similar to: SSHD rootkit in the wild/compromise for CentOS 5/6?

Here is the applicable article: http://www.linux.com/feature/125548 There are links in the above article that explain tests for the system and what is currently known about the rootkit. Apparently initial access is NOT via any vulnerability but just guessed root passwords. There are currently 2 methods to see if you are infected: 1. In some cases, the root kit causes you to not be able to

Anyone wanna explain why ClamAV thinks Wine has a rootkit in it? It finds "mountmgr.sys" and "usbd.sys" as "BC.Heuristics.Rootkit.B" This is not altered Wine.. or even used... but it happens just pure straight up compile from source Wine even if its never been ran.... its finding them in the fakedlls folder. I have not tried on Linux, only on Mac OS X, using the

On 19 June 2018 at 19:37, David Vrabel <david.vrabel at nutanix.com> wrote: > It's not clear how this increases security. What threats is this > protecting again? It won't completely protect prevent rootkits, because still rootkits can edit dynamic kernel data structures, but it will limit what rootkits damage to only dynamic data. This way system calls can't be changed, or

If the attacker could get a shell, the attacker could have used this local root exploit to get the necessary privileges to install the rootkit. One reason why there seem to be few RHEL reports is that RHEL5 is not that widely available yet but lots of vulnerable Fedora/Debian installations are available.

Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. There are backups of necessary shell script, ASCII configuration files and more or less important email (maildir format, if it matters) including messages with binary attachments in

On Fri, 21 Aug 2015, Gilbert Sebenste wrote: > On Fri, 21 Aug 2015, Kay Schenk wrote: > >>>>> Have you tried different printer drivers other than the one that's >>>>> "recommended"? > > I just found the problem. The firmware on the printer was from January 20, > 2011. And this morning, it printed one piece of a document, and then

I ran chkrootkit and this is what I got. should I worry or is this normal? I'm running 4.8 thanks. Checking `wted'... 3 deletion(s) between Sat Jun 26 18:10:21 2027 and Sun Mar 24 04:27:12 2024 4 deletion(s) between Sun Mar 24 04:27:12 2024 and Sun Mar 24 04:27:12 2024 5 deletion(s) between Sun Mar 24 04:27:12 2024 and Sun Mar 24 04:27:12 2024 1 deletion(s) between Sun Mar 24 04:27:12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok...did some checking. I forgot to mention that I killed dead syslogd. Not just a -HUP but an actual kill and restarted. I did this several times. I was trying to get something else to work. Anyway, I killed it again this morning and restarted. The infect message went away immediately. Could this have been the problem? -

On 16.06.2018 13:49, Ahmed Soliman wrote: > Following up on these threads: > - https://marc.info/?l=kvm&m=151929803301378&w=2 > - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18 > > I lost the original emails so I couldn't reply to them, and also sorry > for being late, it was the end of semester exams. > > I was adviced on #qemu and

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

On Fri, 21 Aug 2015, Eero Volotinen wrote: Hello Eero, > Well, is it really supported on Linux? I can't find driver for it on: > http://www.openprinting.org/printers I just saw that. I now have it so that it prints a few pages, then locks up the printer. Funny, it worked just fine under CentOS5, now under CentOS 6, it won't? That's weird. Do you, or anyone else, have any

Hello everyone, When I type "sa-update" to get the latest files for Spamassassin, I see this error: ]# sa-update Argument "1.39_01" isn't numeric in subroutine entry at /usr/bin/sa-update line 83. My Google-fu came up with nothing when searching for this error. Am I the only one getting this to happen, or are any of you seeing it as well? Gilbert

Hello everyone, A quick Gnome question that has vexed me. In CentOS 5.10, if I have, say, an X terminal window up on my screen, the next time I log in, it's there when I log in as an unprivileged user. That's because I can save the layout the way I want to; there's a checkbox for it to save the layout upon exiting. I see none for CentOS 6.5. So, my X-terminal isn't there when I

Hello all, Several days ago, I noticed Firefox 3.0.8 was released for i386, but I haven't seen it on any of the mirrors. I know it can take a few days for mirrors to sync, but I think it's been 5 days now. Anyone see this package out there yet? ******************************************************************************* Gilbert Sebenste

Hey all, I am getting a number of incoming emails flagged as spam this morning. Here's why: X-Spam-Level: ***** X-Spam-Status: Yes, score=5.2 required=5.0 tests=FH_DATE_PAST_20XX, SUBJ_ALL_CAPS autolearn=no version=3.2.5 X-Spam-Report: * 3.4 FH_DATE_PAST_20XX The date is grossly in the future. The date of 2010 in the emails is correct. I have typed "sa-update" and

Hello everyone, I have been scouring the Internet for answers, wikipages, non-Centos pages, and I am stumped. I have a HP LaserJet P4014n. When I plugged it in via USB cable, it found it as a P4014, but in any case, it simply wouldn't print, so I deleted it, and tried to start from scratch. When I manually add the printer, it seems all is well, but it won't print a test page. In my

Hello, I found this lurking around the web, and thought people who are running SSH-1.2.27 might be interested. -- Kevin Sindhu <kevin at tgivan dot com> Systems Engineer TGI Technologies Inc. Tel: (604) 872-6676 Ext 321 107 E 3rd Avenue Fax: (604) 872-6601 Vancouver,BC V5T 1C7 Canada. -------------- next part -------------- Welcome Root Kit SSH distribution v5.0 (by Zelea) This

On 08/21/2015 12:16 PM, Gilbert Sebenste wrote: > On Fri, 21 Aug 2015, Fred Smith wrote: > >>>> I just saw that. I now have it so that it prints a few pages, then >>>> locks >>>> up the printer. Funny, it worked just fine under CentOS5, now under >>>> CentOS >>>> 6, it won't? That's weird. Do you, or anyone else, have any

Hey everyone, Logwatch flagged something in my Apache logs, and it says it was a possible successful probe. Hmmm. Here's what it says: --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 66.249.137.70 A total of 2 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of

Shortly after I sent the first email, we found that there is another way to achieve this kind of communication, via KVM Hypercalls, I think they are underutilised in kvm, but they exist. We also found that they are architecture dependent, but the advantage is that one doesn't need to create QEMU<-> kvm interface So from our point of view it is either have things easily compatible with