similar to: how is block program run under wine?

I have a server that has been compromised. I'm running version 4.6.2 when I do >last this line comes up in the list. shutdown ~ Thu Aug 28 05:22 That was the time the server went down. There seemed to be some configuration changes. Some of the files seemed to revert back to default versions (httpd.conf, resolv.conf) Does anyone have a clue what type of

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

Good evening, I was finish the FreeBSD4.9 installation from CD, and only do some edit with the /etc/rc.firewall, /etc/rc.conf, /boot/defaults/loader.conf, and recompiling the kernel to support my ext2 backup harddisk, with sndcard support too. This's a old laptop (ibm380z), i have chkrootkit warning after all finished, i attached my uname -a, dmesg, pkg_info and chkrootkit result, please

Hello, when one has physical access to a computer, he can run something like tripwire, with keys and checksum on a separate, write-only media, to verify the integrity of the system. What if the system is a remote one (in my case Centos 4.3 on a User Mode Linux VPS some hundred of KMs from here)? Does it still make sense to run tripwire remotely? If yes, how, since you cannot plug a floppy or

Hi All, Yes, I know, it's really really embarrassing to have to ask but I'm being pushed to the wall with PCI DSS Compliance procedure (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why we don't need to install an anti-virus or find an anti-virus to run on our CentOS 5 servers. Whatever I do - it needs to be convincing enough to make the PCI compliance guy tick the

hello, i have a FreeBSD 4.8-PRERELEASE #0 that i use as a gateway / nat box for my home. It also acts as a dns / mail server to the outside world. I'm using ipf and basically filter for bogus networks on the way in and out. I allow everything out keeping state, and allow this in: pass in proto icmp from any to any icmp-type squench group 200 pass in proto icmp from any to any icmp-type timex

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

This morning, I noticed in my security email, that my entire /usr/bin directory had setuid diff's set on them. I think I've been hacked. So I installed chkrootkit from ports and ran it. It showed not infected for everything, except NETSTAT. NETSTAT showed infected... I ran chkrootkit for another machine (at my office), and it showed not infected for everything. Both machines are

On 8/6/2017 1:09 PM, lemonnierk at ulrar.net wrote: > >> Are your gluster nodes physically isolated on their own network/switch? > Nope, impossible to do for us ok, yes, that makes it much harder to secure. You should add VLANS, and/or overlay networks and/or Mac Address filtering/locking/security which raises the bar quite a bit for hackers. Perhaps your provider can help you with

On Sun, Aug 06, 2017 at 01:01:56PM -0700, wk wrote: > I'm not sure what you mean by saying "NFS is available by anyone"? > > Are your gluster nodes physically isolated on their own network/switch? Nope, impossible to do for us > > In other words can an outsider access them directly without having to > compromise a NFS client machine first? > Yes, but we

hi, have installed centos 4.7 We have installed qmail + simscan + vpopmail + SpamAssassin + clanAV and when we send a mail from a particular domain, the following error leaves us simscan: no envelope information, deferred exit and checking our log shows me the following 2009-09-14 18:18:06.929624500 16910 < Received: from mail pickup service by cp197.mysite4now.com with Microsoft

On Monday, 19 November 2007, Ross S. W. Walker rwalker at medallion.com wrote: <snip> > You can fix it all from CentOS. Ross: In addition to coming up with another slick way to fix this box, which I truly appreciate, you came up with the below: >You need to run some kind of rootkit detection and cleaner on the >system before it reboots or else it will just reinstall itself.

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

Hi Sir, I have a question regarding the security of Xen. What are the security threats in with Intel VT-x. Thanks, Praveen Kushwaha ________________________________________________________________________ _____________________ NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno Park, Noida | Tel: 120 436 6777 Extn 748

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the

Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to

... Looking for a recommendation for a commercial threat management package. ( Think antivirus / antispy / anti-rootkit -- all rolled into one engine ), similar to this product: http://usa.kaspersky.com/products_services/work-space-security.php, which currently only supports one kernel for FC6, and RHEL4, officially. Here's the background. Need to make a decision and investment for a

Hello. My server was hacked. The CPU has been loaded on 99 % by "sh -i" process. I found out that someone has started phpshell through a hole in one of phpbb forums. Also has filled in scripts for flud and spam and "vadim script" in "/tmp". I has made it noexec. Recently has found out the same process. May be i have left again /tmp opened, or other hole may