router question
R. Wood
rw at ncf.ca
Wed Jan 14 02:21:28 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Allegedly, on Tue, Jan 13, 2009 at 05:50:32PM -0500, Chris stated:
> Date: Tue, 13 Jan 2009 06:53:25 -0500 ; From: R. Wood
> > Allegedly, on Tue, Jan 13, 2009 at 12:05:19AM -0400, Tom Daly stated:
> > > I have a Pll box in basement, cable modem plugs into one nic,
> > > house plugs into second nic. I had a friend set this up for me,
> > > and know very little about it, other than it's running Debian,
> > > periodically I do updates, and I still haven't groked iptables ...
> > >
> > > problem that has surfaced is after several weeks of intermittent
> > > power failures and my not being here for a week or so, I ssh'd
> > > into it earlier tonight to apt-get update, and _ALL_ my command
> > > history is gone
> > >
> > > I'm thinking this is not good ...
> > >
> > > any thoughts?
> >
> > Hi,
> >
> > Missing logs/command history *could* be a symptom of intrusion. For
> > starters, I would boot from a live or recovery CD of some kind and
> > run both:
> > - rkhunter (rootkit, backdoor, sniffer and exploit scanner)
> > - chkrootkit (Checks for signs of rootkits on the local system)
> > and see what output you get.
> >
> > HTH,
> > Raymond
>
> Hi Raymond,
>
> Thank you for the commands to find Rootkits.
> My suspicions were right I have two warnings appearing in Red.
> /user/sbin/unhide-linux26
> and
> /user/sbin/unhide
> Is there a simple way to fix/repair them?
> Thank you
> Chris
> Owen Sound, Ontario
Both chkrootkit and rkhunter will sometimes give 'false positives' (i.e.
warnings you don't really need to worry about), but better safe than
sorry right? :-)
I google'd this a bit and it looks like it could be a false positive.
Have a look at these links and see what you think:
- - http://ubuntuforums.org/showthread.php?t=942250 (try in particular the
command 'sudo rkhunter --propupd')
- - http://ubuntu-virginia.ubuntuforums.org/showthread.php?p=5733628
- - http://ubuntuforums.org/showthread.php?t=1006870
Unfortunately none of the above accounts for why your command history
was missing. I dunno -- perhaps someone else on the list has some
ideas?
Unfortunately the only true way to be sure you aren't compromised is to
re-install, which is no fun, unless you like that kind of thing ;-)
Good luck,
Raymond
- --
"Be Nice, or Leave - By Order of the Management"
(Sign above door, Black Sheep Inn, Wakefield)
GPG Fingerprint: 2E4D 8605 DD48 E80F F893 1C02 B65D 86D9 3B3C 0E03
Encrypted E-mail Preferred
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJbUwotl2G2Ts8DgMRAjdpAKDhDTz6gkel5kT69LggAOnRdRZ5zwCggonh
xzjx4T3xfDdtI40O/ms3x8I=
=vXbN
-----END PGP SIGNATURE-----
More information about the ubuntu-ca
mailing list