| NashaK | Hello all, could anyone tell me why, after editing ~/mythtv/.lircrc and rebooting, my changes arent recognised by myth? | 02:03 |
|---|---|---|
| NashaK | All has been well previously, remote working fine, but now after making some modifications, newly assigned buttons dont work, and modified buttons dont work | 02:06 |
| NashaK | Ironically, all the buttons im having issues with are irexec related | 02:08 |
| Naranek | ok, so... do you know any reason why mythbuntu would create ssh keys and a root account to mysql for them? | 10:33 |
| Naranek | I think my mythbuntu box was hacked some time ago, because I found this strange account in mysql, and there were some ecdsa-keys I definitely hadn't done myself | 10:36 |
| Naranek | so I wiped the system and did a fresh install | 10:36 |
| Naranek | but now the keys and the account have appeared again | 10:37 |
| Naranek | on the ubuntu forums there is another mythbuntu user with the same problem, so I wouldn't rule out that there's an unpatched vulnerability in mythbuntu | 10:39 |
| Naranek | any ideas what to do? | 10:40 |
| Naranek | ok, I also have root login enabled in the sshd_config | 10:50 |
| Naranek | so I'm definitely hacked | 10:50 |
| Naranek | could you have a look if you have strange logins in mysql. | 11:03 |
| frankster | audio stopped working with mythtv this morning - was wondering if it is because of the recent mythtv updates this weekend | 11:49 |
| frankster | am running oneiric | 11:49 |
| frankster | 2012-03-11 11:30:20.445 ALSA, Error: no playback control PCM found on mixer device default | 12:21 |
| frankster | 2012-03-11 11:30:20.445 ALSA, Error: Unable to open audio mixer. Volume control disabled | 12:21 |
| frankster | I wonder if these log statements are related to the problem | 12:21 |
| mrand | frankster: doesn't make sense that an update would cause that. Google turns up some hints: http://code.mythtv.org/trac/ticket/9416 and http://ubuntuforums.org/showthread.php?t=1647938 Probably more hits if you search the mythtv-users mailing list | 13:22 |
| frankster | mrand; yeah you're right - I downgraded the frontend to some version from last year and the sound still doesn't work. I can play sound outside of mythtv | 15:12 |
| Seeker` | Naranek: how long between wiping the system and the keys reappearing? | 15:23 |
| Naranek | I'm not sure. I just noticed them, but I haven't used the box much | 15:45 |
| Naranek | rkhunter found a suspicious /etc/.java directory that was made 15 days after installation, but I'm not sure if it's related to this | 15:46 |
| Naranek | I installed the system about three months ago | 15:46 |
| tmkt | frankster: did you give the audio auto detecting a shot/ | 15:56 |
| frankster | tmkt: I haven't had great results from that! in fact I can't tell what it does. Its the option in the frontend general settings page right? is it meant to populate the list beneath it/choose the best one out of the list? | 16:08 |
| frankster | I've tried the default option in the list and an ugly alsa path I won't repeat here. I assume that the default option is what was working up until this morning | 16:11 |
| Seeker` | Naranek: http://www.velocityreviews.com/forums/t754763-re-unexplained-files-why.html | 16:39 |
| Zinn | [www.velocityreviews.com] Re: Unexplained files - why? | 16:39 |
| Naranek | Seeker`: thanks. those were the files I was looking for | 16:49 |
| Naranek | http://ubuntuforums.org/showthread.php?p=11642766 here is another user having the same issue. In the post there is a link to my post after the first breach. | 16:54 |
| Zinn | [ubuntuforums.org] Unexpected user/host in mySQL - Ubuntu Forums | 16:54 |
| likwid- | naranek, i have the .pub key as well as the mysql user, though its from the host kapok | 17:08 |
| likwid- | my BE isn't available from the outside. | 17:08 |
| likwid- | id guess some package installed it. | 17:08 |
| likwid- | which unfortunately doesnt seem to be the case | 17:09 |
| likwid- | root@mythtv:/etc/ssh# dpkg -S /etc/ssh/ssh_host_ecdsa_key.pub | 17:09 |
| likwid- | dpkg-query: no path found matching pattern /etc/ssh/ssh_host_ecdsa_key.pub. | 17:09 |
| Naranek | ok | 17:11 |
| Naranek | strange | 17:11 |
| Naranek | do you mean isn't available from outside as in no services available to the net or airgapped? | 17:12 |
| likwid- | correct | 17:12 |
| likwid- | its not available from outside | 17:13 |
| likwid- | i do not forward any ports on my router to it | 17:14 |
| Naranek | ok, but it's still connected to the internet | 17:14 |
| Naranek | ? | 17:14 |
| Naranek | I had only ssh and web server visible on the outside, and there wasn't anything complex on the web server | 17:16 |
| Naranek | so I think it's possible that it's some vulnerability on the basic packages of the mythtv | 17:17 |
| likwid- | its connected but the only connections it makes to the outside is updates/schedules direct | 17:20 |
| Naranek | do you know of a way to search references to cardamom or kapok in the mythtv sources? | 17:22 |
| likwid- | need to find the build bot logs for ubuntu/myth.. couuld search those | 18:13 |
| Naranek | I think I'll contact security@ubuntu.com to see if they can help | 18:14 |
| likwid- | yea i dont think they are malicious | 18:50 |
| tgm4883 | Naranek, what are you seeing as the mysql user? | 18:50 |
| tgm4883 | the one that you believe is suspicious | 18:50 |
| tgm4883 | Also, when you reinstalled, did you use the same password? | 18:51 |
| Naranek | tgm4883: different password and username | 19:14 |
| Naranek | user: root | 19:14 |
| tgm4883 | Naranek, the mysql user you see added is root? | 19:14 |
| tgm4883 | and you think that is suspicious? | 19:15 |
| Naranek | host: cardamom | 19:15 |
| tgm4883 | what is cardamom? | 19:15 |
| Naranek | yes. I haven't created that user and I don't know the host | 19:15 |
| Naranek | some spice I think :D | 19:15 |
| Naranek | in the earlier installation I found a reference to cardamom in my known_hosts | 19:16 |
| Naranek | and some ssh-keys which I haven't made myself | 19:16 |
| Naranek | and root login turned on in sshd_config | 19:17 |
| tgm4883 | well the mysql root user is created on install | 19:19 |
| tgm4883 | it's the master user for mysql | 19:19 |
| tgm4883 | The root login for sshd is odd | 19:20 |
| Naranek | yes, but it has the host localhost or 127.0.0.1 | 19:20 |
| Naranek | I don't remember which | 19:20 |
| tgm4883 | should have both | 19:20 |
| tgm4883 | I have a third in mine which seems odd, but it isn't cardamom | 19:20 |
| tgm4883 | researching | 19:21 |
| Naranek | likwid- had kapok instead of cardamom | 19:21 |
| tgm4883 | do you have anything else installed using mysql? | 19:22 |
| emacsen | Hi. I installed mythbuntu and it's all working, except I don't think upnp is working. I can't see it with my boxee or vlc on my laptop. Is there something I need to do to enable it, or a way to check it? | 19:23 |
| emacsen | !help upnp | 19:24 |
| Zinn | !help upnp For a complete list of my knowledge visit: http://www.baablogic.net/Zinn.cgi Other available commands: !status, !about, !bug [bug_number]. | 19:24 |
| Naranek | tgm4883: nothing else installed using mysql | 19:25 |
| Naranek | might I ask what was your extra hostname? | 19:26 |
| tgm4883 | king | 19:27 |
| tgm4883 | Naranek, stick around, I might have a better answer for you in a bit. | 19:28 |
| Naranek | I will... I'll need to get some sleep soon, but I'll leave the screen on. Thanks! | 19:29 |
| emacsen | okay, so enna is the third client not to see a upnp server. so I think it's not on | 19:35 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!