Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
when checking syslogs I keep getting the binding error on 111. I'm running under portsentry -atcp and -sudp
Checking `bindshell'... INFECTED (PORTS: 1524 31337) showed up after I ran a chkrootkit. it sounds like a trojan to me but i'm not sure....
whats it all about then ? I'm newbie and trying to find this one asap.
syslog shows up with ... adminalert: ERROR: could not bind TCP socket: 111. Attempting to continue.
I look through the threads and it seems ps is not to popular with linux guru's. whats new on the market and easy to configure for a wanna be linux like me.....
This also pops it head up on start up...
warning: /var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ. I deleted to match the pair, but its back again.
I also store, but not run firestarter for fun. should I KEEP or DELETE ?
Just trying to get opinion on the firewalls...and would be very glad of a kind guru.
well, I don't use portsentry, but I have a basic understanding of it and most of your problems seem to spawn from that. Quick portsentry info: Portsentry listens on certian ports and when they are scanned (depends on how many you setup to trigger this) it'll block that host from everything on your computer. So when you ran chkrootkit the reason it showed those "INFECTED PORTS" its because portsentry is listening on those.
That is mostly likely the problem with port 111 not binding, I'll bet if you look at the portsentry config you see that its binding 111 and only one program can be bound to a port at a time.
now on to the postfix resolve problem, its nothing horribly bad. Postfix uses its own resolve.conf to do DNS stuff. I've never heard of anyone having a problem because the /etc/resolv.conf and postfix's resolve.conf are mismatched, but I've also never really read up on that, anyone else had any problems with that?
Firestarter is a great program. I would keep using it, its just a frontend for iptables and will provide resaonably good protection. Over all I would say drop portsentry and just run Firestarter on its own.
I spent all night banging, tweaking, reading, pushing, swearing and thumping the damn thing. What ever I did, its gone. I deleted this and that old programme, scripted a config and deleted guardog, it shows clear on binding. ..Dont ask me, I dont know.....It just is...rebooted a few times and it still is clear. anyway happy now.
Just the prefix thing-ma-jig to sort now.
For interest from previous thread
I spent hours mindstorming to get f-prot to run. then a guru said use chkrootkit. five mins to put in, bloody easy start command, runs through the whole system for virus problems. Its not easy when you know nothing is it....
Maybe another thread after tomorrow, only linux knows...!
I spent hours mindstorming to get f-prot to run. then a guru said use chkrootkit.
F-Prot and Chkrootkit aren' similar products. Chkrootkit scans the local system for all sorts of malicious activity typical for *nixes, while F-Prot is an antivirus scanner. // While on the subject of AV, last time I tested F-Prot the detection results where way below what I find acceptable. NAI's uvscan isn't free but performs better than F-P, BitDefender is free for personal use and performs better than F-P and NAI.
Going to keep chkrootkit for when needed. Will now look at bitDefender upon your advice of FREE. Sounds like the type of performance scanner I have been searching for over the past few weeks. Not happy or fully secure in the head over the present Virus scanner on my box. Again thanks for the tip......
Many thanks for any further help given on the above issues
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.