I think these are the first reliable indicators of infected Puppylinux installations.
http://www.murga-linux.com/puppy/viewto ... 515#358515
Update: that one seems to be a false alert, see Pizzasgoods explanation:
http://www.murga-linux.com/puppy/viewto ... 164#359164
In all other cases in the past, I think we had false alerts.
You can install the firewall from the menu, or by typing:
firewallinstallshell
If you choose "automatic installation", it is very easy.
Mark
[ALERT?] (probably) trojan keylogger reported
[ALERT?] (probably) trojan keylogger reported
Last edited by MU on Sat 07 Nov 2009, 18:47, edited 2 times in total.
[url=http://murga-linux.com/puppy/viewtopic.php?p=173456#173456]my recommended links[/url]
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
I don't know about the first one, but the second one seems to be a false positive. The scanner got confused by our use of busybox.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Hmmm .....
MU,
I concur with Pizzasgood ...
I've tested chkrootkit on my system and it gives the exact output as reported in the second link. I also have just rebuilt busybox 1.15.2 from source and chkrootkit gives the same output ... So, I agree it's a false alarm ...
From what I understand, rootkits may get installed if one unwittingly uses a package from unreliable download sources ...
Rgds
MU,
I concur with Pizzasgood ...
I've tested chkrootkit on my system and it gives the exact output as reported in the second link. I also have just rebuilt busybox 1.15.2 from source and chkrootkit gives the same output ... So, I agree it's a false alarm ...
From what I understand, rootkits may get installed if one unwittingly uses a package from unreliable download sources ...
Rgds
It would be nice, but what would be the default settings? Just enough to run the software contained on the LIVE CD?PaulBx1 wrote:Since Puppy is supposed to be newbie-friendly, I've always wondered why the user has to invoke the firewall startup (and thus, has to KNOW to invoke it). Why not just have it running by default, even when booting pfix=ram?
What happens when the user installs extra PETs that need firewall access? It means that a new set of rules would have to be supplied by the PET packager, or the user would have to set the rules themselves.
The network wizard would also have to modify the firewall, which in itself might not be problematic, but at this stage I fear that the firewall would block initial attempts to gain a connection.
BTW I think that it is a good idea to have the firewall on and locked down by default, I am just playing devil's advocate.
ASUS A1000, 800Mhz PIII Coppermine!, 192Mb RAM, 10Gb IBM Travelstar HDD, Build date August 2001.