FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-26-2010, 10:05 PM
Sergey Spiridonov
 
Default is this result of keylogger? am i hacked?

Hi

On 26.07.2010 00:51, Jordon Bedwell wrote:

Also, to add, if you plan on doing a cryptographic integrity check, you
need to do this from a liveCD not from a liveUSB. The only reason you
would do a liveUSB is for things like fsck and chkrootkit (where you
would mount as readonly at first)



I tried to use Debian Live DVD with squeeze and latest Knoppix 6.2.1
with no success. I managed to boot and to run cryptsetup, but lvm does
not recognize partitions.


I ran like that:

# cryptsetup create md1-crypt /dev/md1
# pvdisplay /dev/mapper/crypt-md1
No physical volume label read from /dev/mapper/md1-crypt
Failed to read physical volume "/dev/mapper/md1-crypt"


I should probably start separate thread about this problem, because it
is not related to the original problem.

--
Best regards, Sergey Spiridonov


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: i2l0sa$hpk$1@dough.gmane.org">http://lists.debian.org/i2l0sa$hpk$1@dough.gmane.org
 
Old 07-26-2010, 10:09 PM
Jordon Bedwell
 
Default is this result of keylogger? am i hacked?

On 7/26/10 5:05 PM, Sergey Spiridonov wrote:

Hi

On 26.07.2010 00:51, Jordon Bedwell wrote:

Also, to add, if you plan on doing a cryptographic integrity check, you
need to do this from a liveCD not from a liveUSB. The only reason you
would do a liveUSB is for things like fsck and chkrootkit (where you
would mount as readonly at first)



I tried to use Debian Live DVD with squeeze and latest Knoppix 6.2.1
with no success. I managed to boot and to run cryptsetup, but lvm does
not recognize partitions.

I ran like that:

# cryptsetup create md1-crypt /dev/md1
# pvdisplay /dev/mapper/crypt-md1
No physical volume label read from /dev/mapper/md1-crypt
Failed to read physical volume "/dev/mapper/md1-crypt"


I should probably start separate thread about this problem, because it
is not related to the original problem.


Even though this is for *Ubuntu* they are still closely related to the
core because Debian is still upstream, so check this out and see if it
helps you any: http://ubuntuforums.org/showthread.php?t=940904



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C4E07A2.6050907@envygeeks.com">http://lists.debian.org/4C4E07A2.6050907@envygeeks.com
 
Old 07-27-2010, 12:38 AM
Rob Owens
 
Default is this result of keylogger? am i hacked?

On Sun, Jul 25, 2010 at 05:30:45PM -0500, Jordon Bedwell wrote:
> On 7/25/10 12:52 PM, Sergey Spiridonov wrote:
>> Hi
>>
>> I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
>> knoppix to mount and check my partitions with fsck and chkrootkit,
>> bevause latest knoppix (6.2.1) for whatever reason does not include
>> cryptsetup.
>>

You can apt-get install things in Knoppix. It'll just install it using
available RAM, and won't actually write it to the disk.

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100727003857.GB10741@aurora.owens.net">http://lists.debian.org/20100727003857.GB10741@aurora.owens.net
 
Old 07-27-2010, 07:55 AM
Sergey Spiridonov
 
Default is this result of keylogger? am i hacked?

Hi

On 07/27/2010 02:38 AM, Rob Owens wrote:

You can apt-get install things in Knoppix. It'll just install it using
available RAM, and won't actually write it to the disk.


I did not have internet for some time at that machine. Now I get
internet and installed cryptsetup. But now I have another problem - lvm
volume is not recognized (see my other mail in this thread). Same
problem happen on Debian Live DVD.

--
Best regards, Sergey Spiridonov



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: a0g2i7-4ql.ln1@legba.gamic.com">http://lists.debian.org/a0g2i7-4ql.ln1@legba.gamic.com
 
Old 07-27-2010, 09:44 PM
Sergey Spiridonov
 
Default is this result of keylogger? am i hacked?

Hi

On 27.07.2010 00:09, Jordon Bedwell wrote:

On 7/26/10 5:05 PM, Sergey Spiridonov wrote:


# cryptsetup create md1-crypt /dev/md1
# pvdisplay /dev/mapper/crypt-md1
No physical volume label read from /dev/mapper/md1-crypt
Failed to read physical volume "/dev/mapper/md1-crypt"

I should probably start separate thread about this problem, because it
is not related to the original problem.


This was my stupid error. I must run "cryptsetup luksOpen" instead of
"cryptsetup create". That was the reason.


However chkrootkit and fsck found no problem.

What else can I check?
--
Best regards, Sergey Spiridonov


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: i2njvv$o40$1@dough.gmane.org">http://lists.debian.org/i2njvv$o40$1@dough.gmane.org
 
Old 07-28-2010, 01:48 AM
Alexey Salmin
 
Default is this result of keylogger? am i hacked?

On Wed, Jul 28, 2010 at 4:44 AM, Sergey Spiridonov <sergey.spiridonov@gmail.com> wrote:


However chkrootkit and fsck found no problem.



What else can I check?

--

Best regards, Sergey Spiridonov

May be try smartctl test to check for hard drive errors?

Alexey
 
Old 11-26-2011, 10:54 AM
Sergey Spiridonov
 
Default is this result of keylogger? am i hacked?

Hi

21.07.2010 14:39, Sergey Spiridonov пишет:
> I found yesterday that some files in /etc/ (/etc/shells and
> /etc/default/default/schroot) are changed. They contain data which I was
> typing on keyboard. Strange enough, this files are not overwritten, but
> contain data they should contain + somewhere in the middle or at the
> beginning of the file they contain something I typed in browser or in
> command line in X window system.


I found the reason for this. This is most probably a bug of X server.
Here[1] is bugreport. Bug 612836


http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612836

--
Sergey


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jaqk36$l1v$1@dough.gmane.org">http://lists.debian.org/jaqk36$l1v$1@dough.gmane.org
 

Thread Tools




All times are GMT. The time now is 10:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org