Re: Weird Network Manager Problem (Updated)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike Dwiggins <mike <at> azdwiggins.com> writes:

> 
>   JB,
> 
> I figured you or someone else might like to know this.  I killed the dhc 
> process and cleaned up the .conf files did a restart on Network Manage 
> and everything worked!
> 
> Ran chkrootkit and it hit on netstat as Infected (imagine that).  It 
> also reported a possible LKM Trojan intrusion.  I then ran rkhunter and 
> it threw warnings on the following files:
> /bin/netstat
> /bin/ps
> /usr/bin/top
> /usr/bin/lsof
> 
> It also reported undocumented password change and group file changes.
> 
> Password I could see with me going through Webmin to reset the root 
> password but, I was careful to change nothing else much less groups!
> 
> I rebooted and the problem was back just as before!
> 
> With that I threw up my hands and have WipeDrive going on the drives in 
> DoD mode!
> 
> Hope this might help someone!
> 
> Again thanks for the help!
> 

Hi,

congratulations, even if that does not seem appropriate :-)

You should test your other servers with both security programs as well.
You should do it on a regular basis, by the way.

Rkhunter installs as a cron job as well and sends a report to your system mail
box.
# ls /etc/cron.daily/
... rkhunter ...

Keep around some good (and up-to-date) live-cd (Knoppix, etc) that also has 
those security programs on it (check that beforehand).
It must be kept up-to-date (downloaded and burned) frequently due to changes in
attack patterns recognition.
But it is safer to perform the scan from a read-only media.

There is a clear sense of apprehension in Fedora community :-)

JB


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux