Ubuntu Security :: H4x0rz All Up In Machine?
Feb 25, 2010
I have this little nettop box, an Acer Revo, that I use for Boxee/Hulu Desktop with my tv. It's been a fairly enjoyable setup for months, until two mornings ago. The first strike Before work I poured myself some cereal, wandered over to the couch, plopped down and powered on the tv. After the set warmed up, a header image for some banking/something-another website made it from my screen, into my retinas, and slowly turned my otherwise uneventful morning into me chocking on a mouth full of Honey Nut Os as I lept over my coffee table and slammed the off button on my cable modem.
I clean up the Nut Os that I knocked on the floor and systematically change every password on my networked machines (Revo and two *laptops*). I check my router, disable my ssh port forwarding rule, kill remote admin access, change passwords, MAC addr whitelist my wifi connected machines just in case it's a local job. I read through all running processes, check my bash history, look for screen sessions, and so on. Finally I decide that I must have been brute forced, either on my ssh port or perhaps even directly on my router. My laptops should have been, and seemed to still be, in sleep mode since that night.
The second strike So tonight I'm watching a South Park episode (a show I hate to love), about to cut out for the night, when the Boxee menu pops up. I look at the remote and back at the tv; for just a moment I think that perhaps the mouse shifted slightly on the carpet and caused the menu to activate. Then Boxee stops the video, navigates the menu a few clicks, pulls up the exit menu and closes itself. ......
View 9 Replies
ADVERTISEMENT
Feb 28, 2011
why isnt this working as i am expecting:
Code:
[schneidz@hyper temp]$ cat example.tmp
hello world
[code]....
View 1 Replies
View Related
Jul 31, 2010
I have several (say, 50) machines running ubuntu.I want them to be centrally controlled.That is, each machine should get permit from central machine before installing any software etc.I googled quite a lot but could not find the solution...
View 1 Replies
View Related
Sep 10, 2010
I'm not really a network security guy or anything. I'm setting up an FTP server on my lan. I know how to install the software and how to setup my router but still have a couple question for an expert...
1. Which version of Ubuntu should I install? Server?
2. How can I isolate this machine from the others on the lan?
View 6 Replies
View Related
Dec 26, 2010
When i run
Code:
I sometimes see
Code:
So i'm wondering if this means my ubuntu server box is being used for spam or something? There are no other (human) users on the computer and i don't use it to send mails.
I've run
Code:
In paranoia, but still when i run
Code:
I get
Code:
And sometimes
Code:
Just thought i should ask before starting the tedious process of reinstalling and restoring the system.
View 2 Replies
View Related
Jan 18, 2010
I have installed an Ubuntu server and it running OK. Before making it a production server, I want to make sure one day if the OS corrupts accidentally, I can still access the users' files on the hard disk.
I burned a Ubuntu desktop live CD, and booted it with this machine. There are 2 hard disks on the server, both could be mounted automatically. However, I can only access some folders like lost+found.
The questions are:
1. how can I access the other folders, given I have the root password of the server.
2. is there a way to access all folders without knowing the users + passwords?
View 9 Replies
View Related
Jan 9, 2010
If i download files from the internet to the ubuntu home download folder will that kill off windows viruses? Ive also have avast on demand scanner-but are anti-viruses effective against windows viruses these days?
View 6 Replies
View Related
Nov 8, 2010
I have a server that is on a high port number, and people want it on port 80. For root exploit issues people say the server can not run as root. So to solve things I want to redirect port 80 to a high port number, say 12345 on the machine. This has been discussed all over the web, so I find I need to do this:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 123.45.67.89 --dport 80 -j REDIRECT --to-ports 12345
/sbin/iptables-save > /etc/sysconfig/iptables
And I do this, an voila things work for the whole world. All machines in the world can see the server on port 80 on the machine.Except, on the machine itself. On the machine 123.45.67.89, I try to get to the server on 123.45.67.89:80, I get a can't connect error. On the machine if I try 123.45.67.89:12345 I can connect.What am I doing wrong here? I don't want localhost network really, I want the ip address and port, but I want the forwarding to work on the local machine. But it doesn't...
View 8 Replies
View Related
Apr 18, 2011
I have, say, 10 machines, connected via NFS and NIS. There's a server which exports the /home using NFS, and exports the user names using NIS. All machines are working fine. I am able to ssh to the machines remotely and get my work done.Recently though, one of the machines (say M, for easy reference) would not allow any other machine on the NFS network [or outside the NFS network] to ssh into it. Every time an ssh attempt is made, 3 IP addresses [including the machine from which an ssh attempt was being made] are added to the /etc/hosts.deny file on M, and the error message on the other machine shows 'permission denied' after the password is entered. I tried using various options that ssh provides, but I cannot figure it out. I also tried uninstalling and reinstalling openssh-client and openssh-server on M, but it didn't change anything.
Another point to note is this: another user made use of M before, for a while, by disabling ssh passwords - so he could access M without having to enter his ssh password. That individual can still log in to M. All others who require to enter a password cannot ssh into M.
View 5 Replies
View Related
Mar 1, 2011
This morning I was looking at the router's log file and noticed a certain IP address was able to gain LAN access on port 2222. That just happens to be the port my SSH server is listening on! A whois search revealed that IP address is in Germany. As soon as I found this out I stopped forwarding all ports to this machine in my router.
how to tell what had happened, what information this person was able to obtain, and if he left any goodies behind that could hurt me? I've read through some of the logs on my computer and haven't been able to find much at all. I did have some personal information on the hard drives, but that information is encrypted. I'm thinking if they were able to get my SSH password then that information probably isn't safe either (assuming they have some of it).
View 7 Replies
View Related
Jul 8, 2010
I have stuk up in big issue here , I just want to find the remote url in which it listens ?
I know the remote host and remote port number but i just want to which url the web application listen
For example : Host : 1.1.1.1 & port no : 8080
But i remember the url would be http://1.1.1.1/(something):8080
I want to find the complete url in which it listens ?
In nmap whether i can achive this or anyother tool ?
View 5 Replies
View Related
Jul 3, 2009
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies
View Related
Jan 9, 2010
I want to do port mapping on a linux machine using iptables.I have a service listeneing on port 2000 udp and I want to add iptables rule, which will map incoming packets on port 2001 to port 2000, so that service will accept the connections.The idea is that I don't want to change the default port for the service, but to make internal port redirection from (2001 to 2000), so the default service port will be filtered by iptables, and the other port will be open to the outside. The internet host connects to the linux machine on port 2001. The linux machine change destiation port from 2001 to 2000 and the service (on the same machine) process the packets and accepts the connection.I tried adding the following to my iptables rules, but it didn't work out:
$IPTABLES -A FORWARD -p udp --destination-port 2001 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 2001 -j REDIRECT --to-port 2000
View 6 Replies
View Related
May 12, 2010
I'm currently using Slackware 13.0 and have my machine behind a Linksys DD-WRT router. I believe the DD-WRT software has all ports blocked by default so opening up my machine for SSH login would only leave my system vulnerable at that port. To give an extra layer of security for that opened port, I've created the following script that would be invoked as the users' shell.
#!/bin/sh
#if SSH_CLIENT defined run nail with $SSH_CLIENT as an argument
if [[ -n ${SSH_CLIENT} ]]; then
[code]....
View 10 Replies
View Related
Dec 16, 2010
I have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay. So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS This part of it is working perfectly and has been for months. However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel. So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work. Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel? Or are SSH tunnels restricted to localhost connections only?
View 6 Replies
View Related
Mar 5, 2010
I have a F11 box serving xdmcp. I log into them machine remotely with xming. As far as I can tell, all x clients work fine, EXCEPT for sealert. I get occasional selinux alerts, but I cannot use the sealert browser on my remote machine. When I try to run the browser, I get this: sealert -V -b
2010-03-05 11:27:49,841 [dbus.proxies.ERROR] Introspect error on :1.61:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-03-05 11:27:49,842 [dbus.proxies.DEBUG] Executing introspect queue due to error 2010-03-05 11:27:49,842 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.61 was not provided by any .service files
I see the bug at [URL].. but it does not mention the browser, nor does it say what the fix/workaround is..Im going to stab in the dark and start relabeling things, but anyone know what's really wrong?
View 2 Replies
View Related
Mar 15, 2011
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
View 7 Replies
View Related
Feb 3, 2011
I am trying to keep linhost274.prod.mesa1.secureserver.net (IP 208.109.14.77) from accessing my machine. Several times per evening (as far as I see) it connects to my machine, each time on a different port, and pushes up data transfer. I can't find what it does, it just pushes a GB or more over the line and then stops. I try to keep it out with UFW:
[Code]...
View 6 Replies
View Related
Jan 25, 2011
I've been trying to make sense out of this error report. I get it every once in a while on startup of my machine.
Code:
Summary:
SELinux is preventing /usr/sbin/ntpd access to a leaked netlink_route_socket
file descriptor.
Detailed Description:
[ntpd has a permissive type (ntpd_t). This access was not denied.]
SELinux denied access requested by the ntpd command. It looks like this is either a leaked descriptor or ntpd output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the netlink_route_socket. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ [URL]
Additional Information:
Source Context system_u:system_r:ntpd_t:s0
Target Context system_u:system_r:firstboot_t:s0
Target Objects netlink_route_socket [ netlink_route_socket ]
Source ntpd
Source Path /usr/sbin/ntpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ntp-4.2.6p2-7.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-3.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.35.6-45.fc14.i686
#1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686
Alert Count 1
First Seen Fri 21 Jan 2011 02:01:09 AM PST
Last Seen Fri 21 Jan 2011 02:01:09 AM PST
Local ID fb73799a-8d3c-4d9a-8c06-a0c1b6d4814e
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1295604069.730:15): avc: denied { read write } for pid=1731 comm="ntpd" path="socket:[14643]" dev=sockfs ino=14643 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket
node=localhost.localdomain type=SYSCALL msg=audit(1295604069.730:15): arch=40000003 syscall=11 success=yes exit=0 a0=8a1ad60 a1=8a1b040 a2=8a1b2c8 a3=8a1b040 items=0 ppid=1730 pid=1731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
View 2 Replies
View Related
Jul 28, 2011
Has anyone got experience connecting a linux machine to a Microsoft VPN server using RSA authentication? What puzzles me perhaps most about this topic is the absolute dirth of information. If it is not possible, can anyone tell me why?
View 9 Replies
View Related
Sep 16, 2010
Is there a script I can use to send a command VIA terminal to wipe an entire machine of data? If for example there is an intrusion valuable data can be at risk, it would need to be erased.
View 14 Replies
View Related
Feb 6, 2011
I have set up a virtual machine under VMware Player 3.1.2 in Debian. Operating system of this virtual machine is a Windows Server 2003. I would like to periodically test this Windows Server 2003 installation for viruses. Obvious solution would be to install an AV software under this Windows Server 2003 installation. However, I was wondering, is this possible to use NOD32 for Linux or clamav in order to test this Windows Server 2003 installation for viruses? Is NOD32 for Linux able to detect viruses inside the .vmdk file?
View 1 Replies
View Related
Jan 10, 2010
I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies
View Related
Jun 12, 2010
seahorse export menu is always disabled. I need to export the passwords to restore it after formatting my machine.
View 1 Replies
View Related
Feb 13, 2011
I try to access my ubuntu machine via my Windows Machine (Samba Server on Ubuntu Machine). Anytime I try to access the machine it asks me for my password...I enter it but it says it is invalid....is there anyway to reset it? I have already tried to remove and purge everything Samba related and then tried reinstalling, but that still didn't do anything
View 2 Replies
View Related
Jan 3, 2010
I read once that you could use VMWare's converter to convert a physical machine into a virtual machine to run in VirtualBox. Can someone point me in the direction of a tutorial or just give me instructions on how to do this? I was very confused by the converter and how to get the image to work with virtualbox.
View 1 Replies
View Related
Mar 18, 2010
I have an ubuntu kk laptop connected via wireless to my mixed network (xp, win7, other ubuntu), but i can not ping said machine or connect via ssh. Internet and smb-browsing ON this machine work, as does pinging FROM it. If this was a windows machine, I'd say a firewall is in the way, but since it's a vanilla karmic install, this should not be the case (or should it?).
View 2 Replies
View Related
Jul 24, 2010
It seems whenever i create a folder it creates the folder as untitled folder, but i can't change the folder name it just says "you don't have permission to rename item" but yet i created the folder and it is there. One thing i have noticed is that once i enter a folder it won't even let me move the folder.
View 6 Replies
View Related
Apr 16, 2011
I remember it being really easy to add a printer attached to another computer using Ubuntu, but I don't remember exactly what made it so easy. All I know is that now that I have switched to Kubuntu the process has become much harder because now I have to find out some special locations, numbers etc. for it to connect to the printer. It's connected to a Windows XP machine on the other side of the house.
It says alot about 'contacting the network administrator' if I am unsure about what to put in. But I am more or less the network administrator. how to find out what numbers to put in so that my Linux machine can connect and print to the Windows machine? Or maybe someone knows a few commands to share? I go to Applications > Settings > System settings, Printer configuration, New Printer, New Network printer, and then there are a few options but I don't know which one to choose. Windows Printer via Samba, I guess? Then in the box that says smb://[enter stuff here] I need to put in info but I don't know how to find that info.
View 5 Replies
View Related
Dec 3, 2008
I have ubuntu-8.04.1-server installed on virtual machine. It works perfect. Now, I made copy of this virtual machine. I started that copied machine and it works fine, except one thing: network does not work!
I have several others VMs with freeBSD, openBSD or Windows on it, but only ubuntu machine hes network problem after coping. I tried some other VM with ubuntu on it - same problem! I downloaded VM with ubuntu - same problem.I take a look into /etc/network/interfaces file and it looks just as it should (same as before coping) but ifconfig command returns parameters for lo only (before coping there was eth0 and lo).
View 2 Replies
View Related
