Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Searching to understand some system modifications

  1. #11
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Searching to understand some system modifications

    Quote Originally Posted by Knurpht View Post
    I'm with Henk. If someone does come in, you should find an entry in /var/log/messages. At least one, if the attacker managed to disable log entries. Or, in the compressed bz file containing the old messages entries.

    BTW, @stakanov: you know your 11.1 is past it's life's end? If your concern about your security still is as high as I remember, I suggest you upgrade to 11.3 or 11.4, that would at least give you an up to date system with the latest security features.
    11.4 is on the plan after the last days as you can immagine. But I will not be able to do it right away when it comes out (due to organizational problems).

  2. #12
    Join Date
    Aug 2008
    Location
    Behind the 8 ball
    Posts
    116

    Default Re: Searching to understand some system modifications

    Quote Originally Posted by stakanov View Post
    Code:
    linux-2c5j:~ # ps aux | grep avahi{p]
    root      8251  0.0  0.0   2312   424 pts/1    S+   20:31   0:00 grep avahi{p]
    This is what I get under root. As user account no.
    You are using a curly brace { and then a bracket ]
    You should use an open bracket [ and a closed bracket ]

    If that's too confusing use an inverted match like so

    Code:
    ps aux | grep avahi | grep -v grep

  3. #13
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,851

    Default Re: Searching to understand some system modifications

    Quote Originally Posted by stakanov View Post
    Code:
    linux-2c5j:~ # ps aux | grep avahi{p]
    root      8251  0.0  0.0   2312   424 pts/1    S+   20:31   0:00 grep avahi{p]
    This is what I get under root. As user account no.
    Please repeat this without the silly {p] at the end.
    It should give the same under root as under a normal user, looking in the process table is not restricted to root.

    And what about YaST > System > Systemservices (runlevel)? Are the two avahi services switched on there? Then switch them off.
    Henk van Velden

  4. #14
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Searching to understand some system modifications

    Quote Originally Posted by jthiatt08 View Post
    You are using a curly brace { and then a bracket ]
    You should use an open bracket [ and a closed bracket ]

    If that's too confusing use an inverted match like so

    Code:
    
    ps aux | grep avahi | grep -v grep
    LOL, no, it is that at this time of the day on a 12'' I have a sight problem, so I did not mean to use a curly one, sorry. With the user account I did actually not repeat the error. Maybe I need glasses......or a bigger screen.
    Code:
    ps aux | grep avahi[p]
    as root gives nothing (which is good)

  5. #15
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,851

    Default Re: Searching to understand some system modifications

    PLEASE, I asked you to leave out the {p], not to replace it by [p] or something else!

    And why did you not answer my second question about the YaST runlevel config?
    Henk van Velden

  6. #16
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Searching to understand some system modifications

    Code:
    linux-2c5j:~ # ps aux | grep avahi
    root      8499  0.0  0.0   2312   420 pts/1    S+   21:31   0:00 grep avahi
    For what is the runlevel. I thought I would have answered the question in post nr 3.
    Zeroconf is NO
    Code:
     8518  0.0  0.0   3312   732 pts/1    S+   21:34   0:00 grep avahi
    under normal user.

  7. #17
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,851

    Default Re: Searching to understand some system modifications

    Thanks for the output. It shows that avahi does not run.

    My second question was not about the runlevel you use but:
    And what about YaST > System > Systemservices (runlevel)? Are the two avahi services switched on there? Then switch them off.
    It is just an extra check, it should show both avahi services as off because we just proved that it is not running.

    When avahi is off (as we showed now) I do not understand at all why you have avahi messages in the loging.
    Henk van Velden

  8. #18
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Searching to understand some system modifications

    Yes, I know. This was the reason why I got ..... surprised.

  9. #19
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,851

    Default Re: Searching to understand some system modifications

    Quote Originally Posted by stakanov View Post
    Yes, I know. This was the reason why I got ..... surprised.
    Understatement

    I am closing down for today. Maybe the night brings some insight
    Henk van Velden

  10. #20
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Searching to understand some system modifications

    On 2011-02-24 17:36, stakanov wrote:
    >
    > I had some problems in the past with people loving very much to go in
    > and out of my machine. So this time when I noted strange behavior, I
    > went through \var\log\messages and found:
    >
    > Code:
    > --------------------
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Loading service file /etc/avahi/services/sftp-ssh.service.
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Loading service file /etc/avahi/services/ssh.service.
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Network interface enumeration completed.
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Registering HINFO record with values 'I686'/'LINUX'.
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Server startup complete. Host name is linux-2c5j.local. Local service cookie is 974136706.
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Service "linux-2c5j" (/etc/avahi/services/ssh.service) successfully established.
    > Feb 2 17:10:44 linux-2c5j avahi-daemon[3218]: Service "SFTP File Transfer on linux-2c5j" (/etc/avahi/services/sftp-ssh.service) successfully established.
    > Feb 2 17:10:44 linux-2c5j modem-manager: Loaded plugin Sierra
    > --------------------
    >
    >
    > Now I did not activate SFTP server or ssh server on my machine.


    The SFTP I think stands for secure ftp, and thus it depends on the sshd
    daemon. And obviously, avahi was running at that time, maybe you stopped
    those services later. Probably it does not means that sshd/sftpd are
    running, but that avahi awareness of them is enabled.

    Run this as root:

    for I in avahi-daemon avahi-dnsconfd sshd ; do chkconfig $I ; done


    avahi-daemon is a difficult service to remove, the system will insist on
    re-enabling/reinstalling it.

    > Another anomaly was that although I did use luks encrypted home
    > partition, the dm-crypt asks to input the password to access sda4 in
    > order to access the drive, but if I cancel, I do not have any problem to
    > access my data (as I would have expected, since I did input the right
    > password at boot). All this leaves my a bit unsatisfied and not really
    > reassured.


    I don't understand this. Could you explain again, please?

    Let me see... I think you mean that the system asks for the password to
    encrypted sda4, during the boot-up sequence. Later on something asks again
    for the password, you cancel, and still you can access sda4.

    Is that it? That would be a bug (not dangerous), which will not be solved
    as 11.1 is EOL. The bug is that it does not verify that the partition is
    already accessible.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •