Ubuntu Security :: Warning: Network TCP Port 32982 Is Being Used By /usr/bin/python2.6
Mar 30, 2011
I'm relatively new to Ubuntu and these forums. I ran rkhunter, and saw this warning in the check for backdoor ports: [14:45:09] Warning: Network TCP port 32982 is being used by /usr/bin/python2.6. Possible rootkit: Solaris Wanuk Use the 'lsof -i' or 'netstat -an' command to check this. I also saw these warnings toward the bottom:
[Code]....
I was wondering first of all about the first warning, the port. I have a feeling that the second set of warnings are false positives, but I would be open to thoughts on that as well.
View 9 Replies
ADVERTISEMENT
Dec 21, 2010
I would like to install wxpython2.8 for python2.5, which I installed as an alternative version in the presence of the standard python2.6 using xubuntu 10.04 lucid lynx (see the end of this thread for how I did it).how would I do this without the installation going for the standard 2.6 version? I found some notes to that on the web:
[URL]
I tried those, but somehow my wxpython installation got borked and would not do anything afterwards.
View 4 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
Jul 20, 2010
I tried to make "ssh tunneling", but failed and got this message.
Quote:
Administrator@windstory-PC /
$ ssh -R 7869:localhost:7869 windowsstudy@192.168.0.4
windowsstudy@192.168.0.4's password:
Warning: remote port forwarding failed for listen port 7869 Last login: Wed Jul 21 01:56:04 2010 from 192.168.0.2 -bash-3.2$
1. system environment
192.168.0.2 - windows 7 + copssh
192.168.0.4 - centos 5.4 x86 + openssh
2. Guide for setting "ssh tunneling"
[URL]
3. Added this to sshd.conf
Quote:
AllowTcpForwarding yes
4. "netstat -na|grep 7869" at 192.168.0.4
Quote:
[root:maestro:~]# netstat -na|grep 7869
tcp 0 0 0.0.0.0:7869 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7869 127.0.0.1:53539 ESTABLISHED
[code]....
5. result of "ssh -vvv -R 7869:localhost:7869 windowsstudy@192.168.0.4"
Quote:
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
[code]....
6. I added 7869 for telnet service as follow;
Quote:
mytelnet 7869/tcp # My Telnet server
View 1 Replies
View Related
Nov 1, 2010
sudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies
View Related
Apr 18, 2011
Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
View 5 Replies
View Related
Apr 27, 2011
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies
View Related
Oct 21, 2010
VERY new to linux, erm but I have an issue that needs solving!I recently moved to university, where their network blocks sftp port 22, this means that I cannot connect to my FTP server which is running a version of linux.Now I've got this ftp server connected to a seedbox and it was created using the following walk through..Code:I have written this guide for a friend, but I though it would be useful for others as well.
There are several guides floating around, but I found that most always cock up in some way. This one is tried and tested to work on Debian Etch (on an OVH rps, but should apply to most servers).If there is a new stable release of rtorrent/libtorrent then I will update this guide to show you how to update it (without reinstalling the whole server).
At the bottom there are also instructions to install ftp access & some network monitoring software.Basically, I would really like someone to be able to construct the commands on how to change the listen port for sftp connection on linux or add another port to the list that Linux would use so that I could put in through putty.
View 2 Replies
View Related
Apr 7, 2011
In SuSE firewall0. I do have a openSuse 11.4 and multiple IP addresses on eth0 interface
I run (trying to/have to) multiple TOMCAT servers.
I am trying to have each tomcat instance listen to on separate IP address for example:
What i am trying to do is to redirect
a) tomcat 1 -
a) tomcat 2 -
And so on.
I know that it has to be possible.
I do have just eth0/
Is is it possible. Do I have to create "vittual interfaces"? eth0:1, .......... and do redirection ?
"Server" has got just single interface - just 1 ethernet calbe goes to that server. I am planning to have 10-15 tomcat's on that server (I have to unfortunatley) and each has to run on port 80
Is it possible to "grant" permissions to normal users to run app on port 80 - that would solve me lots of problems if impossible to redirect.
I tried to setcap 'cap_net_bind_service=+ep' /path/to/tomcat ...... but no luck
View 7 Replies
View Related
Apr 27, 2010
I have an Asus 900 laptop that I put Ubuntu 9.10 on.I know it was made by the Chinese, but why are they trying to hack my pc?I currently put FIRESTARTER a linux firewall on board you can go here to get itNow I can see everyone's IP address and find out where they are and who they are!!
View 9 Replies
View Related
Jul 13, 2011
Just I install the rkhunter tool via apt-get install rkhunter. When I had run the rkhunter check, rkhunter comes with a warning about "GasKit Rootkit", i dont understand what it is
This server is install new last and maby 1 week old, so i don't understand why this happends.
View 5 Replies
View Related
May 9, 2010
Using slackware 12.2, xfce, Firefox 3.0.16 and for the past few days i have been getting Persistent System Security Window that looks like MS Firewall and you can't click on the X or Cancel because then it activates a so called security analysis with green progress bar. I open a terminal real quick and issue pkill firefox command.I have been trying to get to the basicconfig site to follow tutorial on firefox security update but that window keeps comming back.I emptied out my /tmp files but i am still having same problem and don't know what to do
View 4 Replies
View Related
Feb 1, 2011
When I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning:
Is there something that I have to worry about.
Code:
View 7 Replies
View Related
Feb 19, 2011
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies
View Related
Jan 9, 2010
I've scanned my computer (I'm using Ubuntu 8.04 Hardy Heron) and ClamAV has issued it has found a virus called Exploit.PDF-9669. What seems strange to me is that such a warning always happens (or, at least, in the most cases) in the same folder tree "sys" and ClamAV issues the very same virus/malware warning (Exploit.PDF-9669).
An example:
sys/devices/virtual/vtconsole/vtcon0/uevent: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/address: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/broadcast: Exploit.PDF-9669 FOUND
sys/devices/LNXSYSTM:00/device:00/uevent: Exploit.PDF-9669 FOUND
My ClamAV version is 0.94.2/10275/Fri Jan 8 22:06:46 2010. It has been not updated since I installed Hardy in my computer last year. Is my computer in danger?
View 2 Replies
View Related
Mar 17, 2011
i get this warning from selinux :
"SELinux is preventing /bin/mailx from append access on the file /var/lib/rkhunter/rkhcronlog.OmRFCZOynG."
I tried to fix it by "# /sbin/restorecon -v /var/lib/rkhunter/rkhcronlog.OmRFCZOynG" as suggested by SELinux but it comes back with another warning, but with a different /rkhcronlog.xxxxxxxxx...
i think its just a way of rkhunter logging issue -. attached here is the actual error message by selinux.
View 6 Replies
View Related
May 11, 2011
I am running a fresh installation of RHEL 6 box and it shipped with Openssh 5.3.But, /etc/ssh/moduli file doesn't exist even in this new installation and the SSH log warns as below:PHP Code:WARNING: /etc/ssh/moduli does not exist, using fixed modulusDoes this imply that it is using the same random number for key exchange purpose ? Also, does it impose any security risks
View 2 Replies
View Related
Jul 5, 2010
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies
View Related
Apr 9, 2011
Sometimes when I try to open some chat application i get a strange warning message asking for password. The message is that /usr/libexec/mission-control is trying to gain access of the system, please provide the password. On top of the message box it shows "Unlock Keyring".
This very weird, as I am also unable to do a print-screen when this message box is up.
what this message is all about and what does the executable /usr/libexec/mission-control do?
I am using Empathy as my chat application
View 2 Replies
View Related
Jun 15, 2011
I had been receiving a rkhunter warning on my Fedora 14 server for quite some time now. Attempts to fix the error via information from Google searches have failed. I decided to have a look at bugzilla and what do you know, a fix. The warning:
Quote:
[03:29:08] Warning: The SSH and rkhunter configuration options should be the same:
Warning: The SSH and rkhunter configuration options should be the same:
The fix, according to https://bugzilla.redhat.com/show_bug.cgi?id=596775 is to change
PHP Code:
ALLOW_SSH_PROT_V1=2
to
PHP Code:
ALLOW_SSH_PROT_V1=0
I made the change and ran rkhunter again. No more error. I know everyone was wondering about this.
View 2 Replies
View Related
Oct 20, 2010
I was updating the files I have from packman on my test box and got security warning on mplayer and gixine. I switched mirrors and got the same checksum errors on a totally different mirror except I was not re-offered mplayer once I refused it the first time.
View 9 Replies
View Related
Apr 4, 2010
I am still probably of the windows mindset when it comes to security. I ran rootkit this morning and received the following error messages;
[09:43:49] /usr/sbin/unhide [ Warning ]
[09:43:49] Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.
09:43:49] /usr/sbin/unhide-linux26 [ Warning ]
[code]....
View 2 Replies
View Related
Aug 14, 2009
I installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
View 1 Replies
View Related
Dec 14, 2010
I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.
[code]...
View 1 Replies
View Related
Oct 6, 2009
Trying to install the Suhosin module with the php 5.2.9 c5-testing repo...it won't run with the php 5.2.9 testing build (there isn't an updated suhosin package against the 5.2.9 build)
PHP Warning: PHP Startup: suhosin: Unable to initialize module
Module compiled with module API=20050922, debug=0, thread-safety=0
PHP compiled with module API=20060613, debug=0, thread-safety=0
What's the best way to handle this from an admin best practices standpoint? I want to do everything possible to keep the suhosin module tracked by yum for future updating etc. Is it best to try to find a suhosin rpm that is built for 5.2.9 and install it with yum localinstall? If not, if I build the module myself, what's the best path to keeping yum/rpm in the loop on this install for future updating via yum?
View 3 Replies
View Related
Feb 22, 2011
Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.
Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.
Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?
I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.
View 6 Replies
View Related
Jul 27, 2011
I am facing two issues with CUPS - 1. I have installed cups 1.3.9 over OpenSuse11 x86. Please check below -
cups:/usr/share/cups/banners # cups-config --version
1.3.9
cups:/usr/share/cups/banners # cat /proc/version
Linux version 2.6.27.7-9-pae (geeko@buildhost) (gcc version 4.3.2 [gcc-4_3-branch revision 141291] (SUSE Linux) ) #1 SMP 2008-12-04 18:10:04 +0100
I have added few printers over there and everything is working fine. I can also able to add - delete - modify any printers from "yast2 printer" command. I can also able to browse cups web interface via http://cups:631, but when I am going to manage the printers (start - stop - delete etc), none of the buttons are working in firefox5 not even in IE also. Older version of firefox is giving error as "This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection." All other buttons are working properly.
2. LINUX - LINUX Printing - OK
LINUX - WINDOWS Printing - OK
WINDOWS - LINUX Printing - NOT OK
While giving printing from Windows machine (Printer attached on Linux), there is no problem to coonect the printers, but unable to print.
View 3 Replies
View Related
Jun 13, 2010
I try to install ultamatix on my ubuntu 10.04 system and i come up with the same error every time:
Error: Dependency is not satisfiable: python2.5
what do i do to successfully use ultamatix
View 2 Replies
View Related
Feb 25, 2010
I am trying to write a gui app with python2.6.4 and wx on win XP. I am attempting to resize an image with Imagemagick from within the program using os.popen and os.system in a thread.
Code:
os.popen("mogrify -resize " + str(x) + "x" + str(y) + "!" + " images/static/" + my_ref + ".gif")
orCode:
os.system("mogrify -resize " + str(x) + "x" + str(y) + "!" + " images/static/" + my_ref + ".gif")
they both work as far as resizing the image but when os.system is used a command shell opens during the mogrify and when os.popen is used the command shell does not show but the rest of the program freezes until mogrify is done.
I would prefer that the program did not freeze during this process and the command shell did not show.I have tried using wx to scale the image but the scaled image looks crappy.anyway is there a way to use os.system and not have the shell show?
View 2 Replies
View Related
Jan 13, 2010
When executing different programs varying from the Ubuntu Software Manager to pstotxt and lots of other programs I get tons of errors that have to do with Python2.6, whatever it is. I think it got corrupted since my netbook turned of while installing some (Dutch) language packs.The smaller problem, is that the language packs failed to install properly, and I can see some Dutch sentences between the English ones sometimes...The major prolem, is that somehow a lot of programs won't work anymore, mainly terminal programs. pstotxt is one of any examples. Installing software doesn't always work because of these errors.
This is the output when I want to use pstotxt to convert a .pdf to .txt file:
Code:
Traceback (most recent call last):
File "/usr/lib/command-not-found", line 8, in <module>
import CommandNotFound
File "/usr/lib/python2.6/dist-packages/CommandNotFound/__init__.py", line 1, in <module>
from CommandNotFound import CommandNotFound
code....
View 3 Replies
View Related
