicate issue:
1) Boot system.
2) Login.
3) Check for updates or any other app that uses root permission.
4) Logout
5) Login
6) Repeat step 3
7) App will not ask for permission it will use root permission automatically.
I run lastb every now and again to see who is trying to p0wn my box and it dates back to november 08. how do i clear these entries to i can get a more update view? or if you know a way i can do a 'more' or something so the IP's are not flying by that would be cool too!
View 2 Replies View RelatedI want to view a hard drive and see if it has all zeroes, how would I do this? I want to view a hard drive and see if it has all random data, or random data mixed with zeroes. How can I do this? I prefer to do all this in linux if possible without a gui...so looking for any cli tools to view with.
View 5 Replies View RelatedI have an ubuntu 10.4 installed on my laptopI had an ubuntu 9.4 on bootable usb memory stick and I thought to install ubuntu 10 .4 on bootable usb memory stick. I format it into fat16 and after that I can not write anything on my memory stick. It says permission denied I tried sudo chmod 777 /dev/sdb1 also I tried same command on the folderwhere I mounted it. After I tried chown command in order to change ownership from root to my-username it failed too. Please someone tell me how to make my usb memory stick again writeable ?? Also startup disk creator does not fix it
View 2 Replies View RelatedI am trying to install COMSOL 4a in Ubuntu 10.04 and when I try to run ./setup and I am already connected as root the command line gives me a permission denied error.
View 6 Replies View RelatedI am having difficulties assigning permission for wordpress to write files. I am having problems with the permalink within wordpress and I think it might be because of the level of permission wordpress has. Currently on my system I need to set permission to 777 in order for wordpress to write to the .htaccess file.
I am running my website on a Ubuntu machine. Version 10.10 Apache2 2.2.4
However, when I leave the permission level set to 777 I still cannot get the permalink to point to the corrent page......See my discussion on this here. [URL]
I think what I need to do is change wordpress to use a user permission or a group permission and not "everyone". I would rather have wordpress setup to login as a specific user before it can write over a file.
I have, say, 10 machines, connected via NFS and NIS. There's a server which exports the /home using NFS, and exports the user names using NIS. All machines are working fine. I am able to ssh to the machines remotely and get my work done.Recently though, one of the machines (say M, for easy reference) would not allow any other machine on the NFS network [or outside the NFS network] to ssh into it. Every time an ssh attempt is made, 3 IP addresses [including the machine from which an ssh attempt was being made] are added to the /etc/hosts.deny file on M, and the error message on the other machine shows 'permission denied' after the password is entered. I tried using various options that ssh provides, but I cannot figure it out. I also tried uninstalling and reinstalling openssh-client and openssh-server on M, but it didn't change anything.
Another point to note is this: another user made use of M before, for a while, by disabling ssh passwords - so he could access M without having to enter his ssh password. That individual can still log in to M. All others who require to enter a password cannot ssh into M.
Just installed Lubuntu on my lappy having had Ubuntu 10.04 in the past and liked it. I dont seem to be able to get permission to move files though?I open LXTerminal and have tried the commands:Sudo nautilusgksudo nautilus
gksu nautilusBut still I cant drag drivers into the driver folder? (/usr/lib/xorg/modules/drivers)
I have a ftponly user "rom" in my box. This is used by our vendor to send files through ftp. When they send files the ownership of files are all the same as user name group created in this machine.But our application engineers use another user name "deb" to process these file. But as the owner of these file are "rom", they cannot process with their user. Manually they modify the user name and group and then they able to process.The group ID of the two users are different and its application dependent.how should the ownership will be modified automatically or is there any workaround or script to modify the ownership of these file for application user's?
View 5 Replies View RelatedI would like to allow a user to login through SSH but with different permission coming from different ipaddress.
For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.
How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?
I have recently bought a new laptop, installed my first linux OS on it (Ubuntu 9.10) and an external hard drive with 500GB on it for backup. For the first few days my external hard drive was working fine, but then eventually it wouldn't let me copy/move/delete stuff to and from it. So I kept trying to change the permissions but it wouldn't let me.
I figured this would be a very very common problem, so I looked up some forums to try out the methods but they didn't work. So I thought I would ask you guys for help because I am pleased with the support. I wouldn't think this would be a hard problem to solve.
I have Ubuntu9.10 installed in my laptop, and I want to give read-only permission on mass storage device (USB flash & external HD) & CD-ROM.
please guide me how this is possible. It should be automatically.
It's necessary for security purpose.
