7

What should I check after an unauthorized access?

view full story
linux-howto

http://unix.stackexchange.com – I accidentally left an open port on my router, leaving access to one of my computers via SSH, using a rather insecure password. I noticed because I checked /var/log/auth.log and there is just one entry from the outside. There's no bash history nor anything easily noticeable. What should I check to know my computer is not compromised? (HowTos)

missing's picture
Submitted by missing on 01/15/2013 – Made popular on 01/15/2013

Stories similar to What should I check after an unauthorized access?

system compromised 36 weeks 2 days ago

today my wireless card droped unexpectely so I checked the auth log and see a bunch of access at times I was asleep, i left my house and came back just now and wifi back up and I see a twm something something in the bottom middle of the screen so I check the auth logs again and see again more acess at times I wasn't there. I'll post any data needed if you can help.

Hi,

I have a question regarding restricting access through ufw on port 80(http):

When I issue the command sudo ufw allow 80, I can access my web page from any where.

But I only want one of my computers (192.168.1.101) to access my webpage and NOT everyone.

Building a HTTP Jail 1 year 51 weeks ago

I know this is off topic, so let us keep this brief.I need some suggestions as to how to set up the following:I want a dedicated open wireless router with which anyone can associate.  This router will not provide Internet access, but, rather, will be served by a web sever running on a dedicated machine.  I want all traffic from all computers associated with the router to redirect to an i

I am a bit new to vlan, so forgive me if I ask noob question.

I am trying to setup a vlan on my netgear switch (GS105E). I want to create 2 separated networks and I want both of them have internet access.

My setup is

Modem connect to router WRT54G (with dd-wrt) connect to netgear switch

I have configured port 1 and port 5 as vlan1 and port 2 to port 4 as vlan2.

I have an Ubuntu 10.04 Linux server that I normally ssh into (from my home machine) using ssh key authentication. However, sometimes I need to ssh remotely from potentially insecure machines (like internet cafes, public computers at the library, etc) on which my password could become compromised.

I've set up port forwarding over ssh so I can securely connect to a web console.

USB access from switch 20 weeks 2 days ago

Currently, I have a network setup that kind of duct-taped together.

I install freeradius2, add to raddb/users:

test Cleartext-Password := "test1" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 10.36.0.2, Framed-IP-Netmask = 255.255.255.0,

start radiusd, and check auth:

radtest test test1 127.0.0.1 1002 testing123 Sending Access-Request of id 199 to 127.0.0.1 port 1812 User-Name = "test

VPN or RemoteDesktop? 1 year 15 weeks ago

I need to keep an eye on our small company server while I'm away. I Have Windows2008 server with a spare NIC and went through all the steps to setup a WIndows VPN.

But before I set the port forward on the router - do I really need a VPN? All I want to do is remote desktop into that one server I don't need to be on the LAN and don't need access to other machines.

What I would like to do is limit