FC3 - broken into?

[Temlakos]

Those non-work-related pictures you mentioned, if they are showing up on 
the screensaver, must be in a directory that the screensaver is 
configured to point to for screenshots. The XScreenSaver system always 
reserves a source for pictures that some screen saver routines work on. 
This can be a shot of the current screen, or one particular graphic, or 
a randomly-picked graphic in a directory of graphics or symbolic links 
to graphics.

To get rid of the inappropriate pictures, you need to find out where 
they are stored. Bring up your Screensaver Preferences dialog 
(Preferences->Screensaver if you're using GNOME) and go to the Advanced 
tab. You will see a static box labeled "Image Manipulation." I would 
guess that you have a box checked that reads "Choose Random Image:" with 
a field below it naming a directory. That directory is where those files 
are stored. First, eliminate the directory from that Image Manipulation 
setting--get it to grab desktop images only for the time being. Second, 
go to the directory that was named and throw everything in it into the 
trash. And if it's symbolic links, you'll need to track them down and 
throw them away. (Trust me: you do /not/ want pictures such as you 
described on a work computer! That's a sexual-harassment lawsuit waiting 
to happen.)

If that is not what you find, then someone has indeed installed a 
different screensaver on your system, or else a slideshow viewer 
pointing to a folder containing the inappropriate graphics. This is why 
I never do updates as root--I always give the superuser password to an 
application I know and trust which requests it, and I do all my business 
while logged in as any user /but/ root.

Now as to how to keep the barn door locked: My first impression is that 
you need to enable the system firewall, even if you /do/ have a 
corporate firewall. Redundancy never hurts in security. Of course, you 
need to make sure you know what TCP and UDP ports have to be open for 
certain network processes to run. As long as you open those ports (as 
source /and/ as destination, to be safe) and restrict this to the 
subnetwork you have in your enterprise, your computer should be safe 
even if someone compromises the corporate firewall--or is making 
mischief inside the enterprise and hence already inside the firewall. 
Search on the word "iptables" for more information. (The iptables system 
and syntax took a long time for me to learn, until now I have a system 
that is /very/ particular about what transactions it allows, even 
between computers on my own network.)

Temlakos

Pat Pleate wrote:
> Sorry about the last entry - I hit Enter too quickly. 
> I just installed FC3 a couple of days ago.  We have a
> corporate firewall between our company and the
> "outside world", so I left my the PC on but logged off
> for the night.  I logged in as my own account this
> morning (which may be root equivalent, but I don't
> know yet, I'm learning) and ran today's updates
> (Thurs. 2/17).  About 5 - 10 minutes later during the
> time the updates were downloading/installing, I turned
> around from my other workstation checking e-mail and
> noticed that the FC3 screensaver was not legit - the
> pictures were not work-related, i.e. nude women.  I
> suspect that my PC may have been broken into.  I
> looked at all the screensaver pics and didn't find any
> nude women photo shots.  I'm very suspicious of this
> and would like some assistance from the experts.  What
> should I be checking for in the Linux world that would
> be suspicious?  I can easily find my way through
> Novell and Windows, but don't have much background in
> the Linux world and am humbly asking for your
> assistance.  Thanks in advance and have great day.
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Take Yahoo! Mail with you! Get it on your mobile phone. 
> http://mobile.yahoo.com/maildemo 
>