router question
Mr. C clark
c_dive at hotmail.com
Wed Jan 14 15:09:59 UTC 2009
Hi Raymond,
Thank you.
Chris.
> Date: Tue, 13 Jan 2009 21:21:28 -0500
> From: rw at ncf.ca
> To: ubuntu-ca at lists.ubuntu.com
> Subject: RE: router question
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Allegedly, on Tue, Jan 13, 2009 at 05:50:32PM -0500, Chris stated:
> > Date: Tue, 13 Jan 2009 06:53:25 -0500 ; From: R. Wood
> > > Allegedly, on Tue, Jan 13, 2009 at 12:05:19AM -0400, Tom Daly stated:
> > > > I have a Pll box in basement, cable modem plugs into one nic,
> > > > house plugs into second nic. I had a friend set this up for me,
> > > > and know very little about it, other than it's running Debian,
> > > > periodically I do updates, and I still haven't groked iptables ...
> > > >
> > > > problem that has surfaced is after several weeks of intermittent
> > > > power failures and my not being here for a week or so, I ssh'd
> > > > into it earlier tonight to apt-get update, and _ALL_ my command
> > > > history is gone
> > > >
> > > > I'm thinking this is not good ...
> > > >
> > > > any thoughts?
> > >
> > > Hi,
> > >
> > > Missing logs/command history *could* be a symptom of intrusion. For
> > > starters, I would boot from a live or recovery CD of some kind and
> > > run both:
> > > - rkhunter (rootkit, backdoor, sniffer and exploit scanner)
> > > - chkrootkit (Checks for signs of rootkits on the local system)
> > > and see what output you get.
> > >
> > > HTH,
> > > Raymond
> >
> > Hi Raymond,
> >
> > Thank you for the commands to find Rootkits.
> > My suspicions were right I have two warnings appearing in Red.
> > /user/sbin/unhide-linux26
> > and
> > /user/sbin/unhide
> > Is there a simple way to fix/repair them?
> > Thank you
> > Chris
> > Owen Sound, Ontario
>
> Both chkrootkit and rkhunter will sometimes give 'false positives' (i.e.
> warnings you don't really need to worry about), but better safe than
> sorry right? :-)
>
> I google'd this a bit and it looks like it could be a false positive.
> Have a look at these links and see what you think:
> - - http://ubuntuforums.org/showthread.php?t=942250 (try in particular the
> command 'sudo rkhunter --propupd')
> - - http://ubuntu-virginia.ubuntuforums.org/showthread.php?p=5733628
> - - http://ubuntuforums.org/showthread.php?t=1006870
>
> Unfortunately none of the above accounts for why your command history
> was missing. I dunno -- perhaps someone else on the list has some
> ideas?
>
> Unfortunately the only true way to be sure you aren't compromised is to
> re-install, which is no fun, unless you like that kind of thing ;-)
>
> Good luck,
> Raymond
> - --
> "Be Nice, or Leave - By Order of the Management"
> (Sign above door, Black Sheep Inn, Wakefield)
> GPG Fingerprint: 2E4D 8605 DD48 E80F F893 1C02 B65D 86D9 3B3C 0E03
> Encrypted E-mail Preferred
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJbUwotl2G2Ts8DgMRAjdpAKDhDTz6gkel5kT69LggAOnRdRZ5zwCggonh
> xzjx4T3xfDdtI40O/ms3x8I=
> =vXbN
> -----END PGP SIGNATURE-----
>
> --
> ubuntu-ca mailing list
> ubuntu-ca at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-ca
_________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-ca/attachments/20090114/336ad333/attachment.html>
More information about the ubuntu-ca
mailing list