Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This friend of mine got rooted we think. She had an unpatched old RH 7.3 system and it had a iffy video card anyway and it wouldn't boot from any CDROM's any more so it wasnt being used much That's probably why she didn't upgrade it. then one day she turned it on, got on the internet and was running. She needed to do a su and the response was "segementation fault." yeah right. I don't think so. She quit aall apps, saved all files. She tried to shut it down with the software and it wouldn't let her. It kicked her back into her login. So she logged back in and checked to see if her files were still there. at that time they appeared to be OK. So she yanked power to the machine. After yanking the eth cable she later tried to cold boot and the cold boot hung. OK we think the kernel is probably toast and we don't care because we needed to upgrade anyway. But she would like to get the files, particularly the ones she just updated when she discovered the intrusion.
We removed the hacked hard drive and put it in another box and booted from a Knoppix CD. now the home directory for this user is showing up "locked" and we don't know how to get into it. Any ideas? What rootkit leaves this particular footprint?
Why do you think she got rooted? To me, your story sounds like that of a computer with bad RAM.
And the "locked" folder? I think that is the GUI way of displaying that you cannot write there perhaps? Did you try a terminal and "ls -la" to check the contents?
and a bad video card AND both CDROM's not bootable.. what a P.O.S. eh? I'm not physically there right at the moment, so can't answer your question. But I think she knows enough to try ls -al. Would be nice if that's all it was.
She just called back to report that she burned a CD of all her files. I don't know whether she was really rooted or not or why she couldn't get them or thought she couldn't. But she's wiping the drive now... so I guess it doesn't matter. and I got her set up with a new video card and some more RAM. Thanks. it's always a good day when data is saved.
it's always a good day when data is saved.
It's common for some rootkits to try and piggyback on system binaries (like Knark and /sbin/init) so I sure hope "saved data" only means userfiles from /home, configfiles from /etc and logfiles from /var and not any system binaries. *If* a system got cracked system binaries should *not* be trusted and used, unless you've got an isolated (disconnected) sandbox to check stuff on.
My friend was only interested in saving her original data. The system binaries were all old & out of date anyway and she hasinstall CD's for any software she really cares about.
She's a gimp artist so she had
mainly graphics and her normal emails bookmarks and stuff. Maybe the bad guys embedded steganography in her artwork, but I seriously doubt it.
Just out of interest did she re-install to something more recent than RH7.3? Her unpatched RH7.3 will probably just get cracked again and I'm sure she'd appreciate the newer versions of GIMP that are in more modern distros such as Fedora, Mandriva or Suse
apparently she had tried to upgrade ages ago but her cdrom drive wouldn't boot the fc4 cd so she put it off. while I had it open i popped in a newer CD drive now shes happily bashing away
on fc4 and yes she does like the new gimp
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.