Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am puzzled that when I use a Knoppix 6 DVD it lists /UNIONFS/etc, var ..
in the root directory and /var/lib/rkhunter/db/rkhunter.dat lists the hosts name as 'Koffer' while /etc/hostname is 'Microknoppix. This causes multiple warnings in rkhunter about all this.
If I boot from a Ubuntu DVD /UNIONFS isn't there. Unfortunately Ubuntu doesn't appear to come with rkhunter as an installable program.
If I have dd if=/dev/urandom of=/dev/hda conv=notrunc,noerrors and remove power lead, RAM, flat pack battery, before trying this it still appears.
If I then repartition the drive (gparted) into two EQUAL partitions and install Windows XP on the first partition, it reports that the second partition is SMALLER than the first partition and not the same size. If I install Debian Lenny 5.3 after Windows the /etc/hostname is the same as that in rkhunter.dat and no /UNIONFS, and rkhunter reports no problems with hostnames.
Thank you for the reply. No - I understand that Ariadne is the version of Knoppix 6 with the talking menu for VIP (Vision Impaired People - though they can also be Very Important!) I use a version supplied with Linux magazine for the rest of us, from memory Knoppix 6.1.
There is something going on when I either create a partition or format drives that appears to install a rootkit (I have had a SucKit infection). Once I did get it right and both /etc/hostname and /var/lib/rkhunter/db/rkhunter.dat reported the hostname as "Microknoppix"
But after I attached a USB drive it became infected. Back to the drawing board, and experimentation to try to recreate a clean system. It has occurred to me that the size discrepancy when installing Windows XP could be due to creating /dev/hda2. Bit hard to explain as I'm using a library computer and don't have laptop with me. Thanks anyway.
Dear Mr Bisquit. That thought has occurred to me, all I can say is linux rootkits and trojans can really do your head in. Still - why does Knoppix 6 have a different name for the computer in prompt - "Microknoppix" and hostname and "Koffer" in /var/lib/rkhunter/db/rkhunter.dat? How could I fix this? Do you know for sure it is just a 'bug'? Note this happens on drive that has just been 'urandomed' and had CMOS, flatpack and RAM removed. There may be a trivial explanation for this, but at the moment I just can't see it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
