Hello,
A little background:
I am (slowly) learning about linux and security, am using Fedora 17, desktop / home user, and I am the only one using this computer and never access it remotely.
I am a noob, but I think I have enough common sense not to do something harmful / stupid (e.g. changing values in my computer)
I just did file integrity checker with rpm -Va command and got this result:
I haven't check everything but so far what I've checked kinda makes me worry (I randomly check / googled the result).
There are:
- S.5....T. c /etc/crontab
According to Fedora docs (http://docs.fedoraproject.org/en-US/...autotasks.html) this should be the default of the crontab:
but mine is:
So I don't have any cron going on?
- .M....... c /etc/cups/subscriptions.conf
Found this on google:
Mine is:
Notice the date (bolded). I have no idea what cups is until now. I surely didn't change anything on it or doing anything (that I can think of) that may affect / change it.
- /etc/securetty
Found this on Google:
Mine is:
It means root can log in from these places? Whatever they are..
===========
I am still googling for the rest, but what do you think so far? Anything I should put more attention to? Anything else I should do / check, security wise?
Thanks
---------- Post added at 04:31 PM ---------- Previous post was at 04:08 PM ----------
Question: Where can I find Fedora's original / default file (what written on it)?
Out of topic: Google (and this site's credibility) is great! I copy paste one of the file and this thread actually came up at the top!
lol
A little background:
I am (slowly) learning about linux and security, am using Fedora 17, desktop / home user, and I am the only one using this computer and never access it remotely.
I am a noob, but I think I have enough common sense not to do something harmful / stupid (e.g. changing values in my computer)
I just did file integrity checker with rpm -Va command and got this result:
Code:
prelink: /usr/lib/libmusicbrainz3.so.6.3.0: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libmusicbrainz3.so.6.3.0
S.5....T. /usr/share/kde-settings/kde-profile/default/share/applications/defaults.list
.M....... /sys
S.5....T. c /etc/crontab
missing /var/run/wpa_supplicant
.M....... /usr/share/icons/hicolor/128x128
.M....... /usr/share/icons/hicolor/128x128/apps
.M....... /usr/share/icons/hicolor/16x16
.M....... /usr/share/icons/hicolor/16x16/apps
.M....... /usr/share/icons/hicolor/24x24
.M....... /usr/share/icons/hicolor/24x24/apps
.M....... /usr/share/icons/hicolor/48x48
.M....... /usr/share/icons/hicolor/48x48/apps
.M....... /usr/share/icons/hicolor/64x64
.M....... /usr/share/icons/hicolor/64x64/apps
prelink: /usr/lib/libpkcs11-helper.so.1.0.0: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libpkcs11-helper.so.1.0.0
.......T. /lib/modules/3.6.11-5.fc17.i686/modules.devname
.......T. /lib/modules/3.6.11-5.fc17.i686/modules.softdep
prelink: /usr/lib/libneon.so.27.2.6: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libneon.so.27.2.6
.M....... c /etc/cups/subscriptions.conf
S.5....T. c /etc/login.defs
.M....... /usr/share/icons/hicolor/16x16
.M....... /usr/share/icons/hicolor/16x16/apps
.M....... /usr/share/icons/hicolor/24x24
.M....... /usr/share/icons/hicolor/24x24/apps
.M....... /usr/share/icons/hicolor/48x48
.M....... /usr/share/icons/hicolor/48x48/apps
prelink: /usr/lib/libdiscid.so.0.2.1: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libdiscid.so.0.2.1
S.5....T. c /etc/selinux/targeted/contexts/files/file_contexts.local
S.5....T. c /etc/rsyslog.conf
S.5....T. c /etc/aliases
.......T. c /etc/securetty
S.5....T. c /etc/ssh/sshd_config
.M....... n /etc/vuurmuur
S.5....T. c /etc/vuurmuur/config.conf
.M....... n /etc/vuurmuur/services
.M....... c /etc/vuurmuur/services/aim
.M....... c /etc/vuurmuur/services/cvs
.M....... c /etc/vuurmuur/services/dns
.M....... c /etc/vuurmuur/services/ftp
.M....... c /etc/vuurmuur/services/http
.M....... c /etc/vuurmuur/services/https
.M....... c /etc/vuurmuur/services/icq
.M....... c /etc/vuurmuur/services/ident
.M....... c /etc/vuurmuur/services/imap
.M....... c /etc/vuurmuur/services/imaps
.M....... c /etc/vuurmuur/services/irc
.M....... c /etc/vuurmuur/services/jabber
.M....... c /etc/vuurmuur/services/ldap
.M....... c /etc/vuurmuur/services/lisa
.M....... c /etc/vuurmuur/services/msn
.M....... c /etc/vuurmuur/services/mysql
.M....... c /etc/vuurmuur/services/news
.M....... c /etc/vuurmuur/services/nfs
.M....... c /etc/vuurmuur/services/ntp
.M....... c /etc/vuurmuur/services/pcanywhere
.M....... c /etc/vuurmuur/services/ping
.M....... c /etc/vuurmuur/services/pop3
.M....... c /etc/vuurmuur/services/pop3s
.M....... c /etc/vuurmuur/services/pptp
.M....... c /etc/vuurmuur/services/razor
.M....... c /etc/vuurmuur/services/rdp
.M....... c /etc/vuurmuur/services/rsync
.M....... c /etc/vuurmuur/services/samba
.M....... c /etc/vuurmuur/services/smtp
.M....... c /etc/vuurmuur/services/socks
.M....... c /etc/vuurmuur/services/squid-proxy
.M....... c /etc/vuurmuur/services/ssh
.M....... c /etc/vuurmuur/services/syslog
.M....... c /etc/vuurmuur/services/telnet
.M....... c /etc/vuurmuur/services/tinc
.M....... c /etc/vuurmuur/services/traceroute
.M....... c /etc/vuurmuur/services/upnp
.M....... c /etc/vuurmuur/services/usermin
.M....... c /etc/vuurmuur/services/vnc
.M....... c /etc/vuurmuur/services/webmin
.M....... c /etc/vuurmuur/services/whois
.M....... c /etc/vuurmuur/services/windowsmedia
.M....... c /etc/vuurmuur/services/yahoo
S.5....T. /etc/cron.d/smolt
S.5....T. c /etc/plymouth/plymouthd.conf
prelink: /usr/lib/libtalloc.so.2.0.7: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libtalloc.so.2.0.7
missing /var/run/NetworkManager
S.5....T. c /etc/mail/sendmail.cf
S.5....T. c /etc/mail/sendmail.mc
.......T. c /etc/libuser.conf
S.5....T. c /etc/openldap/ldap.conf
.......T. /lib/modules/3.7.3-101.fc17.i686/modules.devname
.......T. /lib/modules/3.7.3-101.fc17.i686/modules.softdep
S.5....T. c /etc/tripwire/twpol.txt
prelink: /usr/lib/libpakchois.so.0.1.0: at least one of file's dependencies has changed since prelinking
S.?...... /usr/lib/libpakchois.so.0.1.0
S.5....T. c /etc/maven/maven2-depmap.xml
S.5....T. /usr/lib/vlc/plugins/plugins.dat
....L.... c /etc/pam.d/fingerprint-auth
....L.... c /etc/pam.d/password-auth
....L.... c /etc/pam.d/postlogin
....L.... c /etc/pam.d/smartcard-auth
....L.... c /etc/pam.d/system-auth
.......T. /lib/modules/3.6.9-2.fc17.i686/modules.devname
.......T. /lib/modules/3.6.9-2.fc17.i686/modules.softdep
S.5....T. c /etc/suricata/suricata.yaml
S.5....T. c /etc/sysconfig/suricata
S.5....T. c /etc/hba.conf
.M....... /usr/share/icons/hicolor/16x16
.M....... /usr/share/icons/hicolor/16x16/apps
.M....... /usr/share/icons/hicolor/24x24
.M....... /usr/share/icons/hicolor/24x24/apps
.M....... /usr/share/icons/hicolor/48x48
.M....... /usr/share/icons/hicolor/48x48/apps
S.5....T. c /etc/sudoersThere are:
- S.5....T. c /etc/crontab
According to Fedora docs (http://docs.fedoraproject.org/en-US/...autotasks.html) this should be the default of the crontab:
Code:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthlyCode:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
# This entry was added by the `install-f-prot.pl' script in the F-PROT
# package to update the antivir.def file in
# /usr/local/bin/f-prot/antivir.def
29 * * * * johny /usr/local/bin/f-prot/fpupdate > /dev/null- .M....... c /etc/cups/subscriptions.conf
Found this on google:
Code:
http://www.cups.org/documentation.php/ref-subscriptions-conf.htmlCode:
# Subscription configuration file for CUPS v1.5.4
# Written by cupsd on 2013-01-28 20:53
NextSubscriptionId 120
<Subscription 119>
Events printer-state-changed printer-restarted printer-shutdown printer-stopped printer-added printer-deleted job-state-changed job-created job-completed job-stopped job-progress
Owner johny
LeaseDuration 86400
Interval 0
ExpirationTime 1359457919
NextEventId 1
</Subscription>- /etc/securetty
Found this on Google:
Code:
http://www.faqs.org/docs/securing/chap5sec41.htmlCode:
cat /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
hvc0
hvc1
hvsi0
hvsi1
hvsi2
xvc0===========
I am still googling for the rest, but what do you think so far? Anything I should put more attention to? Anything else I should do / check, security wise?
Thanks
---------- Post added at 04:31 PM ---------- Previous post was at 04:08 PM ----------
Question: Where can I find Fedora's original / default file (what written on it)?
Out of topic: Google (and this site's credibility) is great! I copy paste one of the file and this thread actually came up at the top!
Quote:
|
Are These Something I Should Worry About? (After rpm -Va ... forums.fedoraforum.org Fedora Support Security 18 mins ago |