Daniel Stiefel wrote: > > A few days ago, I got some KWrited docs popping up on my Mandrake 8.1 > desktop ("Security warning: World Writeable files found" followed by a long > list of files located on both hardrives). I am a linux newbie and assumed > the popups were the product of some kind of monitoring utility that I had > inadvertently installed.
This is correct, and the installed program doing these checks is a program called, by Mandrake, msec. > > Although I have a simple workstation setup (except for the extra partitions > and triple boot aspect to it!) and installed 8.1 with medium security, I > went > back into 8.1's control panel and re-set it to medium security and the > Kwrited > popups stopped appearing. With this move, you have "loosened" your security settings. You have gone down a level, and this could be okay or it could be a problem for you, in terms of security. It depends a lot on other variables, such as how you connect to the internet, what other kinds of protection are you running (firewall, etc.), and so on. > > >From the lists of files displayed, I assumed my machine had been compromised > and that I would have to partition, reformat, reload the win98, mandrake 8.1 > and Redhat 5.1 partition in order to make things right. I downloaded > chkrootkit (and with some help from this group), ran it while booted to the > main HD/ Mandrake 8.1 just to see what was up. Surprisingly it showed > nothing. I'm not sure why that is. I am not familiar with chkrootkit and > may have failed to run it so that it searched all of the drives. How are you running it? We need a little more info on this part of your operation. > > Can anyone tell me how to run it to seach RH 5.1 or the win98SE partition? > Can that be done from 8.1 on the other drive as I attempted? Does it check > comprehensively or does it only check the drive/OS that it is booted to? Not sure about win98. Have not used it in years but it should work for red hat. Again, I need to know more about how you are running it. > > Secondly, is it possible that, despite the KWrited popops that occured on 2 > different occasions, my machine is unnaffected? Dan, it is entirely possible that your machine is *not* compromised. The listing you were getting is simply telling you that you have directories and files that can be executed, read, and changed/deleted by anyone that has access to your system. That means these directories are set to 777 permissions, and these files are set to 666 perms. Are you getting any other kind of warnings? Hope it helps, -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net "Character is built upon the debris of dispair" --Emerson
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com