crazyspongebob
-
Posts
99 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by crazyspongebob
-
-
It's not only CD-ROM drive lock-ups, but also whole system lock-up. I have to cold boot the system. I have not tried lsof command yet since I am trying to discern what's going with the possible security breach I posted in the security section.
Thanx.
-
Hi crazyspongebob
How about status/feedback, please!
I have deleted those two users and their home directories, and then added them back with passwords. Now it is fine. I just don't know what they did the box. The box is still running Mozilla 1.6 and no Firefox. I am testing Firefox 1.0 on my account only, not systemwide. I am thinking of installing it systemwide. I just wonder like iphitus if my system is really hacked. It's just really hard to pass both IPCop and then Shorewall with no outside connection allowed.
-
Hi all,
I wonder if this whole CD-ROM drive locking up thing is part of the fact that the system might be compromised. I have a post in the security forum of this box with title "Users losing KDE" thread.
Thanks
J.T.
-
Thanx all for your help.
I'm thinking of wiping the box clean and reinstalling Mandrake 10. This time there will be passwords for every accounts. Other than the two users losing KDE, other users still get their KDE and their stuff. I just wonder if it is just the two affected users' accounts got compromised but not the whole system. I don't know that for sure. What do you think if I should install Yahoo! Messenger again or do away with it? Since I have young kids come to my place and want to use it, plus Kopete is no longer working with Yahoo!
Thanks again.
J.T.
-
Here is my /etc/fstab:
/dev/hda5 / ext3 defaults 1 1
none /dev/pts devpts mode=0620 0 0
/dev/hdc /mnt/cdrom auto umask=0,user,iocharset=iso8859-1,codepage=850,noauto,ro,exec 0 0
/dev/hdd /mnt/cdrom2 auto umask=0,user,iocharset=iso8859-1,codepage=850,noauto,ro,exec 0 0
none /proc proc defaults 0 0
/dev/hda1 swap swap defaults 0 0
and here is my /etc/mtab:
/dev/ide/host0/bus0/target0/lun0/part5 / ext3 rw 0 0
none /proc proc rw 0 0
none /proc/bus/usb usbdevfs rw 0 0
none /dev devfs rw 0 0
none /sys sysfs rw 0 0
none /dev/pts devpts rw,mode=0620 0 0
-
three things to look in to.........
1. do you have KSCD (KDE's CD player) running & docked in the panel? if so, quit it from the panel. there's an issue with KSCD that will cause the drive to lock if KSCD is running in the panel, even without a CD inserted in the drive.
2. do you have supermount enabled? if so, try disabling it & see if the problem goes away. to do so, in terminal as root do........
supermount -i disable
I've used
supermount -i disable
and it seems to work so far. I guess this is the problem that makes my box hang randomly, and I have to give it a cold reboot. Where should I put this command so when the system boot, it will run without me issuing it.
Thanx,
J.T.
-
ARGH!!!!!!!!!!!The two users that are affected have no login password.It's just that they are used to window$. So password is such an annoyance for them, and if they had a password, it would be very easy to guess. But writing this down, I think having password is better than none. So I will ask them to put passwords on their accounts then. I am thinking of using either knoppix or ubuntu live CD to delete those two accounts and creat new ones with password protection.
Thanx
J.T.
-
I am the only power user of the system. My other two users just know to login the system to surf the web, chat, and play internet game. They don't know anything else, so I guess they did not delete or change anything. I wonder if they got compromised by using yahoo! messenger. They have nagged me to install it for them. It's just convenient for them not to have passwords. For my account, I do have password. I look into my Explanations log and it says that MandrakeUpdate was run on Nov 7 yet way later. I wonder if I can use live CD like ubuntu to fix the problem.
Here is the content of the security.log:
*** Diff Check, Sun Nov 7 04:04:17 EST 2004 ***
Security Warning: Change in World Writable Files found :
- No longer present writable file : /tmp/.ICE-unix/dcop3494-1099008396
Security Warning: the md5 checksum for one of your SUID files has changed,
maybe an intruder modified one of these suid binary in order to put in a backdoor...
- Checksum changed file : /usr/bin/chage
- Checksum changed file : /usr/bin/expiry
- Checksum changed file : /usr/bin/gpasswd
- Checksum changed file : /usr/bin/newgrp
- Checksum changed file : /usr/bin/sperl5.8.3
- Checksum changed file : /usr/bin/suidperl
*** Security Check, Sun Nov 7 04:04:17 EST 2004 ***
Security Warning: World Writable files found :
- /lib/dev-state/dri/card0
- /tmp/.ICE-unix
- /tmp/.X11-unix
- /tmp/.X11-unix/X0
- /tmp/.font-unix
- /tmp/.font-unix/fs-1
- /var/spool/postfix/dev/log
- /var/spool/postfix/private/anvil
- /var/spool/postfix/private/bounce
- /var/spool/postfix/private/cyrus
- /var/spool/postfix/private/cyrus-chroot
- /var/spool/postfix/private/cyrus-deliver
- /var/spool/postfix/private/cyrus-inet
- /var/spool/postfix/private/defer
- /var/spool/postfix/private/error
- /var/spool/postfix/private/lmtp
- /var/spool/postfix/private/lmtp-filter
- /var/spool/postfix/private/local
- /var/spool/postfix/private/maildrop
- /var/spool/postfix/private/proxymap
- /var/spool/postfix/private/relay
- /var/spool/postfix/private/rewrite
- /var/spool/postfix/private/smtp
- /var/spool/postfix/private/smtp-filter
- /var/spool/postfix/private/tlsmgr
- /var/spool/postfix/private/trace
- /var/spool/postfix/private/uucp
- /var/spool/postfix/private/verify
- /var/spool/postfix/private/virtual
- /var/spool/postfix/public/cleanup
- /var/spool/postfix/public/flush
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/postfix/public/showq
*** Diff Check, Wed Nov 10 04:04:32 EST 2004 ***
Security Warning: Change in World Writable Files found :
- Newly added writable file : /tmp/.ICE-unix/dcop2877-1100059156
*** Security Check, Wed Nov 10 04:04:33 EST 2004 ***
Security Warning: World Writable files found :
- /lib/dev-state/dri/card0
- /tmp/.ICE-unix
- /tmp/.ICE-unix/dcop2877-1100059156
- /tmp/.X11-unix
- /tmp/.X11-unix/X0
- /tmp/.font-unix
- /tmp/.font-unix/fs-1
- /var/spool/postfix/dev/log
- /var/spool/postfix/private/anvil
- /var/spool/postfix/private/bounce
- /var/spool/postfix/private/cyrus
- /var/spool/postfix/private/cyrus-chroot
- /var/spool/postfix/private/cyrus-deliver
- /var/spool/postfix/private/cyrus-inet
- /var/spool/postfix/private/defer
- /var/spool/postfix/private/error
- /var/spool/postfix/private/lmtp
- /var/spool/postfix/private/lmtp-filter
- /var/spool/postfix/private/local
- /var/spool/postfix/private/maildrop
- /var/spool/postfix/private/proxymap
- /var/spool/postfix/private/relay
- /var/spool/postfix/private/rewrite
- /var/spool/postfix/private/smtp
- /var/spool/postfix/private/smtp-filter
- /var/spool/postfix/private/tlsmgr
- /var/spool/postfix/private/trace
- /var/spool/postfix/private/uucp
- /var/spool/postfix/private/verify
- /var/spool/postfix/private/virtual
- /var/spool/postfix/public/cleanup
- /var/spool/postfix/public/flush
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/postfix/public/showq
I wonder if these files need to be world writable for Mandrake 10 to function. Postfix was uninstalled this morning as I mentioned before.
Thanx
J.T.
-
Thanks for your fast reply.
Currently, I have ADSL and an IPCop box sits in front of all of my internal boxes. The two users that are affected have no login password. I also have shorewall activated on this Mandrake 10.0 box. I don't know what they did to their account. I check with them soon. This box is not permanently on, so I am not too worried about. However, I have to investigate.
Thanx again.
JT
-
Hi all,
I have a family box with the following specs
System Specs
AMD Athlon 800
384 MB
6 gb hard disk
Voodoo 3 16MB
3Com network card.
The box has 6 users on it. Two of them lost KDE during the weekend. When they log in, the only thing appears on the screen is the console. It is just like generic X-window, no menus or anything. In the console, when I type exit, the users exit their sessions. When I type icewm-session, ICE starts. The following is partial log that says the box might be compromised.
Nov 7 04:04:17 a : Security Warning: Change in World Writable Files found :
Nov 7 04:04:17 a : - No longer present writable file : /tmp/.ICE-unix/dcop3494-
1099008396
Nov 7 04:04:17 a :
Nov 7 04:04:17 a : Security Warning: the md5 checksum for one of your SUID file
s has changed,
Nov 7 04:04:17 a : maybe an intruder modified one of these suid binary in order
to put in a backdoor...
Nov 7 04:04:17 a : - Checksum changed file : /usr/bin/chage
Nov 7 04:04:17 a : - Checksum changed file : /usr/bin/expiry
Nov 7 04:04:17 a : - Checksum changed file : /usr/bin/gpasswd
Nov 7 04:04:17 a : - Checksum changed file : /usr/bin/newgrp
Nov 7 04:04:17 a : - Checksum changed file : /usr/bin/sperl5.8.3
Nov 7 04:04:17 a : - Checksum changed file : /usr/bin/suidperl
Nov 7 04:04:17 a :
Nov 7 04:04:17 a : Security Warning: World Writable files found :
Nov 7 04:04:17 a : - /lib/dev-state/dri/card0
Nov 7 04:04:17 a : - /tmp/.ICE-unix
Nov 7 04:04:17 a : - /tmp/.X11-unix
Nov 7 04:04:17 a : - /tmp/.X11-unix/X0
Nov 7 04:04:17 a : - /tmp/.font-unix
Nov 7 04:04:17 a : - /tmp/.font-unix/fs-1
Nov 7 04:04:17 a : - /var/spool/postfix/dev/log
Nov 7 04:04:17 a : - /var/spool/postfix/private/anvil
Nov 7 04:04:17 a : - /var/spool/postfix/private/bounce
Nov 7 04:04:17 a : - /var/spool/postfix/private/cyrus
Nov 7 04:04:17 a : - /var/spool/postfix/private/cyrus-chroot
Nov 7 04:04:17 a : - /var/spool/postfix/private/cyrus-deliver
Nov 7 04:04:17 a : - /var/spool/postfix/private/cyrus-inet
Nov 7 04:04:17 a : - /var/spool/postfix/private/defer
Nov 7 04:04:17 a : - /var/spool/postfix/private/error
Nov 7 04:04:17 a : - /var/spool/postfix/private/lmtp
Nov 7 04:04:17 a : - /var/spool/postfix/private/lmtp-filter
Nov 7 04:04:17 a : - /var/spool/postfix/private/local
Nov 7 04:04:17 a : - /var/spool/postfix/private/maildrop
Nov 7 04:04:17 a : - /var/spool/postfix/private/proxymap
Nov 7 04:04:17 a : - /var/spool/postfix/private/relay
Nov 7 04:04:17 a : - /var/spool/postfix/private/rewrite
Nov 7 04:04:17 a : - /var/spool/postfix/private/smtp
Nov 7 04:04:17 a : - /var/spool/postfix/private/smtp-filter
Nov 7 04:04:17 a : - /var/spool/postfix/private/tlsmgr
Nov 7 04:04:17 a : - /var/spool/postfix/private/trace
Nov 7 04:04:17 a : - /var/spool/postfix/private/uucp
Nov 7 04:04:17 a : - /var/spool/postfix/private/verify
Nov 7 04:04:17 a : - /var/spool/postfix/private/virtual
Nov 7 04:04:17 a : - /var/spool/postfix/public/cleanup
Nov 7 04:04:17 a : - /var/spool/postfix/public/flush
Nov 7 04:04:17 a : - /var/spool/postfix/public/pickup
Nov 7 04:04:17 a : - /var/spool/postfix/public/qmgr
Nov 7 04:22:00 a CROND[7860]: (root) CMD (nice -n 19 run-parts /etc/cron.weekly)
Nov 7 05:01:00 a CROND[13467]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly)
Nov 7 05:01:01 a msec: changed mode of /var/log/security/open_port.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security/sgid.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security/suid_root.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security/suid_md5.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security/suid_md5.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security.log from 644 to 640 Nov 7 05:01:01 a msec: changed group of /var/log/security.log from root to adm
Nov 7 05:01:01 a msec: changed mode of /var/log/wtmp from 664 to 640 Nov 7 05:01:01 a msec: changed group of /var/log/wtmp from utmp to adm
Nov 7 05:01:01 a msec: changed mode of /var/log/security/unowned_group.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security/writable.today from 644 to 640
Nov 7 05:01:01 a msec: changed mode of /var/log/security/unowned_user.today from 644 to 640
Nov 7 06:01:00 a CROND[13549]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly)
Nov 7 07:01:00 a CROND[13612]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly)
Nov 7 08:01:00 a CROND[13675]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly)
I have uninstalled postfix since I just installed it for a test run.
Suggestions?
Thanx
JT
[moved from Installing Mandrake by spinynorman]
-
three things to look in to.........
1. do you have KSCD (KDE's CD player) running & docked in the panel? if so, quit it from the panel. there's an issue with KSCD that will cause the drive to lock if KSCD is running in the panel, even without a CD inserted in the drive.
I don't have any disk in any of the 2 cdrom drive and KSCD is not running.
So I'll try other options that you point out to see what happens.
Thanx
-
I don't use gmone. I am using KDE. I don't have the same problem with my laptop. The dialog box just come up randomly. Somehow it says that there is a music cd in the drive, but I don't have anything in the cdrom drives at all.
Thanx
-
Hi all,
I remember posting this problem before but not getting a good answer. Last time I did not have a screenshot of the message. I'll let the picture speak for the problem. I have this problem usually while opening mozilla. When this comes up, I hit the cancel button. The computer slows down considerably. I don't know what happens. I have Mandrake 10.0 on an AMD Athlon 800 with 384 MB RAM. I also have a laptop with PIII 1ghz and 512 MB RAM running Mandrake 10.0 without any problem at all.
Any suggestion?
Thanks
JT
-
The network card is a SiS 900.
JT
-
neither am I, I one of these on my motherboard...
although, it is detected and eth0 is up, have you checked to make sure the wires are all good (and connected)?
I'm running my system as a dual boot running GRUB. I have XP Pro and Mandrake 9.2 on this box. My connection works fine on XP so I know the hardware and cables are not the prob. I notice when Mandrake boots up it shows eth0 [FAILED]
Mark
I have a Prostar desknote with PIII 1.0 Ghz and a SiS network card. Mandrake 9.2 could not run on the box. I ran Redhat 9.0 for awhile. Now I have Mandrake 10.0 on it. Though on the boot screen, Mandrake shows eth0 [FAILED], I have no problem connecting to my network and surfing the web at all. It is really strange.
JT
-
It just happens to my desktop PC, not my laptop. They both have Mandrake 10.0 on. The two CD-ROMs are on the same ide channel. The mobo is an FIC SD-11 slot A with 384 mb of ram and 6 gig hard disk and a pci 3-com network card. I have a bp6 box with Mandrake 9.2 on, and it's been running for almost a year now without such problem at all.
Thanks
-
I have an AMD Athlon 800 Mhz system with one CD burner and one DVD-ROM with Mandrake 10 installed. Recently, once in a while, a dialog box pops up saying that music CDs in drives and the options are "Cancel", "Browse CD", or "Play" even though I have not put in any music CD in drives. Any of the options I choose, my drives are locked up.
Any suggestion?
Thanks
-
Have you tried ALSA yet? Your soundcard is supported.
-
As root, run userdrake and add the problem user to the sound group.
All users of this box are in the "audio" group, and I wonder if there is other groups that a user needs to be part of so that this problem can be resolved. It is just that whoever first logs into the box has the control over the sound device. I wonder if I write a script with the chmod command within each user startup so that the devices can get released after that user logs out.
Thanks.
-
go to easyrupmi and set up new mirrors. it will tell you exactly how to do it. idiot-proof. :D
i am sure that there will be a patch for your problem
I added the contrib, main, and updates along with the 3 CDs and updates media added by MandrakeUpdate. I ran MandrakeUpdate afterward, but the update list was empty. The problem persists.
Thanks.
-
I think this is a bughave you updated your system already with all the latest patches? if not, google for easyurpmi, set up the mirrors and update it. :)
I have used Mandrake Update GUI and checked all three options (Security updates, Bugfixes updates, and Normal updates). Aircobra's solution is only temporary since when I restart the box, the problem is back.
Thanks
-
Thanks for your help. So far, it works. However, I have not restarted the box yet. I think this is a bug. Those files should be released after a user logged out of the system so that the resources can be ready for use to the next user.
-
I have an AMD Athlon 800 Mhz box for my family of 4 to use loading with Mandrake 10.0 official download. Everyone has a username to log into the box. Everything works fine other than the sound. I have an es1371 sound card, and Mandrake 10 detects the card fine. The problem is after one user logs in and out of the box the next person does not have sound. I go in to /dev/sound and issue ls -al. It is shown that the dsp, midi, and mixer character files are still under the control of the person already logged out of the box.
I have tried to add all users into audio group but no use.
Any help would be appreciated!!!
Users losing KDE [SOLVED]
in Security
Posted
I am currently testing out BeOS PE 5 Max on the box. I tried it about four years ago and really liked it. I haven't had time to try the Pro edition. Then Be went under. Recently, searching the net and coming across the Max Edition. I love the fast loading GUI of BeOS. I put Mozilla Firefox on and off I go. However, M$ hotmail does not let me log in using Firefox. I am posting this on the box with BeOS. But I will wipe it clean and load either Mandrake 10.0 or FC3.
Thanx all,
J.T.