Find the answer to your Linux question:
Results 1 to 7 of 7
I'm hacked all the time by bullies and I've uploaded an ubuntu image to a file host. I'm quite sure it is compromised and would like to have it checked. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2010
    Posts
    2

    A question for a linux security expert


    I'm hacked all the time by bullies and I've uploaded an ubuntu image to a file host. I'm quite sure it is compromised and would like to have it checked. I can provide proof that I'm legit.

    If interested send me a private message and I'll get back to you within 24 h.

    Thanks in advance.

  2. #2
    Just Joined!
    Join Date
    Aug 2009
    Posts
    83
    For me image forensics is a last resort option as it means *me* putting in the effort. Posting preliminary investigative results from using file integrity checkers (if installed and configured before the perceived breach), Logwatch or other log checkers, Snort reports, log excerpts and anything else tangible you can provide, possibly having run tests from say the archived CERT/CC Intruder Detection Checklist, would be welcome.

  3. #3
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,025
    Honestly, if you're fairly certain that the file has been compromised, then the safest way to deal with it is to remove the image and load up a fresh one.
    Is the file being hosted on a local machine? Or with a remote machine?
    Depending on where it is, you'll need to explore your various options for maintaining file integrity.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Feb 2010
    Posts
    2
    I tried to install tripwire but couldn't figure out which folders/files to add, I'm a lost cause.

  6. #5
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,025
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  7. #6
    Just Joined!
    Join Date
    Aug 2009
    Posts
    83
    Quote Originally Posted by kingston View Post
    I tried to install tripwire but couldn't figure out which folders/files to add, I'm a lost cause.
    If the machines security is (perceived) breached then you should not be installing anything but assess integrity using available means. (If the machine is remote then you copy listings, logs, files over to your local known safe workstation, if the machine is local you can run a Live CD.) If you truly are "hacked all the time" as you said in your OP by now you should be investigating and posting "evidence".

  8. #7
    Just Joined!
    Join Date
    Sep 2011
    Posts
    19
    Unspawn is right, putting up a live CD is a safe way to access your filesystem when it may be compromised. I recommend running something like rkhunter or chrootkit to scan for root kits on your system which may be hiding nefarious content. It is best to run these utilities from your live CD because if your kernel has been hacked it will not be able to interfere with the root kit checker.
    Last edited by oz; 09-17-2011 at 05:51 AM. Reason: SPAM removal

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •