Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Mystery intruder!

  1. #1
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,085

    Default Mystery intruder!

    I recently did an upgrade install to 42.3. This was not without hitches, as mentioned in my thread in "soapbox".. However, now up and running and all is more or less well..
    One baffling new development in particular is bugging me!

    In konsole, as my user 'sp', all is well, new install has even inherited my prompt..

    Code:
    sp 16:58:~>
    BUT! When I become root, I get this....

    Code:
    PartedMagic:~ #
    !!!!!

    What the Crimmuns????

    Now I used a USB stick which had previously had a live PartedMagic OS on it. But I 'prepared' the stick using dd to copy the 42.3 iso, which surely should have obliterated all traces?
    I also, during my troubles, IIRC booted to PartedMagic using another stick. But I am sure that I did not do anything whilst there...

    Can anyone explain please? Does this raise any possible troubles? And how do I change this to what it should be.....

    Tumbleweed/KDE/Ati Radeon R9 270/AMD FX-6300/8Gb DDR3

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Mystery intruder!

    So, what happens if you pull the USB stick out of your machine before you elevate to root?
    And, exactly what command or method are you using to elevate to root?

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,085

    Default Re: Mystery intruder!

    Quote Originally Posted by tsu2 View Post
    So, what happens if you pull the USB stick out of your machine before you elevate to root?
    And, exactly what command or method are you using to elevate to root?

    TSU
    O the stick is not in the machine! The OS is installed, etc..

    I use
    Code:
    su -
    in konsole...

    Tumbleweed/KDE/Ati Radeon R9 270/AMD FX-6300/8Gb DDR3

  4. #4
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    2,033

    Default Re: Mystery intruder!

    Whilst I can't help with your intruder, I'm sure others will.

    Quote Originally Posted by wakou View Post
    Now I used a USB stick which had previously had a live PartedMagic OS on it. But I 'prepared' the stick using dd to copy the 42.3 iso, which surely should have obliterated all traces?
    I've found from past experience that whenever one "re-uses" a USB stick it is advisable to write zeros to the start first.

    Use:
    Code:
    # dd if=/dev/zero of=/dev/sdX count=100
    Make sure that "X" is the correct device! Use "sudo fdisk -l" or "df" to find out.
    Regards, Paul

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Mystery intruder!

    Don't know enough about PartedMagic,
    But first...
    Simply copying <some> disk blocks won't guarantee whatever existed before is gone (this might be a good lesson).

    To obliterate what was there before, you need to "zero" the device.
    This can be accomplished by
    - Using dd, write zeros to the <entire> disk before re-using.
    - Less complete, but oftentimes sufficient is to <change the partitions> before re-using. Of course, if you're using the entire "disk" always, you're re-using the disk geometry and old data can magically re-appear.
    - Re-formatting the <entire> partition(s) can also be sufficient.

    The only sure way is the first option.

    On solid state memory (including USB drives) you have a slightly different issue as well, memory isn't written to magnetic surfaces, the data is written to "traps"(aka cells) which must undergo an extra "erase" step before the trap can be re-used for writing. Unless and until that trap is erased, the data <shouldn't> be accessible but who knows for sure? The only way to be sure is to execute the command to clear all the traps on the device (Research your device's manufacturer to determine the command). Or, you can execute the trim/discard command in the new system before using the contents of the USB stick.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,085

    Default Re: Mystery intruder!

    Thanks Tsu!. How do I 'reclaim' this? Where would the string "PartedMagic" be?

    Tumbleweed/KDE/Ati Radeon R9 270/AMD FX-6300/8Gb DDR3

  7. #7
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,085

    Default Re: Mystery intruder!

    Thanks Tsu!. How do I 'reclaim' this? Where would the string "PartedMagic" be?

    Tumbleweed/KDE/Ati Radeon R9 270/AMD FX-6300/8Gb DDR3

  8. #8
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    16,288

    Default Re: Mystery intruder!

    Yast-Network settings is where is is normally set under hostname/DNS. Maybe changing it there may fix it.

  9. #9
    Join Date
    Jun 2009
    Location
    Florida, USA
    Posts
    236

    Default Re: Mystery intruder!

    Since you booted PartedMagic during the process, might your router/DHCP server have remembered a hostname?
    Use the Source, Luke

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,685
    Blog Entries
    3

    Default Re: Mystery intruder!

    Quote Originally Posted by wakou View Post
    BUT! When I become root, I get this....

    Code:
    PartedMagic:~ #
    !!!!!
    As root (when you see that output) try:
    Code:
    id
    echo $HOME
    echo ~
    pwd
    This is just to check that the uid is 0, and that the home directory is "/home".

    If everything is as it should be, then look at ".profile" and at files with name starting ".bash" in the root home directory. Those could have changed the root prompt.

    Hmm, on second thoughts -- if I login at the terminal as root, the prompt that I see is of the form:
    hostname:~ #

    So maybe your system has a hostname of "PartedMagic".

    Maybe you ran the PartedMagic CD, and somehow your router picked up that the hostname is "PartedMagic". And maybe your system then got its hostname from your router (via DHCP).

    Okay, lots of guessing there.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •