FC3 - broken into?
Temlakos
temlakos at gmail.com
Thu Feb 17 16:15:04 UTC 2005
Those non-work-related pictures you mentioned, if they are showing up on
the screensaver, must be in a directory that the screensaver is
configured to point to for screenshots. The XScreenSaver system always
reserves a source for pictures that some screen saver routines work on.
This can be a shot of the current screen, or one particular graphic, or
a randomly-picked graphic in a directory of graphics or symbolic links
to graphics.
To get rid of the inappropriate pictures, you need to find out where
they are stored. Bring up your Screensaver Preferences dialog
(Preferences->Screensaver if you're using GNOME) and go to the Advanced
tab. You will see a static box labeled "Image Manipulation." I would
guess that you have a box checked that reads "Choose Random Image:" with
a field below it naming a directory. That directory is where those files
are stored. First, eliminate the directory from that Image Manipulation
setting--get it to grab desktop images only for the time being. Second,
go to the directory that was named and throw everything in it into the
trash. And if it's symbolic links, you'll need to track them down and
throw them away. (Trust me: you do /not/ want pictures such as you
described on a work computer! That's a sexual-harassment lawsuit waiting
to happen.)
If that is not what you find, then someone has indeed installed a
different screensaver on your system, or else a slideshow viewer
pointing to a folder containing the inappropriate graphics. This is why
I never do updates as root--I always give the superuser password to an
application I know and trust which requests it, and I do all my business
while logged in as any user /but/ root.
Now as to how to keep the barn door locked: My first impression is that
you need to enable the system firewall, even if you /do/ have a
corporate firewall. Redundancy never hurts in security. Of course, you
need to make sure you know what TCP and UDP ports have to be open for
certain network processes to run. As long as you open those ports (as
source /and/ as destination, to be safe) and restrict this to the
subnetwork you have in your enterprise, your computer should be safe
even if someone compromises the corporate firewall--or is making
mischief inside the enterprise and hence already inside the firewall.
Search on the word "iptables" for more information. (The iptables system
and syntax took a long time for me to learn, until now I have a system
that is /very/ particular about what transactions it allows, even
between computers on my own network.)
Temlakos
Pat Pleate wrote:
> Sorry about the last entry - I hit Enter too quickly.
> I just installed FC3 a couple of days ago. We have a
> corporate firewall between our company and the
> "outside world", so I left my the PC on but logged off
> for the night. I logged in as my own account this
> morning (which may be root equivalent, but I don't
> know yet, I'm learning) and ran today's updates
> (Thurs. 2/17). About 5 - 10 minutes later during the
> time the updates were downloading/installing, I turned
> around from my other workstation checking e-mail and
> noticed that the FC3 screensaver was not legit - the
> pictures were not work-related, i.e. nude women. I
> suspect that my PC may have been broken into. I
> looked at all the screensaver pics and didn't find any
> nude women photo shots. I'm very suspicious of this
> and would like some assistance from the experts. What
> should I be checking for in the Linux world that would
> be suspicious? I can easily find my way through
> Novell and Windows, but don't have much background in
> the Linux world and am humbly asking for your
> assistance. Thanks in advance and have great day.
>
>
>
> __________________________________
> Do you Yahoo!?
> Take Yahoo! Mail with you! Get it on your mobile phone.
> http://mobile.yahoo.com/maildemo
>
More information about the fedora-list
mailing list