[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-list
Subject:    Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?
From:       John Morris <jmorris () beau ! org>
Date:       2017-06-30 4:01:43
Message-ID: 1498795303.17588.20.camel () beau ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Thu, 2017-06-29 at 20:38 -0400, William Oliver wrote:

> Personally, I assume that my computers are always on the verge of being
> compromised.  It's one of the things I like about fedora -- I always do
> a clean install when a new version comes out, and I occasionally to a
> clean reinstall midway through.  That basically means I wipe my machine
> every three months.  It won't stop people from breaking in, but it
> hampers long term surveillance.

That is more work than needed.  Use the power of RPM.  Boot a live CD
and validate every package on the installed copy.  That one step gets
you a high degree of confidence nothing funny is going on.

Mount up your install, say on /mnt.  Do all the bind mounts
of /dev, /proc and /sys, etc (or let rescue mode do it for you) like you
were about to chroot into it, BUT DON"T.  If you chroot into it you
execute code from the suspect drive and possibly taint the Live CD
environment.  If you accidentally chroot, reboot and start over.

Now do "rpm -Va --root /mnt >/tmp/exception_report.txt"  Then look at
anything it throws out, config files are probably ok, especially if you
know you changed them but changed binaries are a big red flag.  If you
are still feeling paranoid, rpm -qa --list --root /mnt will produce a
list of every single file that belongs to the package manager.   Sort
that and subtract from a list of every file (exclude your home dir of
course) and investigate those.

Unless you change very little from the base install, validating is
probably faster than a full reinstall and reconfig.  As long as you
generate all the lists of files from the live cd you can stuff them into
your $HOME and then do the rest of the work while booted back into your
normal install.  Unless you suspect somebody serious might be after you
it is probably safe enough to skip the live CD and just run "rpm -Va"
and look for oddities.

["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]

_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org


[prev in list] [next in list] [prev in thread] [next in thread]