Is read some article about Intel Black Hole:
https://hardenedlinux.github.io/fir...ME_firmware_on_sandybridge_and_ivybridge.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
I have here that situation. Someone get in, and played AC line, plug and unplug power, they probably can see What I am doing on the computer probably delete some important private file, probably broked root passwd. I thinked if it a my mistake and attack on the browser. Is exist ANY way to check ANY information about attacker? IP adress, mac address anything?? Someone?
Something else. auth.log show login into ROOT but for 100 percent is not me. Root login is disable (I do not adding user into wheel group)Firewall is highly restrictive turned(setting up?) on before connecting to the internet at installation time. I use internet in Dormitory running on old PC with Windows and NAT pluged in when ewerything is set offline. Sometimes DHCP is down (Eaven when I want to using WIFI via smartphone!) without any reason, so I must i configure it manually.
My /etc/fstab
IPFW rules.
auth.log
Now I checking 16992 and 16993 ports inter firewall log.
https://hardenedlinux.github.io/fir...ME_firmware_on_sandybridge_and_ivybridge.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
I have here that situation. Someone get in, and played AC line, plug and unplug power, they probably can see What I am doing on the computer probably delete some important private file, probably broked root passwd. I thinked if it a my mistake and attack on the browser. Is exist ANY way to check ANY information about attacker? IP adress, mac address anything?? Someone?
Something else. auth.log show login into ROOT but for 100 percent is not me. Root login is disable (I do not adding user into wheel group)Firewall is highly restrictive turned(setting up?) on before connecting to the internet at installation time. I use internet in Dormitory running on old PC with Windows and NAT pluged in when ewerything is set offline. Sometimes DHCP is down (Eaven when I want to using WIFI via smartphone!) without any reason, so I must i configure it manually.
My /etc/fstab
Code:
/dev/raid/r0p2 / ufs rw 1 1
/dev/raid/r0p3 /usr ufs rw 2 2
/dev/raid/r0p4 /var ufs rw,nosuid 2 2
/dev/raid/r0p5 /var/tmp ufs rw,nosuid,noexec 2 2
/dev/raid/r0p6 /var/log ufs rw,nosuid,noexec 2 2
/dev/raid/r0p7 /tmp ufs rw,nosuid,noexec 2 2
/dev/raid/r0p8 /home ufs rw,nosuid,noexec 2 2
IPFW rules.
Code:
ipfw -q -f flush
ipfw -q add 0010 deny all from any to any via lo0
ipfw -q add 0020 deny all from any to 127.0.0.0/8
ipfw -q add 0030 deny all from 127.0.0.0/8 to any
ipfw -q add 0040 deny all from any to any frag
ipfw -q add 0060 allow tcp from me to any 53 out setup keep-state
ipfw -q add 0070 allow udp from me to any 53 out keep-state
ipfw -q add 0080 allow tcp from me to any 80 out setup keep-state
ipfw -q add 0090 allow tcp from me to any 443 out setup keep-state
ipfw -q add 0091 allow udp from me to 153.19.250.123 dst-port 123 out keep-state
ipfw -q add 0998 deny P:2 from any to any
ipfw -q add 0999 deny all from any to any 137
ipfw -q add 1000 deny log all from any to any
auth.log
Code:
May 1 01:30:45 komputer polkitd[1154]: Loading rules from directory /usr/local/etc/polkit-1/rules.d
May 1 01:30:45 komputer polkitd[1154]: Loading rules from directory /usr/local/share/polkit-1/rules.d
May 1 01:30:45 komputer polkitd[1154]: Finished loading, compiling and executing 1 rules
May 1 01:30:45 komputer polkitd[1154]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
May 1 01:31:06 komputer login: login on ttyv0 as komputer
May 2 03:49:30 komputer login: login on ttyv0 as root
May 2 03:49:30 komputer login: ROOT LOGIN (root) ON ttyv0
May 2 03:57:19 komputer polkitd[1180]: Loading rules from directory /usr/local/etc/polkit-1/rules.d
May 2 03:57:19 komputer polkitd[1180]: Loading rules from directory /usr/local/share/polkit-1/rules.d
May 2 03:57:19 komputer polkitd[1180]: Finished loading, compiling and executing 1 rules
May 2 03:57:19 komputer polkitd[1180]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
May 2 03:57:27 komputer login: login on ttyv0 as root
May 2 03:57:27 komputer login: ROOT LOGIN (root) ON ttyv0
Now I checking 16992 and 16993 ports inter firewall log.