Čudno ponasanje, pokušaj ili "pokušaj" upada u komp

Pozdrav ljudi, mozda ce mnogima moje pitanje biti glupo ali moram da ga postavim. Kako mogu da znam da li je neko pokusao da mi upadne u kompjuter i ako jeste da li je uspio u tome. Juce mi je komp imao u jednom momentu cudno ponasanje, prozori browsera koji su bili otvoreni poceli su da se smjenjuju vrlo brzo, nisam siguran da li sam ih ja zatvorio ili su se sami zatvorili. Nakon toga sam restartovao kompjuter. Kasnije sam aktivirao ufw ali tek nakon toga.

Sad mi nije jasno da li je to bilo nesto ili ja bez potrebe paranoisem. Ima li neki nacin da provjerim da li je to bilo nesto ili ne. Hvala vam.

Pitanje je zašto bi neko ulazio u računar i gledao tabove u browseru. Imao sam sličnu situaciju dok sam koristio Ubuntu, remote desktop je podrazumevano bio bez šifre. Nešto sam isprobavao i zaboravio da isključim, posle par dana player je sam motao filmove i nalazio sam razne stvari otvorene dok nisam bio za kompom. Primetio sam na tray da je aktivna vnc konekcija tako da je verovatno neko ušao. Srećom bio je svež sistem i nisam imao ništa vredno, sad da neko uđe ne bi mi bilo svejedno. Ja bih za svaki slučaj isključio vnc, teamviewer i sl. remote desktop programe ako ih koristiš. Nađi neki antivirus za linux (ne znam da li nod32 ima free trial), nema mnogo virusa za Linux, ali ipak postoje tako da nije loša ideja da se uradi scan ako je nešto sumnjivo.

Hvala ti na odgovoru. Ne koristim nekakve remote desktop programe, osim ako neki ne dolazi po defaultu u Mintu, ja nisam nijedan instalirao ili pokrenuo. Ti browseri koji su bili u tom momentu otvoreni, ja sam ih otvorio i koristio, ali su u jednom momentu otvoreni prozori su poceli da se brzo mjenjaju i na kraju su se ili sami ili sam ih ja zatvorio (ne sjecam se toga) i nakon toga sam restartovao racunar. Nakon toga je sve normalno, ali ne znam da li je to zaista bilo nesto ili ja umisljam, ne znam ni kako to da utvrdim.

@hood
Otvori kao root (sudo ili su…) fajl /var/log/auth.log pa proveri ko se sve logovao u tvoj računar…

Pokusao sam ovo ali valjda ne znam kako da to ispravno uradim jer nemam naviku da koristim terminal.
Pokusao sam da ukucam prvo sudo ali nije mi nista reagovao, kada sam ukucao su i sifru (valjda je tada uspjelo jer je tekst iz zelene promjenio boju u crvenu) i kada sam koporao ovu naredbu dobio sam ovo bash: /var/log/auth.log: Permission denied
Sigurno radim nesto pogresno.

Kucaj:

su

kada si root ukucaj:

nano /var/log/auth.log

Kroz terminal se krećeš sa streliciama gore/dole page:up/dn

Najsigurnije je

sudo cat /var/log/auth.log   

posle uneseš šifru. Može i točkićem da se skroluje po terminalu.

Iskopirao sam neke dijelove iz terminala, pa ako neko od vas vidi da je nesto cudno tu. Ovo sa browserima se desilo 31.1 cini mi se oko 11 sati. Izvinjavam se na ovako dugom postu. Hvala vam.

Obicno se pojavljalo ovo;

Jan 30 09:38:08 v-System-Product-Name sudo: v : TTY=unknown ; PWD=/home/v ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py

Jan 30 09:38:08 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

Jan 30 09:38:29 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 30 10:17:01 v-System-Product-Name CRON[3484]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 30 10:17:01 v-System-Product-Name CRON[3484]: pam_unix(cron:session): session closed for user root

Jan 30 11:17:01 v-System-Product-Name CRON[3813]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 30 11:17:01 v-System-Product-Name CRON[3813]: pam_unix(cron:session): session closed for user root

I ovo sam nasao:

Jan 30 16:24:24 v-System-Product-Name cinnamon-screensaver-dialog: gkr-pam: unlocked login keyring

Jan 30 17:17:01 v-System-Product-Name CRON[6118]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 30 17:17:01 v-System-Product-Name CRON[6118]: pam_unix(cron:session): session closed for user root

Jan 30 17:34:11 v-System-Product-Name cinnamon-screensaver-dialog: gkr-pam: unlocked login keyring

Ili samo ovo:

Jan 30 20:14:20 v-System-Product-Name cinnamon-screensaver-dialog: gkr-pam: unlocked login keyring

Ovo je poslednja poruka, tada sam valjda ugasio racunar

Jan 31 04:16:34 v-System-Product-Name polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.32, object path /org/gnome$

Ovo je od kad je pokrenut, juce:

Jan 31 09:23:01 v-System-Product-Name systemd-logind[795]: New seat seat0.

Jan 31 09:23:04 v-System-Product-Name dbus[693]: [system] Rejected send message, 7 matched rules; type=“method_return”, sender=":1.11" (uid=0 pid=1317 comm="/usr/sb$

Jan 31 09:23:04 v-System-Product-Name mdm[1123]: pam_unix(mdm-autologin:session): session opened for user v by (uid=0)

Jan 31 09:23:04 v-System-Product-Name systemd-logind[795]: New session c1 of user v.

Jan 31 09:23:04 v-System-Product-Name systemd-logind[795]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.

Jan 31 09:23:04 v-System-Product-Name mdm[1123]: pam_ck_connector(mdm-autologin:session): nox11 mode, ignoring PAM_TTY :0

Jan 31 09:23:08 v-System-Product-Name polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.32 [/usr/lib/policykit-1-gno$

Jan 31 09:33:29 v-System-Product-Name sudo: v : TTY=unknown ; PWD=/home/v ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py

Jan 31 09:33:29 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

Jan 31 09:33:54 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 31 10:17:01 v-System-Product-Name CRON[2770]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 10:17:01 v-System-Product-Name CRON[2770]: pam_unix(cron:session): session closed for user root

Jan 31 10:21:26 v-System-Product-Name gnome-keyring-daemon[1703]: keyring alias directory: /home/v/.local/share/keyrings

Jan 31 11:06:32 v-System-Product-Name polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.32, object path /org/gnome$

Jan 31 11:07:26 v-System-Product-Name systemd-logind[793]: New seat seat0.

Jan 31 11:07:29 v-System-Product-Name dbus[695]: [system] Rejected send message, 7 matched rules; type=“method_return”, sender=":1.11" (uid=0 pid=1236 comm="/usr/sb$

Jan 31 11:07:30 v-System-Product-Name mdm[1117]: pam_unix(mdm-autologin:session): session opened for user v by (uid=0)

Jan 31 11:07:30 v-System-Product-Name systemd-logind[793]: New session c1 of user v.

Jan 31 11:07:30 v-System-Product-Name systemd-logind[793]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.

Jan 31 11:07:30 v-System-Product-Name mdm[1117]: pam_ck_connector(mdm-autologin:session): nox11 mode, ignoring PAM_TTY :0

Jan 31 11:07:34 v-System-Product-Name polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.32 [/usr/lib/policykit-1-gno$

Jan 31 11:11:02 v-System-Product-Name gnome-keyring-daemon[1702]: keyring alias directory: /home/v/.local/share/keyrings

Jan 31 11:17:01 v-System-Product-Name CRON[3198]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 11:17:01 v-System-Product-Name CRON[3198]: pam_unix(cron:session): session closed for user root

Jan 31 11:17:54 v-System-Product-Name sudo: v : TTY=unknown ; PWD=/home/ ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py

Jan 31 11:17:54 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

Jan 31 11:18:10 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 31 11:46:59 v-System-Product-Name polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.32, object path /org/gnome$

Jan 31 12:21:57 v-System-Product-Name systemd-logind[795]: New seat seat0.

Jan 31 12:22:00 v-System-Product-Name dbus[694]: [system] Rejected send message, 7 matched rules; type=“method_return”, sender=":1.11" (uid=0 pid=1312 comm="/usr/sb$

Jan 31 12:22:01 v-System-Product-Name mdm[1117]: pam_unix(mdm-autologin:session): session opened for user v by (uid=0)

Jan 31 12:22:01 v-System-Product-Name systemd-logind[795]: New session c1 of user v.

Jan 31 12:22:01 v-System-Product-Name systemd-logind[795]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.

Jan 31 12:22:01 v-System-Product-Name mdm[1117]: pam_ck_connector(mdm-autologin:session): nox11 mode, ignoring PAM_TTY :0

Jan 31 12:22:04 v-System-Product-Name polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.32 [/usr/lib/policykit-1-gno$

Jan 31 12:23:29 v-System-Product-Name sudo: v : TTY=unknown ; PWD=/home/v ; USER=root ; COMMAND=/usr/bin/mintinstall

Jan 31 12:23:29 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

Jan 31 12:28:29 v-System-Product-Name sudo: v : TTY=pts/2 ; PWD=/home/v ; USER=root ; COMMAND=/usr/sbin/ufw status

Jan 31 12:28:29 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by v(uid=0)

Jan 31 12:28:29 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 31 12:31:13 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 31 12:32:25 v-System-Product-Name sudo: v : TTY=unknown ; PWD=/home/v ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py

Jan 31 12:32:25 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

Jan 31 12:32:42 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 31 12:51:21 v-System-Product-Name gnome-keyring-daemon[1702]: keyring alias directory: /home/v/.local/share/keyrings

Jan 31 13:17:02 v-System-Product-Name CRON[3503]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 13:17:02 v-System-Product-Name CRON[3503]: pam_unix(cron:session): session closed for user root

Jan 31 14:17:01 v-System-Product-Name CRON[3731]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 14:17:01 v-System-Product-Name CRON[3731]: pam_unix(cron:session): session closed for user root

Jan 31 14:32:26 v-System-Product-Name sudo: v : TTY=unknown ; PWD=/home/v ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py

Jan 31 14:32:26 v-System-Product-Name sudo: pam_unix(sudo:session): session opened for user root by (uid=0)

Jan 31 14:32:48 v-System-Product-Name sudo: pam_unix(sudo:session): session closed for user root

Jan 31 15:17:01 v-System-Product-Name CRON[4465]: pam_unix(cron:session): session opened for user root by (uid=0)

Jan 31 15:17:01 v-System-Product-Name CRON[4465]: pam_unix(cron:session): session closed for user root

Ако добро видим - нема ту ништа забрињавајућег…
Нешто ме друго копка… Кажеш да је прегледач отварао сам табове и сл… Да ниси можда имао проблема са интернетом, па је можда мало каснило отварање разних оглашивачких страна типа адфлај, адмавен и осталих мулти таб, мулти прозор,… штеточина?

@hood
Ako je tvoj username “v” onda ne treba da brineš…mada mi je malo čudan takav username?

Meni takođe deluje sve OK u ovom log-u… problem sa browserom mi deluje na neki bug/lag!?

Ajde ako ti nije teško kopiraj ovo u terminalu pa postavi ovde izveštaj:

find /etc /var -mtime -3

Ova komanda pokazuje da li je u poslednjih 3 dana bilo promene u sistemskim fajlovima koji mogu da daju jasniju sliku ukoliko je neko upao u tvoj računar da li je nešto menjao ili postavljao a da ti nisi svestan toga (recimo instalira postfix i šalje spam)

Takođe uradi sledeće, prijavi se u terminalu kao “root” i izvrši sledeću komandu:

history

Ova komanda pokazuje sve radnje koje si izvršio kao root korisnik, pregledaj to i ako ti nešto deluje sumnjivo i nisi siguran da si ti to uradio onda postoji šansa da je neko drugi u pitanju.

find /etc /var -mtime -3

/etc

/etc/gufw

/etc/gufw/gufw.cfg

/etc/gufw/app_profiles

/etc/gufw/Office.profile

/etc/gufw/Public.profile

/etc/gufw/Home.profile

/etc/linuxmint/mintSystem.conf

/etc/gnome/defaults.list

/etc/chromium-browser/default

/etc/mailcap

/etc/legal

/etc/cups

/etc/cups/subscriptions.conf.O

find: `/etc/cups/ssl’: Permission denied

/etc/cups/subscriptions.conf

/etc/apt/preferences.d/official-package-repositories.pref

/etc/issue.net

/etc/mtab

/etc/init

/etc/init/plymouth-stop.conf

/etc/init/plymouth-shutdown.conf

/etc/ufw/ufw.conf

/etc/grub.d

/etc/grub.d/10_linux

find: `/etc/ssl/private’: Permission denied

/etc/lsb-release

find: `/etc/polkit-1/localauthority’: Permission denied

/etc/issue

/etc/X11/Xsession.d

/etc/X11/Xsession.d/98vboxadd-xclient

/etc/update-motd.d/10-help-text

/var/backups

/var/backups/dpkg.status.0

/var/backups/apt.extended_states.0

/var/cache/cups

/var/cache/cups/job.cache.O

/var/cache/cups/job.cache

/var/cache/apt

/var/cache/apt/srcpkgcache.bin

/var/cache/apt/archives

/var/cache/apt/archives/partial

/var/cache/apt/pkgcache.bin

/var/cache/samba

/var/cache/samba/browse.dat

find: `/var/cache/ldconfig’: Permission denied

/var/cache/man

/var/cache/man/sv

/var/cache/man/cs

/var/cache/man/gl

/var/cache/man/ru

/var/cache/man/zh_TW

/var/cache/man/index.db

/var/cache/man/da

/var/cache/man/fr

/var/cache/man/pt

/var/cache/man/pt_BR

/var/cache/man/nl

/var/cache/man/fr.UTF-8

/var/cache/man/it

/var/cache/man/pl

/var/cache/man/id

/var/cache/man/zh_CN

/var/cache/man/hu

/var/cache/man/tr

/var/cache/man/es

/var/cache/man/fr.ISO8859-1

/var/cache/man/ko

/var/cache/man/de

/var/cache/man/ja

/var/cache/man/fi

/var/cache/man/sl

/var/lib/urandom/random-seed

/var/lib/apt

/var/lib/apt/extended_states

/var/lib/apt/lists

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_universe_i18n_Translation-en

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_multiverse_binary-i386_Packages

/var/lib/apt/lists/deb.opera.com_opera-stable_dists_stable_non-free_binary-i386_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_multiverse_binary-amd64_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_restricted_i18n_Translation-en

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_restricted_i18n_Translation-en

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_restricted_binary-i386_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_binary-amd64_Packages

/var/lib/apt/lists/deb.opera.com_opera-stable_dists_stable_non-free_binary-amd64_Packages

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_main_binary-i386_Packages

/var/lib/apt/lists/partial

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_multiverse_binary-i386_Packages

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_restricted_binary-amd64_Packages

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_multiverse_i18n_Translation-en

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-i386_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_i18n_Translation-en

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_InRelease

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_InRelease

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_universe_binary-i386_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_restricted_binary-i386_Packages

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_i18n_Translation-en

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_universe_binary-amd64_Packages

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_main_i18n_Translation-en

/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_multiverse_binary-amd64_Packages

/var/lib/apt/lists/deb.opera.com_opera-stable_dists_stable_InRelease

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_restricted_binary-amd64_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_binary-i386_Packages

/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_trusty-updates_multiverse_i18n_Translation-en

/var/lib/NetworkManager

/var/lib/NetworkManager/dhclient-bd591b4a-f943-4fc4-b405-1d5456c3b216-eth0.lease

/var/lib/NetworkManager/dhclient-ab7b4b9a-129e-4d4e-9a67-ff941f0ba6ed-eth0.lease

/var/lib/NetworkManager/dhclient-bf0b6418-4506-4892-bc6a-2f714e28753f-eth0.lease

/var/lib/NetworkManager/dhclient-ba93e9b9-d241-422f-838c-4dba35a9b6b1-eth0.lease

/var/lib/NetworkManager/dhclient-eth0.conf

/var/lib/NetworkManager/dhclient-458fafe8-c0b4-429b-aece-9636981871e6-eth0.lease

/var/lib/NetworkManager/dhclient-12a1b642-2394-47b1-bcff-66f3d8e9e019-eth0.lease

/var/lib/NetworkManager/dhclient-8f74e7b9-a24d-4f63-b8cf-a9e9791cddca-eth0.lease

/var/lib/NetworkManager/dhclient-f24b0d48-404e-48f8-b1b2-313773d6178a-eth0.lease

/var/lib/NetworkManager/timestamps

/var/lib/upower

/var/lib/upower/history-time-empty-Logitech__Inc_-K400-9A91C5AF.dat

/var/lib/upower/history-rate-Logitech__Inc_-K400-7815A7D3.dat

/var/lib/upower/history-rate-Logitech__Inc_-K400-9A91C5AF.dat

/var/lib/upower/history-time-full-Logitech__Inc_-K400-7815A7D3.dat

/var/lib/upower/history-time-full-Logitech__Inc_-K400-9A91C5AF.dat

/var/lib/upower/history-time-empty-Logitech__Inc_-K400-7815A7D3.dat

/var/lib/upower/history-charge-Logitech__Inc_-K400-9A91C5AF.dat

/var/lib/upower/history-charge-Logitech__Inc_-K400-7815A7D3.dat

find: `/var/lib/udisks2’: Permission denied

/var/lib/mdm

find: `/var/lib/mdm’: Permission denied

find: `/var/lib/sudo’: Permission denied

/var/lib/ubuntu-drivers-common/last_gfx_boot

/var/lib/samba/private/msg.sock

find: `/var/lib/samba/private/msg.sock’: Permission denied

/var/lib/logrotate

/var/lib/logrotate/status

/var/lib/alsa

/var/lib/alsa/asound.state.lock

/var/lib/alsa/asound.state

/var/lib/plymouth/boot-duration

find: `/var/lib/polkit-1’: Permission denied

/var/lib/mlocate

/var/lib/mlocate/mlocate.db

/var/lib/rfkill/saved-state

/var/lib/dpkg

/var/lib/dpkg/status

/var/lib/dpkg/triggers/Lock

/var/lib/dpkg/updates

/var/lib/dpkg/info

/var/lib/dpkg/info/gufw.list

/var/lib/dpkg/info/python-netifaces.list

/var/lib/dpkg/available

/var/lib/dpkg/lock

/var/lib/dpkg/status-old

find: `/var/spool/cron/crontabs’: Permission denied

find: `/var/spool/cups’: Permission denied

/var/spool/anacron/cron.daily

find: `/var/spool/rsyslog’: Permission denied

/var/tmp

/var/log

/var/log/udev

/var/log/prime-offload.log

/var/log/alternatives.log

/var/log/syslog

/var/log/prime-supported.log

/var/log/syslog.3.gz

/var/log/auth.log.1

/var/log/dpkg.log

/var/log/wtmp.1

/var/log/kern.log.1

/var/log/boot.log

/var/log/dpkg.log.1

/var/log/Xorg.0.log.old

/var/log/Xorg.0.log

/var/log/cups

/var/log/cups/access_log.2.gz

/var/log/cups/access_log.1.gz

/var/log/cups/access_log

/var/log/cups/access_log.3.gz

/var/log/apt

/var/log/apt/history.log

/var/log/apt/term.log.1.gz

/var/log/apt/term.log

/var/log/apt/history.log.1.gz

/var/log/syslog.2.gz

/var/log/dmesg.2.gz

/var/log/btmp

/var/log/gpu-manager.log

/var/log/nvidia-prime-upstart.log

/var/log/pm-powersave.log.1

/var/log/mdm

/var/log/mdm/:0.log.1

/var/log/mdm/:0.log

/var/log/mdm/:0.log.4

/var/log/mdm/:0.log.2

/var/log/mdm/:0.log.3

/var/log/dmesg.1.gz

/var/log/ufw.log

/var/log/mintsystem.log

/var/log/pm-powersave.log

/var/log/dmesg

/var/log/samba

/var/log/samba/log.%m

/var/log/samba/log.nmbd.1.gz

/var/log/samba/log.smbd

find: `/var/log/samba/cores’: Permission denied

/var/log/samba/log.nmbd

/var/log/samba/log.smbd.1.gz

/var/log/upstart

/var/log/upstart/dbus.log.1.gz

/var/log/upstart/container-detect.log.2.gz

/var/log/upstart/procps-virtual-filesystems.log.1.gz

/var/log/upstart/console-setup.log.1.gz

/var/log/upstart/ureadahead.log.3.gz

/var/log/upstart/wait-for-state-plymouth-shutdownmdm.log.1.gz

/var/log/upstart/modemmanager.log.2.gz

/var/log/upstart/mountall.log.1.gz

/var/log/upstart/plymouth-shutdown.log.1.gz

/var/log/upstart/wait-for-state-plymouth-shutdownmdm.log.3.gz

/var/log/upstart/network-manager.log.2.gz

/var/log/upstart/procps-static-network-up.log.3.gz

/var/log/upstart/procps-static-network-up.log

/var/log/upstart/cups.log.1.gz

/var/log/upstart/procps-static-network-up.log.1.gz

/var/log/upstart/network-manager.log.3.gz

/var/log/upstart/cups.log.3.gz

/var/log/upstart/procps-static-network-up.log.2.gz

/var/log/upstart/wait-for-state-plymouth-shutdownmdm.log.2.gz

/var/log/upstart/procps-virtual-filesystems.log

/var/log/upstart/systemd-logind.log

/var/log/upstart/ureadahead.log.1.gz

/var/log/upstart/mountall.log.2.gz

/var/log/upstart/gpu-manager.log

/var/log/upstart/kmod.log

/var/log/upstart/kmod.log.2.gz

/var/log/upstart/dbus.log

/var/log/upstart/alsa-state.log.3.gz

/var/log/upstart/dbus.log.2.gz

/var/log/upstart/systemd-logind.log.1.gz

/var/log/upstart/ureadahead.log.2.gz

/var/log/upstart/mountall.log.3.gz

/var/log/upstart/systemd-logind.log.3.gz

/var/log/upstart/cups.log.2.gz

/var/log/upstart/alsa-state.log.2.gz

/var/log/upstart/ureadahead-other.log

/var/log/upstart/systemd-logind.log.2.gz

/var/log/upstart/container-detect.log.3.gz

/var/log/upstart/console-setup.log

/var/log/upstart/network-manager.log

/var/log/upstart/modemmanager.log.3.gz

/var/log/upstart/network-manager.log.1.gz

/var/log/upstart/gpu-manager.log.2.gz

/var/log/upstart/ureadahead-other.log.3.gz

/var/log/upstart/gpu-manager.log.1.gz

/var/log/upstart/ureadahead-other.log.1.gz

/var/log/upstart/modemmanager.log

/var/log/upstart/plymouth-shutdown.log.2.gz

/var/log/upstart/alsa-state.log.1.gz

/var/log/upstart/container-detect.log

/var/log/upstart/wait-for-state-plymouth-shutdownmdm.log

/var/log/upstart/ureadahead.log

/var/log/upstart/modemmanager.log.1.gz

/var/log/upstart/plymouth-shutdown.log

/var/log/upstart/procps-virtual-filesystems.log.2.gz

/var/log/upstart/cups.log

/var/log/upstart/procps-virtual-filesystems.log.3.gz

/var/log/upstart/console-setup.log.3.gz

/var/log/upstart/gpu-manager.log.3.gz

/var/log/upstart/console-setup.log.2.gz

/var/log/upstart/kmod.log.3.gz

/var/log/upstart/alsa-state.log

/var/log/upstart/container-detect.log.1.gz

/var/log/upstart/kmod.log.1.gz

/var/log/upstart/plymouth-shutdown.log.3.gz

/var/log/upstart/dbus.log.3.gz

/var/log/upstart/ureadahead-other.log.2.gz

/var/log/upstart/mountall.log

/var/log/wtmp

/var/log/kern.log

/var/log/auth.log

find: `/var/log/speech-dispatcher’: Permission denied

/var/log/syslog.1

/var/log/dmesg.4.gz

/var/log/dmesg.0

/var/log/dmesg.3.gz

/var/log/ConsoleKit

/var/log/ConsoleKit/history.1

/var/log/ConsoleKit/history

history

1 /var/log/auth.log

2 less /var/log/auth.log

3 /var/log/auth.log

4 :/var/log/auth.log

5 /var/log/auth.log

6 nano /var/log/auth.log

7 history

u histoy koliko vidim su samo moji “pokusaji” da dobijem onaj ispis i kada sam konacno uspio.

Nije mi to username, nadimak mi je username pa sam u kopiranim dijelovima ostavio samo “v” a ostalo sam obrisao obrisao.

Sve je u redu, niko ti nije upao u komp… ono sa browserima je bio neki bug najverovatnije.

Budi miran.

Hvala ti, a i ostalima koji su mi pomogli oko svega. Izvinite sto sam vas cimao, ali mi je lakse kad znam da nije bilo nista.
Hvala vam puno svima.

Само још један трен…
Прегледај да немаш инсталиран неки сумњиви додатак за прегледач. Не мора значити да је нешто из система, већ можда из брузера. Падају ми на памет адонови као што је био скорашњи за Хром који се ширио ненормалном брзином путем фејзбука (пријатељ ти је послао видео, а оно турски фишинг сајт урађен исто као ФБ, и онда да погледаш видео мораш неки додатак да скинеш). Јесте да ово нападаа само Виндовс рачунаре, али код плагинова за браузере се мора бити опрезан, јер никад се не зна - можда неки погоде и кориснике линукса.

Nema na čemu, bolje da pitaš pa da si siguran nego obratno.

Inače slažem se sa @MyName proveri instalirane extenzije da nisi pokupio neko sranje sa neta.

Ne znam ali mislim da oni ne prave problem od add ona imam instalirane AdBlock, YouTube mp3 downloader i New Tab Override ali njega sam trenutno u disable prebacio.
A od plugina Shockwave Flash i QuickTime (on je na ask to activate) i jos ima nekih ali svi oni su stavljeni ne never activate i svi su ko zna koliko tu vec.

Целог дана добијам у auth.log исписе сличне овом:

Failed password for root from xxx.xxx.xxx.xxx port 2687 ssh2
Failed password for root from xxx.xxx.xxx.xxx port 2687 ssh2
Failed password for root from xxx.xxx.xxx.xxx port 2687 ssh2
Failed password for root from xxx.xxx.xxx.xxx port 2687 ssh2
Failed password for root from xxx.xxx.xxx.xxx port 2687 ssh2
Failed password for root from xxx.xxx.xxx.xxx port 2687 ssh2
Disconnecting: Too many authentication failures for root [preauth]

Видим по нету да саветују инсталирање програма попут fail2ban и denyhosts. Fail2ban постоји у ТРИОС-овом репо-у (за овај други нисам проверавао…) али не бих ништа радио пре ваших савета…

denyhosts je malo stariji paket, nema ga u jessie…postojao je u wheezy-ju, a ima ga i u sidu…