Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 24 Apr 2014, 16:30
All times are UTC - 4
 Forum index » Off-Topic Area » Security
[ALERT?] (probably) trojan keylogger reported
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
MU


Joined: 24 Aug 2005
Posts: 13642
Location: Karlsruhe, Germany

PostPosted: Sat 07 Nov 2009, 13:56    Post subject:  [ALERT?] (probably) trojan keylogger reported
Subject description: DO activate Puppys firewall!
 

I think these are the first reliable indicators of infected Puppylinux installations.

http://www.murga-linux.com/puppy/viewtopic.php?p=358515#358515

Update: that one seems to be a false alert, see Pizzasgoods explanation:
http://www.murga-linux.com/puppy/viewtopic.php?p=359164#359164

In all other cases in the past, I think we had false alerts.


You can install the firewall from the menu, or by typing:
firewallinstallshell

If you choose "automatic installation", it is very easy.

Mark

_________________
my recommended links

Last edited by MU on Sat 07 Nov 2009, 14:47; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sat 07 Nov 2009, 14:35    Post subject:  

I don't know about the first one, but the second one seems to be a false positive. The scanner got confused by our use of busybox.
_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
MU


Joined: 24 Aug 2005
Posts: 13642
Location: Karlsruhe, Germany

PostPosted: Sat 07 Nov 2009, 14:43    Post subject:  

Thanks for the clarification, Jeremy Very Happy

The first one looks strange. No idea at moment...

Mark

_________________
my recommended links
Back to top
View user's profile Send private message Visit poster's website 
Patriot


Joined: 15 Jan 2009
Posts: 734

PostPosted: Sat 07 Nov 2009, 14:57    Post subject:  

Hmmm .....

MU,

I concur with Pizzasgood ...

I've tested chkrootkit on my system and it gives the exact output as reported in the second link. I also have just rebuilt busybox 1.15.2 from source and chkrootkit gives the same output ... So, I agree it's a false alarm ...

From what I understand, rootkits may get installed if one unwittingly uses a package from unreliable download sources ...


Rgds
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Mon 09 Nov 2009, 12:14    Post subject:  

Since Puppy is supposed to be newbie-friendly, I've always wondered why the user has to invoke the firewall startup (and thus, has to KNOW to invoke it). Why not just have it running by default, even when booting pfix=ram?
Back to top
View user's profile Send private message 
sikpuppy


Joined: 29 Mar 2009
Posts: 433

PostPosted: Tue 10 Nov 2009, 00:10    Post subject:  

PaulBx1 wrote:
Since Puppy is supposed to be newbie-friendly, I've always wondered why the user has to invoke the firewall startup (and thus, has to KNOW to invoke it). Why not just have it running by default, even when booting pfix=ram?


It would be nice, but what would be the default settings? Just enough to run the software contained on the LIVE CD?

What happens when the user installs extra PETs that need firewall access? It means that a new set of rules would have to be supplied by the PET packager, or the user would have to set the rules themselves.

The network wizard would also have to modify the firewall, which in itself might not be problematic, but at this stage I fear that the firewall would block initial attempts to gain a connection.

BTW I think that it is a good idea to have the firewall on and locked down by default, I am just playing devil's advocate.

_________________
ASUS A1000, 800Mhz PIII Coppermine!, 192Mb RAM, 10Gb IBM Travelstar HDD, Build date August 2001.
Back to top
View user's profile Send private message MSN Messenger 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0442s ][ Queries: 11 (0.0041s) ][ GZIP on ]