LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-07-2016, 04:36 AM   #31
przemo
Member
 
Registered: Feb 2016
Location: cork.ie
Distribution: Slackware-current
Posts: 118

Rep: Reputation: Disabled

http://askubuntu.com/questions/33786...s-on-my-system


ubuntu, no comment

Last edited by przemo; 04-07-2016 at 04:37 AM.
 
Old 04-07-2016, 08:23 AM   #32
yancek
LQ Guru
 
Registered: Apr 2008
Distribution: PCLinux, Slackware
Posts: 8,605

Rep: Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772Reputation: 1772
I'm not expert on networks but I don't see anything that unusual about what you have posted. Hopefully, one of the 'network experts' here at LQ will see your post.

Quote:
Is RED HAT some sort of bug or something. I promise I will stop with this ridiculousness.

Red Hat Linux is one of the hundreds of Linux distributions. If you type 'red hat linux' in the search box of any browser, you will thousands of hits. Look it up. Probably some software originated by Red Hat, I don't know.

As to the questions about guests, those directories are in the /media directory and not in the /home directory where user files are. I don't use Ubuntu regularly so I can just refer you to the links I posted above reference using 'guest' user on Ubuntu. I'd also suggest you go to the Ubuntu forums and ask your questions if you don't get any resolution here.
 
Old 04-07-2016, 10:02 AM   #33
alberich
Member
 
Registered: Apr 2016
Location: Bavaria
Distribution: Slackware
Posts: 140

Rep: Reputation: Disabled
Well the Ubunut is consisting of hundreds of applications. There are a lot doing very hardware-near activity, like the bluetooth drivers. And there are in-between layers lika ahavi which aim to make connection funcionality accessible easily to other applications. And there are applications like Text editor and web browser.

When you look at the system log, dozens of processes, which complete startup or shutdown routines, or do some activity, log what they are doing.

You need to be a quite adept linux user or even programmer to understand all of this.

Nevertheless I consider it good to look at these thing a lot. You can also learn about misfunctions of your hardware or linux that way.

And if someone is indeed spying on you, you might find indications there, or you might as well find none there at all.

wpa_supplicant is a software package that runs as a service and it allows authentification in a WLAN. It is completely basic and normal.

dhclient registers an IP adress in the TCP/IP/Ethernet Network that is funcioning for the basic networking between your router and computer.

NetworkManager prints out your config at the moment, including local ip adress, etc.

dbus is a very basic hardware/software interface and adresses many basic functions

org.freedesktop.nm_dispatcher is some link between your graphical interface and your network software center.

avahi-daemon I consider as some piece of software for the average unknowing user, it aims to configure network devices without necsessary user interaction/configuration. I consider it a superfluous nuisance which leaks on my resources. Deinstall it altogether. In my opinion it COULD be a security breach (but very probably IS not).

What you marked red, there it withdraws it's attention from some IP Version 6 interface. Most probably because your network runs in Internet Protocol version 4, not yet 6. I consider this a rather boring piece of information.

DHCPv4 state changed nbi -> preinit means the network protocol configuration came across a device on which it sees no need to perform any further action at that moment.

"dhclient: Listening on LPF/wlan4/" doesn't mean so much, only that your IP (Version 6) environment waits for any interaction from your router, like maybe change of DNS server, or change of lease of your IP Adress or other probably very normal stuff.

Yes, you dont't have a fax, but your linux installation nevertheless chose to install a printer driver that can handle a fax.

I don't even have a printer but linux fixes me with the CUPS printing service system and loads of packages of other software for every kind of stuff.

"Loaded plugin ifupdown" that refers to another area of your network configuration. It is one suite of network administration that the different Linux use. Probably Red Hat developed it first (one of the most reknown distributions, from which other distributions borrow heavily).

If you deactivate bluetooth that is finde, so do I, but the Bluetooth funcionality runs at least two or three servers and probably more plugins or modules deep in the system. Try and deactivate them all, it saves resources, but it takes some research and engagement in the first place.

ACPI is a very basic function in your Mainboard and software. https://de.wikipedia.org/wiki/Advanc...ower_Interface

And if your Audio system with it's organisation and sub devices is probed, configured, up and running: be happy, so you can listen to music.

Microphone and cameras I also consider dangerous and cover them or deactivate them, when I care, everywhere I can in the hard- and software.

Also the funcionality of the organisation of files on your harddrive "EXT4-fs" (Filesystem) is something you can only do without in your home if you go back to book, pencil, radio, TV and telephone.

About the guest folders, the link from above is helpful.

Obviously you can as well delete them, they are from when someone logged in as "Guest" (maybe you yourself?).

On Linux you may only delete your own files. If you wantr to fully enter, edit, delete files from other "accounts" (there are lots of automatically set up system accounts/users - don't delete anything there), like the guest account you need to start a file browser (maybe nautilus?) instance with super user proviliges. There must be a link somewhere in the guts of the menus "file browser administration modus", or something.

Or you delete the folders using sudo and superuser password (either the same as your own users, or specially set and hopefully noted down during systen installation) in a terminal.

I propose you find the Service Administration of your ubuntu in the menus. Ther you can deactivate a lot of useless services. Which will then consume less resources, bother you less with log messages, and also lower the theoretical danger of the system beeing "attacked". But to google up all the service's names and understand what they do takes a lot of time.

Of course somebody might be spying at you/us. To rule that out, one has to learn a whole lot!

Have fun also, not only worries.
 
Old 04-07-2016, 11:20 AM   #34
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
Sounds like it's well past time to turn off that machine and wipe the sucker clean!
 
Old 04-07-2016, 12:07 PM   #35
przemo
Member
 
Registered: Feb 2016
Location: cork.ie
Distribution: Slackware-current
Posts: 118

Rep: Reputation: Disabled
Quote:
those directories are in the /media directory and not in the /home directory
true but i think such directories /mnt /media /home & etc. have same credentials not allowing normal user to crate directories at least that is default behavior of slackware and debian.


try this:
Code:
 sudo nano /etc/lightdm/lightdm.conf

allow-guest=false
http://askubuntu.com/questions/45152...n-ubuntu-14-04

Last edited by przemo; 04-07-2016 at 04:15 PM.
 
Old 04-07-2016, 06:47 PM   #36
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Thank you

Thanks Alberich and all the others who were patient enough to help me sort this out. So I will be backing up my files and wiping the system clean. I realize it may just be me, but it's bothersome I don't have authority to remove, review files on my own system. It's just a matter of principle, though.

I will most likely be needing a little guidance in doing that, too. All I really have is pics of my son and resumes, and recipes. I can't imagine it taking up much room. I could just reinstall whatever I need, How can I be sure to reinstall the same operating system without contacting my computer guro who I don't work with anymore? I will need a disk to reboot off of, right? Or can I create this before I start all over.

I will start researching different sites to get a step by step for all of this.

Thank you again for putting things in perspective.

apples
 
Old 04-07-2016, 07:11 PM   #37
alberich
Member
 
Registered: Apr 2016
Location: Bavaria
Distribution: Slackware
Posts: 140

Rep: Reputation: Disabled
Surely you will learn something if you reinstall. But that will give you a lot of hassle, too!

Do I see it correctly that you are not sure whether you should or should not trust a person fully who had physical access to the computer. In that case how professional do you consider his computer knowledge?

The most common attack for a somewhat experienced person would be to setup servers that allow remote access to your computer:

- ssh
- ftp
- remote desktop

Also depending on your internet connection, if you use a dsl router, he would have to install a port forwarding in your router. Normally a dsl router shuts out direct external access to a computer in the local network.

In that case a simple solution would be:
- check your router for port forwarding / then you know more and delete the rule.
- check your computer for running services:
do a "netstat -lp" in the terminal and post the output, it lists e.g. servers that are listening to the internet for incoming connections. So we can tell more.

You can also search your software installation center (synaptic) wheter these unwanted sorts of server software might be installed or not.

You can setup a firewall, or check your firewalls config for untrustworthy rules.

The next attack is to have physical access to your computer.

Find out if you know your root password. Change it. Change your normal password.

I fear if you reinstall, you will end up noticing, that you don't have access to all folders on your computer. Because linux does work that way. You need to assume the super user privilege of root, that I mentioned before, to access every folder!

Last edited by alberich; 04-07-2016 at 07:40 PM.
 
Old 04-07-2016, 07:29 PM   #38
alberich
Member
 
Registered: Apr 2016
Location: Bavaria
Distribution: Slackware
Posts: 140

Rep: Reputation: Disabled
Open a Terminal Ctrl+Alt+T

Type "gksu nautilus" and press Enter. (gksu is the super user access function for graphical programs in graphical environment. If you want to start a terminal program as super user (root) use the according prefix "sudo" before any command. Nautilus is the standard file manager on ubuntu).

Then you will be prompted for the root password. See if you know or can find one.

If you succeed, you are obviously in possession of your root password (which you have to be on your own machine).

Otherwise request the root password from the person who installed the computer. --> if this requirement cannot be met, then you basically better reinstall linux.

In the now opening file browser instance of nautilus, you are suppossed being able to access basically any folder and delete every file (complete access).

Last edited by alberich; 04-07-2016 at 07:45 PM.
 
Old 04-07-2016, 10:10 PM   #39
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by alberich View Post

The most common attack for a somewhat experienced person would be to setup servers that allow remote access to your computer:

- ssh
- ftp
- remote desktop

Also depending on your internet connection, if you use a dsl router, he would have to install a port forwarding in your router. Normally a dsl router shuts out direct external access to a computer in the local network.
yes! this is what i've started investigating now. It seems that this remote access point, vpn pptp is at the epicenter of this. I did a couple screenshots of what i came up with, Digicerts out of CA has some one year long 6/2015 - 6/2016 'right of access" i suppose. However, I use my neighbors wifi with her password, could that be a cause? (only a month or so, though. this has been going on for months and months)

I wanted to try and disable the pptp and vpn but i have no clue if this will cause me more problems. I changed passwords, went in and rebooted as root, I think. I want to know the meaning of this. Why am i being targeted?

Something with the Fedora, Samba, Timidity, Empathy, Evolution... orca... i'm so confused with all of this. I'm trying to locate the VPN server

I attached a screenshot of the pptp vpn general info. Does this seem like something I should or shouldn't have going on? Also, is this a result of Landscape or GNOME? Please and thank you so much.
Attached Thumbnails
Click image for larger version

Name:	Screenshot from 2016-04-07 21:53:08.png
Views:	14
Size:	199.6 KB
ID:	21408  
 
Old 04-07-2016, 10:17 PM   #40
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by alberich View Post
Open a Terminal Ctrl+Alt+T

Type "gksu nautilus" and press Enter.

this is what i got after entering a password in a different window (called "Keyring" or something?)

Quote:

tara@Tara-Laptop:~$ gksu nautilus
Nautilus-Share-Message: Called "net usershare info" but it failed: 'net usershare' returned error 255: net usershare: cannot open usershare directory /var/lib/samba/usershares. Error No such file or directory
Please ask your system administrator to enable user sharing.


(nautilus:3150): GLib-CRITICAL **: Source ID 97 was not found when attempting to remove it

(nautilus:3150): GLib-CRITICAL **: Source ID 98 was not found when attempting to remove it

(nautilus:3150): GLib-CRITICAL **: Source ID 99 was not found when attempting to remove it
tara@Tara-Laptop:~$
 
Old 04-07-2016, 10:30 PM   #41
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Quote:

In the now opening file browser instance of nautilus, you are suppossed being able to access basically any folder and delete every file (complete access).
i did this twice, once with the wrong password and nothing happened. Then it spit out the same thing, with increasing ID #'s. Exactly how do I know what files to delete? I have deleted applications from my computer, only to have them return.

And as far as the computer literacy around here, I thought I was leading the pack lol. As far as the neighbors, I wouldn't worry, and unless someone was specifically ordained to do such a thing, noone acts like they know much about computers.

There are many things installed that make me wonder:

Such as 4 seperate terminals. "Mono Run Time" being one which does something for the "virtual machine". "Gwenview" which I've deleted several times. Several audio programs that switch out defaults on their own. I deleted something called Gosa? it was a remote screen reader i believe. I just can't be SURE i'm not deleting vital components because im new to all this. As well as some IBUS in Chinese.

I am trying to remove many applications and even though I have the password, I am not authorized to remove the programs. There is a system privacy log which can erase logins, it says, in zeitguest

Last edited by apples45; 04-07-2016 at 11:21 PM.
 
Old 04-07-2016, 11:56 PM   #42
kalin01
LQ Newbie
 
Registered: Apr 2016
Location: thailand
Posts: 1

Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by przemo View Post
basically, if you did not created guest account, that means someone did with root privileges if someone beside you have root access that you did not granted that`s worst case i recommend reinstalling, creating new passwords and setting up iptables.
Thank you for Info. your helpful
 
Old 04-08-2016, 04:12 AM   #43
apples45
Member
 
Registered: Mar 2016
Posts: 43

Original Poster
Rep: Reputation: Disabled
Quote:
try this:
Code:

sudo nano /etc/lightdm/lightdm.conf

allow-guest=false

what do i do from here? I get this:

Quote:
[SeatDefaults]
autologin-user=tara


[ Read 2 lines ]
^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text^T To Spell


 
Old 04-08-2016, 05:03 AM   #44
przemo
Member
 
Registered: Feb 2016
Location: cork.ie
Distribution: Slackware-current
Posts: 118

Rep: Reputation: Disabled
add this line

Code:
allow-guest=false
ps. read man if you don`t know how to deal with nano.
 
Old 04-08-2016, 06:13 AM   #45
alberich
Member
 
Registered: Apr 2016
Location: Bavaria
Distribution: Slackware
Posts: 140

Rep: Reputation: Disabled
Quote:
Originally Posted by apples45 View Post
what do i do from here? I get this:
There you insert the recommended line of text under the exisiting line! Then save the file.

Why do you have a VPN installed? Did you do this. If not, just reinstall.

Furthermore I would never connect to the internet over someone elses network and router. But in this case maybe that might be just my personal gusto (if the "provider" has no idea of computers doesn't make so much difference).

With your question about an infinite number of names and programs, function of the keyring, what files you "must" delete, and anything else:
1. It is of course very very difficult and inefficient to be supported in complex cases via forum or even telephone.
2. It is not possible for us to understand all of your concerns, nor to explain everything, you need to rely on yourself there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] just had my first virus ubuntu 12.04 phillipe8 Linux - Security 8 10-01-2014 09:39 PM
Do I need Anti-virus for Ubuntu? scottcasey Linux - General 15 09-23-2014 08:25 AM
I think I have a virus in Ubuntu dyess002 Linux - Security 17 09-12-2011 11:21 PM
Using Ubuntu, how likely can I get a virus..... if I try to get one. Chronothread Linux - Security 8 04-08-2009 04:32 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration