openSUSE Security June 2003

security@lists.opensuse.org

156 participants
147 discussions

AW: [suse-security] initsys prozess / rootkit? trojan?
by Wanning, Mike 02 Jun '03

02 Jun '03

Hi Robert, Hi List, I've found some Informations about initsys: www.giac.org/practical/Edmo_Filho_GCIH.doc says: "initsys is a session hijacking tool that can be remotely connected by using another session hijacking tool called Hunt." Mike Wanning > -----Ursprüngliche Nachricht----- > Von: Robert Schelander [mailto:rschelander@aon.at] > Gesendet: Montag, 2. Juni 2003 02:57 > An: suse-security(a)suse.com > Betreff: [suse-security] initsys prozess / rootkit? trojan? > > > Does someone know what this 'initsys' process is good for? > I've never seen > in on any of my systems before. Could it be part of a > rootkit? I found the > binary in /usr/bin/initsys > > thanks in advance > Robert > > > USER PID %CPU %MEM VSZ RSS TTY STAT START > TIME COMMAND > root 1 0.2 0.0 448 64 ? S 01:05 > 0:07 init [5] > root 2 0.0 0.0 0 0 ? SW 01:05 > 0:00 [keventd] > root 3 0.0 0.0 0 0 ? SW 01:05 > 0:00 [kapmd] > root 4 0.0 0.0 0 0 ? SWN 01:05 0:00 > [ksoftirqd_CPU0] > root 5 0.0 0.0 0 0 ? SW 01:05 > 0:00 [kswapd] > root 6 0.0 0.0 0 0 ? SW 01:05 > 0:00 [bdflush] > root 7 0.0 0.0 0 0 ? SW 01:05 > 0:00 [kupdated] > root 10 0.0 0.0 0 0 ? SW< 01:05 0:00 > [mdrecoveryd] > root 14 0.0 0.0 0 0 ? DW 01:05 > 0:00 [hpt_wt] > root 15 0.0 0.0 0 0 ? SW 01:05 > 0:00 [kreiserfsd] > root 23 0.0 0.2 1312 332 ? S 01:05 > 0:00 initsys > root 256 0.0 0.5 1840 640 ? S 01:05 0:00 > /usr/sbin/apmd > root 410 0.0 0.5 1408 640 ? S 01:05 0:00 > /sbin/syslogd > root 413 0.0 0.8 1904 1116 ? S 01:05 0:00 > /sbin/klogd -c 1 > root 449 0.0 0.0 0 0 ? SW 01:05 > 0:00 [khubd] > bin 693 0.0 0.3 1344 404 ? S 01:05 0:00 > /sbin/portmap > ..... > > > > -- > Check the headers for your unsubscription address > For additional commands, e-mail: suse-security-help(a)suse.com > Security-related bug reports go to security(a)suse.de, not here > Gesendet über Mailserver: begros.de! Trotz sorgfältiger Virenprüfung können wir für eventuelle Schäden, die durch nicht erkannte Computerviren entstehen, keine Haftung übernehmen.

1 0

AW: [suse-security] initsys prozess / rootkit? trojan?
by Gerhard Stegmann 02 Jun '03

02 Jun '03

hi there. just a suggestion : your initsys-process seems to have come up together with the other ones ( 01:05 ). so maybe you can find an initscript somewhere that starts it ? as pid is higher than the one of reserfsd, it should be startet somewhere after it. what does pstree say ? does this help ? -----Ursprüngliche Nachricht----- Von: Robert Schelander [mailto:rschelander@aon.at] Gesendet: Montag, 2. Juni 2003 02:57 An: suse-security(a)suse.com Betreff: [suse-security] initsys prozess / rootkit? trojan? Does someone know what this 'initsys' process is good for? I've never seen in on any of my systems before. Could it be part of a rootkit? I found the binary in /usr/bin/initsys thanks in advance Robert USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.2 0.0 448 64 ? S 01:05 0:07 init [5] root 2 0.0 0.0 0 0 ? SW 01:05 0:00 [keventd] root 3 0.0 0.0 0 0 ? SW 01:05 0:00 [kapmd] root 4 0.0 0.0 0 0 ? SWN 01:05 0:00 [ksoftirqd_CPU0] root 5 0.0 0.0 0 0 ? SW 01:05 0:00 [kswapd] root 6 0.0 0.0 0 0 ? SW 01:05 0:00 [bdflush] root 7 0.0 0.0 0 0 ? SW 01:05 0:00 [kupdated] root 10 0.0 0.0 0 0 ? SW< 01:05 0:00 [mdrecoveryd] root 14 0.0 0.0 0 0 ? DW 01:05 0:00 [hpt_wt] root 15 0.0 0.0 0 0 ? SW 01:05 0:00 [kreiserfsd] root 23 0.0 0.2 1312 332 ? S 01:05 0:00 initsys root 256 0.0 0.5 1840 640 ? S 01:05 0:00 /usr/sbin/apmd root 410 0.0 0.5 1408 640 ? S 01:05 0:00 /sbin/syslogd root 413 0.0 0.8 1904 1116 ? S 01:05 0:00 /sbin/klogd -c 1 root 449 0.0 0.0 0 0 ? SW 01:05 0:00 [khubd] bin 693 0.0 0.3 1344 404 ? S 01:05 0:00 /sbin/portmap ..... -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help(a)suse.com Security-related bug reports go to security(a)suse.de, not here

1 0

obsolete (PF_INET,SOCK_PACKET)
by webmaster 02 Jun '03

02 Jun '03

Hi List, Is the err below harmless? And what a way to cure it? SuSe 7.1 box scanlogd uses obsolete (PF_INET,SOCK_PACKET) Thanks Antal Kreorg Oktatóközpont Grid International Magyarország kreorg(a)kreorg.hu +36-1-321-0031

2 1

encrypted device?!
by Markus Hochmann 02 Jun '03

02 Jun '03

Hello, I would like to know something about the encrypted devices (losetup) [1] : -Which algorithmus is the securest? -How do I get to know how many bits are used for encryption? -How secure is this at all? (Password in RAM/ on swap?; BF-attack?; very big partitions ~100GB) -Can the swap be randomly encrypted? (So nobody can read it after restart.) Greets, Markus [1] german: http://www.suse.de/de/private/support/howto/crypto/ english: http://sdb.suse.de/en/sdb/html/jsj_crypto_filesystem_mini_howto.html

3 2

Re: [SLE] How to look at the SRPMS source code without recompiling?
by fabio de francesco 02 Jun '03

02 Jun '03

> > Install it with rpm -i, and look in /usr/src/packages/{SOURCES,SPECS} > Are you sure that "rpm -i *src.rpm" won't compile and install the binaries? Thanks.

3 2

Protection against synfloods and portscans
by Ruprecht Helms 01 Jun '03

01 Jun '03

Hi, how can I protect a firewall against syn-floods and normal port-scans via iptable-rule(s)? Regards, Ruprecht

1 0

SuSEfirewall2
by Greg Jamison 01 Jun '03

01 Jun '03

Hello, I am new to the SuSEfirewall, but have quite a bit of experience with iptables. There are a few rules I used in iptables that I can't seem to find equivalents for with the SuSEfirewall. Specifically the following: -A INPUT -i eth0 -p tcp --syn -j DROP (This drops all TCP syn packets received on eth0) -A INPUT -i eth0 -p tcp -m state --state INVALID,NEW -j DROP (This drops any TCP traffic received on eth0 not generated by my firewall or internal network) Is there any way I can accomplish the same with the SuSEfirewall? Any help is greatly appreciated. Thanks! Greg Jamison

2 1

Jump to page:

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security June 2003