riseringseeker
-
Posts
100 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by riseringseeker
-
-
I am seriously looking at Emperorlinux T60 Thinkpads. They show that Mandrake 10.1 is available as an optional install. I asked whether they were *really* using a 2+ year old version, and was told that page was out of date (by 2 years!!!?) and Fedora was STRONGLY recommended over Mandrake if I wanted to stick with an RPM based distribution.
Comments?
-
I have a HP ze4911us that works fine with Mdv, or I should say did, when it booted. Now it does not power up at all, the power cord/supply seems to still work, and the only thing I get at all is the battery charging light come on when I hit the on switch, nothing else. I have/had Mdv2007 installed on it and the only thing that never worked was the win-modem, which I never expected anyway. The wireless was a little bit of a pain (an PCI LinkSys), but got that straightened out in short order.
Given the above, I find myself in the market for a new laptop (of course if anyone has any suggestions about a quick cheap fix for the 4911, I am all ears). I am looking to spend somewhere in the $1000-$1500 range, but can and will go more.
I need a laptop with a fairly large HD (I have a 40GB on the HP, which got tight fast), wireless connectivity is an absolute requirement, and bluetooth would be very nice (I have a dongle, but built-in and working would be better - less to lose.) Weight is definately a consideration, as I literally will drag this all around the world (thinking in the < 6 lbs range - as light as possible). DVD burning would also be a major plus, but not an absolute requirement. Another nice thing would be a video out and/or in port, but again, not a requirement. If the 56K modem also worked I would be surprised, but happy.
I've been happy overall with the HP, and it's size (14.1 inch monitor) works well. If there is a HP that will fit the bill that's great, but am not married to the brand.
If anyone can give me some ideas on what I can currently purchase in the US fitting the above, I would be grateful.
-
I'm sure rc.local is running. To test put this in rc.local:
echo "I am running" > /home/<username>/test.txt
Anyway, if rc.local wasn't run, error.txt could not have been created. It seems denyhosts may be running but not be picked up from what you say. See if the process is picked up with:
$ ps aux | grep denyhost
rc.local was indeed running, and after several pleas for help from the denyhosts mailing list, the author told me to modify the configuration script with:
os.environ['HOSTNAME'] = "your_HOSTNAME_goes_here"
after line #33
It now starts on boot. Thanks to all for trying to help! I do appreciate being part of a community so generous with their time and knowledge.
-
Well I am at last home. I tried modifying rc.local as above, and various variations thereof. Each and every time it rebooted, denyhosts was not running. I also modified "dodenyhosts" and "error.txt" was created, but it was just an empty file (which I assume means there were no errors)
Just as an experiment, with denyhosts stopped, I ran rc.local from a command line as a normal script. Lo and behold, denyhosts was running afterward, which leads me to believe that rc.local is not running at boot up.
Is there any way I can determine this for certain, and/or change something to make it run at start, assuming it really is not?
Oh, just found one more thing.
#service -s
does not show denyhosts is running, even when it is. Curiouser and curiouser.
-
Thanks for the suggestions so far. I have decided I will wait until I can be in front of the computer that denyhosts resides on before making further changes. I left home Nov 15, and hope to be back Dec 11th or 12th.
-
Hello,
I did copy some of the information out of netstat - if someone can tell me how to do a screenshot in console then I can get the whole content here.
Thanks -- Roger
No need for a screenshot, just try this:
# netstat > /home/<your_user_name>/netstat_output
Then it will just be a text file named netstat_output in your home directory.
-
Since no one has replied, I'll give you my best guess - some dependency needed by your script has not loaded at the time the system attempts to start the script. If it is a timing problem as I suspect, then try and run the script by editing /etc/rc.d/rc.local. Put whatever command you use to run the script at the end of rc.local and see if it works on reboot. The rc.local hack is commonly used to get around these timing problems since rc.local is the last init script to run.
Sorry I hadn't gotten back to you, I've been rather busy, and not where I could easily do what you suggested.
I edited /etc/rc.d/rc.local and put in the following line:
/usr/bin/python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
This works just fine from a command line to start denyhosts in daemon mode, but it did not seem to help when I put it in rc.local. When I reboot (and recall I am doing this all a long way from the desktop at home), it still gives me a status message that denyhosts is not running after a boot.
I have tried to play with the above line to no avail. It still refuses to come up on boot. Since it works on a command line, it should work in rc.local, no? rc.local I assume runs the scripts with root priveldges, doesn't it?
-
this is so weak i know but i downloaded amule its like Edonkey p2p ok i did the rpm install from the shell and now i cant find it to use it..wo my question is where is it? where did it install to so i can open it....the software installer gave me no options at all when i used it and from the console its not where i did the rpm npack at please someone help me
[user@localhost ~]$ su Password: [root@localhost]# updatedb 0 [root@localhost]# locate edonkey
Try that.
-
I have gotten denyhosts to run for me, and have switched to the daemon mode to reduce the load of running it, it also runs more often that way, and allows to sync my bad guys with a large list of others. The problem I have now is that it refuses to start during boot.
First, let me say I have done this all remotely, and cannot see the computer during the boot up for now, not until I get home.
(I am running Mandriva 2007, denyhosts 2.5, and python 2.4.)
What I have done thus far:
I copied the control-daemon file to init.d folder:
# cp /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
then ran chkconfig
# chkconfig --add denyhosts
I can start it, stop it, restart it, and get the status of it using "service"
# service denyhosts
There have been files written/copied by chkconfig for every runlevel in these directories:
/etc/rc.d/init.d/denyhosts
/etc/rc.d/rc0.d/K02denyhosts
/etc/rc.d/rc1.d/K02denyhosts
/etc/rc.d/rc2.d/S98denyhosts
/etc/rc.d/rc3.d/S98denyhosts
/etc/rc.d/rc4.d/S98denyhosts
/etc/rc.d/rc5.d/S98denyhosts
/etc/rc.d/rc6.d/K02denyhosts
Yet when I reboot and query the status, it says denyhosts is not running.
Looking in Madriva Control Center (MCC), it knows the process exists, and shows it should start on boot, but it also shows stopped.
What am I missing?
[moved from Software by spinynorman]
-
You won't be able to choose Secure Shell from the dropdown box, because it defaults to the standard port of 22.
You would have to choose custom, and then set the inbound port to the new port you've chosen for the relevant boxes.
Of course, I can still choose Secure Shell, just change what it points to as the port. I have tried 9022 as the inbound port, and/or the "private" port (I am not sure what that means) with sshd having the same value, and am unable to log in with it set like that. I also don't understand why there are two choices for each.
I am leaving in 2 1/2 hours and will be on an airplane or in an airport for 27 hours after that, and won't be home for 25 days, for until I get back, it'll have to stay pointed at port 22. I don't dare make the change when I am 10,000 miles from home, or I fear I won't be able to get back on at all.
-
To set up ssh to another port is very easy:
Just change
# Port 22
to
Port xxx
in /etc/ssh/sshd_config and restart sshd.
I just did it earlier today.
Yes, that changes the ssh server, and I have done that, but it is the configuration of the router in conjunction with changing the server port that seems to be frustrating me. Scroll back up and you can see the configuration window I have to work with for the router. I have tried XXXX in pretty much any combination of the fields the port number would go into (where XXXX = the same port sshd is set to), and still I cannot log in.
-
I thought I would let everyone know that I am fairly confident that my server was not compromised (but am going through the log files daily anyway - just to be sure). I was also finally able to install and get denyhosts running.
None of the RPMs available from here would work for me, even after installing libpython2.4-devel, which I found looking through the mailing list, is required. I then tried the tarball again, and since I had install the required library, it worked!
I was not able to get it to run as per instructions however. I had to put this in crontab:
0,10,20,30,40,50 * * * * python /usr/bin/denyhosts.py --daemon -c /usr/share/denyhosts/denyhosts.cfg
Since I did that, it is running just fine, and my /etc/hosts.deny is steadily growing.
The only continuing problems I have is not getting auto-emails from the system (I must need to tweak something to be able to let the program(s) trying to send emails to my gmail account to get out.), and figuring out how to configure the router and server to use a port other than 22. So, it's still a little bit of a work in progress.
Thank you all for your help - it is much appreciated.
-
Need to figure out how to symlink python2.4.3 to python2.4. then I might be able to get it running.
Going to be now but its exactly like a file.... you just name a directoriy instead of the file you want to symlink...
I found that symlinking was not what I needed to do after looking through the denyhosts mailing list, but instead just install without dependencies (after installing the python development libraries)
rpm --install --nodeps DenyHosts-2.5-python2.4.noarch.rpm
That got me much further, but when I run the install I get another error.
# python setup.py install running install running build running build_py error: package directory 'DenyHosts' does not exist
Still digging in the mailing list on denyhosts to figure that one out, and if I can't find out how to do it there, will start a new thread under installation about how to get it running.
-
try a different port for a week .... :D works wonders....
I have been trying to run a different port, and when I setup a different one I can't get on the desktop from the laptop. I think it has to do with the router setup. This is what it defaults to when setting up a ssh server:
I have, of course set sshd_config to a different port, but am not sure how I should set up the above.
try using denyhosts (a package)... it automatically bans IP's for X number of failed logins.by adding to your hosts.deny.. and mails you.My hosts.deny has well over 5000 entries....
Need to figure out how to symlink python2.4.3 to python2.4. then I might be able to get it running.
-
You can check, and always symlink python2.4 to the 2.43 installation if it doesn't exist.
Check... what?
I have had to soft link files before, but if you could lead me through how to symlink a directory I would appreciate it. I assume the link has to be in /usr/lib/python2.4 folder?
Is there a handy way to find symlinks, whether all of them, or what is linked to something?
-
You could post the outputs here, and I could take a look through them.Of course it would help in I knew what netstat and ps normally showed, that way I might be in a better position to see if there is anything unusual.OK, here's netstat -a, usernames and domains edited, otherwise a cut and paste.
#netstat -aActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.somedns.org:2208 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 localhost.somedns.or:46660 *:* LISTEN
tcp 0 0 *:swat *:* LISTEN
tcp 0 0 *:nut *:* LISTEN
tcp 0 0 192.168.2.2:9222 *:* LISTEN
tcp 0 0 localhost.somedns.or:10026 *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:943 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:57009 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 localhost.somedns.org:smtp *:* LISTEN
tcp 0 0 *:7741 *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp 0 0 *:39741 *:* LISTEN
tcp 0 0 *:40511 *:* LISTEN
tcp 0 0 192.168.2.2:52245 72.14.223.99:http ESTABLISHED
tcp 0 0 192.168.2.2:53179 a-70-183-191-115.deplo:http ESTABLISHED
tcp 0 0 192.168.2.2:43745 64.233.163.104:http ESTABLISHED
tcp 0 0 192.168.2.2:48512 209.62.188.20:http ESTABLISHED
tcp 0 0 192.168.2.2:48292 70.167.151.135:http ESTABLISHED
tcp 0 0 192.168.2.2:48279 70.167.151.135:http ESTABLISHED
tcp 0 0 192.168.2.2:54347 a-70-183-191-82.deploy:http ESTABLISHED
tcp 0 0 192.168.2.2:59917 a-70-183-191-75.deplo:https ESTABLISHED
tcp 0 0 192.168.2.2:59916 a-70-183-191-75.deplo:https ESTABLISHED
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 *:32771 *:*
udp 0 0 192.168.2.2:netbios-ns *:*
udp 0 0 *:netbios-ns *:*
udp 0 0 192.168.2.2:netbios-dgm *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 *:940 *:*
udp 0 0 *:7741 *:*
udp 0 0 *:730 *:*
udp 0 0 *:5353 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 192.168.2.2:ntp *:*
udp 0 0 localhost.somedns.org:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:32769 *:*
udp 0 0 *:ntp *:*
raw 0 0 *:icmp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 5990 /var/spool/postfix/dev/log
unix 2 [ ACC ] STREAM LISTENING 15574 /home/<username>/tmp/ksocket-<username>/klauncherhlGBWb.slave-socket
unix 2 [ ACC ] STREAM LISTENING 10644 /var/run/xdmctl/dmctl-:0/socket
unix 2 [ ACC ] STREAM LISTENING 15362 /tmp/ssh-PhfBmb5930/agent.5930
unix 2 [ ACC ] STREAM LISTENING 10839 /var/lib/clamav/clamd.socket
unix 2 [ ACC ] STREAM LISTENING 9709 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 25645 /home/<username>/tmp/orbit-<username>/linc-19ee-0-18fe2f2a2f68f
unix 19 [ ] DGRAM 5908 /dev/log
unix 2 [ ACC ] STREAM LISTENING 15649 /tmp/.ICE-unix/6126
unix 2 [ ACC ] STREAM LISTENING 15393 /tmp/gpg-gvSQpj/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 15542 /home/<username>/tmp/ksocket-<username>/kdeinit__0
unix 2 [ ACC ] STREAM LISTENING 5868 /var/run/dbus/system_dbus_socket
unix 2 [ ] DGRAM 1220 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 15544 /home/<username>/tmp/ksocket-<username>/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 10633 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 15466 @/tmp/dbus-w410DBhRHb
unix 2 [ ACC ] STREAM LISTENING 11187 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 9871 /tmp/.font-unix/fs-1
unix 2 [ ] DGRAM 6140 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 11208 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 11213 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 11217 private/bounce
unix 2 [ ACC ] STREAM LISTENING 11221 private/defer
unix 2 [ ACC ] STREAM LISTENING 11225 private/trace
unix 2 [ ACC ] STREAM LISTENING 6131 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 2 [ ACC ] STREAM LISTENING 11229 private/verify
unix 2 [ ACC ] STREAM LISTENING 11233 public/flush
unix 2 [ ACC ] STREAM LISTENING 11237 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 11241 private/smtp
unix 2 [ ACC ] STREAM LISTENING 11245 private/relay
unix 2 [ ACC ] STREAM LISTENING 11249 public/showq
unix 2 [ ACC ] STREAM LISTENING 11253 private/error
unix 2 [ ACC ] STREAM LISTENING 11265 private/discard
unix 2 [ ACC ] STREAM LISTENING 11269 private/local
unix 2 [ ACC ] STREAM LISTENING 5904 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 11273 private/virtual
unix 2 [ ACC ] STREAM LISTENING 11277 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 11281 private/anvil
unix 2 [ ACC ] STREAM LISTENING 6132 @/tmp/hald-runner/dbus-Lozc6QMT1S
unix 2 [ ACC ] STREAM LISTENING 11286 private/scache
unix 2 [ ACC ] STREAM LISTENING 11290 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 11294 private/cyrus-deliver
unix 2 [ ACC ] STREAM LISTENING 11306 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 11310 private/cyrus-chroot
unix 2 [ ACC ] STREAM LISTENING 11314 private/cyrus-inet
unix 2 [ ACC ] STREAM LISTENING 11318 private/uucp
unix 2 [ ACC ] STREAM LISTENING 11326 private/lmtp-filter
unix 2 [ ACC ] STREAM LISTENING 11330 private/smtp-filter
unix 2 [ ACC ] STREAM LISTENING 15549 /tmp/.ICE-unix/dcop6113-1163164333
unix 2 [ ACC ] STREAM LISTENING 25654 /home/<username>/tmp/orbit-<username>/linc-19ea-0-4191b5eb327e0
unix 2 [ ACC ] STREAM LISTENING 15803 /home/<username>/tmp/ksocket-<username>/localhost.somedns.org-17fb-45547ab8
unix 2 [ ACC ] STREAM LISTENING 10034 /var/run/xdmctl/dmctl/socket
unix 2 [ ACC ] STREAM LISTENING 15599 @/tmp/fam-<username>-
unix 2 [ ] DGRAM 25990
unix 3 [ ] STREAM CONNECTED 25861 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 25860
unix 3 [ ] STREAM CONNECTED 25855 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 25854
unix 3 [ ] STREAM CONNECTED 25853 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25852
unix 5 [ ] STREAM CONNECTED 25700 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25699
unix 3 [ ] STREAM CONNECTED 25658 /home/<username>/tmp/orbit-<username>/linc-19ea-0-4191b5eb327e0
unix 3 [ ] STREAM CONNECTED 25657
unix 3 [ ] STREAM CONNECTED 25656 /home/<username>/tmp/orbit-<username>/linc-19ee-0-18fe2f2a2f68f
unix 3 [ ] STREAM CONNECTED 25653
unix 2 [ ] DGRAM 25641
unix 3 [ ] STREAM CONNECTED 25627 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25626
unix 2 [ ] DGRAM 23481
unix 2 [ ] DGRAM 20053
unix 3 [ ] STREAM CONNECTED 16759 /home/<username>/tmp/ksocket-<username>/klauncherhlGBWb.slave-socket
unix 3 [ ] STREAM CONNECTED 16756
unix 3 [ ] STREAM CONNECTED 16087 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 16086
unix 3 [ ] STREAM CONNECTED 15966 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15965
unix 3 [ ] STREAM CONNECTED 15957 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15956
unix 3 [ ] STREAM CONNECTED 15953 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15952
unix 3 [ ] STREAM CONNECTED 15951 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15950
unix 3 [ ] STREAM CONNECTED 15943 /home/<username>/tmp/ksocket-<username>/localhost.somedns.org-17fb-45547ab8
unix 3 [ ] STREAM CONNECTED 15942
unix 3 [ ] STREAM CONNECTED 15916 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15915
unix 3 [ ] STREAM CONNECTED 15884 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15877
unix 3 [ ] STREAM CONNECTED 15876 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15875
unix 3 [ ] STREAM CONNECTED 15872 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15871
unix 3 [ ] STREAM CONNECTED 15883 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15865
unix 3 [ ] STREAM CONNECTED 15850 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15849
unix 3 [ ] STREAM CONNECTED 15848 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15847
unix 3 [ ] STREAM CONNECTED 15882 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15831
unix 3 [ ] STREAM CONNECTED 15827 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15826
unix 3 [ ] STREAM CONNECTED 15823 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15822
unix 2 [ ] DGRAM 15820
unix 3 [ ] STREAM CONNECTED 15794 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15793
unix 3 [ ] STREAM CONNECTED 15792 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15791
unix 3 [ ] STREAM CONNECTED 15790 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15789
unix 3 [ ] STREAM CONNECTED 15773 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15772
unix 3 [ ] STREAM CONNECTED 15760 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15759
unix 3 [ ] STREAM CONNECTED 15752 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15751
unix 3 [ ] STREAM CONNECTED 15727 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15726
unix 3 [ ] STREAM CONNECTED 15712 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15711
unix 3 [ ] STREAM CONNECTED 15701 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15700
unix 3 [ ] STREAM CONNECTED 15689 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15688
unix 3 [ ] STREAM CONNECTED 15678 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15677
unix 3 [ ] STREAM CONNECTED 15674 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15673
unix 3 [ ] STREAM CONNECTED 15670 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15669
unix 3 [ ] STREAM CONNECTED 15664 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15663
unix 3 [ ] STREAM CONNECTED 15662 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15661
unix 3 [ ] STREAM CONNECTED 15656 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15655
unix 3 [ ] STREAM CONNECTED 15654 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15653
unix 3 [ ] STREAM CONNECTED 15648 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15647
unix 3 [ ] STREAM CONNECTED 15642 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15641
unix 3 [ ] STREAM CONNECTED 15635 /home/<username>/tmp/ksocket-<username>/kdeinit__0
unix 3 [ ] STREAM CONNECTED 15634
unix 3 [ ] STREAM CONNECTED 15623 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 15622
unix 3 [ ] STREAM CONNECTED 15604 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15600
unix 3 [ ] STREAM CONNECTED 15587 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15586
unix 3 [ ] STREAM CONNECTED 15585 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15584
unix 3 [ ] STREAM CONNECTED 15577 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15576
unix 3 [ ] STREAM CONNECTED 15568 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15567
unix 3 [ ] STREAM CONNECTED 15565
unix 3 [ ] STREAM CONNECTED 15564
unix 3 [ ] STREAM CONNECTED 15509 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 15508
unix 3 [ ] STREAM CONNECTED 15507 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15506
unix 3 [ ] STREAM CONNECTED 15482 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15481
unix 3 [ ] STREAM CONNECTED 15470 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15469
unix 3 [ ] STREAM CONNECTED 15468
unix 3 [ ] STREAM CONNECTED 15467
unix 2 [ ] DGRAM 15219
unix 2 [ ] DGRAM 14730
unix 3 [ ] STREAM CONNECTED 11575 /tmp/.font-unix/fs-1
unix 3 [ ] STREAM CONNECTED 11574
unix 2 [ ] DGRAM 11368
unix 3 [ ] STREAM CONNECTED 11333
unix 3 [ ] STREAM CONNECTED 11332
unix 3 [ ] STREAM CONNECTED 11329
unix 3 [ ] STREAM CONNECTED 11328
unix 3 [ ] STREAM CONNECTED 11325
unix 3 [ ] STREAM CONNECTED 11324
unix 3 [ ] STREAM CONNECTED 11321
unix 3 [ ] STREAM CONNECTED 11320
unix 3 [ ] STREAM CONNECTED 11317
unix 3 [ ] STREAM CONNECTED 11316
unix 3 [ ] STREAM CONNECTED 11313
unix 3 [ ] STREAM CONNECTED 11312
unix 3 [ ] STREAM CONNECTED 11309
unix 3 [ ] STREAM CONNECTED 11308
unix 3 [ ] STREAM CONNECTED 11305
unix 3 [ ] STREAM CONNECTED 11304
unix 3 [ ] STREAM CONNECTED 11293
unix 3 [ ] STREAM CONNECTED 11292
unix 3 [ ] STREAM CONNECTED 11289
unix 3 [ ] STREAM CONNECTED 11288
unix 3 [ ] STREAM CONNECTED 11285
unix 3 [ ] STREAM CONNECTED 11284
unix 3 [ ] STREAM CONNECTED 11280
unix 3 [ ] STREAM CONNECTED 11279
unix 3 [ ] STREAM CONNECTED 11276
unix 3 [ ] STREAM CONNECTED 11275
unix 3 [ ] STREAM CONNECTED 11272
unix 3 [ ] STREAM CONNECTED 11271
unix 3 [ ] STREAM CONNECTED 11268
unix 3 [ ] STREAM CONNECTED 11267
unix 3 [ ] STREAM CONNECTED 11264
unix 3 [ ] STREAM CONNECTED 11263
unix 3 [ ] STREAM CONNECTED 11252
unix 3 [ ] STREAM CONNECTED 11251
unix 3 [ ] STREAM CONNECTED 11248
unix 3 [ ] STREAM CONNECTED 11247
unix 3 [ ] STREAM CONNECTED 11244
unix 3 [ ] STREAM CONNECTED 11243
unix 3 [ ] STREAM CONNECTED 11240
unix 3 [ ] STREAM CONNECTED 11239
unix 3 [ ] STREAM CONNECTED 11236
unix 3 [ ] STREAM CONNECTED 11235
unix 3 [ ] STREAM CONNECTED 11232
unix 3 [ ] STREAM CONNECTED 11231
unix 3 [ ] STREAM CONNECTED 11228
unix 3 [ ] STREAM CONNECTED 11227
unix 3 [ ] STREAM CONNECTED 11224
unix 3 [ ] STREAM CONNECTED 11223
unix 3 [ ] STREAM CONNECTED 11220
unix 3 [ ] STREAM CONNECTED 11219
unix 3 [ ] STREAM CONNECTED 11216
unix 3 [ ] STREAM CONNECTED 11215
unix 3 [ ] STREAM CONNECTED 11212
unix 3 [ ] STREAM CONNECTED 11211
unix 3 [ ] STREAM CONNECTED 11207
unix 3 [ ] STREAM CONNECTED 11206
unix 3 [ ] STREAM CONNECTED 11190
unix 3 [ ] STREAM CONNECTED 11189
unix 3 [ ] STREAM CONNECTED 11186
unix 3 [ ] STREAM CONNECTED 11185
unix 3 [ ] STREAM CONNECTED 11153
unix 3 [ ] STREAM CONNECTED 11152
unix 2 [ ] DGRAM 11109
unix 3 [ ] STREAM CONNECTED 10676 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 10675
unix 7 [ ] STREAM CONNECTED 11580 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10674
unix 3 [ ] STREAM CONNECTED 9817
unix 4 [ ] STREAM CONNECTED 9816
unix 2 [ ] DGRAM 9798
unix 3 [ ] STREAM CONNECTED 9712 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 9711
unix 2 [ ] DGRAM 9670
unix 2 [ ] DGRAM 9663
unix 2 [ ] DGRAM 8625
unix 2 [ ] DGRAM 8389
unix 2 [ ] DGRAM 8232
unix 3 [ ] STREAM CONNECTED 7573 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 7572
unix 3 [ ] STREAM CONNECTED 7299 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7298
unix 3 [ ] STREAM CONNECTED 7239 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7238
unix 3 [ ] STREAM CONNECTED 7184 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7183
unix 3 [ ] STREAM CONNECTED 6842 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 6841
unix 3 [ ] STREAM CONNECTED 6819 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 6818
unix 3 [ ] STREAM CONNECTED 6813 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 6812
unix 3 [ ] STREAM CONNECTED 6135 @/tmp/hald-runner/dbus-Lozc6QMT1S
unix 3 [ ] STREAM CONNECTED 6134
unix 2 [ ] DGRAM 6083
unix 2 [ ] DGRAM 6022
unix 3 [ ] STREAM CONNECTED 6002 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 6001
unix 3 [ ] STREAM CONNECTED 5892
unix 3 [ ] STREAM CONNECTED 5891
ps aux
]# ps auxUSER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1576 540 ? Ss 07:00 0:01 init [5]
root 2 0.0 0.0 0 0 ? S 07:00 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 07:00 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S< 07:00 0:00 [events/0]
root 5 0.0 0.0 0 0 ? S< 07:00 0:00 [khelper]
root 6 0.0 0.0 0 0 ? S< 07:00 0:00 [kthread]
root 8 0.0 0.0 0 0 ? S< 07:00 0:00 [kblockd/0]
root 9 0.0 0.0 0 0 ? S< 07:00 0:00 [kacpid]
root 75 0.0 0.0 0 0 ? S< 07:00 0:00 [kseriod]
root 111 0.0 0.0 0 0 ? S 07:00 0:00 [pdflush]
root 112 0.0 0.0 0 0 ? S 07:00 0:00 [pdflush]
root 113 0.0 0.0 0 0 ? S 07:00 0:00 [kswapd0]
root 114 0.0 0.0 0 0 ? S< 07:00 0:00 [aio/0]
root 767 0.0 0.0 0 0 ? S< 07:00 0:00 [kpsmoused]
root 779 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 859 0.0 0.2 2272 1296 ? S<s 07:00 0:00 udevd -d
root 973 0.0 0.0 0 0 ? S< 07:00 0:00 [khubd]
root 1074 0.0 0.0 0 0 ? S< 07:00 0:00 [scsi_eh_0]
root 1076 0.0 0.0 0 0 ? S< 07:00 0:00 [usb-storage]
root 1313 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 1339 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 1801 0.0 0.1 1616 584 ? Ss 07:00 0:00 syslogd -m 0 -a /var/spool/postfix/dev/log
70 1980 0.0 0.2 2536 1048 ? Ss 07:00 0:00 dbus-daemon --system
root 1988 0.0 0.1 1564 520 ? Ss 07:00 0:00 /usr/sbin/acpid
root 2042 0.0 0.2 4948 1048 ? Ss 07:00 0:00 ./hpiod
root 2043 0.0 0.1 2112 616 ? Ss 07:00 0:00 /usr/sbin/mandi -d
root 2078 0.0 0.2 2312 1216 ? Ss 07:00 0:00 klogd -2
71 2108 0.0 1.4 9144 7432 ? Ss 07:00 0:01 hald
root 2109 0.0 0.2 3200 1188 ? S 07:00 0:00 hald-runner
71 2127 0.0 0.1 2176 864 ? S 07:00 0:00 /usr/lib/hald-addon-acpi
71 2134 0.0 0.1 2172 868 ? S 07:00 0:00 /usr/lib/hald-addon-keyboard
root 2377 0.0 0.1 2140 760 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2404 0.0 0.1 2136 756 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2429 0.0 0.1 2136 760 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2486 0.0 0.9 10548 4848 ? S 07:00 0:00 python ./hpssd.py
root 2621 0.0 0.0 0 0 ? S< 07:00 0:00 [kgameportd]
root 2625 0.0 0.4 6316 2072 ? Ss 07:00 0:00 cupsd
root 2631 0.0 0.0 0 0 ? S< 07:00 0:00 [ac97/0]
root 2832 0.0 0.0 1592 436 ? Ss 07:00 0:00 /sbin/ifplugd -b -i eth0
ups 2978 0.0 0.0 1788 476 ? Ss 07:00 0:00 upsd -u ups
root 3065 0.0 0.1 2392 888 ? Ss 07:00 0:00 crond -p
daemon 3102 0.0 0.0 1696 360 ? Ss 07:00 0:00 /usr/sbin/atd
rpc 3304 0.0 0.1 1696 552 ? Ss 07:00 0:00 portmap
root 3401 0.0 0.1 2172 800 ? Ss 07:00 0:00 xinetd -stayalive -reuse -pidfile /var/run/xi
avahi 3475 0.0 0.3 2800 1540 ? Ss 07:00 0:00 avahi-daemon: running [<localhost>.local]
rpcuser 3522 0.0 0.1 1700 724 ? Ss 07:00 0:00 rpc.statd
root 3523 0.0 0.1 3772 740 ? Ss 07:00 0:00 rpc.idmapd
xfs 3556 0.0 0.6 4880 3180 ? Ss 07:00 0:01 xfs -port -1 -daemon -droppriv -user xfs
root 3610 0.0 0.1 2884 800 ? S 07:00 0:00 /usr/bin/kdm -nodaemon
root 3611 0.0 0.2 4628 1000 ? Ss 07:00 0:00 /usr/sbin/sshd
root 3660 0.5 4.2 28208 21400 tty7 Ss+ 07:01 1:24 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /
root 3709 0.0 0.0 0 0 ? S< 07:01 0:00 [nfsd4]
root 3717 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3718 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3719 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3720 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3721 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3722 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3723 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3724 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3732 0.0 0.0 0 0 ? S 07:01 0:00 [lockd]
root 3737 0.0 0.0 0 0 ? S< 07:01 0:00 [rpciod/0]
root 3753 0.0 0.0 1748 280 ? Ss 07:01 0:00 rpc.mountd
ntp 3796 0.0 0.8 4292 4292 ? SLs 07:01 0:00 ntpd -A -u ntp:ntp -p /var/run/ntpd.pid
root 3835 0.0 0.5 11464 2848 ? Ss 07:01 0:00 smbd -D
root 3860 0.0 0.3 3608 1656 ? S 07:01 0:00 -:0
root 3883 0.0 0.3 6928 1556 ? Ss 07:01 0:00 nmbd -D
root 3914 0.0 0.2 11464 1384 ? S 07:01 0:00 smbd -D
clamav 3960 0.0 3.3 28516 16632 ? Ss 07:01 0:00 clamd -c /etc/clamd.conf
clamav 4019 0.0 0.2 4796 1360 ? Ss 07:01 0:00 /usr/bin/freshclam --config-file=/etc/freshcl
root 4128 0.0 0.3 4736 1556 ? Ss 07:01 0:00 /usr/lib/postfix/master
postfix 4203 0.0 0.3 4856 1724 ? S 07:01 0:00 qmgr -l -t fifo -u -c
root 5591 0.0 0.1 2708 880 ? Ss 07:01 0:00 /usr/bin/lisa -c /etc/lisarc
root 5675 0.0 0.0 1560 448 tty1 Ss+ 07:01 0:00 /sbin/mingetty tty1
root 5676 0.0 0.0 1560 452 tty2 Ss+ 07:01 0:00 /sbin/mingetty tty2
root 5677 0.0 0.0 1560 452 tty3 Ss+ 07:01 0:00 /sbin/mingetty tty3
root 5678 0.0 0.0 1560 452 tty4 Ss+ 07:01 0:00 /sbin/mingetty tty4
root 5679 0.0 0.0 1560 452 tty5 Ss+ 07:01 0:00 /sbin/mingetty tty5
root 5680 0.0 0.0 1560 452 tty6 Ss+ 07:01 0:00 /sbin/mingetty tty6
<user> 5874 0.0 0.2 3944 1488 ? Ss 07:12 0:00 /bin/sh /usr/bin/startkde
<user> 5931 0.0 0.1 4232 956 ? Ss 07:12 0:00 ssh-agent
<user> 5953 0.0 0.0 2284 448 ? Ss 07:12 0:00 gpg-agent --daemon
<user> 6043 0.0 0.1 2704 648 ? S 07:12 0:00 /usr/bin/dbus-launch --exit-with-session --sh
<user> 6044 0.0 0.0 2424 484 ? Ss 07:12 0:00 /usr/bin/dbus-daemon --fork --print-pid 9 --p
<user> 6055 0.0 0.1 3340 828 ? Ss 07:12 0:00 /usr/bin/imwheel -k --rc /etc/X11/imwheel/imw
<user> 6085 0.0 0.5 8328 2760 ? Ss 07:12 0:00 s2u --daemon=yes --debug
<user> 6110 0.0 1.4 26680 7404 ? Ss 07:12 0:00 kdeinit Running...
<user> 6113 0.0 0.5 25940 2632 ? S 07:12 0:00 dcopserver [kdeinit] --nosid
<user> 6115 0.0 1.6 27972 8208 ? S 07:12 0:00 klauncher [kdeinit] --new-startup
<user> 6117 0.0 2.8 34288 14412 ? S 07:12 0:01 kded [kdeinit] --new-startup
<user> 6119 0.0 0.3 2824 1552 ? S 07:12 0:00 /usr/lib/gam_server
<user> 6124 0.0 0.0 1548 356 ? S 07:12 0:00 kwrapper ksmserver
<user> 6126 0.0 2.0 28044 10380 ? S 07:12 0:00 ksmserver [kdeinit]
<user> 6127 0.0 2.6 30176 12992 ? S 07:12 0:01 kwin [kdeinit]
<user> 6129 0.0 3.9 39600 19668 ? S 07:12 0:01 kdesktop [kdeinit]
<user> 6132 0.0 3.3 35356 16788 ? S 07:12 0:01 kicker [kdeinit]
<user> 6133 0.0 1.4 26792 7176 ? S 07:12 0:00 kio_file [kdeinit] file /home/<user>/tmp/ksocke
<user> 6139 0.0 1.4 27912 7260 ? SL 07:12 0:07 /usr/bin/artsd -F 10 -S 4096 -d -n -s 60 -m a
<user> 6142 0.0 2.0 28060 10272 ? S 07:12 0:00 kaccess [kdeinit]
<user> 6144 0.0 4.5 31692 22556 ? S 07:12 0:01 /usr/bin/perl /usr/bin/net_applet
<user> 6147 0.0 2.9 31692 14584 ? S 07:12 0:00 kmix [kdeinit] -caption KMix -icon kmix -mini
<user> 6150 0.0 2.3 28400 11496 ? S 07:12 0:00 klipper [kdeinit]
<user> 6154 0.0 2.7 36868 13800 ? S 07:12 0:00 knotify [kdeinit]
<user> 6163 0.0 0.1 2668 868 ? S 07:12 0:00 xsettings-kde
<user> 6171 0.0 2.6 31008 13288 ? S 07:12 0:00 korgac --miniicon korganizer
postfix 6606 0.0 0.3 4816 1568 ? S 10:21 0:00 pickup -l -t fifo -u -c -o content_filter -o
<user> 6624 0.0 0.3 3948 1508 ? S 11:21 0:00 /bin/sh /usr/bin/mozilla-firefox
<user> 6629 0.0 0.3 3988 1520 ? S 11:21 0:00 /bin/sh /usr/lib/mozilla-firefox-1.5.0.7/run-
<user> 6634 4.9 9.7 121000 48568 ? Sl 11:21 0:38 /usr/lib/mozilla-firefox-1.5.0.7/mozilla-fire
<user> 6638 0.0 0.5 5140 2580 ? S 11:21 0:00 /usr/lib/gconfd-2 12
<user> 6642 0.2 3.2 34088 16400 ? R 11:22 0:01 konsole [kdeinit]
<user> 6643 0.0 0.3 4128 1876 pts/1 Ss 11:22 0:00 /bin/bash
root 6716 0.0 0.2 3436 1140 pts/1 S 11:22 0:00 su
root 6719 0.0 0.3 3612 1612 pts/1 S 11:22 0:00 bash
root 6782 0.0 0.1 2280 900 pts/1 R+ 11:34 0:00 ps aux
-
As far as ports, use something over 2000 just to make sure you don't encroach on any other necessary ports. And don't use 31337. Here's a list of well-known ports, you'll want to choose one not on that list.
As far as the reinstall, as Gowator said that depends on your paranoid level. If you think someone actually succeeded in hacking you, then reinstalling is easier than hunting down what the hacker did in case he left himself a backdoor/trojan/zombie program. Checking it with a rootkit program as G suggests is definitely a good first step. I'd also look through a ps -aux for any oddball processes. Also, run netstat -a while logged in and look for strange services that are attached to odd ports.
Thanks, Tyme. Of course it would help in I knew what netstat and ps normally showed, that way I might be in a better position to see if there is anything unusual.
Apparently I am going to have to ask for help in installing denyhosts though. I keep being told it needs python 2.4 (my system shows 2.4.3), or, in the case of the tarball, says:
error: invalid Python installation: unable to open /usr/lib/python2.4/config/Makefile (No such file or directory) -
I agree with tyme, its a fact of life unfortunately....
Reinstall? The entire system, or just ssh server?
I get hundreds, sometimes tens of thousands per day...I seem to get merely scores. Most of them from India, China, Korea, etc. This is the first I have noted from within the US.
Watch out for dictionary attacks.... I now have my public facing username extremely long... its a pain to type but its more of a passphrase ... and the password is equally long.Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
I have not (yet) seen dictionary attacks, but have instead seen attacks with a long list of names tried in largely alphabetical order. I would guess that they just loaded a list from a "baby names" book into the script they are running, so with a long enough list, and user names that are real peoples names, they will eventually hit one of them - not that I have many users, this is after just my home system with very few users anyway.
I have some user names in "allow", and several entries in "deny". If I understand this correctly, being not listed in "allow", or specifically listed in "deny" will not let any other user name in, so in a way, it's a double protection.
Turn off ssh1It is.
Protocol 2Tis set up here with a 2048 rsa key. At the moment, I still have password entry allowed, but that is for the benefit of the one "test user", a friend who has already helped with tightening security here. I plan on turning that off prior to leaving for my next trip so without a rsa public key, should not be able to get on at all.
try a different port for a week .... :D works wonders....Got a range I should pick from?
try using denyhosts (a package)... it automatically bans IP's for X number of failed logins.by adding to your hosts.deny.. and mails you.My hosts.deny has well over 5000 entries....
I will give that a try. It also occurs to me that perhaps I should turn off pinging.
NEVER EVER post a username on a board.... I get thousands of attempted logins with gowator as the username... where do they get it? Well my sig has my static IP address and I guess they figure I must have a gowator user? It makes it twice as easy if they know a valid user name ..then they can concentrate on the password... and with 30,000 attempts a day ....???I have not posted a user name that I am aware of. Also, the first part of my domain is not "localhost" for that matter.
Example username password....g0wat0rsu3k3eggs4dinn3r/m0nk3ys3atp3anuts4fun
This way they have 23^36 combinations for the username.... but I doubt they try past x chars.... apart from dictionary words .. each run takes exponentially longer and though they are not from their own computer they will soon give up.... what they want is another drone host to attack someone else..
That would be a major pain, but might be worth instigating.
-
I posted here before asking for help in determining whether or not I was having security breechs. I was told (off the board) that the entries I was concerned about was not a big deal. OK, I know I am a little paranoid, but am new to being open to ssh connections from the `net, and being paranoid doesn't mean their not really after you!
Alright, I use MCC to set up the ssh server, and had specifically set it to not allow root logins. Yesterday, was double checking how I had it set up and to my surprise I found that root login somehow changed to "Yes - with password". OK, changed it back and also put "root" in deny users file. Today, checked again, and the file had been changed to allow root login - yes.
I also have line after line of this type of entry:
Nov 8 05:48:05 localhost sshd[16874]: Connection from 208.67.248.222 port 47297
Nov 8 05:48:05 localhost sshd[16874]: reverse mapping checking getaddrinfo for mail.reflx.net failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 8 05:48:05 localhost sshd[16874]: User root from 208.67.248.222 not allowed because listed in DenyUsers
Nov 8 05:48:05 localhost sshd[16874]: error: Could not get shadow information for NOUSER
Nov 8 05:48:05 localhost sshd[16874]: Failed password for invalid user root from 208.67.248.222 port 47297 ssh2
Nov 8 05:48:05 localhost sshd[16874]: Excess permission or bad ownership on file /var/log/btmp
Nov 8 05:48:06 localhost sshd[16876]: Connection from 208.67.248.222 port 47363
Nov 8 05:48:06 localhost sshd[16876]: reverse mapping checking getaddrinfo for mail.reflx.net failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 8 05:48:06 localhost sshd[16876]: User root from 208.67.248.222 not allowed because listed in DenyUsers
So, should I be worried, and/or what, if anything should I do?
I have security set to "high", and only have port 22 open to the `net. I know one of the things I should do is put ssh to some oddball port, but other than that?
-
Ah ok, I must have read it as being a problem when I posted yesterday. Sorry :D
Not a problem. I have been told by a source I trust that nothing in the file looked overly suspicious to him, and he probed the ports that were open on my system with nmap, and saw nothing out of the ordinary.
nmap <IP_address>
So I am marking this one solved. though I still need to figure out why my system is unable to send mail to alert me to problems.
-
Hmm, your port 22 looks different to mine:
[ian@esprit ~]$ netstat -tan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 10.1.1.2:48144 72.14.205.83:80 ESTABLISHED
mine is listening on all, yours is listening restricted on your IP address only. Although that shouldn't be a problem.
Have you tried using ssh locally and does it work OK? Can you connect without problems?
It works both locally, and over the internet for listed users. Being on the local network I have not been able log in using the domain name, or the "real" IP address, but a friend who also uses Linux, and for whom I have setup an account has been able to connet from various places.
My concern isn't that it isn't working, but that it is not secure enough to keep the bad guys out.
ian: i don't think he has a problem with SSH working, if I read the OP correctly it seems he's concerned about intruders.Correct.
To help secure your ssh I would follow these steps. I would check you sshd logs in /var/logs, it will show attempts to access your system via ssh and whether they failed or were successful, just search for successes since isn't the easiest to parse through.I'll look at the link you provided when I get back from running errands, thanks
This has some helpful tips too. Especially about using keys instead of username/password. You can carry your key on a usb drive so where ever you are you have it.Have an "authorized_keys2" on the laptop, and am not interested in accessing the home computer from elsewhere, though I do have a usb jump drive in case that ever is needed.
-
Your logs should be rotated by a job in /etc/cron.daily called logrotate. This is maybe why you cannot see prior to a certain date. However, you should see examples of the same logfile with .1, .2, .3 at the end and so on. These are normally archives of tar.gz or something.
OK, found those, not sure how to set to keep logs viewable in mcc any longer than they are, but at least that is one concern down!
Those last entries seem to be postfix - your smtp server trying to send emails to your gmail account but failing to connect.Now that I think of it, I do have it set to send e-mail in the event of evil things happening to my system. I guess I need to change e-mail addresses which it sends to, or figure out how to get that one to work.
As for sshd, see if it's running with:netstat -tan
and look for port 22.
Yes, it's running, out put at the moment is:
Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3493 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:48071 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:34444 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:849 0.0.0.0:* LISTEN
tcp 0 0 192.168.2.2:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:52378 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7741 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 192.168.2.2:33644 64.233.163.83:80 ESTABLISHED
tcp 1 0 127.0.0.1:53907 127.0.0.1:631 CLOSE_WAIT
tcp 1 0 127.0.0.1:40544 127.0.0.1:631 CLOSE_WAIT
tcp 1 0 127.0.0.1:40549 127.0.0.1:631 CLOSE_WAIT
tcp 1 0 127.0.0.1:59550 127.0.0.1:631 CLOSE_WAIT
tcp 1 0 127.0.0.1:59545 127.0.0.1:631 CLOSE_WAIT
tcp 0 0 :::6000 :::* LISTEN
tcp 0 0 :::631 :::* LISTEN
My intention is to be able to ssh (from the CLI, or using putty) into my system from where ever, and be able to print from my roaming laptop to the printer at home. Also of course, have the ability to surf the web, print locally and d/l from the desktop. (The machine the logs above are from)
-
I recently have setup a ssh server that I will/am/should be able to access from anywhere in the world (I travel a lot!
I also got a domain name from https://www.dyndns.com/ to be able to follow my dynamic IP. Since I have done so I have seen quite a few attempts to log in from various parts of the world Pakistan, India, China, Korea. Until yesterday I believed the attempts to be unsuccessful. Looking at the logs yesterday and today though makes me wonder if I need to do something else to keep hackers off my computer.
Todays logs are much like yesterdays, with the exception noted at the bottom of the list. Another concern is that is as far back as I can view - logs prior to 11/05 are not there at all! I don't know if that is because the files were dropped normally as part of keeping them a reasonable size, or if it's something more nefarious.
clipped from todays logs (I was not on the system at all during this period of time):
Nov 6 04:13:20 localhost logger: Security Warning: There are modifications for port listening on your machine :Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 localhost.homelinux.org:2208 *:* LISTEN 2031/hpiod
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:swat *:* LISTEN 3365/xinetd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:nut *:* LISTEN 2941/upsd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:48071 *:* LISTEN -
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 localhost.homelinux.or:10026 *:* LISTEN 4120/master
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:netbios-ssn *:* LISTEN 3652/smbd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:34444 *:* LISTEN 3481/rpc.statd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:sunrpc *:* LISTEN 3198/portmap
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:x11 *:* LISTEN 3759/X
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:849 *:* LISTEN 3641/rpc.mountd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 192.168.2.2:ssh *:* LISTEN 3530/sshd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:ipp *:* LISTEN 2514/cupsd
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 localhost.homelinux.org:smtp *:* LISTEN 4120/master
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 localhost.homelinux.or:52378 *:* LISTEN 2454/python
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:7741 *:* LISTEN 5559/lisa
Nov 6 04:13:20 localhost logger: - Opened ports : tcp 0 0 *:microsoft-ds *:* LISTEN 3652/smbd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:32769 *:* 3401/avahi-daemon:
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:32772 *:* 3481/rpc.statd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 192.168.2.2:netbios-ns *:* 3716/nmbd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:netbios-ns *:* 3716/nmbd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 192.168.2.2:netbios-dgm *:* 3716/nmbd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:netbios-dgm *:* 3716/nmbd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:689 *:* 3481/rpc.statd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:7741 *:* 5559/lisa
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:846 *:* 3641/rpc.mountd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:5353 *:* 3401/avahi-daemon:
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:sunrpc *:* 3198/portmap
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:ipp *:* 2514/cupsd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 192.168.2.2:ntp *:* 3775/ntpd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 localhost.homelinux.org:ntp *:* 3775/ntpd
Nov 6 04:13:20 localhost logger: - Opened ports : udp 0 0 *:ntp *:* 3775/ntpd
Nov 6 04:13:20 localhost logger: - Opened ports : raw 0 0 *:icmp *:* 7 5559/lisa
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 localhost.homelinux.org:2208 *:* LISTEN 2046/hpiod
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:swat *:* LISTEN 3441/xinetd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:nut *:* LISTEN 2981/upsd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:58089 *:* LISTEN 3542/rpc.statd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 localhost.homelinux.or:10026 *:* LISTEN 4099/master
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:33386 *:* LISTEN -
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:netbios-ssn *:* LISTEN 3689/smbd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 localhost.homelinux.or:43918 *:* LISTEN 2490/python
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:sunrpc *:* LISTEN 3268/portmap
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:x11 *:* LISTEN 3743/X
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 192.168.2.2:ssh *:* LISTEN 3605/sshd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:ipp *:* LISTEN 2570/cupsd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 localhost.homelinux.org:smtp *:* LISTEN 4099/master
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:954 *:* LISTEN 3756/rpc.mountd
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:7741 *:* LISTEN 5580/lisa
Nov 6 04:13:20 localhost logger: - Closed ports : tcp 0 0 *:microsoft-ds *:* LISTEN 3689/smbd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:32768 *:* 3528/avahi-daemon:
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:32770 *:* 3542/rpc.statd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 192.168.2.2:netbios-ns *:* 3841/nmbd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:netbios-ns *:* 3841/nmbd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 192.168.2.2:netbios-dgm *:* 3841/nmbd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:netbios-dgm *:* 3841/nmbd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:951 *:* 3756/rpc.mountd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:7741 *:* 5580/lisa
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:5353 *:* 3528/avahi-daemon:
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:kerberos-iv *:* 3542/rpc.statd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:sunrpc *:* 3268/portmap
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:ipp *:* 2570/cupsd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 192.168.2.2:ntp *:* 3779/ntpd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 localhost.homelinux.org:ntp *:* 3779/ntpd
Nov 6 04:13:20 localhost logger: - Closed ports : udp 0 0 *:ntp *:* 3779/ntpd
Nov 6 04:13:20 localhost logger: - Closed ports : raw 0 0 *:icmp *:* 7 5580/lisa
Nov 6 04:13:24 localhost logger: Security Warning: World Writable files found :
Nov 6 04:13:24 localhost logger: - /home/karl/Funnies/Greatest_Movie_Line_Ever.wmv
Nov 6 04:13:24 localhost logger: - /home/karl/Funnies/Kosovo music video.wmv
Nov 6 04:13:24 localhost logger: - /tmp/.ICE-unix
Nov 6 04:13:24 localhost logger: - /tmp/.X11-unix
Nov 6 04:13:24 localhost logger: - /tmp/.X11-unix/X0
Nov 6 04:13:24 localhost logger: - /tmp/.font-unix
Nov 6 04:13:24 localhost logger: - /tmp/.font-unix/fs-1
Nov 6 04:13:24 localhost logger: - /var/lib/clamav/clamd.socket
Nov 6 04:13:24 localhost logger: - /var/lib/lock/sane
Nov 6 04:13:24 localhost logger: - /var/lib/texmf
Nov 6 04:13:24 localhost logger: - /var/lib/texmf/ls-R
Nov 6 04:13:24 localhost logger: - /var/run/acpid.socket
Nov 6 04:13:24 localhost logger: - /var/run/avahi-daemon/socket
Nov 6 04:13:24 localhost logger: - /var/run/dbus/system_dbus_socket
Nov 6 04:13:24 localhost logger: - /var/run/xdmctl/dmctl-:0/socket
Nov 6 04:13:24 localhost logger: - /var/run/xdmctl/dmctl/socket
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/dev/log
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/anvil
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/bounce
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/cyrus
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/cyrus-chroot
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/cyrus-deliver
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/cyrus-inet
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/defer
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/discard
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/error
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/lmtp
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/lmtp-filter
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/local
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/maildrop
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/proxymap
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/relay
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/rewrite
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/scache
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/smtp
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/smtp-filter
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/tlsmgr
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/trace
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/uucp
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/verify
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/private/virtual
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/public/cleanup
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/public/flush
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/public/pickup
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/public/qmgr
Nov 6 04:13:24 localhost logger: - /var/spool/postfix/public/showq
Nov 6 04:13:24 localhost logger: - /var/spool/samba
Nov 6 04:13:24 localhost logger: Security Warning: /etc/shadow check :
Nov 6 04:13:24 localhost logger: - /etc/shadow:30: User "guest" has no password !
Nov 6 04:13:24 localhost logger: Security Warning: These files belonging to packages are modified on the system :
Nov 6 04:13:24 localhost logger: - /boot/message-graphic
Nov 6 04:13:24 localhost logger: - /usr/lib/gconv/gconv- modules.cache
Nov 6 04:13:24 localhost logger: - /usr/lib/nvu-1.0/chrome/overlayinfo/editor/content/overlays.rdf
Nov 6 04:13:24 localhost logger: - /usr/share/X11/icewm/menu
Nov 6 04:13:24 localhost logger: - /usr/share/a2ps/afm/fonts.map
Nov 6 04:13:24 localhost logger: - /usr/share/applications/defaults.list
Nov 6 04:13:24 localhost logger: - /usr/share/applications/gaim.desktop
Nov 6 04:13:24 localhost logger: - /usr/share/doc/HTML/index.html
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/100dpi/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/100dpi/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/75dpi/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/75dpi/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/OTF/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/OTF/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/Speedo/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/Speedo/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/TTF/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/TTF/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/Type1/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/Type1/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/cyrillic/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/cyrillic/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/misc/fonts.dir
Nov 6 04:13:24 localhost logger: - /usr/share/fonts/misc/fonts.scale
Nov 6 04:13:24 localhost logger: - /usr/share/texmf/ls-R
Nov 6 04:13:24 localhost logger: - /var/lib/mandriva/kde-profiles/common/share/config/kdesktoprc
Nov 6 04:13:24 localhost logger: - /var/lib/mandriva/kde-profiles/common/share/config/konquerorrc
Nov 6 04:13:24 localhost logger: Security Warning: These config files belonging to packages are modified on the system :
Nov 6 04:13:24 localhost logger: - /etc/X11/fs/config
Nov 6 04:13:24 localhost logger: - /etc/X11/imwheel/startup.conf
Nov 6 04:13:24 localhost logger: - /etc/cups/cupsd.conf
Nov 6 04:13:24 localhost logger: - /etc/exports
Nov 6 04:13:24 localhost logger: - /etc/firefox.cfg
Nov 6 04:13:24 localhost logger: - /etc/host.conf
Nov 6 04:13:24 localhost logger: - /etc/info-dir
Nov 6 04:13:24 localhost logger: - /etc/inittab
Nov 6 04:13:24 localhost logger: - /etc/kde/kdm/kdmrc
Nov 6 04:13:24 localhost logger: - /etc/kderc
Nov 6 04:13:24 localhost logger: - /etc/login.defs
Nov 6 04:13:24 localhost logger: - /etc/modprobe.conf
Nov 6 04:13:24 localhost logger: - /etc/modprobe.preload
Nov 6 04:13:24 localhost logger: - /etc/mozpluggerrc
Nov 6 04:13:24 localhost logger: - /etc/mtools.conf
Nov 6 04:13:24 localhost logger: - /etc/ntp.conf
Nov 6 04:13:24 localhost logger: - /etc/pam.d/system-auth
Nov 6 04:13:24 localhost logger: - /etc/printcap
Nov 6 04:13:24 localhost logger: - /etc/qtrc
Nov 6 04:13:24 localhost logger: - /etc/rpm/macros
Nov 6 04:13:24 localhost logger: - /etc/samba/smb.conf
Nov 6 04:13:24 localhost logger: - /etc/sane.d/dll.conf
Nov 6 04:13:24 localhost logger: - /etc/shells
Nov 6 04:13:24 localhost logger: - /etc/shorewall/interfaces
Nov 6 04:13:24 localhost logger: - /etc/shorewall/policy
Nov 6 04:13:24 localhost logger: - /etc/shorewall/rules
Nov 6 04:13:24 localhost logger: - /etc/shorewall/start
Nov 6 04:13:24 localhost logger: - /etc/shorewall/stop
Nov 6 04:13:24 localhost logger: - /etc/shorewall/zones
Nov 6 04:13:24 localhost logger: - /etc/ssh/ssh_config
Nov 6 04:13:24 localhost logger: - /etc/ssh/sshd_config
Nov 6 04:13:24 localhost logger: - /etc/sudoers
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/bootsplash
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/firstboot
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/harddrake2/kernel
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/harddrake2/previous_hw
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/msec
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/syslog
Nov 6 04:13:24 localhost logger: - /etc/sysconfig/usb
Nov 6 04:13:24 localhost logger: - /etc/sysctl.conf
Nov 6 04:13:24 localhost logger: - /etc/syslog.conf
Nov 6 04:13:24 localhost logger: - /etc/ups/ups.conf
Nov 6 04:13:24 localhost logger: - /etc/xinetd.d/saned
Nov 6 04:13:24 localhost logger: - /etc/xinetd.d/swat
Nov 6 04:13:24 localhost logger: - /etc/xml/catalog
Nov 6 04:13:24 localhost logger: - /usr/share/sgml/docbook/xmlcatalog
Nov 6 04:13:24 localhost logger: - /var/lib/clamav/daily.cvd
Nov 6 04:13:24 localhost logger: - /var/lib/clamav/main.cvd
Nov 6 04:13:24 localhost logger: Chkrootkit report:
Nov 6 04:13:24 localhost logger: ROOTDIR is `/'
Nov 6 04:13:24 localhost logger: Checking `amd'... not found
Nov 6 04:13:24 localhost logger: Checking `basename'... not infected
Nov 6 04:13:24 localhost logger: Checking `biff'... not found
Nov 6 04:13:24 localhost logger: Checking `chfn'... not infected
Nov 6 04:13:24 localhost logger: Checking `chsh'... not infected
Nov 6 04:13:24 localhost logger: Checking `cron'... not infected
Nov 6 04:13:24 localhost logger: Checking `date'... not infected
Nov 6 04:13:24 localhost logger: Checking `du'... not infected
Nov 6 04:13:24 localhost logger: Checking `dirname'... not infected
Nov 6 04:13:24 localhost logger: Checking `echo'... not infected
Nov 6 04:13:24 localhost logger: Checking `egrep'... not infected
Nov 6 04:13:24 localhost logger: Checking `env'... not infected
Nov 6 04:13:24 localhost logger: Checking `find'... not infected
Nov 6 04:13:24 localhost logger: Checking `fingerd'... not found
Nov 6 04:13:24 localhost logger: Checking `gpm'... not found
Nov 6 04:13:24 localhost logger: Checking `grep'... not infected
Nov 6 04:13:24 localhost logger: Checking `hdparm'... not infected
Nov 6 04:13:24 localhost logger: Checking `su'... not infected
Nov 6 04:13:24 localhost logger: Checking `ifconfig'... not infected
Nov 6 04:13:24 localhost logger: Checking `inetd'... not tested
Nov 6 04:13:24 localhost logger: Checking `inetdconf'... not found
Nov 6 04:13:24 localhost logger: Checking `identd'... not found
Nov 6 04:13:24 localhost logger: Checking `init'... not infected
Nov 6 04:13:24 localhost logger: Checking `killall'... not infected
Nov 6 04:13:24 localhost logger: Checking `ldsopreload'... not infected
Nov 6 04:13:24 localhost logger: Checking `login'... not infected
Nov 6 04:13:24 localhost logger: Checking `ls'... not infected
Nov 6 04:13:24 localhost logger: Checking `lsof'... not infected
Nov 6 04:13:24 localhost logger: Checking `mail'... not infected
Nov 6 04:13:24 localhost logger: Checking `mingetty'... not infected
Nov 6 04:13:24 localhost logger: Checking `netstat'... not infected
Nov 6 04:13:24 localhost logger: Checking `named'... not found
Nov 6 04:13:24 localhost logger: Checking `passwd'... not infected
Nov 6 04:13:24 localhost logger: Checking `pidof'... not infected
Nov 6 04:13:24 localhost logger: Checking `pop2'... not found
Nov 6 04:13:24 localhost logger: Checking `pop3'... not found
Nov 6 04:13:24 localhost logger: Checking `ps'... not infected
Nov 6 04:13:24 localhost logger: Checking `pstree'... not infected
Nov 6 04:13:24 localhost logger: Checking `rpcinfo'... not infected
Nov 6 04:13:24 localhost logger: Checking `rlogind'... not found
Nov 6 04:13:24 localhost logger: Checking `rshd'... not found
Nov 6 04:13:24 localhost logger: Checking `slogin'... not infected
Nov 6 04:13:24 localhost logger: Checking `sendmail'... not infected
Nov 6 04:13:24 localhost logger: Checking `sshd'... not infected
Nov 6 04:13:24 localhost logger: Checking `syslogd'... not infected
Nov 6 04:13:24 localhost logger: Checking `tar'... not infected
Nov 6 04:13:24 localhost logger: Checking `tcpd'... not infected
Nov 6 04:13:24 localhost logger: Checking `tcpdump'... not infected
Nov 6 04:13:24 localhost logger: Checking `top'... not infected
Nov 6 04:13:24 localhost logger: Checking `telnetd'... not found
Nov 6 04:13:24 localhost logger: Checking `timed'... not found
Nov 6 04:13:24 localhost logger: Checking `traceroute'... not infected
Nov 6 04:13:24 localhost logger: Checking `vdir'... not infected
Nov 6 04:13:24 localhost logger: Checking `w'... not infected
Nov 6 04:13:24 localhost logger: Checking `write'... not infected
Nov 6 04:13:24 localhost logger: Checking `aliens'... no suspect files
Nov 6 04:13:24 localhost logger: Searching for sniffer's logs, it may take a while... nothing found
Nov 6 04:13:24 localhost logger: Searching for HiDrootkit's default dir... nothing found
Nov 6 04:13:24 localhost logger: Searching for t0rn's default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for t0rn's v8 defaults... nothing found
Nov 6 04:13:24 localhost logger: Searching for Lion Worm default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for RSHA's default files and dir... nothing found
Nov 6 04:13:24 localhost logger: Searching for RH-Sharpe's default files... nothing found
Nov 6 04:13:24 localhost logger: Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for suspicious files and dirs, it may take a while...
Nov 6 04:13:24 localhost logger: /usr/lib/ooo- 2.0/program/.testtoolrc
Nov 6 04:13:24 localhost logger: Searching for LPD Worm files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for Ramen Worm files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for Maniac files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for RK17 files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for Ducoci rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for Adore Worm... nothing found
Nov 6 04:13:24 localhost logger: Searching for ShitC Worm... nothing found
Nov 6 04:13:24 localhost logger: Searching for Omega Worm... nothing found
Nov 6 04:13:24 localhost logger: Searching for Sadmind/IIS Worm... nothing found
Nov 6 04:13:24 localhost logger: Searching for MonKit... nothing found
Nov 6 04:13:24 localhost logger: Searching for Showtee... nothing found
Nov 6 04:13:24 localhost logger: Searching for OpticKit... nothing found
Nov 6 04:13:24 localhost logger: Searching for T.R.K... nothing found
Nov 6 04:13:24 localhost logger: Searching for Mithra... nothing found
Nov 6 04:13:24 localhost logger: Searching for OBSD rk v1... nothing found
Nov 6 04:13:24 localhost logger: Searching for LOC rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for Romanian rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for HKRK rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for Suckit rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for Volc rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for Gold2 rootkit... nothing found
Nov 6 04:13:24 localhost logger: Searching for TC2 Worm default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for Anonoying rootkit default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for ZK rootkit default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for ShKit rootkit default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for AjaKit rootkit default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for zaRwT rootkit default files and dirs... nothing found
Nov 6 04:13:24 localhost logger: Searching for Madalin rootkit default files... nothing found
Nov 6 04:13:24 localhost logger: Searching for Fu rootkit default files... nothing found
Nov 6 04:13:24 localhost logger: Searching for ESRK rootkit default files... nothing found
Nov 6 04:13:24 localhost logger: Searching for rootedoor... nothing found
Nov 6 04:13:24 localhost logger: Searching for anomalies in shell history files... nothing found
Nov 6 04:13:24 localhost logger: Checking `asp'... not infected
Nov 6 04:13:24 localhost logger: Checking `bindshell'... not infected
Nov 6 04:13:24 localhost logger: Checking `lkm'... Checking `rexedcs'... not found
Nov 6 04:13:24 localhost logger: Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Nov 6 04:13:24 localhost logger: Checking `w55808'... not infected
Nov 6 04:13:24 localhost logger: Checking `wted'... chkwtmp: nothing deleted
Nov 6 04:13:24 localhost logger: Checking `scalper'... not infected
Nov 6 04:13:24 localhost logger: Checking `slapper'... not infected
Nov 6 04:13:24 localhost logger: Checking `z2'... chklastlog: nothing deleted
Nov 6 04:13:24 localhost logger: Checking `chkutmp'... The tty of the following user process(es) were not found
Nov 6 04:13:24 localhost logger: in /var/run/utmp !
Nov 6 04:13:24 localhost logger: ! RUID PID TTY CMD
Nov 6 04:13:24 localhost logger: ! root 3759 tty7 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /var/run/xauth/A:0-ZgK1i3
Nov 6 04:13:24 localhost logger: chkutmp: nothing deleted
The odd thing about yesterdays logs were numerous entries like this:
Nov 5 04:14:16 localhost postfix/smtp[17094]: connect to gmail-smtp-in.l.google.com[64.233.167.114]: Connection timed out (port 25)Nov 5 04:14:19 localhost postfix/smtp[18311]: connect to gmail-smtp-in.l.google.com[64.233.167.114]: Connection timed out (port 25)
Nov 5 04:14:46 localhost postfix/smtp[17094]: connect to gmail-smtp-in.l.google.com[64.233.167.27]: Connection timed out (port 25)
Nov 5 04:14:49 localhost postfix/smtp[18311]: connect to gmail-smtp-in.l.google.com[64.233.167.27]: Connection timed out (port 25)
Nov 5 04:15:16 localhost postfix/smtp[17094]: connect to alt2.gmail-smtp-in.l.google.com[66.249.93.114]: Connection timed out (port 25)
Nov 5 04:15:19 localhost postfix/smtp[18311]: connect to alt1.gmail-smtp-in.l.google.com[66.249.83.114]: Connection timed out (port 25)
Nov 5 04:15:46 localhost postfix/smtp[17094]: connect to alt1.gmail-smtp-in.l.google.com[66.249.83.27]: Connection timed out (port 25)
Nov 5 04:15:49 localhost postfix/smtp[18311]: connect to alt1.gmail-smtp-in.l.google.com[66.249.83.27]: Connection timed out (port 25)
Nov 5 04:16:16 localhost postfix/smtp[17094]: connect to alt2.gmail-smtp-in.l.google.com[66.249.93.27]: Connection timed out (port 25)
Nov 5 04:16:16 localhost postfix/smtp[17094]: 213B969C95: to=<riseringseeker@gmail.com>, relay=none, delay=150,
Any ideas anyone?
-
The new rpmdrake is a complete rewrite of the old one not just an improvemed new version and it's missing some functions which the old one knew. I tried it twice and didn't like the dependency handling and packages not showing up in the list etc so I followed wobo's advice and I installed smart and KSmartTray and I'm pleased with it. At the moment it's much better than the new rpmdrake. After they fixed the issues with rpmdrake I'll try it again but for now smart is my choice.
I never had any real success with smart in 2006, but will try it again now that I have 2007 going. Several things don't seem to work as well for me in 2007 as they did in 2006, maybe this will be the exception. Adding smart now....
Which laptop?
in Laptops and Portable Devices
Posted
Actually they have a selection of distributions to choose from, their home-rolled RH based Emperor, Fedora, RHEL, Suse, Debian, Ubuntu, and they list Mandrake 10.1. In my latest exchange with them they said:
So, Mandrake/Mandriva was/is on hard times? Fedora was not so solid not so long ago?
Having only ever used Mdv, and played (very little) with a live Knoppix CD, I am not sure, but am leaning toward having Fedora, and maybe Ubuntu (though I am not a fan of the gnome desktop - for me Kubuntu might be much better) installed. One good thing is I won't be stuck with Vista, though I can have XP on it if I wish, which I just may.