[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Need a better Linux distro
On Sun, May 31, 2020 at 10:20:28AM -0400, Leam Hall via Ale wrote:
> > _every_ distro has vulnerabilities; that's why you must routinely apply
> > the various updates the distro supplies. If the vulerability was due
> > to software or configuration not supplied/managed by the distro, then
> > the underlying distro probably wouldn't have mattered.
> I consider the installation of significant packages (libselinux-*,
> linux-firmware) from a third party repository, from some areas of the world,
> to totally compromise the system. While I would love to believe the best in
> everyone, and to be right about that, reality says that doesn't work.
Sure, that's sign of a breach. But the same sort of thing is possible
with any other distro that uses runtime-installable packages. It tells
you only that you were breached, not _how_ you'd been breached.
Meanwhile, this doesn't tell you what the initial attack vector had
been. Was it...
...due to a vulnerable software or configuration shipped by CentOS?
...due to software fixed by upstream, but CentOS had not updated?
...due to software fixed by/via CentOS, but you had not updated?
...due to software you'd installed or configured on top of the distro?
...due to brute-forced or comprosmised user credentials?
...due to your home router being compromised, allowing redirection to
non-trusted update sites?
(and many more possibilities...)
If you want to replace CentOS so you can learn/play with something
different, that's wonderful, but it would be a really good idea to try
and figure out when/how your system was compromised so you don't end
right back up in the same situation with the new distro.
Especially if they got in using compromised credentials. (You did scrap
all of your ssh keys, right?)
Assuming the attackers didn't wipe logs, yum maintains a transaction
history that can be used to determine when those highly suspicious
packages were installed. Form there you can inspect the other system
logs around that time.
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
High Springs, FL speachy (freenode)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available