Trojans (SOLVED for the nth time)

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
User avatar
Prsman
Level 4
Level 4
Posts: 244
Joined: Tue Nov 17, 2015 3:15 pm

Trojans (SOLVED for the nth time)

Post by Prsman » Mon Dec 19, 2016 8:01 pm

Last weekend I bought the book A Practical Guide to Ubuntu Linux ( 4th edition) by Mark Sobell. A good book for newbees like me, but the price! :shock:
In the book the author says you can search for Tojans by checking the files with seuid permission. He gives the following code:
$ sudo find / -perm /4000 -exec ls -lh {} \; 2> /dev/null

I ran the code and got a list of ten files. Now what? I guess I would have to examine every file. Not this newbee.
He also says to check your PATH variable does not contain a single colon at the beginning or end or a period or double colon anywhere in the PATH string.
$ echo PATH

Also install tripwire from synaptic. I think this program is for servers. My point? Running the two commands right after install, keeping a record of the results
and running them again say every three months and compare. May give the paranoid like me some comfort. Thoughts?
Last edited by Prsman on Tue Dec 20, 2016 6:29 pm, edited 1 time in total.

User avatar
bartszu
Level 4
Level 4
Posts: 332
Joined: Thu Aug 28, 2014 7:39 pm
Location: Eire

Re: Trojans

Post by bartszu » Tue Dec 20, 2016 12:55 am

Same as always thoughts.

Image
Last edited by Moem on Tue Dec 20, 2016 4:16 am, edited 1 time in total.
Reason: Added the image inline, instead of as a link. Also used https instead of http.

User avatar
Lucap
Level 5
Level 5
Posts: 913
Joined: Tue May 24, 2016 1:40 am

Re: Trojans

Post by Lucap » Tue Dec 20, 2016 1:54 am

Would help if you gave a list of the programs so people can tell you what they do. :)

User avatar
chrisuk
Level 5
Level 5
Posts: 593
Joined: Thu Jun 12, 2008 6:16 am

Re: Trojans

Post by chrisuk » Tue Dec 20, 2016 4:15 am

The command you posted is useless, unless you understand what it does. I'd suggest researching the find command... for example; what does the -perm / do? What do the returned file attributes mean? "r" "w" and "x" should be obvious to you, but what about "s"? Research and understand the command and the results, then you can decide how valuable (or not) that "Trojan search" actually is.
Chris

Manjaro MATE - MX Linux - LMDE MATE

User avatar
bartszu
Level 4
Level 4
Posts: 332
Joined: Thu Aug 28, 2014 7:39 pm
Location: Eire

Re: Trojans

Post by bartszu » Tue Dec 20, 2016 4:29 am

Thanks Moem I am not familiar with yaml-o-xml-ils syntax :)
[rimg] remote image ???
hmmm :lol: :lol: :lol: :lol:

There is somewhere list of those tags ?

[end]
[/end]

User avatar
bartszu
Level 4
Level 4
Posts: 332
Joined: Thu Aug 28, 2014 7:39 pm
Location: Eire

Re: Trojans

Post by bartszu » Tue Dec 20, 2016 4:34 am

Yeah mate you wasted money on this book :lol: :lol: :lol:
chrisuk wrote:The command you posted is useless, unless you understand what it does. I'd suggest researching the find command... for example; what does the -perm / do? What do the returned file attributes mean? "r" "w" and "x" should be obvious to you, but what about "s"? Research and understand the command and the results, then you can decide how valuable (or not) that "Trojan search" actually is.

User avatar
MintBean
Level 9
Level 9
Posts: 2967
Joined: Fri Aug 07, 2015 6:54 am
Location: Blighty

Re: Trojans

Post by MintBean » Tue Dec 20, 2016 5:35 am

Book sounds pretty useless if it doesn't tell you what to expect when running that first command.

User avatar
Moem
Level 18
Level 18
Posts: 8895
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Trojans

Post by Moem » Tue Dec 20, 2016 5:49 am

bartszu wrote:There is somewhere list of those tags ?
Probably. I just used the handy button, provided above the box where you can add or edit a reply. I like things nice and easy.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Pjotr
Level 21
Level 21
Posts: 12626
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Trojans

Post by Pjotr » Tue Dec 20, 2016 6:35 am

You might find this article interesting, that I've written about security in Linux Mint:
https://sites.google.com/site/easylinux ... t/security

About that book: can you return it to the vendor and reclaim your money?
Tip: 10 things to do after installing Linux Mint 19.1 Tessa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Trojans

Post by Habitual » Tue Dec 20, 2016 9:04 am

Prsman wrote:A Practical Guide to Ubuntu Linux ( 4th edition) by Mark Sobell....He gives the following code:
$ sudo find / -perm /4000 -exec ls -lh {} \; 2> /dev/null
Here's mine for comparison on an 14.04.5 LTS Server in Vbox 5.x
Prsman wrote:I guess I would have to examine every file. Not this newbee.
Do you understand the components of the code snippet?
Wisdom don't come with age, my friend. :) See http://docs.oracle.com/cd/E19683-01/806 ... index.html and compare with my above link.
Prsman wrote:He also says to check your PATH variable does not contain a single colon at the beginning or end or a period or double colon anywhere in the PATH string.
$ echo PATH
Always Quote Variables teaches us echo "$PATH"
Prsman wrote:Also install tripwire from synaptic. I think this program is for servers. My point? Running the two commands right after install, keeping a record of the results
and running them again say every three months and compare. May give the paranoid like me some comfort. Thoughts?
Tripwire is a good tool as it requires interfacing with the system, and that for a specific intent purpose. You've shown some discretion and that is admirable.

What is setuid? I had to check wiki.
I know it's used to further enhance a secure computing environment, but I have not studied implementing it. I manage Servers on my network.
I actively log the important servers and restrict access to all EXCEPT 10.0.0.1/8 192.168.1.0/24 and some known IPs.

I run rkhunter every week.
I dist-upgrade every week.
I scan with maldet

Here's some Security References by a guy who knows in a Forum I hang out at.
And the parent of this OS has stuff too!
https://help.ubuntu.com/community/Security and https://wiki.ubuntu.com/BasicSecurity

Watching your progress.

rbeltz48
Level 4
Level 4
Posts: 250
Joined: Mon Jan 16, 2012 3:08 pm
Location: Florida, USA

Re: Trojans

Post by rbeltz48 » Tue Dec 20, 2016 2:44 pm

In Linux an Antivirus program is simply not needed. I've been using Linux since 2006 and I've never had a problem with viruses. But with WIN XP, I had to reinstall the OS so many times because of malware that I simply gave up on Windows. Stick with Linux and use a firewall if necessary and you will be good to go!

Ark987
Level 4
Level 4
Posts: 353
Joined: Tue Apr 07, 2015 4:20 am

Re: Trojans

Post by Ark987 » Tue Dec 20, 2016 3:40 pm

Prsman wrote:Last weekend I bought the book A Practical Guide to Ubuntu Linux ( 4th edition) by Mark Sobell. A good book for newbees like me, but the price! :shock:
In the book the author says you can search for Tojans by checking the files with seuid permission. He gives the following code:
$ sudo find / -perm /4000 -exec ls -lh {} \; 2> /dev/null

I ran the code and got a list of ten files. Now what? I guess I would have to examine every file. Not this newbee.
He also says to check your PATH variable does not contain a single colon at the beginning or end or a period or double colon anywhere in the PATH string.
$ echo PATH

Also install tripwire from synaptic. I think this program is for servers. My point? Running the two commands right after install, keeping a record of the results
and running them again say every three months and compare. May give the paranoid like me some comfort. Thoughts?
Here in this document you can find some explanation about what is the intention:

12.10 Find SUID System Executables (Not Scored)


https://www.google.nl/url?sa=t&source=w ... 4bvIcmbf2A


If this sounds too complicated you better get off the "deep waters" and keep learning if you are interested.

User avatar
Prsman
Level 4
Level 4
Posts: 244
Joined: Tue Nov 17, 2015 3:15 pm

Re: Trojans

Post by Prsman » Tue Dec 20, 2016 6:28 pm

Thanks for the replies. I didnt think that command would be of any use. Habitual, my list is almost the same as yours. And No, I cant return the book.
Cant believe everything you read. But hey, the book came with a dvd iso of Ubuntu. Thanks again.

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Trojans

Post by Habitual » Tue Dec 20, 2016 6:40 pm

Prsman wrote:And No, I cant return the book....Thanks again.
It's a Keeper! and the disc is bootable. :idea:
Good References are hard to get, Nothing wrong with that book for new fish.

User avatar
bartszu
Level 4
Level 4
Posts: 332
Joined: Thu Aug 28, 2014 7:39 pm
Location: Eire

Re: Trojans (SOLVED for the nth time)

Post by bartszu » Tue Dec 20, 2016 7:14 pm

Its just a logic, if your installation file is executable file with root priv.
You end up with what Windoze provides with this system logic.

It is especially difficult for older people like my Mum or Anut.
Most likely their browser is hijacked and and they have tons of malware on theirs machines when I approach.
Most of Windows malware is completely harmless but very annoying.
But Windows anyway changes into selling platform not OS, same actually with not rooted Android.

User avatar
bartszu
Level 4
Level 4
Posts: 332
Joined: Thu Aug 28, 2014 7:39 pm
Location: Eire

Re: Trojans (SOLVED for the nth time)

Post by bartszu » Wed Dec 21, 2016 9:12 am

bartszu wrote:Most of Windows malware is completely harmless but very annoying.
I said Windows Malware what an oxymoron hhahaha warm ice ;)
Malware actually exist exclusively on MS Platform :lol: :lol: :lol: :lol:

Post Reply

Return to “Other topics”