LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-07-2003, 10:58 AM   #1
paulo
Member
 
Registered: Oct 2002
Distribution: Fedora Core 2
Posts: 32

Rep: Reputation: 15
/usr/local/vmware ?? directory change!!


I am not sure what has happened. My computer was on over the weekend and when I arrived this morning, Everything in /usr/local/ had been moved to /usr/local/vmware. Should I be concerneed about this? It is a little inconvenient because starting applications by clicking on them are not working anymore because the paths are not right. A bandaid fix would be to link the directories so they are the same direectory. But, how did vmware or some other program (or person) change this automatically? . My computer was connected to the internet and I wouldn't say I know enough about networking to be invincible to security breaches. (Although I added the line console to my ttty? so that I think prevents anyone from logging in remotely.

edited: vmware ver 3.2. I use RH 7.3 on this machine and do the system update about 1/week.

Last edited by paulo; 07-07-2003 at 11:03 AM.
 
Old 07-08-2003, 05:23 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
My computer was connected to the internet and I wouldn't say I know enough about networking to be invincible to security breaches.
Anything in the system logs? Login records (try running "last")?
 
Old 07-08-2003, 05:48 PM   #3
paulo
Member
 
Registered: Oct 2002
Distribution: Fedora Core 2
Posts: 32

Original Poster
Rep: Reputation: 15
thanks for the tip

I ran last and no one but me had attempted to login - over the time that the directories were changed. Leading me to believe that vmware did it "on-its-own" or in response to some automated task unless
(a)
"last" does not show how an uberhacker can login to a hole in vmware.
(b)
the uber hacker changed what last looksat
 
Old 07-08-2003, 06:16 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Hmm. Moving a whole tree doesn't seem to be an intelligible thing to do for either
(a) Vmware or,
(b) a cracker.

If Vmware did it I would make sure it had logs of it to show for.
 
Old 07-09-2003, 09:47 AM   #5
paulo
Member
 
Registered: Oct 2002
Distribution: Fedora Core 2
Posts: 32

Original Poster
Rep: Reputation: 15
vmware

I had pretty much stopped using windows on the vm on this machine anyway - so I uninstalled vmware with its uninstall command. So, we may not have the log of what vmware did. The really weird thing that makes me think that it was vmware not playing nice with some automated task is that also in /usr/local/vmware there was a subdirectory vmware that had another copy of everything previously in my /usr/local/ we will call that "stuff_and_ more_ stuff"
So, I have not used vmware in a month and one monday morning I cd into /usr/local/ expecting to see: stuff_and_more_stuff - but I just see a single directory vmware. So, I cd into /usr/local/vmware/ and I do indeed see stuff_and_more_stuff and I also see another unexpected vmware directory. So, then I cd into /usr/local/vmware/vmware/ and I see only stuff_and_more_stuff.

After moving files around it seems to be back to normal. I wonder if we had some kind of power outage or screen saver problem that activated some auto-save over the weekend. Oh well, no blood no foul eh?

btw - I know the correct definitions of hacker (good people) and cracker (bad people) but here in Georgia "cracker" means something a little different.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting httpd: /usr/sbin/httpd: symbol lookup error: /usr/local/lib/libaprutil-0.so. bijuhpd Linux - Newbie 1 10-30-2005 06:07 PM
/usr vs /usr/local on linuxpackages.net merchtemeagle Slackware 4 10-18-2005 04:09 PM
including usr/local/lib directory Quest101 Linux - Software 3 01-01-2005 05:13 PM
Installing software, /usr/lib directory and /usr/local millertime Linux - Software 2 07-10-2004 10:21 AM
Why is the directory called /usr/local. jschiwal Linux - General 6 06-30-2004 03:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration