Ubuntu Security :: Unexpected Download - How To Investigate
Aug 27, 2010
One reason I left Windows behind, particularly with a 3GB a month download limit, was that Linux generally only downloads files when you expect it to. Having the cap on downloads I run Netmeter in Wine. Now if like today I see a large unexpected download (pic) which is even in red to increase the paranoia, how can I find out what it is preferably while it is happening? It does not seem to be an email with attachment (I run Thunderbird); Nothing in Downloads, and as far as I knew application updates only happen after confirming permission in update manager?
EDIT: The problem is more basic than dnsmasq. On testing to see if the nameservers are reachableCode:root@ps1:~# ping 218.248.255.146connect: Network is unreachablePost title pre-pended with [DO NOT REPLY] dnsmasq on a recent Slackware 13.0 install is not resolving. Usually dnsmasq "just works". I have tried all the problem analysis techniques I know and am stumped.
First the symptoms: Code: root@ps1:~# vi /etc/dnsmasq.conf
I installed F14 on a friend's computer a couple of weeks ago. Today she called me saying that her ISP called her telling her they'd have to cancel her internet if she didn't fix whatever virus was sending port scans to edu domains that they'd gotten complaints from. I thought "well, there's a first"... I've got ssh to her computer, so i shelled in and ran a couple of commands, but i really know very little about how to investigate this kind of stuff.
She's directly connected to her cable modem via cat-5; but she does have a wireless card installed --she just doesn't use it, nor a router, afaik, nor as far as i'd seen when i setup her printer. I googled a bit, and ran a couple of commands, and 1 of them was interesting because it APPEARS that her wireless card is ON and the eth0 is OFF? Perhaps someone will know how to read this output better than i, and the output of the other command that i ran. Also, does anyone know any other ways to properly investigate this one? FWIW, she does use transmission to download torrents.
Anyway, here's the commands i ran: Code: [root@localhost ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:21:97:9b:70:29 brd ff:ff:ff:ff:ff:ff
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:1e:e5:9c:b6:8a brd ff:ff:ff:ff:ff:ff [root@localhost ~]#
Twice this week I've tried to download " Important security updates". Each time the response is:
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/...u9.5_amd64.deb 404 Not Found [IP: 91.189.88.30 80] W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/...u9.5_amd64.deb 404 Not Found [IP: 91.189.88.30 80]
Got PGP 6.5.8 for Linux working with Ubuntu 10.10. It involved converting two .rpm files to .deb with the alien utility and then installing by simply double clicking on the .deb files in the file browser invoking the Ubuntu Software Manager. I put the two .deb files in a tarball (tar.gz) and would like suggestions as to how to make the tarball available for other Ubuntu users to download.
How do you know if a site is safe to download from ? Have only been using Mint 11 for 3 days after 7 years with windows and the usual safety nets there were the https headings and firewalls blocking stuff but how do you know something is safe in Linux ? In short how do you know it's a trusted site ?
Let's imagine this can be done in Firstarter, as there already is a fine lockdown option there: A kind of RULE: on [program/service] exit/completion of download - then lockdown connection [usually the eth0].
[Edit:] Or for that matter, put a lockdown action on any premise like inactivity on port 80 or such (all the rest),
I heard Linux's security is actually worse than Windows. What could I do to make it more secure? I can't download programs such as Avast and Spybot, right?
I have totally exhausted my search to find IPBlock. I use it on my other Ubuntu machines but for some strange reason I cannot find it anywhere for my Ubuntu 10.10 Maverick. I know where the iplist is but not the actual file IPBlock download
I took my Dell Netbook and built some kind of networkstorage around it, with an external USB-HDD.
So far everything is working as expected, the only hassle is that the netbook tends to go to sleep unexpected, for example while playing music, running streamripper or downloading a linux distro.
I couln't find any hints in the syslog or the PM logs what is causing the system to go to sleep.
I'm having problems logging on to ICQ. This is the error I get: Received unexpected response from [URL] : useTLS=1 is not allowed for non secure requests. My pidgin seems to be the latest one. The only thing I have changed is I have upgraded to 64 bit OS.
We are testing Ubuntu as the base for our products, we create custom Karmic installations (debootstrap + some extra packages) and then deploy our software, these systems can start in two different modes: "normal" and "read-only". We must say the system works quite well, but after some time, several systems are showing a common error: they don't start or fail showing an unexpected inconsistency for one of the partitions (every system has one hard disk with four partitions), the message refers to an unexpected inconsistency. When this error appears, a recovery console is started and I can run fsck and answer "yes" to its recommendations, after this the system runs again without errors. The problem is that this error can appear again at a random time and we need to avoid this "manual fixing" process, I've searched the web and found some references to a bug? in an early Karmic version: [URL]
Besides ALSA 1.0.23, we use only standard Karmic tools (all from the official repositories), we are running the latest kernel update available for Karmic, and don't know whether this inconsistency is caused by our software or by the system itself, or maybe because of incorrect shutdown?
At the moment, I'm setting a new test system using Lucid. Does anybody know if this is a "common" error in Karmic?
I'm using XDisplayHeightMM function from X11/Xlib.h, on one machine and it returns 203,while another machines returns 41351.why the second machine returns such a bigger value? does it have to do with the configuration?
I am facing the following error while running the newly installed software ZEKR. I have already installed the latest version of Java.
java.lang.UnsatisfiedLinkError: no pulse-java in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java :1681) at java.lang.Runtime.loadLibrary0(Runtime.java:840)
From last few days i am getting some log messages in /var/log/messages. The log is .... unexpected rcode (SERVFAIL) from master 192.168.110.8#53 I am not sure what is it.
I'm trying to edit the bash_profile but I'm getting this error."/.bash_profile: line 46: syntax error: unexpected end of the file"Here is my bash_profile.
# .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then
while doing socket/network programming, i am getting SSH-2.0-openssh4.7 error, instead of showing day time of server.general description i have Linux Box, with the help of putty i am connecting from windows system to Linux box,no problem in loging,after typing program, i am running the program with gcc. when typing ./a.out, it is showing SSH-2.0-openssh4.7, actually it should display daytime from linux box in both tcp and udp.
I just upgraded from jaunty and somewhere in the process (or just after, I'm no longer sure just when it started) I started getting this error whenever I try to install or upgrade a package. Some of my software isn't working properly - some won't even load - so I'm not sure if the installations are actually succeeding, or not. But apt-get install -f shows nothing but a list of stuff I need to autoremove (mostly dev files). This particular message is the output of the details tab in synaptic, but I've gotten the same thing in terminal from apt-get. Quote:
dpkg-deb: --control /var/cache/apt/archives/dpkg-awk_1.0.3_all.deb /var/lib/dpkg/tmp.ci Selecting previously deselected package dpkg-awk. (Reading database ... 415515 files and directories currently installed.)
1 Choose install to free space on HD where Lenny was the only other OS. No windows this unit.
2. Progressed through disk one and 2 and at end of 2 when no question was asked concerning MBR I knew I had lost dual boot.
3. Fedora booted and I thought the first thing I will do is contact forum and see if I can correct these shortcomings. No internet access in Fedora and that was due I am sure to a choice at setup I did not realize.
4. So I put gparted live CD in, deleted that partition, rebooted to a black screen with word grub flashing cursor and sorry I forgot the text.
5. Went back with gparted to look over the partition and all I could see was the boot flaf was gone (If I remember right that is not a necessity as long as there is /. But I went to flags checked it again rebooted same screen. Obviously Fedora did something to MBR?
6. Deleted Lenny, reinstalled and here I am so someone satisfy my curious nature.
when i try to update f12 it said there is and unexpected internal problem:
Code:
Error Type: <class 'yum.Errors.RepoError'> Error Value: Error getting repository data for installed, repository not found File : /usr/share/PackageKit/helpers/yum/yumBackend.py, line 3125, in <module>
RHEL 5.4. I'm facing the following error after rebooting the server: /dev/VolGroup01/u04: UNEXPECTED INCONSISTENCY Run fsck Manually" *** An error occurred during the file system check. *** Dropping you to a shell: the system wil reboot *** when you leave the shell. give the root password for maintenance:
-Previously I performed a lvreduce command on a LV, after the lvreduce, I reboot the server. -After login as root I run: e2fsck -f /dev/VolGroup01/u04
But, it shows: The filesystem size (according to the superblock) is 5218304 blocks The physical size of the device is 1310720 blocks ... either the superblock or the partition table is likely to be corrupt abort<y>? no pass 1: cheking inodes, blocks, and sizes error reading block 1310722 (invalid argument) while doing inode scan inore error <y>? y
-Additionally, trying to lvdisplay, it shows: Locking type -1 initialization failed I have no important data on that LV, but I can not boot the server properly.
find /opt/postfix/mail/email.com/~spam/~quarantine/ ( -iname * -o -iname .* ) ! -type p -exec grep -i -c admin@email.com {}; -xdev -print When I do this command I receive this error message: -bash: syntax error near unexpected token `('
