LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Blogs > unSpawn
User Name
Password

Notices


Uncategorized Entries with no category
Old

Blocking lists of IP addresses using the iptables recent module or ipset and make fail2ban use it.

Posted 04-21-2013 at 07:25 AM by unSpawn
Updated 04-21-2013 at 08:34 AM by unSpawn (//Suggest saving the current rule set)

To combat the common misconception that filling Netfilters filter table INPUT chain is still a valid choice, to show ease of use and for future reference I'll outline how to mass block IP(v4) addresses and how to integrate this in fail2ban.

*This web log post will not explain the fine print on ipset and iptables' {ipt,xt}_recent ('iptables -m recent --help'), nor will it tell you how to install anything, help you configure fail2ban, go into SysV vs BSD init scripts or application...
Moderator
Posted in Uncategorized
Views 7870 Comments 0 unSpawn is offline
Old
Rating: 2 votes, 4.50 average.

Simple ClamAV sig for /lib64/libkeyutils.so.1.9 contents

Posted 02-16-2013 at 02:26 PM by unSpawn
Updated 02-17-2013 at 07:03 AM by unSpawn

Wrt SSHD Rootkit Rolling around.

*I updated RKH in CVS but detection wasn't added yet to ClamAV, Securiteinfo or R-fx MLD:
Code:
]$ clamscan --official-db-only=no -d ./securiteinfoelf.hdb -d ./securiteinfosh.hdb -d ./rfxn.hdb -d ./rfxn.ndb -d ./RKH_libkeyutils.ldb -r --infected -r $PWD
path01/libkeyutils.so.1.9: RKH_libkeyutils.so.1.9.UNOFFICIAL FOUND
path02/libkeyutils.so.1.9: RKH_libkeyutils.so.1.9.UNOFFICIAL FOUND
path03/innucuoustarball.tar.bz2: RKH_libkeyutils.so.1.9.UNOFFICIAL
...
Attached Files
File Type: txt RKH_libkeyutils.ldb.txt (195 Bytes, 14 views)
Moderator
Posted in Uncategorized
Views 4083 Comments 0 unSpawn is offline
Old

Bash logging patches

Posted 06-12-2012 at 12:25 PM by unSpawn

Over the years we've seen quite a few "I want to log everything" questions asked for which I listed some pointers a while ago in several posts. To complement a recent "I want to capture all the operations performed in the terminal" question (thread: How to Capture a Unix Terminal Session?) I looked for Bash patches. Long story short: Bash 4 can be compiled with syslog support but still that shell will run as the user who logs in AFAIK. (So depending on your requirements for coverage...
Moderator
Posted in Uncategorized
Views 6658 Comments 0 unSpawn is offline
Old

Rootkit Hunter reissue of 1.4.0 release (ALLOWDEVFILE)

Posted 05-01-2012 at 11:02 AM by unSpawn

Please note we've found an error with usage of exclamation points in an ALLOWDEVFILE check.
We have corrected this and have reissued 1.4.0.

NEW RELEASE SHA1: 48798beec504c00af93bf64b6e35dfc7d7aaff07
old release SHA1: 22546370647b79abce783d2a2d29352843d1b617


Apologies for the inconvenience,
unSpawn
---
Moderator
Posted in Uncategorized
Views 2387 Comments 0 unSpawn is offline
Old

Rootkit Hunter release 1.4.0

Posted 04-30-2012 at 07:11 PM by unSpawn
Updated 04-30-2012 at 07:12 PM by unSpawn

Rootkit Hunter 1.4.0 release is here thanks to John Horne and all contributors who provided code, submitted ideas, bugs, fixes, documentation, helped out on the rkhunter-users mailing list and promoted Rootkit Hunter.

New:

- Added the '--list propfiles' command-line option. This will dump out the list of filenames that will be searched for when building the file properties database. By default the list is not shown if just '--list' is used.
- Added Jynx rootkit...
Moderator
Posted in Uncategorized
Views 2397 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 11:00 AM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration