General > Security & Bug Fixes
Samba [SOLVED]
bitsnpcs:
Hello newtusmaximus,
A/ I use the default repositories.
B/ I removed the rules and have updated 2 times and the rules have not been re-added in these future updates.
C/ I don't think it is a virus or malware because -
a/ I have not executed any files other than updates from the Ubuntu repository, and LL repository, or those I created myself, eg Python files made as exercises in the book.
b/ I don't think it is from a website as on this computer I only visit, this forum, OMG Blog, my own blog, Google Blogger/G+, Raspberry Pi blog, and YouTube, OSMC forums a few weeks ago.
c/ only 1 of my email accounts is set up on this computer, example ProtonMail I use only on their site or via the Android app.
Only 2 sources of email arrive to this email address, notifications from this forum, and weekly update notifications from OSMC forum. Neither of these contained any attachments, both are read as plain text only.
I did not receive spam.
There are no personal photos on this computer, no webcam connected, no money stuff eg; I don't have any cards, online banks, or Paypal, they cannot get credit in my name for a few years yet as I am not old enough for that.
There is x1 mp3 music mix I made when first using linux, x2 desktop screenshots, x273 of my blog files that have all already been published online and are free, x13 Python files I made during the exercises in the Python book so far, x1 directory with 2 subdirectories I made as part of the exercises in the Command Line book so far, x54 pdfs from Raspberry Pi foundation that are available free online.
There is no networking of computers.
No idea why Samba is even installed, as none of the 3 reasons given on Ubuntu for what it is used for are ever used on this computer.
I have no idea if the system was penetrated, but it is likely it was, as the help manual was tampered with and is broken which doesn't occur on its own. Maybe other stuff, I am to be checking more later when I get back, I go out now etc.
newtusmaximus:
All this is way beyond my abilities/understanding.
A) Could it be that the ppa from which those that are affected get their updates is different to those who are not affected??
B) Once scripts under the Rules have been removed, do they reappear after a later update?? or before an update??
C) If before a later update, what is the cauuse - malware / virus already penetrated the system??
bitsnpcs:
Hello newtusmaximus,
in the
--- Code: ---man ufw
--- End code ---
under "Application Integration" section it says the new profiles skip, my understanding (which may be wrong) that -
1/you can add rules to allow the applications to pass the firewall.
2/ without adding the specific rule to allow an application "ufw allow<app name>" then default is to skip, the process of adding new rules for applications.
I think it means for example if a rogue app decided to add its own rules to bypass the firewall it wouldn't allow this as the sudo user has not entered the rule specifying the app/software by name in terminal ?
I don't know why it has happened to mine and others, yet not yours, but its good it didn't happen :)
Hello Ottawagrant,
Good to read you have not had the rules added :)
I also have not added any rules, there were only the default rules until these appeared.
I have done both ways, upgrading in the 2.n series. A clean install in 3 series, as I had first installed quite soon before the next version.
In the Install Updates last week there was almost a full GUI of Samba updates from Ubuntu repo, I think 1 or 2 lines short of a full window.
If it was something that came down in the Ubuntu repo updates would this have went out to every distro based on Ubuntu ?
newtusmaximus:
Just checked the two family laptops after updates. Neither show any additional scripts . The V3405 route was fresh install of 3.2 32 bit eventually upgraded to 3.4 32 bit. The Si1520 was a fresh install of 3.4 64bit.
Ottawagrant:
In UFW I don't have any added rules in either x32 or x64 copies of Linux Lite 3.6. Both my 32 & 64bit LL's are fresh installs. Even though you can upgrade I usually do a fresh install. Only because I have the time & for no other reason. Using my HP Compaq 7900's right now. This is an interesting one.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version