I'm relatively untalented with linux and I'm using fedora 7. Recently I became involved in a school project that will require nessus so I've been trying to get it set up to run on my system. After trying unsucessfully to get it running, I went back to do other homework, only to find that openoffice wouldn't run. I shut down and restarted and discovered that I couldn't log in to my user account. I logged in to console as root and did some poking around and discovered that my user directory permissions had been changed, owner and group were changed to 501 and vultures.

Anyone know what did this?????? a linux virus? My own stupidity?

Hi there, it could be a virus, although I highly doubt it. If you haven't already done so, I would check up on the fedora website for any mentions of viruses, bugs etc. If there's nothing there, post your findings on their forums then reinstall your OS and install some anti-virus software just to be sure.

Hope this helps,
dhulme

I have moved this to Linux-Security. I doubt that you have a virus, I suspect that someone has cracked your PC. However, I'm no expert in this field. While you await suggestions and responses I'd suggest looking at the stickied threads at the top of our Security forum.

It sounds like the problem started when you were installing Nessus. What procedure did you follow to install it? Where did you get the package? Also, what username does the UID 501 have in your /etc/passwd file? Is the "vultures" group one that you created previously? Do you have a firewall? Who else has access to your box? I'm just trying to see if we can get a better understanding of the circumstances in which this incident has occured.

NOTE: I've edited the thread title to something a little less sensationalist.

Hey, thanks for the help folks.

Vultures is not a group or user I created.

I am the only one who has access to my pc

I have a broadband connection and a wireless router with rather minimal security

(I'm probably going to hear about this one) iptables is running, but with no changes to the default ruleset as my knowledge of how to secure a pc properly is a work in progress

I used the built in package manager to get nessus and the links provided with the software to get the plugins

This may have been the wrong thing to do, but I deleted the user and group

Would system logging have caught something?
Really I don't even know what questions to ask.
Thanks for the help, I'm off to look at fedora's forums.

Well, if the group wasn't added by you (or an official package you installed), then it's fair to say you have been rooted (since adding users/groups requires root privilages). Hopefully that isn't the case and someone on the Fedora forum's might have a different theory. Normally when someone gets cracked here we try to walk them through steps to determine what happened and how. Given the experimental nature of your setup, this is one occasion where perhaps it's not feasible to do so.

I'm thinking that maybe your best bet is to re-install Fedora and get yourself a stealth firewall set up ASAP (BEFORE YOU CONNECT TO A NETWORK). This will greatly reduce the chances of you getting rooted remotely. Execute these commands in order:Once you've executed them, use this command for the stealth config to stick:Remember, this needs to be done on your *fresh* install before connecting it to the network - it's pointless to do this on a rooted box. Also, assuming you are familiar with how your router works, perhaps this is the perfect time for you to tighten it up. Make sure your are using WPA2, change your key, make sure sure no unwanted ports are being forwarded, etc. If you wanna get your feet wet with the assortment of GNU/Linux security material available, check-out unSpawn's Security references thread.

PS: Also, it's extremely important that you make sure to only install binaries from trusted sources (such as your distributor's repositories). And make sure they are digitally signed. This applies even to when you download the distro's ISO file(s).