Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Should I be paranoid? Help me figure out what happened.
New Posts  All Forums:Forum Nav:

Should I be paranoid? Help me figure out what happened. - Page 2

post #11 of 24
Quote:
Originally Posted by error10 View Post
You will still have a history, but only for the current terminal session. It won't be saved when you exit the shell.
Oh that's perfect. Thanks!
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
post #12 of 24
why would you want to unset that in the first place...?

are you doing some hardcore terminal pr0n or somethin???

the reason that file exists is for security forensics, if something bad does happen to your system, that is one place you can see what the intruder did (if it wasnt wiped clean ofc)

EDIT: if i was your friend, i woulda made myself a back door so i could screw with you whenever i wanted down the line might want to check for active user accounts other than your own and make sure root is still secured

EDIT2: also you could lock down port 22 and 23 with iptables wouldnt hurt as long as you dont plan to use ssh or telnet
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
post #13 of 24
Quote:
Originally Posted by EntTheGod View Post
EDIT: if i was your friend, i woulda made myself a back door so i could screw with you whenever i wanted down the line might want to check for active user accounts other than your own and make sure root is still secured

EDIT2: also you could lock down port 22 and 23 with iptables wouldnt hurt as long as you dont plan to use ssh or telnet
Yeah, this was my though. He could have altered permissions on your /home directories, altered the SSH password, installed a VNC server, even a keylogger

If you haven't done much on your setup (i.e. don't have much to lose), I'd reinstall. Or, you could use it as a learning experience to get right under the hood and check everything You should start with user accounts, and make sure you change the root password, probably the SSH public key too. Also, you should check the /etc/sudoers file for anything strange. That's a good starter for 10.
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #14 of 24
Thread Starter 
Quote:
Originally Posted by error10 View Post
It's in your home directory but it's a hidden file.
I'm going to Google revealing hidden files, but can I type its path into Terminal and open it as I would with a Run command in Windows to open a hidden file or directory?

Quote:
Originally Posted by EntTheGod View Post
if i was your friend, i woulda made myself a back door so i could screw with you whenever i wanted down the line might want to check for active user accounts other than your own and make sure root is still secured

EDIT2: also you could lock down port 22 and 23 with iptables wouldnt hurt as long as you dont plan to use ssh or telnet
Great! But... How? Please help me out since I'm genuinely lost. Primarily, can I log out and see if there's another username?

Quote:
Originally Posted by chemicalfan View Post
Yeah, this was my though. He could have altered permissions on your /home directories, altered the SSH password, installed a VNC server, even a keylogger

... you could use it as a learning experience to get right under the hood and check everything You should start with user accounts, and make sure you change the root password, probably the SSH public key too. Also, you should check the /etc/sudoers file for anything strange. That's a good starter for 10.
Definitely, I'd like to use this to learn a bit about security. If you guys want to stick around for the duration of the thread and to guide me so I can check everything, that would be great.
post #15 of 24
Quote:
Originally Posted by custommadename View Post
I'm going to Google revealing hidden files, but can I type its path into Terminal and open it as I would with a Run command in Windows to open a hidden file or directory?
Code:
gedit ~/.bash_history
Quote:
Originally Posted by custommadename View Post
Great! But... How? Please help me out since I'm genuinely lost. Primarily, can I log out and see if there's another username?
https://help.ubuntu.com/community/IptablesHowTo

And to see if there's another user:
Code:
cat /etc/passwd | cut -d ":" -f1
Quote:
Originally Posted by custommadename View Post
Definitely, I'd like to use this to learn a bit about security. If you guys want to stick around for the duration of the thread and to guide me so I can check everything, that would be great.
I'll try and be what help I can, but for the most part I use my google-fu to help =]
post #16 of 24
Greetz
If your friend is anything more than an acquaintance (someone you have grown to trust) then he actually has done you a favor. Just be certain how far that favor goes. You're doing the right thing getting closure. Don't assume. Find out.

It is pretty rare that we have to worry about attacks in Linux because there is just so much "low hanging fruit" (read: windows pcs) out there. However this should never be assumed to be sufficient protection. There really is no need for an AntiVirus or Anti-Spyware/Malwar application but it is essential to have a decent firewall, pay attention to security procedures, occasionally check for rootkits and keep paranoid while keeping your paranoia in check with a few checks.

LSOF - This stands for "List Open Files" and is a basic CLI command (lsof) but also has numerous good graphic front ends to keep an eye on what's being used and by whom.

WHO - The "who" command will list every active login in realtime. Don't be alarmed if you see 2 or more of yourself since opening a terminal, for example qualifies as an additional login.

There are many other simple commands to suss out who is doing what (whois, traceroute, netstat, etc) but the first line of defense is simply to learn how iptables works. I'm also pretty fond of "snort" and "tripwire"

PS I have known guys so paranoid that they had a trigger to send dmesg output to a !loud! dot matrix printer if they were even pinged. Another put his dangerous root commands on a CD (couoldn't be overwritten) and symlinked them. There are apps that "touch" sensitive files and will notify you if any of them are changed. IMHO this is too paranoid. Be reasonable but be safe.
Edited by enorbet2 - 5/20/11 at 8:14am
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
NewMain
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 - 3550 Asrock Z77 Extreme4 Evga GTX 1070Ti  4x2GB Corsair Vengeance 
Hard DriveOptical DriveCoolingOS
Seagate SATA 2TB x 2  Plextor PX-891SAW CM-Hyper N520 Slackware 14.2 MultiLib, Slackware 14.0 32 bit,... 
MonitorKeyboardPowerCase
32" Vizio HDTV + DLP Logitech Wireless Corsair HX-850 Antec Sonata I 
MouseMouse PadAudioOther
Razer DeathAdder 2013 dual ESI Juli@ CoolGear ExtSata Enclosure w/ Optical and 3TB S... 
  hide details  
Reply
post #17 of 24
So what's the bare minimum of "reasonable" measures to take for the general consumer? Lock down SSH (I feel so stupid having to look that up) set up SELinux/apparmor?
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
post #18 of 24
Wait, you gave your root password out? Have you learned your lesson?
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
Deimos
(13 items)
 
Pluto
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD 1090T Biostar TA890FXE Nvidia GTX 470 Corsair Vengence 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 MZ-7PC128D/AM Western Digital Black Western Digital Green Western Digital Blue 
CoolingOSOSMonitor
Dtek v2 Water Windows 7 Pro Fedora 16 LG4250 42" LCD TV 
KeyboardPowerCaseMouse
Microsoft Ergo Silverstone ST-1000P Cooler Master Cosmos 1000 Logitech G500 
Mouse PadAudio
X-Trac Ripper Asus D1 
  hide details  
Reply
post #19 of 24
its ubuntu... there is NO root password

in the /etc/shadow file the password field should read ! because you cant hash anything to a bang

that locks down the root account without disabling it

all deb distros do this as apposed to redhat distros setting a root password during the install
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
Kinda meh now...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PhII 940 BE asus M4N82 Deluxe 2x 8800gts(g92) 2x 1g ocz ddr2 1066 
Hard DriveOptical DriveOSMonitor
/dev/sd[abc] /dev/sr0 WinXP/Linux 22in acer 
PowerCaseMouseMouse Pad
950w rosewill timebomb Antec 900 (2small) Voodoo Deathadder (RED!) X-Trac Pads Ripper XL 
  hide details  
Reply
post #20 of 24
Thread Starter 
There's still hope for this thread! I need to go to Chicago for a bit, though, so I'll be back & will then continue participating. Please carry on posting interesting Linux security ideas. Thanks a whole lot!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Should I be paranoid? Help me figure out what happened.