LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices

Old

Rootkit Hunter: IptabLex, IptabLes

Posted 06-14-2014 at 04:17 AM by unSpawn
Updated 06-22-2014 at 04:50 AM by unSpawn (//Added auditing examples)
Tags iptablex

Compromises leaving .IptabLes and .IptabLex binaries (with or without dot) in /, /boot, /etc and or /usr seem to be quite common:
http://ubuntuforums.org/showthread.php?t=2226673
http://www.linuxquestions.org/questi...ns-4175502655/
http://forum.synology.com/enu/viewto...p?f=19&t=85779
http://daivietpda.vn/threads/203145/
http://security.stackexchange.com/qu...s-and-iptablex...
Moderator
Posted in Uncategorized
Views 951 Comments 0 unSpawn is offline
Old

RPM-repackaging google-earth-stable_current for Fedora

Posted 06-14-2014 at 03:34 AM by unSpawn

Code:
Transaction check error:
  file /usr/bin from install of google-earth-stable conflicts with file from package filesystem
While the above error and its fixes are documented well enough across the 'net I'm listing my own spec for future reference. You should probably not want to use this but if you do just save below code as "google-earth-stable.spec" and run it as 'rpmbuild -bb google-earth-stable.spec;'.

Code:
%define __os_install_post  /usr/lib/rpm/brp-compress
...
Moderator
Posted in Uncategorized
Views 268 Comments 0 unSpawn is offline
Old

Bro, ImportError: No module named BroControl

Posted 06-14-2014 at 03:32 AM by unSpawn

Should you run bro-1.5.1-9 on Fedora and wonder what
Code:
detected unhandled Python exception in '/usr/bin/broctl'
Traceback (most recent call last):
File "/usr/bin/broctl", line 703, in <module>
from BroControl import util
ImportError: No module named BroControl
means and found Fedora Bugzilla wanting for not fixing the same bug in Fedora 14 and 16 with status "CLOSED WONTFIX" then check out the "/usr/bin/broctl"...
Moderator
Posted in Uncategorized
Views 260 Comments 0 unSpawn is offline
Old

Rootkit Hunter release 1.4.2

Posted 02-24-2014 at 01:26 PM by unSpawn

The Rootkit Hunter project team is pleased to announce the release of version 1.4.2.
Please see the rkhunter-1.4.2 download page for details.
Moderator
Posted in Uncategorized
Views 390 Comments 0 unSpawn is offline
Old

Blocking lists of IP addresses using the iptables recent module or ipset and make fail2ban use it.

Posted 04-21-2013 at 07:25 AM by unSpawn
Updated 04-21-2013 at 08:34 AM by unSpawn (//Suggest saving the current rule set)

To combat the common misconception that filling Netfilters filter table INPUT chain is still a valid choice, to show ease of use and for future reference I'll outline how to mass block IP(v4) addresses and how to integrate this in fail2ban.

*This web log post will not explain the fine print on ipset and iptables' {ipt,xt}_recent ('iptables -m recent --help'), nor will it tell you how to install anything, help you configure fail2ban, go into SysV vs BSD init scripts or application...
Moderator
Posted in Uncategorized
Views 2070 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 01:54 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration