Computer attacked? Do logs log such? [Solved]

For discussions about security.
Message
Author
aarf

#21 Post by aarf »

Let me guess. It is a PS2 mouse plugged into a round hole.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#22 Post by nooby »

Nope it is a Labtec Optical Mouse with a flat USB plug.

But it is rather old and well used so that is why I accepted the suggestion that it could be the reason why I suddenly lost ability to click on Menu to shut down. Every menu button flickered wildly as if the mouse had rapidly clicked on each of them in succession.

I did not dare let it go on so both time me used the ctrl+alt+backspace and then did reboot and the problem was gone.

Maybe a week between the two incidences. So it is not a big problem.

But I drew the conclusion me was attacked,. Had no idea a Mouse would create such odd behavior.
I use Google Search on Puppy Forum
not an ideal solution though

Bruce B

#23 Post by Bruce B »

Nooby,

Mozilla Firefox and SeaMonkey keep very detailed logs of all your activity in the Cache, in a file called _CACHE_001_

A fairly simple bash script can strip the information you want as far as CONNECT, GET, POST and the specific URLs

Bruce

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#24 Post by nooby »

Bruce, such is good to know.

Do they do this also if I set it to delete or erase everything when shutting down browser?

Oh I remember a year ago when I used XP daily I had a program named

CCeasy something. Hm me forgotten name. That program deleted much much more that many of the other programs that was supposed to delete all maleware and logs and such. What name did it have.

Wonder if there are such a program that Puppy can use from Ubuntu?
I use Google Search on Puppy Forum
not an ideal solution though

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#25 Post by PaulBx1 »

Puppy's standard firewall can log stuff. Look at /etc/rc.d/rc.firewall, you will see a parameter for logging. Probably some docs around somewhere to see how this particular script of iptables works, or you could modify it yourself by looking at general iptables documentation.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#26 Post by nooby »

Paul it is obvipous me have to learn more for to be able to know how to set such up then.


There where nothing there now that I could recognize as a log or something to check on so most likely one have to activate that function first.
I use Google Search on Puppy Forum
not an ideal solution though

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#27 Post by PaulBx1 »

Just edit the file. You will see this up front:

Code: Select all

########################################
# -- Advanced Configuration Options -- #
########################################

# ** DO NOT ** modify anything below unless you know what you are doing!!
# See online documentation at: http://projectfiles.com/firewall/config.html

DENY_OUTBOUND=""
ALLOW_INBOUND=""
BLACKLIST=""
STATIC_INSIDE_OUTSIDE=""
PORT_FORWARDS=""
PORT_FWD_ALL="yes"
PORT_FWD_ROUTED_NETWORKS="yes"
ADDITIONAL_ROUTED_NETWORKS=""
TRUST_ROUTED_NETWORKS="yes"
SHARED_INTERNAL="yes"
FIREWALL_IP=""
TRUST_LOCAL_EXTERNAL_NETWORKS="no"
DMZ_INTERFACES=""
NAT_EXTERNAL="yes"
ADDITIONAL_NAT_INTERFACES=""
IGNORE_INTERFACES=""
LOGGING="no"
REQUIRE_EXTERNAL_CONFIG="no"

############################################
# -- Advanced Firewall Behavior Options -- #
############################################

# The default settings provide the suggested firewall configuration.

NO_RP_FILTER_INTERFACES=""
INTERNAL_DHCP="yes"
RFC_1122_COMPLIANT="yes"
DROP_NEW_WITHOUT_SYN="no"
DUMP_TCP_ON_INIT="no"
TTL_STEALTH_ROUTER="no"
LOG_LIMIT="1/minute"
LOG_BURST="5"
LOG_LEVEL="notice"
Turn LOGGING="no" to LOGGING="yes". Also those other LOG things control the logging. See the hint about looking at the documentation first, and save a copy of your pupsave before messing with this stuff in case you bork something. I usually keep a backup copy of the original rc.firewall file there in that directory too.

I think you will have to turn off the firewall and then turn it on again, to see the effect in your logs. Again, refer to the documentation to be sure.

I have run with logging for a while, but not lately. Your logs can fill up with innocent crap if you are not careful.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#28 Post by nooby »

Thanks for trusting me is willing to learn. Very much to take in.
I try to save a book mark to this text.
I use Google Search on Puppy Forum
not an ideal solution though

postfs1

#29 Post by postfs1 »

To reedit up to date.

Post Reply