FC3 - broken into?

Mark Sargent powderkeg at snow.email.ne.jp
Fri Feb 18 06:40:40 UTC 2005

On Thursday 17 February 2005 11:15 am, Temlakos wrote:
> Those non-work-related pictures you mentioned, if they are showing up on
> the screensaver, must be in a directory that the screensaver is
> configured to point to for screenshots. The XScreenSaver system always
> reserves a source for pictures that some screen saver routines work on.
> This can be a shot of the current screen, or one particular graphic, or
> a randomly-picked graphic in a directory of graphics or symbolic links
> to graphics.
> To get rid of the inappropriate pictures, you need to find out where
> they are stored. Bring up your Screensaver Preferences dialog
> (Preferences->Screensaver if you're using GNOME) and go to the Advanced
> tab. You will see a static box labeled "Image Manipulation." I would
> guess that you have a box checked that reads "Choose Random Image:" with
> a field below it naming a directory. That directory is where those files
> are stored. First, eliminate the directory from that Image Manipulation
> setting--get it to grab desktop images only for the time being. Second,
> go to the directory that was named and throw everything in it into the
> trash. And if it's symbolic links, you'll need to track them down and
> throw them away. (Trust me: you do /not/ want pictures such as you
> described on a work computer! That's a sexual-harassment lawsuit waiting
> to happen.)
> If that is not what you find, then someone has indeed installed a
> different screensaver on your system, or else a slideshow viewer
> pointing to a folder containing the inappropriate graphics. This is why
> I never do updates as root--I always give the superuser password to an
> application I know and trust which requests it, and I do all my business
> while logged in as any user /but/ root.
> Now as to how to keep the barn door locked: My first impression is that
> you need to enable the system firewall, even if you /do/ have a
> corporate firewall. Redundancy never hurts in security. Of course, you
> need to make sure you know what TCP and UDP ports have to be open for
> certain network processes to run. As long as you open those ports (as
> source /and/ as destination, to be safe) and restrict this to the
> subnetwork you have in your enterprise, your computer should be safe
> even if someone compromises the corporate firewall--or is making
> mischief inside the enterprise and hence already inside the firewall.
> Search on the word "iptables" for more information. (The iptables system
> and syntax took a long time for me to learn, until now I have a system
> that is /very/ particular about what transactions it allows, even
> between computers on my own network.)
> Temlakos
> Pat Pleate wrote:
> > Sorry about the last entry - I hit Enter too quickly.
> > I just installed FC3 a couple of days ago.  We have a
> > corporate firewall between our company and the
> > "outside world", so I left my the PC on but logged off
> > for the night.  I logged in as my own account this
> > morning (which may be root equivalent, but I don't
> > know yet, I'm learning) and ran today's updates
> > (Thurs. 2/17).  About 5 - 10 minutes later during the
> > time the updates were downloading/installing, I turned
> > around from my other workstation checking e-mail and
> > noticed that the FC3 screensaver was not legit - the
> > pictures were not work-related, i.e. nude women.  I
> > suspect that my PC may have been broken into.  I
> > looked at all the screensaver pics and didn't find any
> > nude women photo shots.  I'm very suspicious of this
> > and would like some assistance from the experts.  What
> > should I be checking for in the Linux world that would
> > be suspicious?  I can easily find my way through
> > Novell and Windows, but don't have much background in
> > the Linux world and am humbly asking for your
> > assistance.  Thanks in advance and have great day.
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Take Yahoo! Mail with you! Get it on your mobile phone.
> > http://mobile.yahoo.com/maildemo

Hi All,

great post Temlakos. People like you and others here make this place great to 
visit. Security and fallbacks for it are important Cheers.

Mark Sargent.

More information about the users mailing list