Afraid of system being compromised - newbie in "security"
Hello,
PART 1:
There are two computers. Computer A uses openSuse and it is usually used for common tasks (not risk at all), suddenly, one day some "bookmarks" from Mozilla Firefox were modified but not by the legitimate users. The firewall rules were for the Eth0 (unique interface) in External zone, and the router is connected directly to the DSL line (no other computers in LAN). So, only legitimate users on one computer, they know how to change bookmarks, and they are pretty sure they didn't modified them.
I extract also here the iptables -L rules.
userA@computerA:~> sudo /usr/sbin/iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
ACCEPT icmp -- anywhere anywhere ctstate RELATED
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (1 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcpflags: FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
DROP all -- anywhere anywhere
Chain reject_func (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
The modification in the bookmarks of Firefox is not possible to be done by us, is not so easy to do it by error, because the bookmarks where modified specifically in a tree of folders, deleting two URL markers and adding other two.
I know by the language and the context of the new URL that the "intruder" is from my nationality.
The problem is that the legitimate users of the computer just delete both fake URL and add the original ones. After that, they just continue using normally the computer. That day, none of that URL webpages where under attack (like DNS or sth like that and that maybe the auto-refresh - i don't know if it exists - of Firefox just updated both of them in the moment of the attack of the webpages). Also, they didn't say anything about a possible attack days after that. And because is in the bookmarks of Firefox (something that is locally stored) I thought was a direct and specified attack to the computer A and its users.
Question A: Was my supposition correct? Or there is still any possibility to be a general attack? I dismiss any possibility of popular worm/virus because the modification of the markers were really specific and on national context.
Question B: What is the best procedure to analyze the source of the attack and how to protect against it? How to know what things have been modified? I think it is weird that the intruder shows himself modified something in the system (like markers in Firefox), so, he/she wants to be known, like a threat.
I have installed and started the Clamav antivirus. I can show so far that there are:
Windows and Data NTFS partitions (Windows not really used, Data used from Linux):
- hundreds of [b]Heuristics.Encrypted.ZIP[/b] (or PDF, RAR), [b]Heuristics.Broken.Executable[/b]
- file .htm with [b]Exploit.HTML.MHTRedir.4n[/b]
- file .pdf with [b]Exploit.PDF-1745[/b]
- file .rar with [b]Trojan.W32.HotKeysHook.A[/b]
- 5 files .js with [b]Worm.JS.Redlof.A[/b]
Linux (normally used):
- /boot/vmlinux-3.1.10-1.16-desktop.gz Heuristics.Broken.Executable
- /home/userA/Applications/jDownloaders/JDownlaoder/libs/jna.jar Heuristics.Broken.Executable
- /home/userA/.jd/libs/jna.jar Heuristics.Broken.Executable
- /home/userA/.thunderbird/ct5dfrhd.default/training.dat Heuristics.Broken.Executable
- /lib/firmware/vxge/X3fw.ncf Heuristics.Encrypted.Zip
- /lib/firmware/vxge/X3fw-pxe.ncf Heuristics.Encrypted.Zip
In the time the detection was notified, Windows wasn't used in the days before. Therefore, Linux was the O.S. in the time of the intrusion. So, the files with Exploits, Trojan and Worm is really difficult (or pretty sure) to be executed the days before, because are really weird files and maybe used some months or years ago, not the last weeks, and for sure not from linux.
PART 2:
Now I have access to the main computerA, were the "intrusion" was done 2 weeks and half ago, but I really don't know what to do and how to proceed. At least I have installed clamav and I have shown the results above.
The problem is that I come with the computerB with ArchLinux, and I needed internet to start checking how to perform with all this. The problem is that after activate eth0 and send dhcp client to get the IP, I get the connection and just after that I saw a really weird behaviour. Suddenly, the computer got a little freeze, well, not really freeze, but slow for some moments, and when I check in terminal what happend, my prompt was modified.
Before was:
ussr@localhost
now:
ussr@unknown002454062846
That put my alarms on, so I quickly disconnect ethernet. Because I don't know how to proceed, and really scared of the situation, I just post the below "captures".
iptables of computerB ( I followed the Arch Linux Simple Stateful Firewall.... I think I got it correctly )
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp echo-request ctstate NEW
UDP udp -- anywhere anywhere ctstate NEW
TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
icmp -- anywhere anywhere icmp echo-request recent: SET name: ping_limiter side: source mask: 255.255.255.255
DROP icmp -- anywhere anywhere icmp echo-request recent: UPDATE seconds: 4 hit_count: 6 name: ping_limiter side: source mask: 255.255.255.255
ACCEPT icmp -- anywhere anywhere icmp echo-request
REJECT tcp -- anywhere anywhere recent: SET name: TCP-PORTSCAN side: source mask: 255.255.255.255 reject-with tcp-reset
REJECT udp -- anywhere anywhere recent: SET name: UDP-PORTSCAN side: source mask: 255.255.255.255 reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain TCP (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere recent: UPDATE seconds: 60 name: TCP-PORTSCAN side: source mask: 255.255.255.255 reject-with tcp-reset
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain UDP (1 references)
target prot opt source destination
REJECT udp -- anywhere anywhere recent: UPDATE seconds: 60 name: UDP-PORTSCAN side: source mask: 255.255.255.255 reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere udp dpt:domain
ls /var/log
[ussr@unknown002454062846 log]$ ls
auth.log btmp crond.log.3 daemon.log.3 errors.log.3 everything.log.4 kernel.log messages.log pacman.log syslog.log.3 user.log.4
auth.log.1 btmp.1 crond.log.4 daemon.log.4 errors.log.4 faillog kernel.log.1 messages.log.1 pm-powersave.log syslog.log.4 wtmp
auth.log.2 ConsoleKit cups dmesg.log everything.log httpd kernel.log.2 messages.log.2 speech-dispatcher user.log wtmp.1
auth.log.3 crond.log daemon.log errors.log everything.log.1 journal kernel.log.3 messages.log.3 syslog.log user.log.1 Xorg.0.log
auth.log.4 crond.log.1 daemon.log.1 errors.log.1 everything.log.2 kdm.log kernel.log.4 messages.log.4 syslog.log.1 user.log.2 Xorg.0.log.old
boot crond.log.2 daemon.log.2 errors.log.2 everything.log.3 kdm.log.1 lastlog old syslog.log.2 user.log.3 Xorg.1.log
sudo cat /var/log/auth.log
Mar 12 21:47:06 localhost polkitd[463]: Registered Authentication Agent for unix-session:1 (system bus name :1.19 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 12 21:56:16 localhost sudo: ussr : TTY=pts/2 ; PWD=/home/ussr ; USER=root ; COMMAND=/sbin/ifconfig eth0 up
Mar 12 21:56:16 localhost sudo: pam_unix(sudo:session): session opened for user root by ussr(uid=0)
Mar 12 21:56:16 localhost sudo: pam_unix(sudo:session): session closed for user root
Mar 12 21:58:03 localhost sudo: ussr : TTY=pts/2 ; PWD=/home/ussr ; USER=root ; COMMAND=/usr/sbin/dhcpcd
Mar 12 21:58:03 localhost sudo: pam_unix(sudo:session): session opened for user root by ussr(uid=0)
Mar 12 21:58:10 localhost sudo: pam_unix(sudo:session): session closed for user root
Mar 12 22:01:01 localhost crond[1185]: pam_unix(crond:session): session opened for user root by (uid=0)
Mar 12 22:01:01 localhost CROND[1185]: pam_unix(crond:session): session closed for user root
Mar 12 22:01:19 localhost systemd-logind[341]: New session 3 of user ussr.
Mar 12 22:01:16 localhost polkitd[463]: Unregistered Authentication Agent for unix-session:1 (system bus name :1.19, object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 12 22:01:17 localhost kdm: :0[371]: pam_unix(kde:session): session closed for user ussr
Mar 12 22:01:19 localhost kdm: :0[1252]: pam_unix(kde:session): session opened for user ussr by (uid=0)
Mar 12 22:01:31 localhost polkitd[463]: Registered Authentication Agent for unix-session:3 (system bus name :1.45 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 12 22:02:41 localhost sudo: ussr : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/cat auth.log
Mar 12 22:02:41 localhost sudo: pam_unix(sudo:session): session opened for user root by ussr(uid=0)
Mar 12 22:02:41 localhost sudo: pam_unix(sudo:session): session closed for user root
Mar 12 22:05:08 localhost sudo: ussr : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/cat crond.log
Mar 12 22:05:08 localhost sudo: pam_unix(sudo:session): session opened for user root by ussr(uid=0)
Mar 12 22:05:09 localhost sudo: pam_unix(sudo:session): session closed for user root
Mar 12 22:06:08 localhost sudo: ussr : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/cat messages.log
Mar 12 22:06:08 localhost sudo: pam_unix(sudo:session): session opened for user root by ussr(uid=0)
Mar 12 22:06:09 localhost sudo: pam_unix(sudo:session): session closed for user root
sudo cat /var/log/crond.log
Mar 12 21:19:12 localhost crond[343]: (CRON) INFO (Syslog will be used instead of sendmail.)
Mar 12 21:19:12 localhost crond[343]: (CRON) INFO (running with inotify support)
Mar 12 21:46:15 localhost crond[339]: (CRON) INFO (Syslog will be used instead of sendmail.)
Mar 12 21:46:15 localhost crond[339]: (CRON) INFO (running with inotify support)
Mar 12 22:01:01 localhost CROND[1186]: (root) CMD (run-parts /etc/cron.hourly)
Mar 12 22:01:01 localhost anacron[1192]: Anacron started on 2013-03-12
Mar 12 22:01:01 localhost anacron[1192]: Normal exit (0 jobs run)
Mar 12 23:01:01 localhost CROND[1847]: (root) CMD (run-parts /etc/cron.hourly)
Mar 12 23:01:01 localhost anacron[1853]: Anacron started on 2013-03-12
Mar 12 23:01:01 localhost anacron[1853]: Normal exit (0 jobs run)
sudo cat /var/log/everything.log [more info maybe]
Mar 12 21:46:46 localhost dbus[340]: [system] Activating via systemd: service name='org.freedesktop.Avahi' unit='dbus-org.freedesktop.Avahi.service'
Mar 12 21:46:46 localhost dbus[340]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.Avahi.service': Unit dbus-org.freedesktop.Avahi.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.Avahi.service' for details.
Mar 12 21:46:46 localhost dbus-daemon[340]: dbus[340]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.Avahi.service': Unit dbus-org.freedesktop.Avahi.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.Avahi.service' for details.
Mar 12 21:46:55 localhost dbus-daemon[340]: dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:46:55 localhost dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:46:55 localhost org.kde.powerdevil.backlighthelper: QDBusConnection: system D-Bus connection created before QCoreApplication. Application may misbehave.
Mar 12 21:46:55 localhost dbus-daemon[340]: dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:46:55 localhost dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:50:43 localhost kernel: [ 282.346749] usb 4-1: USB disconnect, device number 2
Mar 12 21:50:44 localhost kernel: [ 283.346743] usb 1-1: USB disconnect, device number 2
Mar 12 21:50:46 localhost dbus-daemon[340]: dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:50:46 localhost dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:50:46 localhost org.kde.powerdevil.backlighthelper: QDBusConnection: system D-Bus connection created before QCoreApplication. Application may misbehave.
Mar 12 21:50:46 localhost dbus-daemon[340]: dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:50:46 localhost dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:50:46 localhost kernel: [ 284.773394] Monitor-Mwait will be used to enter C-3 state
Mar 12 21:50:46 localhost kernel: [ 285.600790] EXT4-fs (sda5): re-mounted. Opts: data=ordered,commit=600
Mar 12 21:51:46 localhost dbus-daemon[340]: dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:51:46 localhost dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:51:46 localhost org.kde.powerdevil.backlighthelper: QDBusConnection: system D-Bus connection created before QCoreApplication. Application may misbehave.
Mar 12 21:51:46 localhost dbus-daemon[340]: dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:51:46 localhost dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:52:03 localhost kernel: [ 361.720026] usb 4-1: new low-speed USB device number 3 using uhci_hcd
Mar 12 21:52:03 localhost kernel: [ 362.021197] input: USB Keyboard as /devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1:1.0/input/input15
Mar 12 21:52:03 localhost kernel: [ 362.021535] hid-generic 0003:05AF:0802.0004: input,hidraw0: USB HID v1.10 Keyboard [ USB Keyboard] on usb-0000:00:1d.0-1/input0
Mar 12 21:52:03 localhost kernel: [ 362.113907] input: USB Keyboard as /devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1:1.1/input/input16
Mar 12 21:52:03 localhost kernel: [ 362.114113] hid-generic 0003:05AF:0802.0005: input,hidraw1: USB HID v1.10 Device [ USB Keyboard] on usb-0000:00:1d.0-1/input1
Mar 12 21:52:03 localhost dbus-daemon[340]: dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:52:03 localhost dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:52:04 localhost org.kde.powerdevil.backlighthelper: QDBusConnection: system D-Bus connection created before QCoreApplication. Application may misbehave.
Mar 12 21:52:04 localhost dbus-daemon[340]: dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:52:04 localhost dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:53:36 localhost dbus-daemon[340]: dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:53:36 localhost dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 21:53:36 localhost org.kde.powerdevil.backlighthelper: QDBusConnection: system D-Bus connection created before QCoreApplication. Application may misbehave.
Mar 12 21:53:36 localhost dbus-daemon[340]: dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:53:36 localhost dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 21:53:36 localhost kernel: [ 455.631890] EXT4-fs (sda5): re-mounted. Opts: data=ordered,commit=0
Mar 12 21:54:15 localhost kernel: [ 494.630014] usb 1-1: new low-speed USB device number 3 using uhci_hcd
Mar 12 21:54:16 localhost kernel: [ 494.819169] input: Logitech USB Optical Mouse as /devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1:1.0/input/input17
Mar 12 21:54:16 localhost kernel: [ 494.819483] hid-generic 0003:046D:C05B.0006: input,hidraw2: USB HID v1.11 Mouse [Logitech USB Optical Mouse] on usb-0000:00:1a.0-1/input0
Mar 12 21:56:16 localhost kernel: [ 615.359568] sky2 0000:06:00.0 eth0: enabling interface
Mar 12 21:56:16 localhost kernel: [ 615.359925] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 12 21:56:18 localhost kernel: [ 617.200722] sky2 0000:06:00.0 eth0: Link is up at 100 Mbps, full duplex, flow control rx
Mar 12 21:56:18 localhost kernel: [ 617.200761] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar 12 21:57:01 localhost kernel: [ 659.837395] sky2 0000:06:00.0 eth0: Link is down
Mar 12 21:57:03 localhost kernel: [ 662.485483] sky2 0000:06:00.0 eth0: Link is up at 100 Mbps, full duplex, flow control rx
Mar 12 21:58:03 localhost dhcpcd[1072]: version 5.6.4 starting
Mar 12 21:58:03 localhost kernel: [ 722.424132] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
Mar 12 21:58:03 localhost dhcpcd[1072]: eth0: sending IPv6 Router Solicitation
Mar 12 21:58:03 localhost dhcpcd[1072]: eth0: broadcasting for a lease
Mar 12 21:58:03 localhost dhcpcd[1072]: wlan0: waiting for carrier
Mar 12 21:58:03 localhost dhcpcd[1072]: wlan0: carrier acquired
Mar 12 21:58:03 localhost dhcpcd[1072]: wlan0: carrier lost
Mar 12 21:58:03 localhost dhcpcd[1072]: wlan0: waiting for carrier
Mar 12 21:58:04 localhost dhcpcd[1072]: eth0: offered 192.168.1.35 from 192.168.1.1
Mar 12 21:58:04 localhost dhcpcd[1072]: eth0: acknowledged 192.168.1.35 from 192.168.1.1
Mar 12 21:58:04 localhost dhcpcd[1072]: eth0: checking for 192.168.1.35
Mar 12 21:58:07 localhost dhcpcd[1072]: eth0: sending IPv6 Router Solicitation
Mar 12 21:58:10 localhost dhcpcd[1072]: eth0: leased 192.168.1.35 for 43200 seconds
Mar 12 21:58:10 localhost dhcpcd[1072]: forked to background, child pid 1119
Mar 12 21:58:11 localhost dhcpcd[1119]: eth0: sending IPv6 Router Solicitation
Mar 12 21:58:15 localhost dhcpcd[1119]: eth0: sending IPv6 Router Solicitation
Mar 12 21:58:15 localhost dhcpcd[1119]: eth0: no IPv6 Routers available
Mar 12 21:59:33 localhost kernel: [ 812.425190] konsole[1156]: segfault at 84 ip b73128d4 sp bf9e00c0 error 4 in libkdeui.so.5.10.0[b6fcb000+42b000]
Mar 12 21:59:33 localhost systemd-coredump[1158]: Process 1156 (konsole) dumped core.
Mar 12 21:59:47 localhost kernel: [ 826.338582] konsole[1164]: segfault at 84 ip b761e8d4 sp bfb066b0 error 4 in libkdeui.so.5.10.0[b72d7000+42b000]
Mar 12 21:59:48 localhost systemd-coredump[1165]: Process 1164 (konsole) dumped core.
Mar 12 22:00:32 localhost kernel: [ 870.727165] konsole[1174]: segfault at 84 ip b761e8d4 sp bfb066b0 error 4 in libkdeui.so.5.10.0[b72d7000+42b000]
Mar 12 22:00:32 localhost systemd-coredump[1175]: Process 1174 (konsole) dumped core.
Mar 12 22:01:01 localhost systemd[1]: Starting Cleanup of Temporary Directories...
Mar 12 22:01:01 localhost CROND[1186]: (root) CMD (run-parts /etc/cron.hourly)
Mar 12 22:01:01 localhost anacron[1192]: Anacron started on 2013-03-12
Mar 12 22:01:01 localhost anacron[1192]: Normal exit (0 jobs run)
Mar 12 22:01:01 localhost systemd[1]: Started Cleanup of Temporary Directories.
Mar 12 22:01:04 localhost kernel: [ 902.743018] konsole[1196]: segfault at 84 ip b761e8d4 sp bfb066b0 error 4 in libkdeui.so.5.10.0[b72d7000+42b000]
Mar 12 22:01:04 localhost systemd-coredump[1197]: Process 1196 (konsole) dumped core.
Mar 12 22:01:21 localhost dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 22:01:21 localhost org.kde.powerdevil.backlighthelper: QDBusConnection: system D-Bus connection created before QCoreApplication. Application may misbehave.
Mar 12 22:01:21 localhost dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 22:01:22 localhost dbus[340]: [system] Activating via systemd: service name='org.freedesktop.Avahi' unit='dbus-org.freedesktop.Avahi.service'
Mar 12 22:01:22 localhost dbus[340]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.Avahi.service': Unit dbus-org.freedesktop.Avahi.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.Avahi.service' for details.
Mar 12 22:01:26 localhost dbus-daemon[340]: dbus[340]: [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Mar 12 22:01:26 localhost dbus-daemon[340]: dbus[340]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Mar 12 22:01:26 localhost dbus-daemon[340]: dbus[340]: [system] Activating via systemd: service name='org.freedesktop.Avahi' unit='dbus-org.freedesktop.Avahi.service'
Mar 12 22:01:26 localhost dbus-daemon[340]: dbus[340]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.Avahi.service': Unit dbus-org.freedesktop.Avahi.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.Avahi.service' for details.
Mar 12 22:01:46 localhost dhcpcd[1119]: eth0: carrier lost
Mar 12 22:01:46 localhost kernel: [ 945.353892] sky2 0000:06:00.0 eth0: Link is down
ps aux
[ussr@unknown002454062846 ~]$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 5040 2772 ? Ss 21:46 0:00 /bin/systemd
root 2 0.0 0.0 0 0 ? S 21:46 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 21:46 0:01 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 21:46 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S< 21:46 0:00 [kworker/u:0H]
root 8 0.0 0.0 0 0 ? S 21:46 0:00 [migration/0]
root 9 0.0 0.0 0 0 ? S 21:46 0:01 [rcu_preempt]
root 10 0.0 0.0 0 0 ? S 21:46 0:00 [rcu_bh]
root 11 0.0 0.0 0 0 ? S 21:46 0:00 [rcu_sched]
root 12 0.0 0.0 0 0 ? S 21:46 0:00 [watchdog/0]
root 13 0.0 0.0 0 0 ? S 21:46 0:00 [watchdog/1]
root 14 0.0 0.0 0 0 ? S 21:46 0:01 [ksoftirqd/1]
root 15 0.0 0.0 0 0 ? S 21:46 0:00 [migration/1]
root 17 0.0 0.0 0 0 ? S< 21:46 0:00 [kworker/1:0H]
root 18 0.0 0.0 0 0 ? S< 21:46 0:00 [cpuset]
root 19 0.0 0.0 0 0 ? S< 21:46 0:00 [khelper]
root 20 0.0 0.0 0 0 ? S 21:46 0:00 [kdevtmpfs]
root 21 0.0 0.0 0 0 ? S< 21:46 0:00 [netns]
root 22 0.0 0.0 0 0 ? S 21:46 0:00 [bdi-default]
root 23 0.0 0.0 0 0 ? S< 21:46 0:00 [kblockd]
root 26 0.0 0.0 0 0 ? S 21:46 0:00 [khungtaskd]
root 27 0.0 0.0 0 0 ? S 21:46 0:00 [kswapd0]
root 28 0.0 0.0 0 0 ? SN 21:46 0:00 [ksmd]
root 29 0.0 0.0 0 0 ? SN 21:46 0:00 [khugepaged]
root 30 0.0 0.0 0 0 ? S 21:46 0:00 [fsnotify_mark]
root 31 0.0 0.0 0 0 ? S< 21:46 0:00 [crypto]
root 35 0.0 0.0 0 0 ? S< 21:46 0:00 [kthrotld]
root 37 0.0 0.0 0 0 ? S< 21:46 0:00 [deferwq]
root 82 0.0 0.0 0 0 ? S 21:46 0:00 [khubd]
root 83 0.0 0.0 0 0 ? S< 21:46 0:00 [ata_sff]
root 84 0.0 0.0 0 0 ? S 21:46 0:00 [scsi_eh_0]
root 85 0.0 0.0 0 0 ? S 21:46 0:00 [scsi_eh_1]
root 86 0.0 0.0 0 0 ? S 21:46 0:00 [scsi_eh_2]
root 87 0.0 0.0 0 0 ? S 21:46 0:00 [scsi_eh_3]
root 88 0.0 0.0 0 0 ? S 21:46 0:00 [scsi_eh_4]
root 89 0.0 0.0 0 0 ? S 21:46 0:00 [scsi_eh_5]
root 92 0.0 0.0 0 0 ? S 21:46 0:00 [kworker/u:4]
root 97 0.0 0.0 0 0 ? S< 21:46 0:00 [kworker/1:1H]
root 98 0.0 0.0 0 0 ? S< 21:46 0:00 [kworker/0:1H]
root 106 0.0 0.0 0 0 ? S 21:46 0:00 [jbd2/sda5-8]
root 107 0.0 0.0 0 0 ? S< 21:46 0:00 [ext4-dio-unwrit]
root 124 0.0 0.0 11032 1904 ? Ss 21:46 0:00 /usr/lib/systemd/systemd-udevd
root 134 0.9 0.8 118768 26528 ? Ss 21:46 1:04 /usr/lib/systemd/systemd-journald
root 145 0.0 0.0 0 0 ? S< 21:46 0:00 [iprt]
root 229 0.0 0.0 0 0 ? S< 21:46 0:00 [led_workqueue]
root 230 0.0 0.0 0 0 ? S< 21:46 0:00 [kpsmoused]
root 240 0.0 0.0 0 0 ? S< 21:46 0:00 [cfg80211]
root 242 0.0 0.0 0 0 ? S< 21:46 0:00 [ttm_swap]
root 304 0.0 0.0 0 0 ? S< 21:46 0:00 [hd-audio0]
root 327 0.0 0.0 0 0 ? S< 21:46 0:00 [hd-audio1]
root 331 0.0 0.0 4924 996 ? Ss 21:46 0:00 /usr/bin/mount.ntfs-3g /dev/sda4 /media/Datos -o rw,relatime
root 337 0.0 0.1 7608 3252 ? Ss 21:46 0:00 /usr/sbin/syslog-ng -F
root 339 0.0 0.0 4800 1280 ? Ss 21:46 0:00 /usr/sbin/crond -n
dbus 340 0.0 0.0 3384 1800 ? Ss 21:46 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 341 0.0 0.0 3336 1568 ? Ss 21:46 0:00 /usr/lib/systemd/systemd-logind
root 347 0.0 0.0 3812 744 tty1 Ss+ 21:46 0:00 /sbin/agetty --noclear tty1 38400 linux
root 348 0.0 0.0 3968 1040 ? Ss 21:46 0:00 /usr/bin/kdm -nodaemon
root 455 0.0 0.2 29692 8296 ? Ssl 21:46 0:01 /usr/lib/upower/upowerd
polkitd 463 0.0 0.3 61912 11272 ? Ssl 21:46 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 500 0.0 0.1 43028 4060 ? Ssl 21:46 0:01 /usr/lib/udisks2/udisksd --no-debug
root 1119 0.0 0.0 2420 348 ? Ss 21:58 0:00 dhcpcd
root 1248 0.4 1.1 86772 34320 tty7 Ssl+ 22:01 0:27 /usr/bin/X :0 vt7 -nolisten tcp -auth /var/run/xauth/A:0-WnL9Aa
root 1252 0.0 0.0 5468 2316 ? S 22:01 0:00 -:0
ussr 1267 0.0 0.0 5196 1624 ? Ss 22:01 0:00 /bin/sh /usr/bin/startkde
ussr 1278 0.0 0.0 3624 592 ? S 22:01 0:00 /usr/bin/dbus-launch --sh-syntax --exit-with-session
ussr 1279 0.0 0.0 4300 1848 ? Ss 22:01 0:01 /usr/bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session
ussr 1305 0.0 0.0 4736 384 ? Ss 22:01 0:00 /usr/bin/gpg-agent -s --daemon --pinentry-program /usr/bin/pinentry-qt4 --write-env-file
ussr 1308 0.0 0.0 4216 424 ? Ss 22:01 0:00 /usr/bin/ssh-agent -s
root 1323 0.0 0.0 2032 56 ? S 22:01 0:00 /usr/lib/kde4/libexec/start_kdeinit +kcminit_startup
ussr 1324 0.0 0.5 129264 16476 ? Ss 22:01 0:00 kdeinit4: kdeinit4 Running...
ussr 1325 0.0 0.3 131292 11184 ? S 22:01 0:00 kdeinit4: klauncher [kdeinit] --fd=9
ussr 1327 0.0 1.0 215392 30976 ? Sl 22:01 0:01 kdeinit4: kded4 [kdeinit]
ussr 1334 0.0 0.6 146508 18616 ? S 22:01 0:00 kdeinit4: kglobalaccel [kdeinit]
ussr 1338 0.0 0.5 162384 17088 ? Sl 22:01 0:00 /usr/bin/kactivitymanagerd
ussr 1346 0.0 0.0 2168 284 ? S 22:01 0:00 kwrapper4 ksmserver
ussr 1347 0.0 0.6 155184 18500 ? Sl 22:01 0:00 kdeinit4: ksmserver [kdeinit]
ussr 1353 0.3 2.7 481808 83556 ? Sl 22:01 0:19 kwin -session 1014cd7d2d4000134981367400000006900000_1363122074_66050
ussr 1363 0.0 0.8 148664 26072 ? Sl 22:01 0:00 /usr/bin/knotify4
ussr 1367 0.4 4.5 466704 139528 ? Sl 22:01 0:27 kdeinit4: plasma-desktop [kdeinit]
ussr 1373 0.0 0.4 86180 15092 ? S 22:01 0:00 /usr/bin/kuiserver
ussr 1379 0.0 0.1 45584 5780 ? Sl 22:01 0:00 /usr/bin/akonadi_control
ussr 1381 0.0 0.3 204676 10096 ? Sl 22:01 0:00 akonadiserver
ussr 1384 0.0 1.2 241804 38312 ? Sl 22:01 0:01 /usr/bin/mysqld --defaults-file=/home/ussr/.local/share/akonadi/mysql.conf --datadir=/home/ussr/.local/
ussr 1418 0.0 0.5 85804 16604 ? Sl 22:01 0:00 /usr/bin/akonadi_agent_launcher akonadi_akonotes_resource akonadi_akonotes_resource_0
ussr 1419 0.0 0.9 158040 29748 ? S 22:01 0:00 /usr/bin/akonadi_archivemail_agent --identifier akonadi_archivemail_agent
ussr 1420 0.0 0.5 86000 16680 ? Sl 22:01 0:00 /usr/bin/akonadi_agent_launcher akonadi_ical_resource akonadi_ical_resource_0
ussr 1421 0.0 0.5 85940 16876 ? Sl 22:01 0:00 /usr/bin/akonadi_agent_launcher akonadi_maildir_resource akonadi_maildir_resource_0
ussr 1422 0.0 0.6 94976 19712 ? S 22:01 0:00 /usr/bin/akonadi_maildispatcher_agent --identifier akonadi_maildispatcher_agent
ussr 1423 0.0 0.9 158060 30048 ? S 22:01 0:00 /usr/bin/akonadi_mailfilter_agent --identifier akonadi_mailfilter_agent
ussr 1424 0.0 0.6 99780 18892 ? Sl 22:01 0:00 /usr/bin/akonadi_nepomuk_feeder --identifier akonadi_nepomuk_feeder
ussr 1446 0.0 0.3 129528 9488 ? S 22:01 0:00 kdeinit4: kio_http_cache_cleaner [kdeinit]
ussr 1456 0.0 0.3 73352 9880 ? Sl 22:01 0:00 /usr/bin/nepomukserver
ussr 1461 0.2 2.3 231052 71768 ? SNl 22:01 0:12 /usr/bin/nepomukservicestub nepomukstorage
ussr 1471 0.6 1.4 57668 44308 ? SNl 22:01 0:35 /usr/bin/virtuoso-t +foreground +configfile /tmp/virtuoso_ZT1461.ini +wait
ussr 1481 0.0 1.2 272872 37436 ? Sl 22:01 0:00 kdeinit4: krunner [kdeinit]
ussr 1484 0.0 0.7 241356 24124 ? Sl 22:01 0:00 kdeinit4: kmix [kdeinit] -session 1014cd7d2d400013498136850000
ussr 1488 0.0 0.4 87280 14960 ? S 22:01 0:00 /usr/bin/nepomukcontroller -session 1014cd7d2d4000134981368500000006900010_1363122074_36315
ussr 1490 0.0 0.7 111408 23264 ? Sl 22:01 0:04 yakuake -session 1014cd7d2d4000135280595900000005570044_1363122074_36424
ussr 1495 0.0 0.0 5360 2060 pts/0 Ss+ 22:01 0:00 /bin/bash
ussr 1503 0.0 0.5 97452 16812 ? Sl 22:01 0:00 /usr/lib/kde4/libexec/polkit-kde-authentication-agent-1
ussr 1504 0.0 0.5 105388 17392 ? S 22:01 0:00 /usr/bin/korgac --icon korgac
ussr 1516 0.0 0.5 145452 17504 ? S 22:01 0:00 kdeinit4: klipper [kdeinit]
ussr 1561 0.2 0.9 164820 27976 ? Rl 22:01 0:12 kdeinit4: konsole [kdeinit]
ussr 1563 0.0 0.0 5356 2112 pts/2 Ss 22:01 0:00 /bin/bash
ussr 1565 0.0 0.6 109208 19384 ? SNl 22:01 0:00 /usr/bin/nepomukservicestub nepomukfilewatch
ussr 1569 0.1 1.2 123320 37384 ? SNl 22:01 0:08 /usr/bin/nepomukservicestub nepomukfileindexer
root 1825 0.0 0.0 0 0 ? S 22:06 0:01 [kworker/1:1]
root 1837 0.0 0.0 0 0 ? S 22:21 0:00 [flush-8:0]
root 1859 0.0 0.0 0 0 ? S 23:10 0:00 [kworker/0:1]
root 1872 0.0 0.0 0 0 ? S 23:10 0:00 [scsi_eh_6]
root 1873 0.0 0.0 0 0 ? S 23:10 0:00 [usb-storage]
root 1876 0.0 0.0 0 0 ? S 23:10 0:00 [kworker/1:0]
root 1877 0.0 0.0 0 0 ? S 23:10 0:00 [kworker/u:0]
ussr 1919 0.0 0.0 35080 2892 ? Sl 23:11 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher
ussr 1974 0.0 0.0 3020 1356 ? S 23:12 0:00 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
ussr 1977 0.0 0.1 17320 3152 ? Sl 23:12 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
ussr 1980 0.0 0.0 8084 1968 ? S 23:12 0:00 /usr/lib/GConf/gconfd-2
root 2036 0.0 0.0 0 0 ? S 23:21 0:00 [kworker/0:0]
root 2044 0.0 0.0 0 0 ? S 23:31 0:00 [kworker/0:2]
root 2047 0.0 0.0 0 0 ? S 23:34 0:00 [flush-8:16]
ussr 2079 0.0 0.0 4676 1208 pts/2 R+ 23:36 0:00 ps aux
I have checked in .bashrc and the prompt is still:
PS1='[\u@\h \W]\$ '
And \h means hostname... And if I check in /etc/hosts:
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
So, something is wrong..
I don't know how to proceed, nor in the computer A, neither in the computer B.
Question C: Is possible to have any mechanism to know every file that is modified, add or delete on the whole system? Something like the log but for every file? I think is the only way to know what is going on.
Any help? Please, I'm so lost in this area..
Ok, thank you for the answers.
Because I don't know about which computer you ask about the services, I write for both.
Computer A
uname -r
3.1.10-1.16-desktop
Processes (ps -Al)
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 5408 2536 ? Ss Mar12 0:02 /sbin/init showopts
root 2 0.0 0.0 0 0 ? S Mar12 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Mar12 0:00 [ksoftirqd/0]
root 6 0.0 0.0 0 0 ? S Mar12 0:00 [migration/0]
root 7 0.0 0.0 0 0 ? SN Mar12 0:16 [rcuc0]
root 8 0.0 0.0 0 0 ? S Mar12 0:00 [rcun0]
root 9 0.0 0.0 0 0 ? S Mar12 0:00 [rcub0]
root 10 0.0 0.0 0 0 ? S Mar12 0:00 [rcun1]
root 11 0.0 0.0 0 0 ? S Mar12 0:00 [rcub1]
root 12 0.0 0.0 0 0 ? S Mar12 0:00 [watchdog/0]
root 13 0.0 0.0 0 0 ? S Mar12 0:00 [migration/1]
root 15 0.0 0.0 0 0 ? SN Mar12 0:14 [rcuc1]
root 16 0.0 0.0 0 0 ? S Mar12 0:00 [ksoftirqd/1]
root 18 0.0 0.0 0 0 ? S Mar12 0:00 [watchdog/1]
root 19 0.0 0.0 0 0 ? S Mar12 0:00 [migration/2]
root 21 0.0 0.0 0 0 ? SN Mar12 0:12 [rcuc2]
root 22 0.0 0.0 0 0 ? S Mar12 0:00 [ksoftirqd/2]
root 23 0.0 0.0 0 0 ? S Mar12 0:00 [watchdog/2]
root 24 0.0 0.0 0 0 ? S Mar12 0:00 [migration/3]
root 26 0.0 0.0 0 0 ? SN Mar12 0:09 [rcuc3]
root 27 0.0 0.0 0 0 ? S Mar12 0:04 [ksoftirqd/3]
root 28 0.0 0.0 0 0 ? S Mar12 0:00 [watchdog/3]
root 29 0.0 0.0 0 0 ? S< Mar12 0:00 [cpuset]
root 30 0.0 0.0 0 0 ? S< Mar12 0:00 [khelper]
root 31 0.0 0.0 0 0 ? S Mar12 0:00 [kdevtmpfs]
root 32 0.0 0.0 0 0 ? S< Mar12 0:00 [netns]
root 33 0.0 0.0 0 0 ? S Mar12 0:00 [sync_supers]
root 34 0.0 0.0 0 0 ? S Mar12 0:00 [bdi-default]
root 35 0.0 0.0 0 0 ? S< Mar12 0:00 [kintegrityd]
root 36 0.0 0.0 0 0 ? S< Mar12 0:00 [kblockd]
root 37 0.0 0.0 0 0 ? S< Mar12 0:00 [ata_sff]
root 38 0.0 0.0 0 0 ? S Mar12 0:00 [khubd]
root 39 0.0 0.0 0 0 ? S< Mar12 0:00 [md]
root 41 0.0 0.0 0 0 ? S Mar12 0:00 [khungtaskd]
root 42 0.3 0.0 0 0 ? S Mar12 3:02 [kswapd0]
root 43 0.0 0.0 0 0 ? SN Mar12 0:00 [ksmd]
root 44 0.0 0.0 0 0 ? SN Mar12 0:02 [khugepaged]
root 45 0.0 0.0 0 0 ? S Mar12 0:00 [fsnotify_mark]
root 46 0.0 0.0 0 0 ? S< Mar12 0:00 [crypto]
root 50 0.0 0.0 0 0 ? S< Mar12 0:00 [kthrotld]
root 85 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_0]
root 86 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_1]
root 87 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_2]
root 88 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_3]
root 92 0.0 0.0 0 0 ? S Mar12 0:00 [kworker/u:3]
root 101 0.0 0.0 0 0 ? S< Mar12 0:00 [kpsmoused]
root 103 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_4]
root 104 0.0 0.0 0 0 ? S Mar12 0:03 [usb-storage]
root 106 0.0 0.0 0 0 ? S Mar12 0:00 [kworker/u:5]
root 141 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_5]
root 142 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_6]
root 143 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_7]
root 144 0.0 0.0 0 0 ? S Mar12 0:20 [usb-storage]
root 148 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_8]
root 149 0.0 0.0 0 0 ? S Mar12 0:00 [scsi_eh_9]
root 217 0.0 0.0 0 0 ? S< Mar12 0:00 [ttm_swap]
root 432 0.0 0.0 0 0 ? S Mar12 0:01 [jbd2/sda5-8]
root 433 0.0 0.0 0 0 ? S< Mar12 0:00 [ext4-dio-unwrit]
root 471 0.0 0.0 3236 348 ? Ss Mar12 0:00 /sbin/udevd
root 494 0.0 0.0 0 0 ? S Mar12 0:00 [kauditd]
root 495 0.0 0.0 2284 364 ? Ss Mar12 0:00 /lib/systemd/systemd-stdout-syslog-bridge
root 643 0.0 0.0 3148 256 ? S Mar12 0:00 /sbin/udevd
root 644 0.0 0.0 3148 244 ? S Mar12 0:00 /sbin/udevd
root 749 0.0 0.0 0 0 ? S< Mar12 0:00 [firewire]
root 782 0.0 0.0 0 0 ? S< Mar12 0:00 [hd-audio1]
root 824 0.0 0.0 0 0 ? S< Mar12 0:00 [hd-audio2]
root 881 0.8 0.0 12720 1580 ? Ss Mar12 7:49 /sbin/mount.ntfs-3g /dev/sdc1 /windows/datos -o rw,locale=es_ES.UTF-8
root 897 1.5 0.0 10540 2064 ? Ss Mar12 13:31 /sbin/mount.ntfs-3g /dev/sda3 /windows/othe -o rw,noexec,nosuid,nodev,users,gid=10
root 898 0.7 0.0 9780 1088 ? Ss Mar12 6:36 /sbin/mount.ntfs-3g /dev/sda4 /windows/caviarblue -o rw,locale=es_ES.UTF-8
root 903 0.0 0.0 0 0 ? S Mar12 0:12 [jbd2/sda6-8]
root 904 0.0 0.0 0 0 ? S< Mar12 0:00 [ext4-dio-unwrit]
root 963 0.0 0.0 3140 840 ? Ss Mar12 0:00 /lib/systemd/systemd-logind
root 988 0.0 0.0 40136 232 ? Sl Mar12 0:00 /sbin/rsyslogd -c 5 -f /etc/rsyslog.conf
root 994 0.0 0.0 1920 276 ? Ss Mar12 0:00 /sbin/acpid
avahi 1010 0.0 0.0 2940 676 ? Ss Mar12 0:00 avahi-daemon: running [linux-7sgr.local]
root 1021 0.0 0.0 1908 248 ? Ss Mar12 0:00 /usr/sbin/nscd
102 1043 0.0 0.0 3540 1308 ? Ss Mar12 0:12 /bin/dbus-daemon --system --address=systemd: --nofork --systemd-activation
root 1058 0.0 0.0 6288 184 ? Ss Mar12 0:03 /sbin/haveged -w 1024 -v 1
root 1199 0.0 0.0 7888 780 ? Ss Mar12 0:00 /usr/sbin/cupsd -C /etc/cups/cupsd.conf
root 1312 0.0 0.0 4124 308 ? Ss Mar12 0:00 /usr/bin/kdm
root 1427 5.6 1.1 65368 42660 tty7 Ss+ Mar12 50:26 /usr/bin/Xorg -br :0 vt7 -nolisten tcp -auth /var/lib/xdm/authdir/authfiles/A:0-Fx
root 1489 0.0 0.0 1908 268 tty1 Ss+ Mar12 0:00 /sbin/agetty tty1 38400
root 1703 0.0 0.0 5164 420 ? S Mar12 0:00 -:0
root 1727 0.0 0.0 33660 992 ? Ssl Mar12 0:00 /usr/sbin/console-kit-daemon --no-daemon
root 1801 0.0 0.0 25224 2300 ? Sl Mar12 0:01 /usr/lib/polkit-1/polkitd --no-debug
userA 1825 0.0 0.0 4624 292 ? Ss Mar12 0:00 /bin/sh /usr/bin/startkde
root 1992 0.0 0.0 5248 492 ? S Mar12 0:00 /sbin/dhclient6 -6 -cf /var/lib/dhcp6/dhclient6.eth0.conf -lf /var/lib/dhcp6/dhcli
userA 1995 0.0 0.0 5464 1112 ? Ss Mar12 0:01 /usr/bin/gpg-agent --sh --daemon --write-env-file /home/userA/.gnupg/agent.info /et
userA 2115 0.0 0.0 3332 268 ? S Mar12 0:00 dbus-launch --sh-syntax --exit-with-session
userA 2116 0.0 0.0 4736 1612 ? Ss Mar12 0:02 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root 2123 0.0 0.0 1752 112 ? S Mar12 0:00 /usr/lib/kde4/libexec/start_kdeinit +kcminit_startup
userA 2133 0.0 0.0 92820 1976 ? Ss Mar12 0:00 kdeinit4: kdeinit4 Running...
userA 2143 0.0 0.0 96676 3636 ? S Mar12 0:00 kdeinit4: klauncher [kdeinit] --fd=9
userA 2213 0.0 0.1 216804 6720 ? Sl Mar12 0:06 kdeinit4: kded4 [kdeinit]
root 2533 0.0 0.0 2100 432 ? Ss Mar12 0:00 /sbin/dhcpcd --netconfig -L -E -HHH -c /etc/sysconfig/network/scripts/dhcpcd-hook
userA 2553 0.0 0.0 111996 3512 ? S Mar12 0:01 kdeinit4: kglobalaccel [kdeinit]
root 2576 0.0 0.0 28016 1060 ? Sl Mar12 0:00 /usr/lib/upower/upowerd
userA 2601 0.0 0.0 1888 0 ? S Mar12 0:00 kwrapper4 ksmserver
userA 2605 0.0 0.0 119976 3448 ? Sl Mar12 0:01 kdeinit4: ksmserver [kdeinit]
root 2624 0.0 0.0 24100 1788 ? Sl Mar12 0:11 /usr/lib/udisks/udisks-daemon
root 2625 0.0 0.0 6308 160 ? S Mar12 0:00 udisks-daemon: not polling any devices
userA 2654 1.4 8.8 585524 339936 ? Sl Mar12 12:35 kwin -session 1014b108a5e8000134377289300000096170000_1363115313_870095
userA 2727 0.0 0.0 61432 2768 ? S Mar12 0:01 /usr/bin/kactivitymanagerd
userA 2804 0.0 0.1 266168 4040 ? Sl Mar12 0:02 /usr/bin/knotify4
userA 2836 0.2 0.7 350760 28952 ? Sl Mar12 2:09 kdeinit4: plasma-desktop [kdeinit]
userA 2978 0.0 0.0 61184 2696 ? S Mar12 0:01 /usr/bin/kuiserver
userA 3048 0.0 0.0 110224 2292 ? S Mar12 0:03 kdeinit4: kaccess [kdeinit]
userA 3055 0.0 0.0 104028 1480 ? Sl Mar12 0:00 kdeinit4: nepomukserver [kdeinit]
userA 3058 0.2 0.9 315204 35676 ? Sl Mar12 2:27 kdeinit4: krunner [kdeinit]
userA 3064 0.0 0.4 264532 15884 ? SNl Mar12 0:01 /usr/bin/nepomukservicestub nepomukstorage
userA 3080 0.0 0.3 49512 12752 ? SNl Mar12 0:10 /usr/bin/virtuoso-t +foreground +configfile /tmp/virtuoso_Ti3064.ini +wait
userA 3119 0.0 0.0 20364 1740 ? Sl Mar12 0:01 /usr/bin/akonadi_control
userA 3123 0.0 0.0 248556 1212 ? Sl Mar12 0:03 akonadiserver
userA 3130 0.0 0.2 253544 8312 ? Sl Mar12 0:19 /usr/sbin/mysqld --defaults-file=/home/userA/.local/share/akonadi//mysql.conf --dat
userA 3228 0.0 0.0 60248 2340 ? S Mar12 0:01 /usr/bin/nepomukcontroller -session 1014b108a5e8000134377292700000096170011_136311
userA 3231 0.0 0.2 272104 9184 ? Sl Mar12 0:02 kdeinit4: kmix [kdeinit] -session 1014b108a5e80001346397487000
userA 3241 0.0 0.1 115340 4092 ? S Mar12 0:01 /usr/bin/kget -session 1014b108a5e8000135447427400000059430038_1363115313_756240
userA 3274 0.0 0.0 67384 2356 ? SN Mar12 0:00 /usr/bin/nepomukservicestub nepomukbackupsync
userA 3275 0.0 0.0 120176 2140 ? SN Mar12 0:00 /usr/bin/nepomukservicestub digikamnepomukservice
userA 3276 0.0 0.1 90360 3996 ? SNl Mar12 0:02 /usr/bin/nepomukservicestub nepomukfilewatch
userA 3280 0.0 0.1 80288 5564 ? SN Mar12 0:00 /usr/bin/nepomukservicestub nepomukqueryservice
userA 3293 0.0 0.1 230116 6096 ? Sl Mar12 0:42 /usr/bin/pulseaudio --start --log-target=syslog
rtkit 3295 0.0 0.0 20824 364 ? SNl Mar12 0:01 /usr/lib/rtkit/rtkit-daemon
userA 3325 0.0 0.0 60340 2424 ? Sl Mar12 0:01 /usr/bin/akonadi_agent_launcher akonadi_akonotes_resource akonadi_akonotes_resourc
userA 3326 0.0 0.0 60336 2536 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_akonotes_resource akonadi_akonotes_resourc
userA 3327 0.0 0.0 59940 2528 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3328 0.0 0.0 59996 2372 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3329 0.0 0.0 59996 2556 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3330 0.0 0.0 59976 2360 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3331 0.0 0.0 59940 2332 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3340 0.0 0.0 59976 2396 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3342 0.0 0.0 59976 2360 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3343 0.0 0.0 60000 2380 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3344 0.0 0.0 59940 2540 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3345 0.0 0.0 59940 2516 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_contacts_resource akonadi_contacts_resourc
userA 3346 0.0 0.0 60588 2484 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_ical_resource akonadi_ical_resource_0
userA 3348 0.0 0.0 60600 2508 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_ical_resource akonadi_ical_resource_1
userA 3349 0.0 0.0 60604 2492 ? Sl Mar12 0:00 /usr/bin/akonadi_agent_launcher akonadi_ical_resource akonadi_ical_resource_2
userA 3354 0.0 0.0 60344 2472 ? Sl Mar12 0:01 /usr/bin/akonadi_agent_launcher akonadi_maildir_resource akonadi_maildir_resource_
userA 3357 0.0 0.0 69112 2848 ? S Mar12 0:01 /usr/bin/akonadi_maildispatcher_agent --identifier akonadi_maildispatcher_agent
userA 3366 0.0 0.0 64084 2884 ? S Mar12 0:01 /usr/bin/akonadi_nepomuk_calendar_feeder --identifier akonadi_nepomuk_calendar_fee
userA 3367 0.0 0.0 63388 2708 ? S Mar12 0:01 /usr/bin/akonadi_nepomuk_contact_feeder --identifier akonadi_nepomuk_contact_feede
userA 3368 0.0 0.0 107516 3424 ? S Mar12 0:01 /usr/bin/akonadi_nepomuk_email_feeder --identifier akonadi_nepomuk_email_feeder
userA 3471 0.0 0.0 70708 2140 ? Sl Mar12 0:00 /usr/lib/kde4/libexec/polkit-kde-authentication-agent-1
userA 3512 0.0 0.0 7536 752 ? S Mar12 0:00 /usr/lib/gvfs/gvfsd
userA 3516 0.0 0.0 34272 204 ? Ssl Mar12 0:00 /usr/lib/gvfs//gvfs-fuse-daemon /home/userA/.gvfs
root 3923 0.0 0.0 4668 408 ? Ss Mar12 0:00 /usr/sbin/cron -n
userA 4848 0.0 0.0 8032 1068 ? S Mar12 0:00 /usr/lib/GConf/2/gconfd-2
root 5490 0.0 0.0 0 0 ? S Mar12 0:08 [kworker/1:2]
root 6174 0.0 0.0 0 0 ? S 02:12 0:03 [kworker/2:3]
root 6331 0.0 0.0 0 0 ? S 03:30 0:00 [flush-8:0]
userA 8569 1.8 5.6 766616 217576 ? Sl 08:43 1:33 /usr/lib/firefox/firefox
userA 8601 0.0 0.4 64256 17276 ? S 08:43 0:00 /usr/lib/mozilla/kmozillahelper
userA 8693 9.0 0.5 127856 21652 ? Rl 08:50 6:58 kdeinit4: konsole [kdeinit]
userA 8701 0.0 0.0 5432 2436 pts/1 Ss 08:50 0:00 /bin/bash
root 8751 0.0 0.0 7968 2352 pts/1 S+ 08:54 0:00 sudo clamscan -r -l logclamav.log / --exclude-dir=/media/
root 8753 69.3 3.0 129096 117808 pts/1 R+ 08:54 50:19 clamscan -r -l logclamav.log / --exclude-dir=/media/
root 8823 0.0 0.0 0 0 ? S 09:17 0:01 [kworker/2:2]
root 8830 0.1 0.0 0 0 ? S 09:26 0:03 [kworker/3:0]
root 8852 0.5 0.0 0 0 ? S 09:34 0:10 [kworker/0:0]
root 8858 0.0 0.0 0 0 ? S 09:40 0:01 [kworker/2:0]
userA 8945 0.0 0.0 5432 2432 pts/2 Ss 09:51 0:00 /bin/bash
root 9174 0.1 0.0 0 0 ? S 09:53 0:01 [kworker/1:0]
root 9177 0.5 0.0 0 0 ? S 09:55 0:03 [kworker/0:3]
userA 9178 1.7 0.9 166588 36800 ? Sl 09:55 0:12 kdeinit4: kwrite [kdeinit]
root 9192 0.0 0.0 0 0 ? S 09:57 0:00 [kworker/3:1]
root 9227 0.0 0.0 0 0 ? S 10:00 0:00 [kworker/0:2]
root 9239 0.0 0.0 0 0 ? S 10:00 0:00 [flush-8:32]
userA 9280 0.3 0.0 5768 1700 ? SL 10:01 0:01 scdaemon --multi-server
userA 9301 8.3 1.0 205940 39936 ? Sl 10:01 0:31 /usr/bin/vlc /windows/datos/Música/Caro emerald - Deleted scenes from the cutting
root 9594 0.1 0.0 0 0 ? S 10:02 0:00 [kworker/3:2]
root 9947 0.0 0.0 0 0 ? S 10:05 0:00 [kworker/2:1]
userA 9987 0.0 0.1 102804 6520 ? Sl 10:05 0:00 kdeinit4: kio_trash [kdeinit] trash local:/tmp/ksocket-userA/kl
userA 9988 0.0 0.1 93424 5280 ? S 10:05 0:00 kdeinit4: kio_file [kdeinit] file local:/tmp/ksocket-userA/klau
userA 9997 0.0 0.1 93420 5280 ? S 10:05 0:00 kdeinit4: kio_file [kdeinit] file local:/tmp/ksocket-userA/klau
userA 9998 0.1 0.3 112416 14036 ? S 10:05 0:00 kdeinit4: kio_thumbnail [kdeinit] thumbnail local:/tmp/ksocket
root 10034 0.0 0.0 0 0 ? S 10:05 0:00 [kworker/0:1]
userA 10128 1.5 0.6 143964 23404 ? Sl 10:05 0:01 /usr/lib/firefox/plugin-container /usr/lib/browser-plugins/libflashplayer.so -greo
userA 10385 0.0 0.0 0 0 ? Z 10:07 0:00 [scdaemon] <defunct>
userA 10387 0.0 0.0 2620 864 pts/2 R+ 10:07 0:00 ps aux
I don't see above any process related with ftp, telnet, sshd (inactive below), etc. But above and below we can see dhcp6/dhcpcd/dhclient6 active.
Services (sudo /sbin/service --status-all)
redirecting to systemctl
SuSEfirewall2_init.service - LSB: SuSEfirewall2 phase 1
Loaded: loaded (/etc/init.d/SuSEfirewall2_init)
Active: active (exited) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 938 ExecStart=/etc/init.d/SuSEfirewall2_init start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/SuSEfirewall2_init.service
Checking the status of SuSEfirewall2 running
redirecting to systemctl
acpid.service - ACPI Event Daemon
Loaded: loaded (/lib/systemd/system/acpid.service; enabled)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 993 ExecStart=/sbin/acpid (code=exited, status=0/SUCCESS)
Main PID: 994 (acpid)
CGroup: name=systemd:/system/acpid.service
└ 994 /sbin/acpid
redirecting to systemctl
alsa-restore.service - Restore Sound Card State
Loaded: loaded (/lib/systemd/system/alsa-restore.service; static)
Active: inactive (dead) since Tue, 12 Mar 2013 19:09:29 +0000; 14h ago
Process: 909 ExecStart=/usr/sbin/alsactl restore (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/alsa-restore.service
redirecting to systemctl
atd.service - LSB: Start AT batch job daemon
Loaded: loaded (/etc/init.d/atd)
Active: inactive (dead)
CGroup: name=systemd:/system/atd.service
redirecting to systemctl
autofs.service - LSB: automatic mounting of filesystems
Loaded: loaded (/etc/init.d/autofs)
Active: inactive (dead)
CGroup: name=systemd:/system/autofs.service
redirecting to systemctl
avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/lib/systemd/system/avahi-daemon.service; enabled)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Main PID: 1010 (avahi-daemon)
Status: "Server startup complete. Host name is linux-7sgr.local. Local service cookie is 198690539."
CGroup: name=systemd:/system/avahi-daemon.service
└ 1010 avahi-daemon: running [linux-7sgr.local]
redirecting to systemctl
avahi-dnsconfd.service - Avahi DNS Configuration Daemon
Loaded: loaded (/lib/systemd/system/avahi-dnsconfd.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/avahi-dnsconfd.service
redirecting to systemctl
bluez-coldplug.service - LSB: handles udev coldplug of bluetooth dongles
Loaded: loaded (/etc/init.d/bluez-coldplug)
Active: active (exited) since Tue, 12 Mar 2013 19:09:52 +0000; 14h ago
Process: 3920 ExecStart=/etc/init.d/bluez-coldplug start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/bluez-coldplug.service
redirecting to systemctl
cgroup.service
Loaded: masked (/dev/null)
Active: inactive (dead)
redirecting to systemctl
systemd-tmpfiles-setup.service - Recreate Volatile Files and Directories
Loaded: loaded (/lib/systemd/system/systemd-tmpfiles-setup.service; static)
Active: active (exited) since Tue, 12 Mar 2013 19:09:29 +0000; 14h ago
Process: 906 ExecStart=/bin/systemd-tmpfiles --create --remove (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/systemd-tmpfiles-setup.service
redirecting to systemctl
clock.service
Loaded: masked (/dev/null)
Active: inactive (dead)
redirecting to systemctl
crypto.service
Loaded: masked (/dev/null)
Active: inactive (dead)
redirecting to systemctl
crypto-early.service
Loaded: masked (/dev/null)
Active: inactive (dead)
redirecting to systemctl
cycle.service - LSB: Set default boot entry if called
Loaded: loaded (/etc/init.d/boot.cycle)
Active: active (exited) since Tue, 12 Mar 2013 19:09:19 +0000; 14h ago
Process: 470 ExecStart=/etc/init.d/boot.cycle start (code=exited, status=6/NOTCONFIGURED)
CGroup: name=systemd:/system/cycle.service
redirecting to systemctl
device-mapper.service
Loaded: masked (/dev/null)
Active: inactive (dead)
Warning: Unit file changed on disk, 'systemctl --system daemon-reload' recommended.
redirecting to systemctl
dmraid.service - LSB: start dmraid
Loaded: loaded (/etc/init.d/boot.dmraid)
Active: inactive (dead)
CGroup: name=systemd:/system/dmraid.service
redirecting to systemctl
klog.service - Early Kernel Boot Messages
Loaded: loaded (/lib/systemd/system/klog.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/klog.service
redirecting to systemctl
ldconfig.service
Loaded: masked (/dev/null)
Active: inactive (dead)
redirecting to systemctl
loadmodules.service
Loaded: masked (/dev/null)
Active: inactive (dead)
Warning: Unit file changed on disk, 'systemctl --system daemon-reload' recommended.
redirecting to systemctl
localfs.service - Shadow /etc/init.d/boot.localfs
Loaded: loaded (/lib/systemd/system/localfs.service; static)
Active: inactive (dead)
CGroup: name=systemd:/system/localfs.service
redirecting to systemctl
localnet.service - LSB: setup hostname and yp
Loaded: loaded (/etc/init.d/boot.localnet)
Active: active (exited) since Tue, 12 Mar 2013 19:09:20 +0000; 14h ago
Process: 503 ExecStart=/etc/init.d/boot.localnet start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/localnet.service
redirecting to systemctl
lvm.service - LSB: start logical volumes
Loaded: loaded (/etc/init.d/boot.lvm)
Active: inactive (dead)
CGroup: name=systemd:/system/lvm.service
redirecting to systemctl
lvm_monitor.service - LSB: start monitoring of LVM VGs now filesystems are mounted rw
Loaded: loaded (/etc/init.d/boot.lvm_monitor)
Active: inactive (dead)
CGroup: name=systemd:/system/lvm_monitor.service
redirecting to systemctl
md.service - LSB: Multiple Device RAID
Loaded: loaded (/etc/init.d/boot.md)
Active: inactive (dead)
CGroup: name=systemd:/system/md.service
redirecting to systemctl
multipath.service - LSB: Create multipath device targets
Loaded: loaded (/etc/init.d/boot.multipath)
Active: inactive (dead)
CGroup: name=systemd:/system/multipath.service
redirecting to systemctl
fsck-root.service - File System Check on Root Device
Loaded: loaded (/lib/systemd/system/fsck-root.service; static)
Active: inactive (dead)
start condition failed at Tue, 12 Mar 2013 19:09:19 +0000; 14h ago
CGroup: name=systemd:/system/fsck-root.service
redirecting to systemctl
swap.service
Loaded: masked (/dev/null)
Active: inactive (dead)
redirecting to systemctl
systemd-sysctl.service - Apply Kernel Variables
Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
Active: active (exited) since Tue, 12 Mar 2013 19:09:20 +0000; 14h ago
Process: 528 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/systemd-sysctl.service
redirecting to systemctl
udev.service - udev Kernel Device Manager
Loaded: loaded (/lib/systemd/system/udev.service; static)
Active: active (running) since Tue, 12 Mar 2013 19:09:19 +0000; 14h ago
Main PID: 471 (udevd)
CGroup: name=systemd:/system/udev.service
├ 471 /sbin/udevd
├ 643 /sbin/udevd
└ 644 /sbin/udevd
redirecting to systemctl
cifs.service - LSB: Import remote SMB/ CIFS (MS Windows) file systems
Loaded: loaded (/etc/init.d/cifs)
Active: inactive (dead)
CGroup: name=systemd:/system/cifs.service
redirecting to systemctl
clamav-milter.service - LSB: milter compatible mail scanner
Loaded: loaded (/etc/init.d/clamav-milter)
Active: inactive (dead)
CGroup: name=systemd:/system/clamav-milter.service
redirecting to systemctl
clamd.service - LSB: virus scanner daemon
Loaded: loaded (/etc/init.d/clamd)
Active: inactive (dead)
CGroup: name=systemd:/system/clamd.service
redirecting to systemctl
cpufreq.service - LSB: CPUFreq modules loader
Loaded: loaded (/etc/init.d/cpufreq)
Active: active (exited) since Tue, 12 Mar 2013 19:09:29 +0000; 14h ago
Process: 916 ExecStart=/etc/init.d/cpufreq start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/cpufreq.service
redirecting to systemctl
cron.service - Command Scheduler
Loaded: loaded (/lib/systemd/system/cron.service; enabled)
Active: active (running) since Tue, 12 Mar 2013 19:09:52 +0000; 14h ago
Main PID: 3923 (cron)
CGroup: name=systemd:/system/cron.service
└ 3923 /usr/sbin/cron -n
redirecting to systemctl
cups.service - LSB: CUPS printer daemon
Loaded: loaded (/etc/init.d/cups)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 1062 ExecStart=/etc/init.d/cups start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/cups.service
└ 1199 /usr/sbin/cupsd -C /etc/cups/cupsd.conf
redirecting to systemctl
dbus.service - D-Bus System Message Bus
Loaded: loaded (/lib/systemd/system/dbus.service; static)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 1024 ExecStartPre=/bin/rm -f /var/run/dbus/pid (code=exited, status=0/SUCCESS)
Process: 1003 ExecStartPre=/bin/dbus-uuidgen --ensure (code=exited, status=0/SUCCESS)
Main PID: 1043 (dbus-daemon)
CGroup: name=systemd:/system/dbus.service
├ 1043 /bin/dbus-daemon --system --address=systemd: --nofork --systemd-activation
├ 1801 /usr/lib/polkit-1/polkitd --no-debug
├ 2576 /usr/lib/upower/upowerd
├ 2624 /usr/lib/udisks/udisks-daemon
├ 2625 udisks-daemon: not polling any devices
└ 3295 /usr/lib/rtkit/rtkit-daemon
redirecting to systemctl
dnsmasq.service - LSB: Starts internet name service masq caching server (DNS)
Loaded: loaded (/etc/init.d/dnsmasq)
Active: inactive (dead)
CGroup: name=systemd:/system/dnsmasq.service
Checking for service syslog: running
redirecting to systemctl
freshclam.service - LSB: virus scanner daemon
Loaded: loaded (/etc/init.d/freshclam)
Active: inactive (dead)
CGroup: name=systemd:/system/freshclam.service
Neither the variables MOUSEDEVICE and MOUSETYPE nor the variable GPM_PARAM
is set in /etc/sysconfig/mouse
Run 'yast mouse' to set up gpm
redirecting to systemctl
haveged.service - Haveged Entropy Gathering Daemon
Loaded: loaded (/lib/systemd/system/haveged.service; enabled)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 995 ExecStart=/sbin/haveged -w 1024 -v 1 (code=exited, status=0/SUCCESS)
Main PID: 1058 (haveged)
CGroup: name=systemd:/system/haveged.service
└ 1058 /sbin/haveged -w 1024 -v 1
redirecting to systemctl
joystick.service - LSB: Set up analog joysticks
Loaded: loaded (/etc/init.d/joystick)
Active: inactive (dead)
CGroup: name=systemd:/system/joystick.service
redirecting to systemctl
kbd.service
Loaded: masked (/dev/null)
Active: inactive (dead)
Warning: Unit file changed on disk, 'systemctl --system daemon-reload' recommended.
redirecting to systemctl
kexec.service - Reboot via kexec
Loaded: loaded (/lib/systemd/system/kexec.service; static)
Active: inactive (dead)
CGroup: name=systemd:/system/kexec.service
redirecting to systemctl
ksysguardd.service - LSB: KDE ksysguard daemon
Loaded: loaded (/etc/init.d/ksysguardd)
Active: inactive (dead)
CGroup: name=systemd:/system/ksysguardd.service
redirecting to systemctl
lirc.service - LSB: lirc daemon
Loaded: loaded (/etc/init.d/lirc)
Active: inactive (dead)
CGroup: name=systemd:/system/lirc.service
redirecting to systemctl
mdadmd.service - LSB: mdadmd daemon monitoring MD devices
Loaded: loaded (/etc/init.d/mdadmd)
Active: inactive (dead)
CGroup: name=systemd:/system/mdadmd.service
redirecting to systemctl
microcode.ctl.service - LSB: CPU microcode updater
Loaded: loaded (/etc/init.d/microcode.ctl)
Active: active (exited) since Tue, 12 Mar 2013 19:09:29 +0000; 14h ago
Process: 914 ExecStart=/etc/init.d/microcode.ctl start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/microcode.ctl.service
redirecting to systemctl
multipathd.service - LSB: Starts multipath daemon
Loaded: loaded (/etc/init.d/multipathd)
Active: inactive (dead)
CGroup: name=systemd:/system/multipathd.service
redirecting to systemctl
mysql.service - LSB: Start the MySQL database server
Loaded: loaded (/etc/init.d/mysql)
Active: inactive (dead)
CGroup: name=systemd:/system/mysql.service
redirecting to systemctl
network.service - LSB: Configure the localfs depending network interfaces
Loaded: loaded (/etc/init.d/network)
Active: active (running) since Tue, 12 Mar 2013 19:09:52 +0000; 14h ago
Process: 1061 ExecStart=/etc/init.d/network start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/network.service
├ 1992 /sbin/dhclient6 -6 -cf /var/lib/dhcp6/dhclient6.eth0.conf -lf /var/lib/dhcp6/dhclient6.eth0.lease -pf /var/run/dhclie...
└ 2533 /sbin/dhcpcd --netconfig -L -E -HHH -c /etc/sysconfig/network/scripts/dhcpcd-hook -t 0 -h linux-7sgr eth0
redirecting to systemctl
network-remotefs.service - LSB: Configure the remote-fs depending network interfaces
Loaded: loaded (/etc/init.d/network-remotefs)
Active: active (exited) since Tue, 12 Mar 2013 19:09:52 +0000; 14h ago
Process: 3935 ExecStart=/etc/init.d/network-remotefs start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/network-remotefs.service
redirecting to systemctl
nfs.service - LSB: NFS client services
Loaded: loaded (/etc/init.d/nfs)
Active: inactive (dead)
CGroup: name=systemd:/system/nfs.service
redirecting to systemctl
nmb.service - LSB: Samba NetBIOS naming service over IP
Loaded: loaded (/etc/init.d/nmb)
Active: inactive (dead)
CGroup: name=systemd:/system/nmb.service
redirecting to systemctl
nscd.service - LSB: Start Name Service Cache Daemon
Loaded: loaded (/etc/init.d/nscd)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 1008 ExecStart=/etc/init.d/nscd start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/nscd.service
└ 1021 /usr/sbin/nscd
redirecting to systemctl
ntp.service - LSB: Network time protocol daemon (ntpd)
Loaded: loaded (/etc/init.d/ntp)
Active: inactive (dead)
CGroup: name=systemd:/system/ntp.service
redirecting to systemctl
openvpn.service - LSB: OpenVPN tunnel
Loaded: loaded (/etc/init.d/openvpn)
Active: inactive (dead)
CGroup: name=systemd:/system/openvpn.service
redirecting to systemctl
pm-profiler.service - LSB: Script infrastructure to enable/disable certain power management functions
Loaded: loaded (/etc/init.d/pm-profiler)
Active: inactive (dead)
CGroup: name=systemd:/system/pm-profiler.service
redirecting to systemctl
Failed to issue method call: Unknown unit
redirecting to systemctl
powerd.service - LSB: Start the UPS monitoring daemon
Loaded: loaded (/etc/init.d/powerd)
Active: inactive (dead)
CGroup: name=systemd:/system/powerd.service
redirecting to systemctl
systemd-random-seed-load.service - Load Random Seed
Loaded: loaded (/lib/systemd/system/systemd-random-seed-load.service; static)
Active: inactive (dead) since Tue, 12 Mar 2013 19:09:22 +0000; 14h ago
Process: 533 ExecStart=/lib/systemd/systemd-random-seed load (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/systemd-random-seed-load.service
redirecting to systemctl
raw.service - LSB: raw devices
Loaded: loaded (/etc/init.d/raw)
Active: inactive (dead)
CGroup: name=systemd:/system/raw.service
redirecting to systemctl
rpcbind.service - LSB: TI-RPC program number mapper
Loaded: loaded (/etc/init.d/rpcbind)
Active: inactive (dead)
CGroup: name=systemd:/system/rpcbind.service
redirecting to systemctl
rpmconfigcheck.service - LSB: rpm config file scan
Loaded: loaded (/etc/init.d/rpmconfigcheck)
Active: inactive (dead)
CGroup: name=systemd:/system/rpmconfigcheck.service
redirecting to systemctl
rsyncd.service - LSB: Start the rsync server daemon
Loaded: loaded (/etc/init.d/rsyncd)
Active: inactive (dead)
CGroup: name=systemd:/system/rsyncd.service
redirecting to systemctl
setserial.service - LSB: Initializes the serial ports
Loaded: loaded (/etc/init.d/setserial)
Active: inactive (dead)
CGroup: name=systemd:/system/setserial.service
/usr/sbin/FOO not installed
redirecting to systemctl
smartd.service - Self Monitoring and Reporting Technology (SMART) Daemon
Loaded: loaded (/lib/systemd/system/smartd.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/smartd.service
redirecting to systemctl
smb.service - LSB: Samba SMB/CIFS file and print server
Loaded: loaded (/etc/init.d/smb)
Active: inactive (dead)
CGroup: name=systemd:/system/smb.service
redirecting to systemctl
smolt.service - LSB: Enables automated checkins with smolt
Loaded: loaded (/etc/init.d/smolt)
Active: inactive (dead)
CGroup: name=systemd:/system/smolt.service
redirecting to systemctl
splash.service - LSB: Splash screen setup
Loaded: loaded (/etc/init.d/splash)
Active: active (exited) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 971 ExecStart=/etc/init.d/splash start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/splash.service
redirecting to systemctl
splash_early.service - LSB: kills animation after network start
Loaded: loaded (/etc/init.d/splash_early)
Active: active (exited) since Tue, 12 Mar 2013 19:09:52 +0000; 14h ago
Process: 3921 ExecStart=/etc/init.d/splash_early start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/splash_early.service
redirecting to systemctl
sshd.service - LSB: Start the sshd daemon
Loaded: loaded (/etc/init.d/sshd)
Active: inactive (dead)
CGroup: name=systemd:/system/sshd.service
redirecting to systemctl
syslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/syslog.service; enabled)
Active: active (running) since Tue, 12 Mar 2013 19:09:30 +0000; 14h ago
Process: 984 ExecStart=/sbin/rsyslogd -c 5 -f /etc/rsyslog.conf (code=exited, status=0/SUCCESS)
Process: 982 ExecStartPre=/var/run/rsyslog/addsockets (code=exited, status=0/SUCCESS)
Process: 923 ExecStartPre=/bin/systemctl stop systemd-kmsg-syslogd.service (code=exited, status=0/SUCCESS)
Main PID: 988 (rsyslogd)
CGroup: name=systemd:/system/syslog.service
└ 988 /sbin/rsyslogd -c 5 -f /etc/rsyslog.conf
redirecting to systemctl
xdm.service - LSB: X Display Manager
Loaded: loaded (/etc/init.d/xdm)
Active: active (running) since Tue, 12 Mar 2013 19:09:31 +0000; 14h ago
Process: 1068 ExecStart=/etc/init.d/xdm start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/xdm.service
├ 1312 /usr/bin/kdm
└ 1427 /usr/bin/Xorg -br :0 vt7 -nolisten tcp -auth /var/lib/xdm/authdir/authfiles/A:0-FxZ3mb
redirecting to systemctl
xfs.service - LSB: X Font Server
Loaded: loaded (/etc/init.d/xfs)
Active: inactive (dead)
CGroup: name=systemd:/system/xfs.service
redirecting to systemctl
xinetd.service - LSB: Starts the xinet daemon. Be aware that xinetd doesn't start if no service is configured to run under it. To enable xinetd services go to YaST Network Services (xinetd) section.
Loaded: loaded (/etc/init.d/xinetd)
Active: inactive (dead)
CGroup: name=systemd:/system/xinetd.service
redirecting to systemctl
ypbind.service - LSB: Start ypbind (necessary for a NIS client)
Loaded: loaded (/etc/init.d/ypbind)
Active: inactive (dead)
CGroup: name=systemd:/system/ypbind.service
Mozilla Firefox 14.0.1
Plugins:
- IcedTea-Web Plugin (using IcedTea-Web 1.2 (suse-3.1-i386)) - to execute Java Applets
- PackageKit - for installing Applications (new) - First time I see this plugin, but probably always have been here in the Firefox of Opensuse.
- Shockwave Flash 11.2 r202
- Silverlight Plug-In 4.0.51204.0
Addons:
- Adblock Plus
- All-in-One Sidebar
- Blank Your Monitor + Easy Reading
- DownloadHelper
- Novell Moonlight
- openSUSE Firefox extensions
- Personas
- Wiktionary and Google Translate
I don't understand the question 'Are the log in attempts in the logs legitimate, or were they at a time when you were not attempting to login?', but I will try to answer something related:
The computerA is usually connected (nearly 24/7) and between the normal using (not attack identified) and the notification of modification of the bookmarks (possible attack performed) it was 1 day in between. They didn't need to log in again, because the computer was switched on and only with the screen blacked out.
Router
The router has the possibility to be used by wireless, but is deactivated. The only wires connected directly to the router goes to the computerA. There is no way to be tapped. Impossible to be other users (intruders) from the same LAN.
Only two possibilities:
- tap the wire in some point from our house to the DSLAM (telco's), the wires of the neighborhood.
- attack from outside
Router has a easy password to access, but I think first it has to be in the LAN to can connect, isn't it?
For sure none of the legitimate users access the router.
I have to say, I trust in the legitimate users 120%.
I have changed the physical address to show it here.
ARP Table
IP address Physical Address Interface Static
192.168.1.33 sf:sf:sf:sf:sf:sf eth0 no
Routing Table
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 0.0.0.0 ppp-0 1
IP Filter Configuration
IP Filtering: Disabled
Port Forwarding Configuration
Name Protocol External Port Internal IP Internal Port
ppp-0
eMULE TCP 37000 192.168.1.33 37000
eMULE UDP 8000 192.168.1.33 8000
Vitual Server Configuration
DMZ Host
Interface DMZ Host
ppp-0 N/A
ppp-1 N/A
MAC Filtering
Disabled
Quality of Service Configuration
Traffic Name Priority VLAN ID Min-Max IP TOS 802.1p [Source IP] AddressNetmask Start Port End Port [Destination IP] AddressNetmask Start Port End Port
Profile Name: voip
Rule: voip 7 -1--1 Normal Service -1 0.0.0.0 0.0.0.0 0 65535 81.47.224.0 255.255.252.0 0 65535
NMAP in Computer A
sudo nmap -v -sT 192.168.1.0/24
Starting Nmap 5.61TEST2 ( http://nmap.org ) at 2013-03-13 10:43 WET
Initiating ARP Ping Scan at 10:43
Scanning 33 hosts [1 port/host]
Completed ARP Ping Scan at 10:43, 0.65s elapsed (33 total hosts)
Initiating Parallel DNS resolution of 33 hosts. at 10:43
Completed Parallel DNS resolution of 33 hosts. at 10:43, 0.06s elapsed
Initiating Parallel DNS resolution of 1 host. at 10:43
Completed Parallel DNS resolution of 1 host. at 10:43, 0.06s elapsed
Initiating Connect Scan at 10:43
Scanning 192.168.1.1 [1000 ports]
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 23/tcp on 192.168.1.1
Discovered open port 21/tcp on 192.168.1.1
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 8008/tcp on 192.168.1.1
Discovered open port 2800/tcp on 192.168.1.1
Completed Connect Scan at 10:43, 1.11s elapsed (1000 total ports)
Nmap scan report for 192.168.1.1
Host is up (0.58s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
53/tcp open domain
80/tcp open http
2800/tcp open acc-raid
8008/tcp open http
MAC Address: sf:sf:sf:sf:sf:sf (sfsfsfs.)
Initiating ARP Ping Scan at 10:43
Scanning 222 hosts [1 port/host]
Completed ARP Ping Scan at 10:43, 9.24s elapsed (222 total hosts)
Initiating Connect Scan at 10:43
Scanning 192.168.1.33 [1000 ports]
Completed Connect Scan at 10:43, 0.01s elapsed (1000 total ports)
Nmap scan report for 192.168.1.33
Host is up (0.00022s latency).
All 1000 scanned ports on 192.168.1.33 are closed
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (2 hosts up) scanned in 11.26 seconds
Raw packets sent: 509 (14.252KB) | Rcvd: 1 (28B)
sudo nmap -sT -O localhost
Starting Nmap 5.61TEST2 ( http://nmap.org ) at 2013-03-13 10:47 WET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000071s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
631/tcp open ipp
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.63 seconds
'Are you certain that malware running in the browser did not change things?'
- I don't know how to detect if I have malware in my browser, but I don't see anything like weird addons, advertisement,..
'No chance that your users were phished?'
- No idea how to know if they were phished, and how to know know looking the computer.
'Java exploits?'
- The same. No idea how to know. I posted the version of icedtea to run java applets. I think they are not used to execute java applets on the Web, they usually use it for e-mail + digital newspapers.
I see in port forwarding two ports for emule (really weird... several years without using that program), but then nmap doesn't detect open that ports. Why?
Computer B - The next results is without internet connection. (If I connect ethernet I will need other services like iptables, dhcpcd,... that are not listed now)
Executed without internet connection:
systemctl list-units --full | grep active
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automount Point
sys-devices-pci0000:00-0000:00:01.0-0000:01:00.1-sound-card1.device loaded active plugged /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.1/sound/card1
sys-devices-pci0000:00-0000:00:1b.0-sound-card0.device loaded active plugged /sys/devices/pci0000:00/0000:00:1b.0/sound/card0
sys-devices-pci0000:00-0000:00:1c.0-0000:02:00.0-net-wlan0.device loaded active plugged /sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0/net/wlan0
sys-devices-pci0000:00-0000:00:1c.3-0000:06:00.0-net-eth0.device loaded active plugged /sys/devices/pci0000:00/0000:00:1c.3/0000:06:00.0/net/eth0
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda1.device loaded active plugged ST9500325AS
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda2.device loaded active plugged ST9500325AS
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda3.device loaded active plugged ST9500325AS
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda4.device loaded active plugged ST9500325AS
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda5.device loaded active plugged ST9500325AS
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda6.device loaded active plugged ST9500325AS
sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda.device loaded active plugged ST9500325AS
sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS0
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS1
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3
sys-module-configfs.device loaded active plugged /sys/module/configfs
sys-module-fuse.device loaded active plugged /sys/module/fuse
sys-subsystem-net-devices-eth0.device loaded active plugged /sys/subsystem/net/devices/eth0
sys-subsystem-net-devices-wlan0.device loaded active plugged /sys/subsystem/net/devices/wlan0
-.mount loaded active mounted /
dev-hugepages.mount loaded active mounted Huge Pages File System
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
media-Datos.mount loaded active mounted /media/Datos
sys-fs-fuse-connections.mount loaded active mounted FUSE Control File System
sys-kernel-config.mount loaded active mounted Configuration File System
sys-kernel-debug.mount loaded active mounted Debug File System
tmp.mount loaded active mounted /tmp
systemd-ask-password-console.path loaded active waiting Dispatch Password Requests to Console Directory Watch
systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch
cronie.service loaded active running Periodic Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
[email protected] loaded active running Getty on tty1
iptables.service loaded active exited Packet Filtering Framework
kdm.service loaded active running K Display Manager
lm_sensors.service loaded active exited Initialize hardware monitoring sensors
polkit.service loaded active running Authorization Manager
rc-local.service loaded active exited /etc/rc.local Compatibility
syslog-ng.service loaded active running System Logger Daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-modules-load.service loaded active exited Load Kernel Modules
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-tmpfiles-setup.service loaded active exited Recreate Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-user-sessions.service loaded active exited Permit User Sessions
systemd-vconsole-setup.service loaded active exited Setup Virtual Console
udisks2.service loaded active running Disk Manager
upower.service loaded active running Daemon for power management
dbus.socket loaded active running D-Bus System Message Bus Socket
dmeventd.socket loaded active listening Device-mapper event daemon FIFOs
lvmetad.socket loaded active listening LVM2 metadata daemon socket
syslog.socket loaded active running Syslog Socket
systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe
systemd-journald.socket loaded active running Journal Socket
systemd-shutdownd.socket loaded active listening Delayed Shutdown Socket
systemd-udevd-control.socket loaded active listening udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
dev-sda6.swap loaded active active /dev/sda6
arch-daemons.target loaded active active Arch Daemons
basic.target loaded active active Basic System
cryptsetup.target loaded active active Encrypted Volumes
getty.target loaded active active Login Prompts
graphical.target loaded active active Graphical Interface
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User
remote-fs.target loaded active active Remote File Systems
sockets.target loaded active active Sockets
sound.target loaded active active Sound Card
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
syslog.target loaded active active Syslog
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories
76 loaded units listed. Pass --all to see loaded but inactive units, too.
sudo nmap -v -sT localhost
Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-13 13:01 CET
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Initiating Connect Scan at 13:01
Scanning localhost (127.0.0.1) [1000 ports]
Completed Connect Scan at 13:01, 0.03s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00058s latency).
Other addresses for localhost (not scanned): 127.0.0.1
rDNS record for 127.0.0.1: localhost.localdomain
All 1000 scanned ports on localhost (127.0.0.1) are closed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
[Connecting to the LAN and therefore to Internet]
If I try to connect to internet now, it doesn't work. I can do sudo ifconfig eth0 up, but sudo dhcpcd eth0 doesn't work.
It says: eth0 sending IPv6 Router Solicitation.... finally no IPv6 Routers available. Timed out. I know that it has to be IPv4, but yesterday it worked, today not.
If I try to do ping 192.168.1.1 it says: network is unreachable.
I have to edit /etc/dhcpcd.conf manually and modify this lines:
#noipv4ll
noipv6rs
Also, modify the /etc/hosts and comment ::1 line
But as I said, i didn't modified them to the inverse, and yesterday (first time I connect computerB to the LAN of computerA it worked correctly the dhcpcd for ipv4)
As I see, still not network connection... at least dhcpcd has assigned me an ip, etc, but it is not the normal in range 192.168.1.x (as the router 192.168.1.1 and the other pc 192.168.1.33)
but 169.254.67.213, netmask 255.255.0.0 and broadcast 169.254.255.255
Something weird... and of course, still network is unreachable if I try to do ping to google or the router.
I have to reset manually the router to can work properly from the computerB.
Anormal behaviour
The point is after I connect to the Internet (ping that works) the computer get slowly, emacs doesn't work, if I try to open another terminal it says KDEInit could not launch '/usr/bin/konsole'
So, something goes wrong.
uname -r
3.7.9-2-ARCH
NMAP from ComputerA to ComputerB
Initiating Connect Scan at 13:51
Scanning 192.168.1.34 [1000 ports]
Completed Connect Scan at 13:52, 50.80s elapsed (1000 total ports)
Nmap scan report for 192.168.1.34
Host is up (0.98s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
80/tcp closed http
MAC Address: xf:xf:xf:xf:xf:xf (xfxfxf.)
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (3 hosts up) scanned in 62.24 seconds
Raw packets sent: 508 (14.224KB) | Rcvd: 2 (56B)
ps aux in computerB
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1 0 0 80 0 - 1261 epoll_ ? 00:00:00 systemd
1 S 0 2 0 0 80 0 - 0 kthrea ? 00:00:00 kthreadd
1 S 0 3 2 0 80 0 - 0 smpboo ? 00:00:00 ksoftirqd/0
1 S 0 5 2 0 60 -20 - 0 worker ? 00:00:00 kworker/0:0H
1 S 0 7 2 0 60 -20 - 0 worker ? 00:00:00 kworker/u:0H
1 S 0 8 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/0
1 S 0 9 2 0 80 0 - 0 rcu_gp ? 00:00:00 rcu_preempt
1 S 0 10 2 0 80 0 - 0 rcu_gp ? 00:00:00 rcu_bh
1 S 0 11 2 0 80 0 - 0 rcu_gp ? 00:00:00 rcu_sched
5 S 0 12 2 0 -40 - - 0 smpboo ? 00:00:00 watchdog/0
5 S 0 13 2 0 -40 - - 0 smpboo ? 00:00:00 watchdog/1
1 S 0 14 2 0 80 0 - 0 smpboo ? 00:00:00 ksoftirqd/1
1 S 0 15 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/1
1 S 0 17 2 0 60 -20 - 0 worker ? 00:00:00 kworker/1:0H
1 S 0 18 2 0 60 -20 - 0 rescue ? 00:00:00 cpuset
1 S 0 19 2 0 60 -20 - 0 rescue ? 00:00:00 khelper
5 S 0 20 2 0 80 0 - 0 devtmp ? 00:00:00 kdevtmpfs
1 S 0 21 2 0 60 -20 - 0 rescue ? 00:00:00 netns
1 S 0 22 2 0 80 0 - 0 bdi_fo ? 00:00:00 bdi-default
1 S 0 23 2 0 60 -20 - 0 rescue ? 00:00:00 kblockd
1 S 0 26 2 0 80 0 - 0 watchd ? 00:00:00 khungtaskd
1 S 0 27 2 0 80 0 - 0 kswapd ? 00:00:00 kswapd0
1 S 0 28 2 0 85 5 - 0 ksm_sc ? 00:00:00 ksmd
1 S 0 29 2 0 99 19 - 0 khugep ? 00:00:00 khugepaged
1 S 0 30 2 0 80 0 - 0 fsnoti ? 00:00:00 fsnotify_mark
1 S 0 31 2 0 60 -20 - 0 rescue ? 00:00:00 crypto
1 S 0 35 2 0 60 -20 - 0 rescue ? 00:00:00 kthrotld
1 S 0 36 2 0 80 0 - 0 worker ? 00:00:00 kworker/1:2
1 S 0 37 2 0 60 -20 - 0 rescue ? 00:00:00 deferwq
1 S 0 78 2 0 80 0 - 0 hub_th ? 00:00:00 khubd
1 S 0 79 2 0 60 -20 - 0 rescue ? 00:00:00 ata_sff
1 S 0 80 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_0
1 S 0 81 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_1
1 S 0 82 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_2
1 S 0 83 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_3
1 S 0 84 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_4
1 S 0 85 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_5
1 S 0 88 2 0 80 0 - 0 worker ? 00:00:00 kworker/u:4
1 S 0 89 2 0 80 0 - 0 worker ? 00:00:00 kworker/u:5
1 S 0 92 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_6
1 S 0 93 2 0 80 0 - 0 usb_st ? 00:00:00 usb-storage
1 S 0 96 2 0 60 -20 - 0 worker ? 00:00:00 kworker/1:1H
1 S 0 97 2 0 60 -20 - 0 worker ? 00:00:00 kworker/0:1H
1 S 0 98 2 0 80 0 - 0 worker ? 00:00:00 kworker/0:2
1 S 0 106 2 0 80 0 - 0 kjourn ? 00:00:00 jbd2/sda5-8
1 S 0 107 2 0 60 -20 - 0 rescue ? 00:00:00 ext4-dio-unwrit
4 S 0 124 1 0 80 0 - 2752 epoll_ ? 00:00:00 systemd-udevd
4 S 0 129 1 9 80 0 - 69899 epoll_ ? 00:02:51 systemd-journal
1 S 0 136 2 0 60 -20 - 0 rescue ? 00:00:00 iprt
1 S 0 217 2 0 60 -20 - 0 rescue ? 00:00:00 kpsmoused
1 S 0 220 2 0 80 0 - 0 bdi_wr ? 00:00:00 flush-8:0
1 S 0 238 2 0 60 -20 - 0 rescue ? 00:00:00 led_workqueue
1 S 0 239 2 0 60 -20 - 0 rescue ? 00:00:00 cfg80211
1 S 0 270 2 0 60 -20 - 0 rescue ? 00:00:00 ttm_swap
1 S 0 272 2 0 60 -20 - 0 rescue ? 00:00:00 hd-audio0
1 S 0 341 2 0 60 -20 - 0 rescue ? 00:00:00 hd-audio1
5 S 0 345 1 0 80 0 - 1231 fuse_d ? 00:00:00 mount.ntfs-3g
4 S 0 350 1 0 80 0 - 1902 epoll_ ? 00:00:00 syslog-ng
4 S 0 354 1 0 80 0 - 1202 hrtime ? 00:00:00 crond
4 S 81 355 1 0 80 0 - 834 epoll_ ? 00:00:00 dbus-daemon
4 S 0 356 1 0 80 0 - 834 epoll_ ? 00:00:00 systemd-logind
4 S 0 363 1 0 80 0 - 953 n_tty_ tty1 00:00:00 agetty
4 S 0 364 1 0 80 0 - 992 poll_s ? 00:00:00 kdm
4 S 0 391 364 0 80 0 - 20112 poll_s tty7 00:00:12 X
5 S 0 400 364 0 80 0 - 1367 sigsus ? 00:00:00 kdm
4 S 1000 412 400 0 80 0 - 1299 wait ? 00:00:00 startkde
1 S 1000 423 1 0 80 0 - 906 poll_s ? 00:00:00 dbus-launch
1 S 1000 424 1 0 80 0 - 1027 epoll_ ? 00:00:00 dbus-daemon
1 S 1000 450 1 0 80 0 - 1184 poll_s ? 00:00:00 gpg-agent
1 S 1000 453 1 0 80 0 - 1054 poll_s ? 00:00:00 ssh-agent
5 S 0 468 1 0 80 0 - 508 pipe_w ? 00:00:00 start_kdeinit
1 S 1000 469 1 0 80
Similar Messages
-
I cannot buy music currently as I am being asked to answer security questions due to it being supposedly "the first time I have bought form this PC". This is not the case. I have now changed my password and security questions, but it is asking me the same when I try to buy again.
First off, the name of your computer is only the way it is becuase the Apple user is the first one they created after repairing the Mac. Go into Sharing System Preferences and change the name to whatever you like.
Can you explain how you did this:
This didn't seem right so I went in to it and changed the computer so that it would recognise me as the Owner/Administrator.
You can delete the Apple user in Users & Groups System Prefs. Select that user and delete it. It will ask if you want to save the user data or delete it. If you archive it, you can always delete it later and it will be available if you need to recover that account for some reason--I doubt this will be necessary. After deleting the account, and when you feel you are still working normally, you could delete that archived user folder.
I have also never seen anything ask for that. It does sound like an Epson thing, but without having access to it, I couldn't tell you for sure.
Here's what I would try. Create a new User and give them admin rights. Log in as that user and see what happens with the installer. If it still complains, it is an Epson issue. My guess is it is looking for user id 501, the first user created. If it works, then something is indeed odd about your account. If so, use that new admin account to disable Admin privileges for your account, then re-enable it. This is done in the Users & Groups system prefs. -
How to determine if my system was compromised by the shellshock bug?
Is there any way to determine if my system was compromised / hacked? Is it enough to upgrade with "pacman -Syu" or should I reinstall the whole system?
Last edited by Bailando (2014-09-29 15:24:02)The only way your system could have been compromised is if you or someone with access to your running system executed a Bash script that exploited the vulnerability. Which essentially means that in any instance in which a system was compromisd by this bug (and I'm not aware of any cases where that's actually happened) the bug itself isn't the primary security flaw.
Burning down your house because you suspect someone may have broken into it is ...well, I'm not sure there's a word to describe how extreme that response is relative to the threat. Especially if you're just going to rebuild the house and install the same locks you fear have failed you in the first place.
Last edited by ANOKNUSA (2014-09-29 16:06:41) -
I am being prompted to enter security questions when making a purchase on my new IPad. I don't believe I have ever setup security questions on my apple id. I have tried logging into my apple id and have chosen the security and priviacy settings to set up security questions. However I am prompted to enter answers to security questions and am told they don't match. How to I create new security questions or reset them?
You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(104011) -
I cannot purchase anything at the itunes store because I am being ask for my security questions, but I don't remember the answers. I tried going to appleied.apple.com but I won't allow me to change my security answerswithout answering the original questions. How do you change you security questions with out knowing them? I need help.
Welcome to the Apple Community.
Start here, and reset your security questions, you will receive an email to your rescue address, use the link in the email and reset your security questions.
If that doesn't help or you don't have a rescue address, you might try contacting Apple through iTunes Store Support -
Online systems configured for newbies to experiment
Why does SDN not have online systems configured for newbies to experiment online.
Will this pose too much of an administrative task? with the skills available in this forum it should not be a problem.
or is it a question of making profit through the training academies which are not affordable to individuals not backed by their companies to learn on the technology?An interesting thought, however with so many users we would need a server farm of test systems to handle it. And with users wanting to try so many different things it would be rather difficult to maintain the servers and have some sort of schedule for maintenance, resets, etc.
-
using a new computer, and cannot download music without being able to answer security questions. Is there a way to reset these or get the answers sent to you for one's security questions.
If you have a rescue email address set up on your account then you can try going to https://appleid.apple.com/ and click 'Manage your Apple ID' on the right-hand side of that page and log into your account. Then click on 'Password and Security' on the left-hand side of that page and on the right-hand side you might see an option to send security question reset info to your rescue email address.
If you don't have a rescue email address set up then go to Express Lane and select 'iTunes' from the list of 'products' in the middle of the screen.
Then select 'iTunes Store', and on the next screen select 'Account Management'
Next choose 'iTunes Store Account Security' and fill in that you'd like your security questions/answers reset.
You should get an email reply within, I think, about 24 to 48 hours (and check your Spam folder as well as your Inbox) -
I have been experiencing a lot of strange behavior on my home network ever since a disgruntled employee was let go. He was a server admin and had root access to my home network - where I run my business. I am getting a ton of span now, my websites were all infected with xss hacks, and many of my accounts are blacklisted. I did a clean install and DoD erase pass on my hardware, but I still see a lot of errors and my hosts file and VMs look very odd. not to mention the extremely odd loops in my ifconfig... Any help?
Here is an output of 'ifconfig'
(FYI, I am a software dev, so feel free to speak the jargon and ask for specific things)
(I hid any identifying info with either xx or my:ma:ca:dd:re:ss or something like that)
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether th:is:ad:dr:es:s1
inet6 fxxx::xx2a:xxff:fxxx:fxxx%en0 prefixlen 64 scopeid 0x4
inet 10.xx.xx.x netmask 0xffffff00 broadcast 10.xx.xx.xxx
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex,flow-control,energy-efficient-ethernet>)
status: active
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether th:is:ad:dr:es:n1
inet6 fe80::e2f8:47ff:fe29:6ec2%en1 prefixlen 64 scopeid 0x5
inet 10.xx.xx.x netmask 0xffffff00 broadcast 10.xx.xx.xxx
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 70:cd:xx:ff:fe:xx:xx:xx
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
en2: flags=8922<BROADCAST,SMART,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether my:wi:fi:ma:ca:dd
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether th:is:ad:dr:es:mtu
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether th:is:ad:dr:es:p2p0
media: autoselect
status: inactive
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:01
inet 192.168.48.1 netmask 0xffffff00 broadcast 192.168.48.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:08
inet 192.168.219.1 netmask 0xffffff00 broadcast 192.168.219.255
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1396
inet my.ded.vpn.xx --> 192.xxx.xxx.xxx netmask 0xffffff00
nooooooo:~ cearnhart$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether th:is:ad:dr:es:s1
inet6 xxx::xxxx:xxff:xxxx:fxx2%en0 prefixlen 64 scopeid 0x4
inet 10.xx.xx.x netmask 0xffffff00 broadcast 10.x.x.xxx
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex,flow-control,energy-efficient-ethernet>)
status: active
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether th:is:ad:dr:es:n1
inet6 fxxx::xxf8:47ff:fxx:6xx%en1 prefixlen 64 scopeid 0x5
inet 10.x.x.x netmask 0xffffff00 broadcast 10.x.x.xxx
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr xx:xx:xx:ff:fe:xx:5f:xx
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
en2: flags=8922<BROADCAST,SMART,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether xx:00:1e:xx:xx:xx
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether th:is:ad:dr:es:mtu
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether th:is:ad:dr:es:p2p0
media: autoselect
status: inactive
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:01
inet 192.168.48.1 netmask 0xffffff00 broadcast 192.168.48.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:08
inet 192.168.219.1 netmask 0xffffff00 broadcast 192.168.219.255If you know or suspect that a hostile intruder has either had physical access to it, or has been able to log in remotely, then there are some steps you should take to make sure that the computer is safe to use.
First, depending on the circumstances, computer tampering may be a crime, a civil wrong, or both. If there's any chance that the matter will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. The computer would be the principal evidence in such a case, and you don't want to contaminate that evidence.
Running any kind of "anti-virus" software is pointless. If I broke into a system and wanted to leave a back door, I could do it in a way that would be undetectable by those means—and I don't pretend to any special skill as a hacker. You have to assume that any intruder can do the same. Commercial keylogging software—which has legitimate as well as illegitimate uses—won't be recognized as malware, because it's not malware.
The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.
If you don't know when the attack happened, or if it was too long ago for a complete rollback to be feasible, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated.
Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.
That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before. -
Posting For the Newbies (AKA - Security)
For those outside the US, Thursday is one of our major holidays. This is the one of great feasting. This year we will gather at my brother's house where I am expected to repair his slow wireless network. When I asked about security his reply was, "Security?". So, what we have here is an open Wi-Fi where my brother must wait for his turn on the internet. There are many reasons to enable wireless security. Please don't skip that step with a new system.
I was a newbie like 4 months ago. i have some skills
of OOP in C++ like 2 years back but since then i
did'nt took any of programming language courses. I
have experience in MSaccess and MYsql. i did my
internship Last summer with Tennessee Education
Lottery as a Database Analyst. At that time i
realized what a Corporate Enviorment looks like.
Trust me it was a formal interview and i passed it
and they placed me in the IT department to write some
scripts for the GUI terminal and at the same time
create a Company Security Database.Wow they really must like to gamble if they put you in charge of a security database - no offense meant, but that isn't the sort of thing you would want a brand new person working on, unless of course they were giving really high odds ;-) -
System refresh -- Export content of secure store ?
Hello,
We often perform system refreshes. To run this process smoothly we use database copy (copy over the datafiles files then recover the db).
We export several tables from the refreshed system before the DB copy. After the refresh we reimport them, this makes the sap level post processing lighter.
I would like to export the content of the secure store (tx secstore) then re impot it also. Has anyone already performed this ?
Thanks & krs,
aidanHi,
The data stored in the secure storage are encrypted with a key that includes the installation number and the system ID. If any of these changes, for example due to a system copy or a new license key, the data in the secure storage must be migrated. For information on migrating the secure storage data, see SAP Note 816861.
Please refer specified notes:
If you get a short dump CREATE_OBJECT_CLASS_NOT_FOUND then see SAP note 1053954.
If any "System dependant data for entryu2026" errors are reported then see note 816861
I hope it will help you.If not please let me know.
Regards,
Kiran .V -
System.getProperties() results in java.security.AccessControlException
Hi All,
I'm building an web service that needs to make an URL connection.
In order to build the connection, I must set the proxy.
The problem is it seems that I cannot do
Properties Sys=System.getProperties();
since it results in the following exception :
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
here is part of my code (part of the implementation of the SEI of my web service)
Properties Sys=System.getProperties();
Sys.put("proxySet","true");
Sys.put("proxyPort","8080");
Sys.put("proxyHost","webcache.singapore.sun.com");
URL url = new URL("http://www.geobytes.com/IpLocator.htm?GetLocation");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
I'm using SUN App Server 8, my IDE is netbeans 4.1
Any other way in setting the proxy without getting properties from my system? or any work around to make my code working. Please help me, any suggestions are highly appreciated.
Regards,
maggyI have changed the server.policy and adding the read access permission, now everything can work properly.
thanks -
Secured system won't register as secured.
OK, I reset the password, went to the web based system and changed to a new password. It was successful, and when I access through the hard wired computer it asks for the password. Unfortunately, the wireless access now shows that the system is unsecured and it is. What do I need to do to get the wireless part to reflect the required password? Thanks
You are mistaking your router password for your wireless passphrase.
Log on to your router, then click on Wireless.
Set wireless network mode to mixed.
Set your SSID to something other than Linksys. Ex.: Yankee. Click on Save
Click on wireless security.
Set mode to WPA2 Personal and Algorithms to TKIP+AES.
Set your WPA Shared Key then save settings. Copy on paper
Exit from your router.
Go to your wireless network and look for your network name Ex.: Yankee Secured network. Click on Connect. It should ask you for the key. Now input the WPA Shared Key.
You should now be connected.
Greetings from Northern Ontario, Canada -
Caution: Apple Store POS system has a privacy and security leak
I made a small purchase in the Burlingame, CA Apple store the other day, receiving my receipt by email. No problem. 10 minutes later, I received another receipt. This time for someone else's transaction. The name, address, etc. of that customer included. There is a leak of information from one transaction to others, and no guarantee how much or how little information leaks.
I went back to the store and asked how this could occur. I was told that what happened is impossible. But it's not. I completed the customer satisfaction survey associated with the transaction. Normally, if you indicate dissatisfaction, the store manager gives a prompt phone call. No phone call. I sent email to the store. No response.
The software used in the point of sale system is not secure. You should avoid making purchases in store. Make them on-line to be picked up or shipped to you, but if you make a purchase at one of the roaming sales people, your privacy is at risk.I have an email receipt which has name format of
emailreceipt_yyyymmddR<TransactionId>.pdf
The Transaction ID is the bar code printed on the receipt in case it needs to be scanned for returns, etc.
For the case where the email address was not yours, can you check that the name of the file and the transaction id on the receipt match?
The email comes from <storename>@apple.com. -
I am trying to download a song on my new computer and im being asked security questions ive never answered before.....help
Click here for information. If the option to have the answers emailed to you isn't available or doesn't work(the email may take a few hours to arrive), contact the iTunes Store staff via the link in the 'Additional Information' section of that article.
(89295) -
Help needed: system crash during instalation of security update 2008-003
after beginning instalation of security update 2008-003, at the "optimizing system stage", the computer started heating up (to extreme levels) and became stuck completely - except entering and leaving sleep mode when i shut the lid, there is no response i can get.
what can be the reason of this and what can i do about this?Welcome to the Forums.
Did you repair disk and permissions, before doing the Security Update?... If not.
Boot from Install Disc,and select your language. From the Menu Bar Select Utilities>Disk Utility
After selecting your Mac OS X Repair Disk and reboot.
Then, from Applications>Utilities>Disk Utility, Repair Disk Permissions.
Maybe you are looking for
-
A user on windows Vista is unable to print any pdf document. All other documents print to the printer. However, when pdf document is to be printed, it prompts for "Save As'. I have upgraded the version from Adobe reader 9 to 9.4.6 to version 10. No
-
HT1414 itunes page blank for iphone 4
Hello, I just restored my Iphone4. After it was done, now in Itunes, it recognizes the phone when plugged in, however the itunes iphone page is blank. This phone is straight from the apple store, no modifications, jailbreaking or changes. Anyone kn
-
Hello all, when i am clearing vendor ( F-44 ) i got this message ' the entry is missing in the table T043G ' Message no. F5100 how can I pass this error could you please guide me with the transactions regards
-
Hi, I've done a search on this topic and have not been able to resolve the problem. The problem being that after trying to "Run a Form on the Web" using test.fmx, The loading java applet message stays in the browser indefinitely. Some have suggested
-
Application crashes after 1 start.
I've an application that has loades his startscreen and then crashed and stays crashing... Already deleted and instaled it and already switched ipod on and of. what do i need to do to get his to work?? (app: tron) Operation system 4.3.5