You are not logged in.
Pages: 1
Topic closed
While building 2.6.19.2 after applying grsecurity patches:
make bzImage
...
AS .tmp_kallsyms2.o
LD vmlinux
SYSMAP System.map
SYSMAP .tmp_System.map
Inconsistent kallsyms data
Try setting CONFIG_KALLSYMS_EXTRA_PASS
make: *** [vmlinux] Error 1
[1]+ Exit 2 make bzImage
Does anyone have a clue?
Last edited by rolf (January 16 2007)
maybe i'm gonna try compiling without grsec just to see
maybe play around with "make menuconfig" a bit
sorry for posting :)
Last edited by rolf (January 16 2007)
Oh stupid me...
duh!
Try setting CONFIG_KALLSYMS_EXTRA_PASS
I'm gonna try that... :)
lol, do you like talking alone rolf ?
Yeah I know I may have issues :/
that is known as ubbergeek Syndrom
also know as
no one knows wtf he is talking about..so he replies to his own questions .. or he finds it first
Jokin
did it work rolf ?
He is doing nice thing. But why grsecurity?
Yup it worked :)
I set CONFIG_KALLSYMS_EXTRA_PASS in the menuconfig and it compiled allright
Sometimes you're so used to have difficult problems that you dont look at the obvious message :)
That's another syndrom + the ubergeek syndrom + the mabsoutbi7alo/chayef7alo syndrom ;)
He is doing nice thing. But why grsecurity?
I'm afraid someone hacks into my machine.
I just found something weird... the following files in the /root directory
-rw-r--r-- 1 root root 18699 Mar 29 2006 exploit.c
-rw-r--r-- 1 root root 12736 Oct 4 03:19 pwned.c
-rwxr-xr-x 1 root root 262144 Oct 5 13:46 TTdummyfile
-rwxr-xr-x 1 root root 16384 Oct 5 13:46 TTeatfile
-rwxr-xr-x 1 root root 142606336 Oct 5 13:46 TTeatfiles
-rwx------ 1 root root 84 Oct 4 03:20 TTlib
-rwxr-xr-x 1 root root 8192 Oct 5 13:46 TTsharefile
which are traces of an exploit being run... and I dont remember running pwned.c on my machine.
That's weird because I have a firewall supposedly stopping everything on the web side, I'm not running a web server or anything on the internet... dunno how these files got here, maybe i'm being paranoid, but I'll apply grsecurity.
Ultimately I may switch my firewall to an OpenBSD machine which is more secure.
Last edited by rolf (January 17 2007)
post those files online
DO NOT delete thme pls :)
They are binary files exept for the .c files
which one do you want?
Do you know more about that exploit?
zip everything and post, i'll get someone to analyse the bins, and i'll check the C
yeah, pwned.c was an exploit for 2.6.x smth if im not wrong, the name is pretty generic, but that exploit was released under that name
Last edited by Padre (January 17 2007)
ok but I cant zip-n-post TTeatfiles it's 150 megs (do u need it?)
thanks... i'm on it
no just the small ones
-rw-r--r-- 1 root root 18699 Mar 29 2006 exploit.c
-rw-r--r-- 1 root root 12736 Oct 4 03:19 pwned.c
->
http://www.governmentsecurity.org/archive/t15207.html :)
check them and report what they say if u can't post them in here
lol didn't see ur post.
yeah as excpected i dont think the exploits succeded, im sure u got that patched.
go see how the hell the files landed there.
u sure ur not runnign an web app ??
this is some details on the second exploit.c
http://www.securitytracker.com/alerts/2 … 12810.html
Last edited by Padre (January 17 2007)
u sure ur not runnign an web app ??
I'll check to see if my firewall is working properly
thanks a lot for the links
Last edited by rolf (January 17 2007)
First
http://www.chkrootkit.org/
http://www.rootkit.nl/
Then update all apps, if it is RPM - check signatures, if all binaries is urs (it is possible, dunno but how)
Thanks I did chkrootkit and rkhunter with and they didnt find anything.
But I hear there is still a possibility that there is a worm and that it is undetected.
How do I check signatures?
With rpm - dunno.
First build clean kernel, possible it is kernel module worm (difficult to detect). There is worms who is embedding directly in sources, very small chance u have it, so better build kernel outside infected PC.
But finally - save old data, buy new HDD, install Gentoo :-D and forget this issue once and forever :-D
Pages: 1
Topic closed