13.06.12 16:32, Matthias Weckbecker написав(ла):
Hi,
On Wednesday 13 June 2012 15:01:38 Gruz wrote:
Here is the post with the images and additional info:
http://forums.opensuse.org/forums/english/get-technical-help-here/network-i nternet/476052-i-think-its-virus-while-nmbd-running-some-web-sites-redirecte d-broken.html#post2469100
thank you for the pointer.
Post #2 suggests basically what we would recommend too. Apart from that it would also be helpful to see which repositories are being used and if nmbd was configured to resolve names via external windows domains which in turn could be mis-configured or compromised. (I've just learned from Marcus that this could be possible.)
Thanks, Matthias
1. repos: http://paste.opensuse.org/98716283 I cannot pase it, it treats me as spammer: linux-7dyq:/etc/zypp/repos.d # cat * [Documentation:Tools] name=Documentation:Tools enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/Documentation:/Tools/openSUSE_12.1... type=rpm-md keeppackages=0 [Education] name=Education enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/Education/openSUSE_12.1/ type=rpm-md [Factory] name=Factory enabled=1 autorefresh=0 baseurl=http://download.opensuse.org/repositories/openSUSE:/Factory:/Contrib/openSUS... type=rpm-md [Gallochri(for lingot)] name=Gallochri(for lingot) enabled=1 autorefresh=0 baseurl=http://download.opensuse.org/repositories/home:/gallochri/openSUSE_12.1/ type=rpm-md [Graphics Project] name=Graphics Project enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/graphics/openSUSE_12.1/ type=rpm-md [home:froksen] name=home:froksen enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/home:/froksen/openSUSE_12.1/ type=rpm-md keeppackages=0 [home:mrdocs] name=home:mrdocs enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/home:/mrdocs/openSUSE_12.1/ type=rpm-md [home:saigkill] name=home:saigkill enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/home:/saigkill/openSUSE_12.1/ type=rpm-md keeppackages=0 [nvidia] name=nvidia enabled=1 autorefresh=1 baseurl=ftp://download.nvidia.com/opensuse/12.1/ type=rpm-md [packman openSUSE_12.1] name=packman openSUSE_12.1 enabled=1 autorefresh=1 baseurl=http://ftp.uni-erlangen.de/pub/mirrors/packman/suse/openSUSE_12.1/ type=rpm-md [packman openSUSE_Tumbleweed] name=packman openSUSE_Tumbleweed enabled=1 autorefresh=1 baseurl=http://ftp.uni-erlangen.de/pub/mirrors/packman/suse/openSUSE_Tumbleweed type=rpm-md [PHP Extensions] name=PHP Extensions enabled=1 autorefresh=0 baseurl=http://download.opensuse.org/repositories/server:/php:/extensions/openSUSE_1... type=rpm-md [repo-debug] name=openSUSE-12.1-Debug enabled=0 autorefresh=1 baseurl=http://download.opensuse.org/debug/distribution/12.1/repo/oss/ path=/ type=NONE keeppackages=0 [repo-debug-update] name=openSUSE-12.1-Update-Debug enabled=0 autorefresh=1 baseurl=http://download.opensuse.org/debug/update/12.1/ path=/ type=NONE keeppackages=0 [repo-non-oss] name=openSUSE-12.1-Non-Oss enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/distribution/12.1/repo/non-oss/ type=yast2 keeppackages=0 [repo-oss] name=openSUSE-12.1-Oss enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/distribution/12.1/repo/oss/ type=yast2 keeppackages=0 [repo-source] name=openSUSE-12.1-Source enabled=0 autorefresh=1 baseurl=http://download.opensuse.org/source/distribution/12.1/repo/oss/ path=/ type=NONE keeppackages=0 [repo-update] name=openSUSE-12.1-Update enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/update/12.1/ type=rpm-md keeppackages=0 [security] name=security enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/security/openSUSE_12.1/ type=rpm-md keeppackages=0 [X11:Utilities] name=X11:Utilities enabled=1 autorefresh=1 baseurl=http://download.opensuse.org/repositories/X11:/Utilities/openSUSE_12.1/ type=rpm-md keeppackages=0 linux-7dyq:/etc/zypp/repos.d # 2. post #2 linux-7dyq:/ # rpm -q --verify samba linux-7dyq:/ # Empty result. 3. I use an ADSL modem whis is also my router (DHCP server) and two linux PCs behind it. Nothing more. No specific configuration. Where is the nmbd configuration? So I can show it. 4. Some time ago I logged in to KDE as root to run PlayOnlinux from root. It was a test, because at my user it was giving an permission error. I didn't run anything except PlayOnlinux itself. I don't think it's a problem, but I think I must inform. And the problem started not from that time as far as I remembet. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org