my user's home directory permissions have been changed
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
my user's home directory permissions have been changed
I'm relatively untalented with linux and I'm using fedora 7. Recently I became involved in a school project that will require nessus so I've been trying to get it set up to run on my system. After trying unsucessfully to get it running, I went back to do other homework, only to find that openoffice wouldn't run. I shut down and restarted and discovered that I couldn't log in to my user account. I logged in to console as root and did some poking around and discovered that my user directory permissions had been changed, owner and group were changed to 501 and vultures.
Anyone know what did this?????? a linux virus? My own stupidity?
Hi there, it could be a virus, although I highly doubt it. If you haven't already done so, I would check up on the fedora website for any mentions of viruses, bugs etc. If there's nothing there, post your findings on their forums then reinstall your OS and install some anti-virus software just to be sure.
I have moved this to Linux-Security. I doubt that you have a virus, I suspect that someone has cracked your PC. However, I'm no expert in this field. While you await suggestions and responses I'd suggest looking at the stickied threads at the top of our Security forum.
It sounds like the problem started when you were installing Nessus. What procedure did you follow to install it? Where did you get the package? Also, what username does the UID 501 have in your /etc/passwd file? Is the "vultures" group one that you created previously? Do you have a firewall? Who else has access to your box? I'm just trying to see if we can get a better understanding of the circumstances in which this incident has occured.
NOTE: I've edited the thread title to something a little less sensationalist.
I have a broadband connection and a wireless router with rather minimal security
(I'm probably going to hear about this one) iptables is running, but with no changes to the default ruleset as my knowledge of how to secure a pc properly is a work in progress
I used the built in package manager to get nessus and the links provided with the software to get the plugins
This may have been the wrong thing to do, but I deleted the user and group
Would system logging have caught something?
Really I don't even know what questions to ask.
Thanks for the help, I'm off to look at fedora's forums.
Well, if the group wasn't added by you (or an official package you installed), then it's fair to say you have been rooted (since adding users/groups requires root privilages). Hopefully that isn't the case and someone on the Fedora forum's might have a different theory. Normally when someone gets cracked here we try to walk them through steps to determine what happened and how. Given the experimental nature of your setup, this is one occasion where perhaps it's not feasible to do so.
I'm thinking that maybe your best bet is to re-install Fedora and get yourself a stealth firewall set up ASAP (BEFORE YOU CONNECT TO A NETWORK). This will greatly reduce the chances of you getting rooted remotely. Execute these commands in order:
Code:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
Once you've executed them, use this command for the stealth config to stick:
Code:
service iptables save
Remember, this needs to be done on your *fresh* install before connecting it to the network - it's pointless to do this on a rooted box. Also, assuming you are familiar with how your router works, perhaps this is the perfect time for you to tighten it up. Make sure your are using WPA2, change your key, make sure sure no unwanted ports are being forwarded, etc. If you wanna get your feet wet with the assortment of GNU/Linux security material available, check-out unSpawn's Security references thread.
PS: Also, it's extremely important that you make sure to only install binaries from trusted sources (such as your distributor's repositories). And make sure they are digitally signed. This applies even to when you download the distro's ISO file(s).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.