FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 02-06-2008, 09:20 AM
"Kenneth P. Turvey"
 
Default Root kit for ubuntu

I just had a message pop up indicating that I needed to reboot my system
due to a security update. This happened without my actually installing
any updates at all. I was just using my computer as usual.

After looking around a bit, I noticed that my grub directory had been
updated. Then when I stat'ed my running kernel, this is what I got:



kt@searay:/boot$ stat vmlinuz-2.6.20-16-generic
File: `vmlinuz-2.6.20-16-generic'
Size: 1747596 Blocks: 3424 IO Block: 4096 regular file
Device: 801h/2049d Inode: 3063809 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2008-02-06 03:29:06.000000000 -0600
Modify: 2008-01-31 21:43:04.000000000 -0600
Change: 2008-02-06 03:29:48.000000000 -0600


This is the second time I've had a problem like this since installing
Ubuntu. Is there a widely available root kit for it? I would like to
stick with Ubuntu, but this is getting annoying.

--
Kenneth P. Turvey <kt-usenet@squeakydolphin.com>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-06-2008, 10:25 AM
Ulf Rompe
 
Default Root kit for ubuntu

Am Mittwoch, den 06.02.2008, 10:20 +0000 schrieb Kenneth P. Turvey:
> I just had a message pop up indicating that I needed to reboot my
> system due to a security update. This happened without my actually
> installing any updates at all.

Run "sudo synaptic", open "Settings"->"Repositories", move to tab titled
"Updates", uncheck "Install security updates without confirmation" and
the magic will stop.

After doing that, think about the advantages of having security updates
installed as soon as they come in, and re-enable the option. :-)

[x] ulf

--
Nur wer selbst brennt, kann Feuer in anderen entfachen. (Augustinus)



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-06-2008, 10:32 AM
Aart Koelewijn
 
Default Root kit for ubuntu

On Wed, 06 Feb 2008 10:20:21 +0000, Kenneth P. Turvey wrote:

> I just had a message pop up indicating that I needed to reboot my system
> due to a security update. This happened without my actually installing
> any updates at all. I was just using my computer as usual.
>
> After looking around a bit, I noticed that my grub directory had been
> updated. Then when I stat'ed my running kernel, this is what I got:
>
>
>
> kt@searay:/boot$ stat vmlinuz-2.6.20-16-generic
> File: `vmlinuz-2.6.20-16-generic'
> Size: 1747596 Blocks: 3424 IO Block: 4096 regular file
> Device: 801h/2049d Inode: 3063809 Links: 1 Access:
> (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access:
> 2008-02-06 03:29:06.000000000 -0600 Modify: 2008-01-31
> 21:43:04.000000000 -0600 Change: 2008-02-06 03:29:48.000000000 -0600
>
>
> This is the second time I've had a problem like this since installing
> Ubuntu. Is there a widely available root kit for it? I would like to
> stick with Ubuntu, but this is getting annoying.

You can set it yourself in repositories/updates. You can choose for
automatic updates, like you seem to have done, or only warnings. There
has been a recent update of the kernel for security reasons. For 7.10 I
now have 2.6.22-14-generic. I can't see what you find annoying about
this. Most updates can be done without rebooting, but for a kernel update
you will have to reboot.

Aart


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-06-2008, 12:59 PM
Karl Larsen
 
Default Root kit for ubuntu

Kenneth P. Turvey wrote:
> I just had a message pop up indicating that I needed to reboot my system
> due to a security update. This happened without my actually installing
> any updates at all. I was just using my computer as usual.
>
> After looking around a bit, I noticed that my grub directory had been
> updated. Then when I stat'ed my running kernel, this is what I got:
>
>
>
> kt@searay:/boot$ stat vmlinuz-2.6.20-16-generic
> File: `vmlinuz-2.6.20-16-generic'
> Size: 1747596 Blocks: 3424 IO Block: 4096 regular file
> Device: 801h/2049d Inode: 3063809 Links: 1
> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
> Access: 2008-02-06 03:29:06.000000000 -0600
> Modify: 2008-01-31 21:43:04.000000000 -0600
> Change: 2008-02-06 03:29:48.000000000 -0600
>
>
> This is the second time I've had a problem like this since installing
> Ubuntu. Is there a widely available root kit for it? I would like to
> stick with Ubuntu, but this is getting annoying.
>
>
Do you have really good passwords for both root and user? In an
earlier day I have a good password for root and very simple for user.
Then I was ssh to a German user who guessed my user password and was on
my computer doing nothing real bad. But I learned you need a Good
password on user too.

An example of good is an old one I used Q15x25 which takes about 12
hours to get.

Karl


--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-06-2008, 04:15 PM
NoOp
 
Default Root kit for ubuntu

On 02/06/2008 03:25 AM, Ulf Rompe wrote:
> Am Mittwoch, den 06.02.2008, 10:20 +0000 schrieb Kenneth P. Turvey:
>> I just had a message pop up indicating that I needed to reboot my
>> system due to a security update. This happened without my actually
>> installing any updates at all.
>
> Run "sudo synaptic", open "Settings"->"Repositories", move to tab titled
> "Updates", uncheck "Install security updates without confirmation" and
> the magic will stop.
>
> After doing that, think about the advantages of having security updates
> installed as soon as they come in, and re-enable the option. :-)
>
> [x] ulf
>

For the OP: here is a link to the entire security announcement:

http://www.ubuntu.com/usn
http://www.ubuntu.com/usn/usn-574-1

The http://www.ubuntu.com/usn link is a good one to bookmark.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-06-2008, 09:54 PM
John Bowden
 
Default Root kit for ubuntu

On Wednesday 06 February 2008 10:20:21 Kenneth P. Turvey wrote:
> I just had a message pop up indicating that I needed to reboot my system
> due to a security update. This happened without my actually installing
> any updates at all. I was just using my computer as usual.
>
> After looking around a bit, I noticed that my grub directory had been
> updated. Then when I stat'ed my running kernel, this is what I got:
>
>
>
> kt@searay:/boot$ stat vmlinuz-2.6.20-16-generic
> File: `vmlinuz-2.6.20-16-generic'
> Size: 1747596 Blocks: 3424 IO Block: 4096 regular file
> Device: 801h/2049d Inode: 3063809 Links: 1
> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
> Access: 2008-02-06 03:29:06.000000000 -0600
> Modify: 2008-01-31 21:43:04.000000000 -0600
> Change: 2008-02-06 03:29:48.000000000 -0600
>
>
> This is the second time I've had a problem like this since installing
> Ubuntu. Is there a widely available root kit for it? I would like to
> stick with Ubuntu, but this is getting annoying.
>
> --
> Kenneth P. Turvey <kt-usenet@squeakydolphin.com>

You will also need to reinstall as you won't know what else on your system has
been compromised. The root kit needs to be installed on a fresh install or a
known good backup.
If you think some one is getting into your systems and you have a spare
machine you might want to set up a honey trap.
john

--
Guy Fawkes, the only man to enter the house's of Parliament
with honest intentions, (he was going to blow them up!)
Registered Linux user number 414240

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 04:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org