Leo

OK, I checked the fstab (actually I got my wife to do it as I'm at work) and it is set up pretty much the same as ianw1974 (the umask is different) so I am back to the drawing board on this one...

I may try setting a separate mount point for dvd with udf set explicitly just to make sure that it is not attempting to mount as iso9660 (although I appreciate this may well be a long shot)

Any more ideas?

Leo

The only real way I know of to find out if it was finalised is to import the session in CD burning software. Although, I think you might need to know exactly what software created it, and might have to use the same software. Not sure if it can be imported using different software that what created it.

 

You could also tell the format of the DVD too with the burning software, to check if it is in UDF format like scarecrow mentions above.

I have no idea what software was originally used, although I may give this a go with k3b (on the off-chance)

Leo

Please post your /etc/fstab... you likely have a cd-rom ISO9660 argument in there, and that DVD was built and burnt as pure UDF.

Aha! I think you may have hit on it there, the fstab does indeed have an iso9660 argument for the mount point (I checked it last night but could not find anything else to change it to).

Should I create a /mnt/dvd entry with udf as the type to fix this?

Leo

arctic: AFAIK it is a normal DVD-R disc and all libraries/codecs are installed - any suggestions as to ones I could be missing?

ianw1974: I already installed libdvdcss

AussieJohn: Ah! :P

tyme: I know what you mean but could not say for sure, however it plays fine in windows (on a different machine) and on the dvd player plugged into my TV (which I would have expected to object to an unfinalised disc since it's manual warns against leaving discs unfinalised as a readability issue).

Is there any way to check whether it is finalised?

Leo

I have a DVD that was made for me and that plays fine on a DVD player (through TV) and on Windows XP however when I put the disc into my dv writer (and reader) on Mandriva 2006. It mounts as 'Blank DVD-R Disk' and shows no data on it at all. When I look at my syslog I can see

kernel: cdrom: This disc doesn't have any tracks I recognize!

Other discs work fine (pre-recorded and home movies). This is really frustrating as I need to copy the disc but cannot.

Any ideas?

Leo

no, first let them login, nail them and teach them a lesson, then reinstall

That's what I would like to do but unfortunately do not know enough

Anyway, I have reinstalled now set up new (secure passwords for root and a new user, the firewall is on the router to allow nothing in (I reset to manufacturer settings and then set a new domain name, admin account and password). I have set up a firewall to run locally and turned sshd off.

I still need to set up the deny.hosts and look at NAT (although this is selected to run as a default on the router).

I will admit that I am now just a bit more paranoid than before.

Leo

Thanks Ianw1974, I had a firewall on the machine last time (just didn't set it up right) and the host.allow host.deny stuff does look worthwhile doing.

The router has NAT but I don't know what this is or how it works (I will look it up) it also has a firewall on it (which was functioning as set but I must have set it up badly - more research).

On the upside, when this is over I should know more about security.

Any more comments/suggestions/further reading will be gratefully accepted

Leo

OK, so last night I checked .bash_history [ty Tyme] and it seems this chap (I was going to use another word beginning with 'c' but then remembered I am far too polite for that sort of shit) has been a busy little beaver. There were various downloads and installations mech-[something I can't remember] and some others which when I googled the filenames got mentioned in the same pages as root-kits. I also checked netstat and found 4 ports pointing to a similar ip address to the one that originally hacked me.

I checked the .bash_history of the root account and could not see any commands that were not mine but I guess this could have been altered.

Long story short I have reformatted all the partitions on the hd and started a reinstall (which I cocked up completely - it was late and I was annoyed). For good measure I reset my modem router to factory settings.

Lessons learnt:

use secure passwords

check logs

don't leave sshd running for anyone to use

check .bash_history and netstat before doing anything else.

use secure passwords

What have I missed?

Leo

Nice, thanks michaelcole. I think the iptables solution mentioned in the comments was the one I had heard about but I like this a lot, particularly the host lookup part.

Leo

Thanks for the comments.

The usernames tried where all names or common applications (e.g. ftp) and on each attempt were tried in strict alphabetical order. Each id was attempted four or five times (suggesting a password guesses of uppercase, lowercase, blank and leading uppercase) the password was the username in lowercase (yes I know!).

Each attempt was made within a second of a failed attempt which suggests to me an automated attack.

The compromised account has been locked and a new root password setup (I also changed the administrator id and password on my modem/router just in case) however this was a secure password and the administrator username was non-standard.

I was hoping to avoid reinstalling (mainly it's a nuisance as much as anything) but given the overall opinion (plus iphitus comment about stuff left running/stored) I think it is necessary.

I disabled sshd as I assume this is how they return to my machine (which they did once already).

I will check .bash_history I must admit I am curious as to what they were doing, especially since they obviously returned the following night.

Thanks for the comments, any others will be gratefully received.

Preventing access after failed login attempts sounds like a good idea, I am sure I saw something about that connected to attempts from the same IP address which would have prevented this breach, I will have to dig around and see if I can find it again.

Leo

OK so I got hacked in the last couple of days (I only realised when hey changed my user password).

It is partially my fault as I had a very weak password and I had not been checking my logs.

Looking at auth.log someone appears to have been attempting huge lists of usernames over a fairly long period and finally got a hit. They were using ssh2 to connect.

thy changed my user password two days ago whcih I changed back they then came back yesterday and changed the password again.

I have now locked the account, created a new account (with a more secure password) and copied across some files I need from the old account to the new.

I also turned sshd off and rebooted my modem/router to get a new ip address and changed my root password.

What I need to know is:

How can I tel if they cracked the root password?

What should I check to find out if they added anything nasty?

Thanks

Leo

if you are interested I can post results on my "xen" experience.

 

Tomorrow I try xen domain0, and I've got VMware ESX server.

 

I guess its a little beyond normal emulation but it kind of fits in with this topic :)

I'd like to know how you get on with Xen. I've read a great deal about it but was too scared to try it (plus it sounded like I would not be able to emulate Windows with it). It is meant to be significantly faster.

Leo

Just started using Qemu (with the kqemu module) and it works really nicely. I needed to get a Windows installation for a course I am doing but didn't want to have to keep on rebooting.

I am having problems with disks though as it does not recognise a new disk being inserted, I tried the monitor option and can use a command line to tell it a new disk is present but it appears to be hit and miss (also it would be preferable if it were auto detected)

Any ideas?

Leo

ABC flowcharter was fantastic, unfortunately it couldn't handle Y2k+ dates, it was, I think, far superior to Visio.

I believe that Access was another package that MS bought rather than developed and they have not done an awful lot with it since aquiring it. It is a decent basic database app and useful for lining to other databases (providing you use the suppliers drivers nad not the MS supplied ones).

It has a huge problem with medium to large databases and becomes very inefficient very quickly when put under strain. It is also a bugger to migrate to another system and will even cause headaches migrating to more recent versions of itself.

In terms of apps for Linux, a project management tool would be really useful (I have looked at some of the MS Project (another app that can't talk to its ancestors well) type tools and none of them see to work as well or have the same scope.

Leo

Top of my head you cold try Microsofts website and see if they have a 'what product is best for you' type tool. If you put in various parameters you could see who they reccomend exchange to, I would think it is fairly well targetted.

Leo

[...] It was actually the same in my company but the bosses just make their secretary book the room .. and they ended up being the only ones using it. 

Im trying to determine what level/size of company actually uses Exchange and firther how many of them really use it (or Notes) fully.

<{POST_SNAPBACK}>

There is a certain section that get their PA to do all the bookings however they would get their PA to do bookings regardless of the means by which it were completed.

My guess, based on observation, would be that it does not really matter what the solution is, if it is fully featured it is very rarely used to it's full potential however it doesn't stop people wanting it. I suppose that in terms of drumming up sales and convincing people to switch it is worthwhile exploring exactly what is needed and used opposed to what is 'wanted'

Leo

Just as an aside this article from Computer Weekly looks as though it may have used the same survey as the zdnet article however it makes no mention of eMail clients.

Leo

[...]The article however, is bollocks.

Well the biggest bollocks is the "Outlook is an eMail client therefore an eMail client should connect to Exchange and do scheduling and groupware".

<{POST_SNAPBACK}>

Yes, an eMail client by definition does just eMail, however the extras add to it's appeal (providing they are useful and work)

Im interested in who actually uses the scheduling etc. in your company.  How many employees (if you don't mind me asking..) 

(This is for my new busineses doing linuxmigrations for small companies.  )

<{POST_SNAPBACK}>

There are over 5000 employees in the company and everyone uses the scheduling tool for meetings (it is the only way to book meeting rooms) it's use for tasks and other calender events is widespread but not complete. The take up is not defined by seniority or role but more personality.

Leo

Just to add a counter-point I must admit that Outlook is one of the tools produced by MS that I genuinely like, it is used throughout the company I work for (a relatively large one) to great effect, not just the email but group calendar, directory, tasks and even (although to a lesser extent) the Journal. They are used at all levels of the company (and I will admit a few do not use it properly).

But it is a good application, it works and provides a good range of useful functionality.

The article however, is bollocks.

Leo

I had similar issues with my old-ish nVidia card that I solved by replacing the open nv driver with the proprietary one. I am not familiar with ATI though so do not know how you can get better drivers for it.

Looking at the FAQ on the ATI site they suggest a couple of sites worth looking at for older drivers have you tried these?

Leo

I'd like to go with junior but don't really feel confident today so sophomore. I think I am probably between the two although my 'hacking' is moreoften than not just that, I just see if it works and possibly don't understand why. But I'm learning

I like the CLI but am not very competent (yet) I like the fact that I usually know exactly what I have done and have the option to tweak commands that the GUI doesn't give me. In particular I prefer it to the MCC as I find this poorly designed and rather unhelpful in terms of exactly what is being done and why.

Having said that, other GUIs I love (I prefer Firefox to Lynx although am coming around to Lynx (am I just regressing?)).

I reckon that a combination of the two is quite a healthy mix, conversely over reliance on either can really limit you.

Leo

How come you found it a pain to configure?  It worked within minutes for me :P

<{POST_SNAPBACK}>

Well you are obviously far smarter than me

The set up from scratch was actually ok (no harder than Outlook) but when upgrading or installing a new OS and using the same mailbox and settings (or importing mail from another Thunderbird install) it is a real pain in the arse. The only way I found was to symlink to the old directory and manually amend the conf file.

Leo

Have a look at modprobe.conf which allows you to make adjustments to modules being loaded.

You may also want to have a look at udev and hotplug as there is a mapping type file (I can't remember the name) that lets you define which modules get loaded for specific hardware. I am not sure if this has changed in 2006 since I believe hal is now being used.

Not really a complete answer to your question I am afraid but hopefully something to get you on the right path.

Leo

Thunderbird (ex Evolution) I only switched because Evolution got so messed up, but I do like the spam filter.

Having said that Thunderbird is a pain to set up.

Leo