I am not a security expert but would like to give my suggestions.
On 02/10/2011 06:07 AM, Ramnarayan.K wrote:
Hi
Some days back i posted a problem / warnings reported by chkrootkit
A port 4000 came up with this error message
Checking `bindshell'... INFECTED
(PORTS: 4000)
You can check your system if some service is listening to the port 4000,
or check all listening ports
/netstat -tua//
t for tcp
u or udp
/
I also ran rkhunter
these were the warnings i got
[11:03:54] /usr/sbin/unhide [ Warning ]
[11:03:54] Warning: The file '/usr/sbin/unhide' exists on the system,
but it is not present in the rkhunter.dat file.
[11:03:55] /usr/sbin/unhide-linux26 [ Warning ]
[11:03:55] Warning: The file '/usr/sbin/unhide-linux26' exists on the
system, but it is not present in the rkhunter.dat file.
I don't think these 2 are prblems to be worried of.
if you have doubt, find the md5sum, install a new virtual os, install
and find md5sum. I guess there are other ways to find file integrity
like tripwire.
and the following
[11:06:53] Checking /dev for suspicious file types [ Warning ]
[11:06:53] Warning: Suspicious file types found in /dev:
[11:06:53] /dev/shm/pulse-shm-2140383202: data
[11:06:53] /dev/shm/pulse-shm-3707541799: data
[11:06:53] /dev/shm/pulse-shm-797584089: data
[11:06:54] /dev/shm/pulse-shm-1322839818: data
[11:06:54] /dev/shm/pulse-shm-1033208539: data
[11:06:54] /dev/shm/pulse-shm-2106326488: data
[11:06:54] /dev/shm/pulse-shm-743709925: data
[11:06:54] /dev/shm/pulse-shm-351083088: data
[11:06:54] /dev/shm/pulse-shm-1331942024: data
[11:06:54] /dev/shm/pulse-shm-1912260521: data
[11:06:54] /dev/shm/mono.2443: data
[11:06:54] /dev/shm/mono.2467: data
[11:06:54] /dev/shm/pulse-shm-2905615276: data
[11:06:54] /dev/shm/pulse-shm-1210813197: data
[11:06:54] /dev/shm/pulse-shm-289830629: data
[11:06:54] /dev/shm/pulse-shm-4191095999: data
[11:06:54] Checking for hidden files and directories [ Warning ]
[11:06:54] Warning: Hidden directory found: /etc/.java
[11:06:54] Warning: Hidden directory found: /dev/.udev
[11:06:54] Warning: Hidden directory found: /dev/.initramfs
[11:07:05]
Even i got these warning, should not be problem I guess, .java doesn't
have any content in it. No comments
[11:07:05] Checking application versions...
[11:07:05] Checking version of GnuPG [ Warning ]
[11:07:05] Warning: Application 'gpg', version '1.4.9', is out of
date, and possibly a security risk.
[11:07:06] Checking version of OpenSSL [ Warning ]
[11:07:06] Warning: Application 'openssl', version '0.9.8g', is out of
date, and possibly a security risk.
I don't use opengpg and openssl so i guess thats ok
*You should worry about these, definitely.*
If opengpg-server is installed, service will be listening to outside
connections.
since openssl is a library, some applications might use it, probably
like firefox(i found it doesn't), openjdk, thunderbird.
Who knows your favorite application might ise openssl.
but whats the trip with the hiddenn files i .java /.udev an .initramfs ??
my call, just forget about those.
Most importantly monitor your network connections, there is no otherway
one can access your system. Also make sure network monitor tool is not
compromised :P
**
one suggestion i got was to deny inbound traffic
how does one do that
in firestarter it only provides options to allow inbound traffic not deny ??
and from Ubuntu forums (thread
http://ubuntuforums.org/showthread.php?t=1674668) i was suggested
this (
Quote did you update your firewall rules? (in any case block
everything inbound sudo ufw deny in from any , sudo ufw default
deny)
how does one do this because i get any error when applying sudo ufw
deny in from any ,
while this works but asks me to update m firewall rules
sudo ufw default deny
your system must have been using old firewall rules, since you are still
in 9.10
update them at the least.
**
Am running 9.10 am wondering if older versions are more vulnerble to
being attacked ??
*Definitely you have to update to newer operating system.*
look forward to responses and advice
ram
--
ubuntu-in mailing list
ubuntu-in@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
