Security :: Run Intrusion Detection System On Regularly Updated Desktop?
Apr 1, 2010
My desktop (the system AIDE runs on) is reguarly updated, and the file output can become enormous, making it hard, if not impossible, to track down out of place files. I have recently thought of uninstalling it since I can't tell what is out of place and what isn't, but before I do that I wanted to ask everyones opinion regarding what would be the best way to handle such a program on a desktop that has some core files changed reguarly. This sytem is running Gentoo, so updates affect a number of directories.
Trying to figure out which Intrusion Detection System would be best for me. I've got a CentOs 5 / Linux / Apache system. If you've got experience with either (or both ) , please let me know your thoughts. I'm looking for the one thats not as technical, And a bit more user friendly I guess.
How to detect intrusion in my desktop ubunta 9.10 version ? which command that could direct tell me about any change in my files ? I would like the procedures that protect my system from intrusion , i am using firestarter and keep tracing the network by using netsta -tap ?
Recently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?
I have updated Ubuntu all the way to 10.04, but the desktop environment still keeps its old looks. For example, the GNOME panel has the old, light grey colour rather than the new, dark grey. The new greyscale icons for battery and wireless aren't in place either.
What shall I do to bring it up to date either immediately or when 10.10 comes out?
Is an ubuntu live cd totally secure from intrusion? Stated another way, even if someone knows my ip address, can the live cd environment be hacked into in any way so that another could monitor what I am doing on my computer? From my understanding the live cd is read only, so that would prevent anything malicious being installed on it. I am curious if there are other ways a box running a live cd could be tapped into.
the following security alert made me checking my httpd.conf:
SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Even though in httpd.conf there is a line that reads
Code: LoadModule userdir_module modules/mod_userdir.so in the same conf-file the access to home-dirs is disabled: Code: <IfModule mod_userdir.c>
I've been a very happy user of Debian Squeeze (gnome) for a few months already.
Everything works great, but I am encountering an annoying, and regular problem: almost every time I update my system (through synaptic) and reboot, my desktop theme gets reset to the more "blocky" default gnome one.
What I do is run "gnome-settings-daemon," either as normal or super user, reboot, and get back my chosen original theme.
I was well aware of the KDE trinity project from the start. Its so that users can have KDE 3 X alongside 4 X. The lucid release is due soon. Anyway I did try some releases a while back. I would like to know whether this project is very actively developed? What I mean is do they devlop security updates and maintainance patches regularly? Are there any actual KDE developers involved? (Some Kubuntu developers are)
I have just started to learn Java programming and need to be able to use a compatible notepad equivalent in Ubuntu i will need to save the data as is,in Ubuntu and be able to transfer the data from my Linux machine to the windows desktop regularly via memory stick i absolutely love Linux and don't want to have to go back to windows to do this.
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg !!------------------ [ 12.762633] cfg80211: Calling CRDA for country: AM
I recently upgrade my system from Jessie to Stretch, with no problem. A little later I upgrades Enlightenment from e17 to e20, and at some point shortly after that the second screen stopped working.
The nvidia X Server Settings correctly identifies both screens. But Enlightenment and xrandr does not see the second one at all. The second screen are on and the pointer moves correctly onto it, but no activity with left or right click. I have tried with the original xorg.conf, and generated a new one with nvidia-xconfig, but no difference. No obvious errors in any log-files either.
lisa@kitten:~$ sudo uname -a Linux kitten 4.3.0-1-amd64 #1 SMP Debian 4.3.3-2 (2015-12-17) x86_64 GNU/Linux
There was a security update (to fix compromised HTTPS certificates) to Chromium on 17 March (10.0.648.151) but my Chromium still hasn't updated. Did Ubuntu drop the ball here or is this just affecting my box? I'm considering switching to Google Chrome--to get security updates promptly.
I synchronise my data disk to a backup disk daily. Yesterday I noticed that rsync listed in its output my password-managers directory, which contains an old Keepass database and other Windows password programs I used long ago. I haven't accessed this directory in ages, so I was wondering why rsync felt the need to list itthe directories it updated.Modification dates and last accessed dates are what I would expect; nothing recen
I've recently built a VM appliance using Ubuntu 8.04 that is given to customers for an easy deployment of our software. Ubuntu works great in a VM and its perfect for our software (which is a web application).
Some customers are paranoid (rightfully so) and they will run a vulnerability assessment on the web application. A particular customers' assessment fails as it finds that the appliance isn't running the latest version the Apache web server. I thought that just running "apt-get upgrade" would upgrade all of the software packages to the latest so that failures in the assessment caused by outdated software packages would be resolved... However this is not the case...
I realize that there is a probably a whole process for submitting/approving the latest versions of software packages in Ubuntu, that then get pushed to the repositories - But how does this work? What exactly does "apt-get upgrade" do if it doesnt upgrade packages to the latest?
For example: I need Apache 2.2.11 to fix a particular vulnerability. But when running apt-get upgrade, it doesnt actually upgrade the Apache version number (or any of the other packages). I'm stuck on Apache 2.2.8, and I can't find a .DEB installer for 2.2.11 or later.
I'm on the Slackware Security mailing list and I check the Slackware Security Advisory page daily because the mailing list, for me at least, is unreliable. After Firefox nagged me about a security update, I went to one of the FTP mirrors to check for an update and the Firefox update was there, but it still hasn't shown up on the official Slackware Security update page.
want to sync 2 folders, one on a desktop and the other on my server. My objective is to keep the desktop folder always updated with the content of the server folder. If I get this working, I can do the same with the rest of my desktop and laptop users. When online they can run a script with rsync and update data. Is it possible to get 2 way sync?
Running Fedora 13, LXDE spin. Today, the pcmanfm package updated to version 0.9.7 during a software update. After a reboot, I no longer have desktop icons and I'm seeing the default Fedora wallpaper. Also, if I right-click on the desktop, I get a standard openbox menu instead of the LXDE one.
I have a RHEL 3 server that I just tried to install updates on, but up2date kicked back the following message and no updates. Is redhat not offering updates for version 3 anymore? "This system may not be updated until it is associated with a channel".
Hey everyone I'm pretty new to ubuntu/linux so please bear with me . I recently installed 10.10 on my new htpc. The initial install went great, until I went to install the updated driver for my graphics card. What I did was I downloaded the driver off of nvidia. Then I did these steps:
2. logged in
3. sudo services gdm stop
4. I then located the driver package that I downloaded and ran it, it seemed to install fine (except for an error about some install script? but it let me proceed)
5. sudo services gdm start
It went to the gdm/ubuntu desktop. However I then connected it via HDMI, and the resolution was way off (top bar was not even displayed on TV) and I tried many different settings but no luck in fixing it. Next after restarting it did not automatically boot to the gdm/desktop. Instead it stayed at the command line login (the ctrl-alt-f1 screen).
tl;dr : 1. How to make it automatically boot to the gdm/desktop after I updated my gpu driver
2. How to fix the resolution for HDMI from my gpu to my TV. (DVI works fine
Booting into runlevel 3 and then issuing the $init 5, command leaves me this."binary handler for windows applications already registered" and the system hangs there.I yum removed wine, thinking that might be the issue, but that solved nothing.
I get the "Could not download all repository indexes" error whenever I check for updates in update manager. In the error window it says this: "Failed to fetch [URL] 404 Not Found. Some index files failed to download, they have been ignored, or old ones used instead. I'm not sure what this repository is for, so I can remove it, but I just want to make sure this is not the "main" repository that I get updates from. Will I still keep getting my system updates if I remove it?
was home when the attack took place I was running a vnc server that was tunnled thru ssh. At approximatley 5:00 pm eastern time my box turned on firefox and flashed a popup. I tried to get to the logs and then realized that the entre system had been hijacked the remote desktop icon was active there was a message in gnote saying "youve been own3d". The system Is a old mac mini PPC system and i plan on looking at the system log with a netboot cd by running linux rescue at boot. my question is how do i gain access to the system log from a rescue cd to find out how much damage this hacker did?
I just used the on-line update to upgrade from 11.3 to 11.4. Now when I click the computer button in lower left, there are no entries under system, ie. control center, yast, install, lock, logout, shutdown. How do I get those back?