I am running Centos 5.2 final. 5.1.9.6
After approx. 2 minutes of booting, I bring up
the 'setroubleshoot' window. At first, it is
communicating with the server. Then about a few
minutes later, it fails with the message at the
bottom,(in red), 'communication lost to /var/run/setroubleshoot/setroubleshoot_server. Then, if I open a terminal window,(in root),
my root prompt has changed. Seems that the isp
provider has my system. How is it they can disable this on my system being logged in as root?

I have even rebooted in 'single-user' mode, deactivating both eth0 & .bak, and when the system is rebooting, physically disconnecting the cat5 cable, then after the system reboots, I change my root's
password, reboot with init 3, then do a 'startx'. Once the system brings up the window manager, make active my 'setroubleshoot', bring up the 'networktools', then physically reconnect the cat5 cable, then I activate the two interfaces, (eth0, etho.bak). I see the 'avc denial box' pop up and then quickly go away. At the bottom
of the setroubleshoot window, it changes its status communicating to the server. New password & all, firewall enabled, this still takes place.


Yes, my 'root's prompt' changes to the dsl port being used. Also, have seen my 'key-strokes' being mapped with a single ' right next
to my blinking / prompt.

So you are saying that you really believe your ISP is doing this?

Yes I do. This never has happened in past. This showed itself just after changing ISP
provider service. Also, have seen my keypad strokes being 'mapped'. My / prompt has a
' right next to it (|') without the space.

Where are you from and who is your ISP? Do they have access to your machine? Honestly to say, I really do not believe it is your ISP.... If anything, you may have a rootkit, or something else is happening that you don't see going on.

Colorado. This took place the very next day after changing out the dsl modem. I cannot
say their name..
I have also booted the 4 different flavors of kernels, from the
original to the latest rev. level. No, this is real life happening.
Wonder if using devil-linux box as a first system and then configuring the other original system off it will prevent this?

Seems really weird to me man... To be absolutely safe, scan your system with rkhunter and clam. Thoroughly look over all start up configurations and scripts for any evidence of tampering.

thanks, will try this when back at home. Also, will think very much as to going back to
a PIII processor that does not have the implant that all P4's have..

Roger that. Hopefully it's not as bad as we are hoping for :/

One more thing to add... Have you tried using a completely different computer?

Did one better, relocated the pc to a different location, different ISP provider,
guess what... No intrusion..

One more final comment about this isp provider.. Approx. 6 months ago, they notified
someone that was windows based pc, told that person that in files such-n-such, there was and listed the trojan name as well as having 3 files infected with such-n-such
viruses. Informed that person that in 1 week if the pc files were not taken care of,
that they would 'cancel' the service.. Also remember that the trojan & virus files were
new ones, not old ones. Won't go any further with this.
Fact remains: There is a problem, Scotty..

You need to send me a private message...

Next time please ask for evidence instead. Allowing the OP to back up claims with tool output and logs means nobody is being forced to interpret things and makes it easier, more efficient to reach an objective conclusion.

I'm saying this because in the OP "server" means "local setroubleshootd service". This has nothing at all to do with any ISP. And if anyone disabled anything from a remote location then network and account access will be logged, even on a machine with std logging configuration.

If the OP doesn't add logs, regardless of the reason, then I'm calling FUD, not ISP (ab)use.

Good point about the logs. The OP kept extending what he was saying, I didn't really think of checking logs yet.

The output of doing a 'dmesg' does not show any issues. Yet the original message in red
at the bottom of the active setroubleshoot says so. Explain the change in my root prompt
that just so happens to coinside with whichever port I connect my cat5 into on their
dsl box.

Show us proof.