I am doing a honeypot project, and after I install nepenthes: $ sudo apt-get install nepenthes
$ nepenthes
I find that there are no configuration files in /etc/nepenthes/, and only a signatures document.
I searched in the internet, all the install guides do not mention this problme, just say that if updating the nepenthes, the /etc/nepenthes/*.conf will not automaticly update.
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies View RelatedI have snipped part of my log i captured on the my honey pot need recommendation on what is going o? The infected computers is located at address ${ADDRESS}. A quick check of my low interaction Honeypot (based on nepenthes) gives the following data: i know its a worm but what is going on thanks in advance
linux-sqos:/opt/nepenthes/var/log # cat nepenthes.log
<snip>
[18032007 02:26:03 info module] 76 4
[18032007 02:26:03 info module] SMB Session Request 76
H CKFDENECFDEFFCFGEFFCCACACACACACA
code....
I had installed ssh but something went wrong and I uninstalled it. I removed the SSH configuration files by hand (I deleted all /etc/ssh folder).After ssh installation (I mean apt-get install ssh) I noticed that I have no SSH configuration files.I tried apt-get install openssh-server but i still have no SSH configuration files.
View 2 Replies View RelatedLately I adapted my /etc/fstab to mount samba shared network drives. I had to put the password in the configuration file in order to log in automatically. Isn't there another way? It feels a little akward to me to put passwords in a plain text-file.
View 2 Replies View RelatedI am trying to find a best tool to track configuration files changes. I did find some information about osec and mactime, but, it seems, that they are not included in fedora/rpmfusion package databases. is there any tool that can be installed as a package?
View 8 Replies View RelatedHow to properly integrate these RPMs into our system?
Option 1: we could take those missing OS RPMs and install them?
Option 2: can we package the missing files from missing OS RPMs into the existing Linux-xxx.rpm?
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies View RelatedI changed to wubi last night, i decided to go that way cause i was informed it was a safe way to try giving it a try for linux and ubuntu without any special effort needed to be payed and easily deleted if i am not pleased.Thankfully i am pretty satisfied with the results, i pretty much dealt with most of the issues i have faced so far successfully and i am running it ok beside one important thing.See i am using my laptop, which has a hdd of 250GB.On my Vista there are 2 different hdd C+E by default, they separated my hdd.So while i have windows on C and E is pretty much used for my additional data(see movies, music etc) when i installed wubi i installed it on E, thought it would be better and it had more space.
Now though, while i can access threw ubuntu all my files that were located on C(vista) i cant access any of the E ones, and search file dont helps either.The "vista hdd" as ubuntu describes it, its a 250 gb disk on computer, which means it should contain both of the vista disks.But sadly thats not the case.i cant seem to be able to find them anywhere.
I have 9.10 at work and at home. At home it was installed from scratch. At work it's upgraded from 8.10->9.06(?)->9.10
- At work, when I do something over ssh, like subversion, and I have a key for that host, i am presented with a nice dialog box for my ssh key. and that's it. for the rest of my uptime, i can ssh to places without any hassle.
- At home, I'm presented with the key input prompt on the terminal. Even If I manually start ssh-agent, it still happens.
What package am I missing? I have the ssh-askpass-gnome on both.
I seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies View RelatedWhen i try installing anything i get errors, for example when i try to install somthing from ubuntu software center i get this.
Code: installArchives() failed: Preconfiguring packages ... Preconfiguring packages ... Selecting previously deselected package ttf-symbol-replacement. (Reading database ... dpkg: warning: files list file for package `libsdl-image1.2' missing, assuming package has no files currently installed.
[Code]....
I have LTS 10.04 with firefox 3.63 and the cookie settings are not there. Does anyone else have missing privacy settings. I dont like the idea of tracking cookies and want to do what I can to get rid of them.
View 1 Replies View RelatedI want to monitor a part of my filesystem for changes, including file opening and attempts to open files/dirs without necessary permissions.Since every read/write/open is run by syscalls i figured that running the auditd would be the simplest way to do this. I installed auditd and added a rule:
Code:
auditctl -w /srv -p warx
However I do not get any writes reported via ausearch -i. As a simple example, if I run
[code]....
It seems that Conky is broken, if I try to do anything with it(even after complete removal and reinstallation) I get this output.
Code:
Conky: missing text block in configuration; exiting
***** Imlib2 Developer Warning ***** :
This program is calling the Imlib call:
imlib_context_free();
With the parameter:
context
Being NULL. Please fix your program.
I don't know what to do?
I downloaded the most recent version of debian and isntalled it. Everything went really well there. Until i issued free -m on the box. It would appear that the server is missing about 300mb of ram which is okay for i figured perhaps the video card / sound was taking that amount of ram for it'self. it was not until i installed Xen and I found a bigger problem with memory and my system. for what ever reason when I attempt to create a domU with 512mb of ram, i need to add 19MB more ram so that when i issue free -m from within the domU it will show a total of 512. worse yet is that when i raise the total up to 1024 for 1gb or domU ram, i need to addd 28mb or ram. and add 28mb of ram PER GB i wish to add to the domU.
View 1 Replies View RelatedI've been testing Squeeze to determine whether KDE4 is finally suitable for my primary machine. Everything seems to be working fine except for detection of IDE devices. My CD/DVD drive no longer automounts and the reason seems to be that no device is being created. My Lenny system detects the drive as /dev/hda, but no such device exists in Squeeze. During boot, Squeeze appears to detect the drive as /dev/sr0 (according to dmesg), but in fact that device does not exist either.I'm actually running the Lenny kernel, as I am unable to compile my Ralink wireless driver (rt2860sta) using the Squeeze kernel. Also, for inquiring minds, I use removable HDD drive bays on my systems to simplify testing.
View 9 Replies View RelatedI've created live squeeze usb-hdd, but nslookup and tracert are missing. Which packages should be additionaly installed?
View 2 Replies View RelatedRecently made the switch from the evil OS, now running F14, KDE desktop. I use a Logitech Marble Mouse, which has no middle button but two scroll buttons, and have been trying to configure button mapping (I think this may also be called Xorg hotplugging?) to map one of the scroll buttons as a middle button. The most helpful info I have yet found was on https://wiki.archlinux.org/index.php...h_Marble_Mouse which seems to provide plenty of info on the subject--enough I should have no problem mapping the buttons the way I want. The only problem is I have no 10-evdev.conf file in my xorg.conf.d folder. I opened a console and ran ls as root for good measure, but the only file that showed up was 00-system-setup-keyboard.conf .
View 2 Replies View RelatedI have gone through all the kernel config options repeatedly, but everytime I get the same error after running my configured kernel.
To begin with, after unpacking the kernel I get Undefined video mode numer: 305 and then a selection of video modes appears.
Why are the standard settings in my lilo 1024x768x256 (vga 773) not accepted?
VFS: Cannot open root device "808" or unknown block(8,8) Please append a correct "root"=" boot option; here are the available partitions: Kernel panic- not syncing :VFS: Unable to mount root fs on unknown block(8,8)
My partitions are ext2, and this format (as well as other formats) are compiled in the kernel.
One thing missing with my GUI toolbar is the authorizations tool icon. Which is explained by the missing /usr/bin/polkit-gnome-authorization.Would someone be able to fill me in?Last time the command was polkit-gnome-authorization. It may have changed or may not yet implementedEdit: I have checked F11 and compared /usr/bin/polkit-gnome-authorization is missing from F12 while it is in F11
View 3 Replies View RelatedI just install Fedora 15 and I see the SELinux Policy Genertation Tool and the SELinux Administration application in the app launcher but I do not see the SELinux Troubleshooter app. I seems to be missing. How do I get it on my system?
View 2 Replies View RelatedStrange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies View RelatedCentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
I installed Startup Manager but the appearance and security tabs are missing. I really want to be able to change the resolution of the splash screen cause it looks all pixelated and I want to have the splash screen that 9.10 had.
I tried reinstalling and restarting but the issue remains. I know its somewhat functional because I am able to change the seconds that grub takes but when I try to change the resolution of the purple ubuntu startup screen it looks like it tries to change it but it fails.
So, as per Arch Linux's wiki, I tried to make some optimisations to the intel driver through setting it up in Xorg.conf (or as advised by that wiki article, in '/etc/X11/xorg.conf.d/20-intel.conf' ), but I've ran into trouble enabling DRI3. Here's my current config file:
Code: Select allSection "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "SNA"
Option "DRI" "3"
Option "TearFree" "true"
EndSection
So far everything works fine, I haven't seen any noticeable tearing, nor did I had any problems with any graphics-intensive programs I run, but there's a slight problem with the DRI3 part as indicated by Xorg's logs:
Code: Select all[ 26.556] (II) Loading sub module "dri2"
[ 26.556] (II) LoadModule: "dri2"
[ 26.556] (II) Module "dri2" already built-in
[ 26.556] (==) Depth 24 pixmap format is 32 bpp
[ 26.616] (II) intel(0): SNA initialized with Haswell (gen7.5, gt2) backend
[ 26.616] (==) intel(0): Backing store enabled
[Code] ....
First of all it still mentions the DRI2 driver, is this supposed to happen, or did something go wrong? Also it complains that it cannot find a file, which I can't figure out which package it belongs to, and taking a quick search around the interwebs hasn't produced anything useful...
The IGP is the CPU, which is actually a i5-4460... which according to Wikipedia it has a HD Graphics 4600 GPU.
I just upgraded my Debian stretch via apt-get and I noticed that the network manager is missing at least 2 icons: the mobile broadband icon and the settings icon. I haven't found any bug reports or other information about how to restore them. The icons were there after initial installation of version 8.2.0 from DVD.
KDE Plasma version 5.4.2
Qt Version 5.5.1
Kernel Version 4.2.0-1-amd64
My laptop fan sensor shows fine in psensor in sid. But today I downgrade to jessie and sensor for fan gone. I check if fancontrol is running but I can not manage to make it work
sensors
Code: Select allacpitz-virtual-0
Adapter: Virtual device
temp1: +55.0°C (crit = +108.0°C)
coretemp-isa-0000
Adapter: ISA adapter
Physical id 0: +55.0°C (high = +87.0°C, crit = +105.0°C)
Core 0: +55.0°C (high = +87.0°C, crit = +105.0°C)
Core 1: +54.0°C (high = +87.0°C, crit = +105.0°C)
[Code] ....
I google and have tried but no luck
Code: Select allacpi_enforce_resources=lax
This is an Asus laptop with controllable fan. I am not sure if fan is running by Bios, and how it might run. But I feel the laptop seem quieter and at higher temperature than it was under sid.
Here's my problem: I'm running a Lenny laptop and I need both wifi and virtualbox to work. I had to do a kernel upgrade to run the wifi. It works with either the 2.6.29 or 2.6.30 kernels, but with 2.6.30 I'm having screen brightness issues that I can't seem to get rid of. So I want to run 2.6.29, but virtualbox is a bit of a problem because it requires linux-headers-2.6.29, but when I try to install the amd64 headers it tells me that it cannot install the dependency linux-kbuild-2.6.29. Is there any way I can get that dependency installed on my computer?
View 14 Replies View RelatedI seem to have a major discrepancy between what df reports and what du reports. df tells me that I am using 20G, but I am only able to find 9.5G using du. What follows are the ls -l of root, a df of my system, and the du for every directory in root that is not a symbolic link, mnt, or proc. I would appreciate any suggestions on where to look for the remaining 10.5G that seems to have disappeared.
I am running under VM Player code...