Displaying 20 results from an estimated 1000 matches similar to: "Hacked or not appendice"
2004 May 21
12
Hacked or not ?
Hi,
I have a 4.9-STABLE FreeBSD box apparently hacked!
Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
Those are:
chfn ... INFECTED
chsh ... INFECTED
date ... INFECTED
ls ... INFECTED
ps ... INFECTED
But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED.
I know by the FreeBSD-Security archives that
2004 May 17
4
Multi-User Security
Hello list.
I would like to get your opinion on what is a safe multi-user environment.
The scenario:
We would like to offer to some customers of ours some sort of network
backup/archive. They would put daily or weekly backups from their local
machine on our server using rsync and SSH. Therefore, they all have a user
account on our server. However, we must ensure that they would absolutely
not be
2004 Jul 17
3
upgrading form 4.2 to 5.x
Hello,
My company has been asked to help with the upgrade of several Freebsd
systems that are pretty old. The customer is running a file server samba
also running apache running FBSD 4.2, he wants to upgrade using cvsup &
the make buildworld procedure to upgrade to 5.x. Im very familier with the
make buildworld procedure however there have been significant changes
between 4.2 & 5.x so is
2005 Aug 21
1
Security warning with sshd
In my recent security email, I got the following errors:
cantona.dnswatchdog.com login failures:
Aug 20 02:37:19 cantona sshd[9444]: fatal: Write failed: Operation not permitted
Aug 20 04:30:42 cantona sshd[16142]: fatal: Write failed: Operation
not permitted
Aug 20 21:21:51 cantona sshd[45716]: fatal: Write failed: Operation
not permitted
So three questions: What is it? Should I be worried?
2004 Feb 15
6
Rooted system
Howyd all? Seems that I have been routed. Possibly
by a physical B&E, but who knows? Probably some
of you do.... anyways, some politically sensitive
email was deleted from a user account and the
line
low -tr &
inserted into my .xinitrc .
Duncan (Dhu) Campbell
2007 Nov 20
2
chkrootkit V. 0.47
Running freeBSD 6.1
After changing chkrootkit to the latest version V. 0.47 and compiling it then
running it I get the following:
==================<SNIPPIT>================
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 6667)
Checking `lkm'... You have 131 process hidden for readdir
2004 Aug 18
4
chfn, date, chsh INFECTED according to chkrootkit
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn,
2006 Dec 22
1
chkrootkit reporting possible LKM trojan
How can I be sure if it is LKM or not?
Today I've run chkrootkit and it gave me:
Checking `lkm'... You have 179 process hidden for readdir command
You have 179 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root
2009 Apr 13
2
weighted mean and by() with two index
Hi expeRts,
I would like to calculate weighted mean by two factors.
My code is as follows:
R> tmp <- by(re$meta.sales.lkm[, c("pc", "sales")],
re$meta.sales.lkm[, c("size", "yr")], function(x)
weighted.mean(x[,1], x[,2]))
The result is as follows:
R> tmp
size: micro
yr: 1994
[1] 1.090
2004 Jun 12
0
How do I tell I was hacked?
>
>
>Date: Sat, 12 Jun 2004 13:15:33 +0200
>From: "Peter Rosa" <prosa@pro.sk>
>Subject: Hacked or not ?
>To: "FreeBSD Security" <freebsd-security@freebsd.org>
>Message-ID: <016301c4506e$947644e0$3501a8c0@pro.sk>
>
>Hi all,
>
>please advice me - I was on holidays for one week. After return I found in
>security mails from
2004 Feb 03
1
Re: Possible compromise ?
that only works when you are presuming that the host was not hacked already
because i would clear those logs when i hacked a system :)
but indeed it's a try,
If you remain unsure, it is best to reinstall the system to be sure that a
fresh
and newly updated (yeah update it when installed :)) system is not
compromised at that
time..
loads of work, but it gives you some relief to know that
2003 Aug 24
2
weird problem with chkrootkit and checksums
Hello,
last night, my chkrootkit crontab returned an alarm message :
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 2 process hidden for ps command
> Warning: Possible LKM Trojan installed
Some research on google make me think it's probably a false positive. I
tried few things :
re-launching chkrootkit : "Checking `lkm'...
2005 Apr 29
6
IPFW disconnections and resets
Hi,
I am using IPFW on FreeBSD 4.11
I am facing two problems:
- SSH sessions timeout after a while
- When I run "/sbin/ipfw -q -f flush" in the rules script all connection
get reset (and I am thrown out of the box).
Is this standard functioning of ipfw or do I need to change any
configuration?
Thanks,
Siddhartha
2004 Sep 29
5
Kernel-loadable Root Kits
Thanks for the module, I think its a good idea to commit it to FreeBSD
for a few reasons:
1) Some folks just prefer more static kernels.
2) Securelevel is a great thing, but can be a pain to do upgrades around
remotely. [A lot of folks use FreeBSD simply because its a breeze to run
remotely].
3) Until someone writes code to add modules to a kernel via /dev/mem and
releases it to the script
2003 Apr 13
1
chfn, chsh, ls, ps - INFECTED
My machine got hacked a few days ago through the samba bug. I
reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM
but still...
Can anyone please advise ?
bash-2.05b# chkrootkit | grep INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
--
Jay
-------------- next
2003 Nov 19
2
creative VoIP blaster & *
Ok,
I've googled for 15+ minutes, and have yet to find a usable answer, so I'm
going to annoy everyone and ask here.
I have, in my posession, a creative VoIP blaster. I have installed the
fobbit LKM and I can see the device. Can I use it with asterisk in any
meaningful way, shape, or form? I'd love to be able to buy an IP phone,
ATA, or FXO card, but lack the funds at the moment
2012 May 19
3
converting csv to image file
Hello everyone,
I want to get a 1km by lkm grid raster image using my csv data. If I call
latitude=a, longitude=b and preciptation=c.
a<-(1,2,3,4,5)
b<-(6,7,8,9,10)
c<-(10,20, 30,40, 50)
Then I found an example in r help which goes like
pts = read.table("file.csv",......)
library(sp)
library(rgdal)
proj4string(pts)=CRS("+init=epsg:4326") # set it to lat-long
pts =
2007 Feb 23
2
Latest Plus Kernel include MD RAID-1 BIO_RW_SYNC patch?
I am inquiring on the list if anybody knows if the latest plus kernel
includes the fixes for MD RAID-1 where it didn't pass down the
BIO_RW_SYNC flag on cloned bios.
This bug was discovered in December by the DRBD project and patches were
posted by Lars Ellenberg from that project to the LKM which were then
merged into the 2.6.19 kernel.
The bug causes severe performance penalties for
2003 Jun 07
1
Impossible to IPfilter this?
Hi!
I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN
router.
My problem is with firewalling the VPN part. I'm using a tunnel to a
RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my
internal net (172.17.0.0/24) to that box only:
spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique;
spdadd $REDHAT/32 172.17.0.0/24