Results 1 to 7 of 7
I'm hacked all the time by bullies and I've uploaded an ubuntu image to a file host. I'm quite sure it is compromised and would like to have it checked. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-02-2010 #1Just Joined!
- Join Date
- Feb 2010
- Posts
- 2
A question for a linux security expert
I'm hacked all the time by bullies and I've uploaded an ubuntu image to a file host. I'm quite sure it is compromised and would like to have it checked. I can provide proof that I'm legit.
If interested send me a private message and I'll get back to you within 24 h.
Thanks in advance.
- 02-03-2010 #2Just Joined!
- Join Date
- Aug 2009
- Posts
- 79
For me image forensics is a last resort option as it means *me* putting in the effort. Posting preliminary investigative results from using file integrity checkers (if installed and configured before the perceived breach), Logwatch or other log checkers, Snort reports, log excerpts and anything else tangible you can provide, possibly having run tests from say the archived CERT/CC Intruder Detection Checklist, would be welcome.
- 02-03-2010 #3Moderator
- Join Date
- Feb 2008
- Location
- Kentucky
- Posts
- 4,826
Honestly, if you're fairly certain that the file has been compromised, then the safest way to deal with it is to remove the image and load up a fresh one.
Is the file being hosted on a local machine? Or with a remote machine?
Depending on where it is, you'll need to explore your various options for maintaining file integrity.Jay
New users, read this first.
New Member FAQ
Registered Linux User #463940
I do not respond to Private Messages asking for Linux help. Please, keep it on the public boards.
- 02-03-2010 #4Just Joined!
- Join Date
- Feb 2010
- Posts
- 2
I tried to install tripwire but couldn't figure out which folders/files to add, I'm a lost cause.
- 02-03-2010 #5Moderator
- Join Date
- Feb 2008
- Location
- Kentucky
- Posts
- 4,826
This might help: How to Set Up and Use Tripwire
Jay
New users, read this first.
New Member FAQ
Registered Linux User #463940
I do not respond to Private Messages asking for Linux help. Please, keep it on the public boards.
- 02-04-2010 #6Just Joined!
- Join Date
- Aug 2009
- Posts
- 79
If the machines security is (perceived) breached then you should not be installing anything but assess integrity using available means. (If the machine is remote then you copy listings, logs, files over to your local known safe workstation, if the machine is local you can run a Live CD.) If you truly are "hacked all the time" as you said in your OP by now you should be investigating and posting "evidence".
Originally Posted by kingston 
- 09-17-2011 #7Just Joined!
- Join Date
- Sep 2011
- Posts
- 19
Unspawn is right, putting up a live CD is a safe way to access your filesystem when it may be compromised. I recommend running something like rkhunter or chrootkit to scan for root kits on your system which may be hiding nefarious content. It is best to run these utilities from your live CD because if your kernel has been hacked it will not be able to interfere with the root kit checker.
Last edited by oz; 09-17-2011 at 04:51 AM. Reason: SPAM removal
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
