The officially official Devuan Forum!

You are not logged in.

#1 2019-01-20 00:58:40

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Openssh problems virus

Hola lei en linuxadictos.com que eset publico un hackeo a los servidores de paquetes de linux el tema es que el paquete openssh
o relacionados a este genera una puerta trasera o similar , y genera un archivo en /etc/ llamado gshadow- el cual he verificado que tengo .Quisiera saber si puedo eliminar dicho archivo (gshadow-) y como saber si ya no estoy infectado .He realizado un analisis con eset antivirus usblive y este no detecta infeccion pero sigo teniendo el  archivo gshadow- lo cual me hace sospechar que sigo infectado

Offline

#2 2019-01-20 16:08:47

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Re: Openssh problems virus

Here webpage which view vulnarability https://www.linuxadictos.com/eset-ident … enssh.html

Offline

#3 2019-01-20 21:54:57

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,045  

Re: Openssh problems virus

/etc/shadow- and /etc/gshadow- are backup files that get created when you add/remove a user or group. Their presence does not indicate that you have been hacked. And if you have been hacked, removing those files will not help you.

Edit: If you remove /etc/shadow or /etc/gshadow, you won't be able to log in.
See man shadow and man gshadow for more information.

https://www.securityweek.com/researcher … -backdoors

On a Debian-based distribution,
debsums or dpkg -V can be used to compare MD5 hashes of installed files with a manifest stored on disk in /var/lib/dpkg/info/. It’s a start, but the manifest file, which only contains paths and MD5 sums, can be tampered with. An mportant thing to know is that in the Debian and Ubuntu official repositories, only the metadata is PGP-signed. The .deb package itself isn’t signed. The metadata contains the hash of .deb packages and that is the only thing that can be trusted.

Offline

#4 2019-01-21 16:27:27

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Re: Openssh problems virus

Hola dpkg -V arroja   thump_9882498kik1.png no se que error o problemas tendran esos paquetes

Last edited by Hectagon (2019-01-21 19:02:25)

Offline

#5 2019-01-21 21:36:43

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,045  

Re: Openssh problems virus

I don't know how to interpret the output from dpkg -V. I like debsums better.

Check the installed package:

$ debsums openssh-server
/lib/systemd/system/ssh.service                                               OK
/lib/systemd/system/ssh.socket                                                OK
/lib/systemd/system/ssh@.service                                              OK
/usr/lib/tmpfiles.d/sshd.conf                                                 OK
/usr/sbin/sshd                                                                OK
/usr/share/apport/package-hooks/openssh-server.py                             OK
/usr/share/doc/openssh-client/examples/sshd_config                            OK
/usr/share/lintian/overrides/openssh-server                                   OK
/usr/share/man/man5/sshd_config.5.gz                                          OK
/usr/share/man/man8/sshd.8.gz                                                 OK

List changed package files from all installed packages with checksums. (Run this one as root)

# debsums -ca
/usr/share/abiword-3.0/system.profile
/usr/share/applications/sol.desktop
/etc/apache2/sites-available/000-default.conf
/etc/cron.daily/apt
/etc/firejail/thunderbird.profile
/etc/firejail/firefox.profile
/usr/bin/firemenu
/usr/share/applications/gparted.desktop
/etc/grub.d/05_debian_theme

I have some files that were changed. This is OK - I know that I changed these files. (Note: I just learned this command, and I really like it a lot. The above list was much longer, but I truncated it. It shows all the system files I've edited, including all the ones I forgot about.)

Offline

#6 2019-01-21 23:23:51

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Re: Openssh problems virus

Debsums  openssh-server arroja


/lib/systemd/system/ssh.service                                               OK
/lib/systemd/system/ssh.socket                                                OK
/lib/systemd/system/ssh@.service                                              OK
/usr/lib/openssh/ssh-session-cleanup                                          OK
/usr/lib/tmpfiles.d/sshd.conf                                                 OK
/usr/sbin/sshd                                                                OK
/usr/share/apport/package-hooks/openssh-server.py                             OK
/usr/share/doc/openssh-client/examples/ssh-session-cleanup.service            OK
/usr/share/lintian/overrides/openssh-server                                   OK
/usr/share/man/man5/sshd_config.5.gz                                          OK
/usr/share/man/man8/sshd.8.gz                                                 OK
/usr/share/openssh/sshd_config                                                OK
/usr/share/openssh/sshd_config.md5sum                                         OK


debsums openssh-client

/usr/bin/scp                                                                  OK
/usr/bin/sftp                                                                 OK
/usr/bin/ssh                                                                  OK
/usr/bin/ssh-add                                                              OK
/usr/bin/ssh-agent                                                            OK
/usr/bin/ssh-argv0                                                            OK
/usr/bin/ssh-copy-id                                                          OK
/usr/bin/ssh-keygen                                                           OK
/usr/bin/ssh-keyscan                                                          OK
/usr/lib/openssh/agent-launch                                                 OK
/usr/lib/openssh/ssh-keysign                                                  OK
/usr/lib/openssh/ssh-pkcs11-helper                                            OK
/usr/lib/systemd/user/ssh-agent.service                                       OK
/usr/share/apport/package-hooks/openssh-client.py                             OK
/usr/share/doc/openssh-client/ChangeLog.gssapi                                OK
/usr/share/doc/openssh-client/NEWS.Debian.gz                                  OK
/usr/share/doc/openssh-client/OVERVIEW.gz                                     OK
/usr/share/doc/openssh-client/README                                          OK
/usr/share/doc/openssh-client/README.Debian.gz                                OK
/usr/share/doc/openssh-client/README.dns                                      OK
/usr/share/doc/openssh-client/README.tun.gz                                   OK
/usr/share/doc/openssh-client/changelog.Debian.gz                             OK
/usr/share/doc/openssh-client/changelog.gz                                    OK
/usr/share/doc/openssh-client/copyright                                       OK
/usr/share/doc/openssh-client/faq.html                                        OK
/usr/share/lintian/overrides/openssh-client                                   OK
/usr/share/man/man1/scp.1.gz                                                  OK
/usr/share/man/man1/sftp.1.gz                                                 OK
/usr/share/man/man1/ssh-add.1.gz                                              OK
/usr/share/man/man1/ssh-agent.1.gz                                            OK
/usr/share/man/man1/ssh-argv0.1.gz                                            OK
/usr/share/man/man1/ssh-copy-id.1.gz                                          OK
/usr/share/man/man1/ssh-keygen.1.gz                                           OK
/usr/share/man/man1/ssh-keyscan.1.gz                                          OK
/usr/share/man/man1/ssh.1.gz                                                  OK
/usr/share/man/man5/moduli.5.gz                                               OK
/usr/share/man/man5/ssh_config.5.gz                                           OK
/usr/share/man/man8/ssh-keysign.8.gz                                          OK
/usr/share/man/man8/ssh-pkcs11-helper.8.gz                                    OK
/usr/share/upstart/sessions/ssh-agent.conf                                    OK
/usr/share/upstart/systemd-session/upstart/ssh-agent.override                 OK


Debsums -ca

/usr/share/applications/gufw.desktop
/etc/mime.types

Yo habia modificado gufw.desktop para que se ejecute con gksudo o gksu sea como sea la interfas grafica gufw no funciona

Offline

#7 2019-01-21 23:41:57

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Re: Openssh problems virus

Yo antes de modificar gufw.desktop habia ejecutado varias veces gufw en i3wm y nunca se abrio ni tampoco un mensage de error entonces modifique el desktop lo ejecuto aparece la caja parA insertar contrasena e ingreso bien y no se abre gufw

Offline

#8 2019-01-22 12:14:59

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,045  

Re: Openssh problems virus

Your ssh files look good. If you are very paranoid, you could download the deb package and compare against the md5sums inside the package instead of the list in /var/lib/dpkg/info/.

apt-get download openssh-server
debsums openssh-server_1%3a7.4p1-10+deb9u4_amd64.deb

Then do the same for the client package.

I don't know ufw. Maybe start a separate discussion for that problem. It might be a policykit problem.

Offline

#9 2019-01-22 20:44:58

ChuangTzu
Member
Registered: 2018-06-13
Posts: 135  

Offline

#10 2019-01-23 17:11:39

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,045  

Re: Openssh problems virus

I suppose I should quote the translation, in case one of our Spanish-speaking members notices a translation error, and also for the English-speaking members so they don't have to go to the translator just to follow the thread.

Offline

#11 2019-01-23 23:02:06

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Re: Openssh problems virus

Hola disculpen la tardanza en responder quizas devuan tenga que resolver muchos errores quizas sea por quitar systemd el genera dependencias sobre muchos paquetes y tener que readaptar esos paquetes para que no dependan de systemd .Otro problema que observe en mi sistema es que instale clamav desde los repositorios oficiales y este es de una version inestable creo que la version que yo instale era 0.101.2 y la version que muestra en la pagina oficial de clam antivirus es 0.101.0 .claro la version que yo instale a mitad de analisis me mostro un error de libreria quizas por eso mi paranoia.O la verdad nose si hackearon servodores de paquetes de devuan y pusieron esa version de clamav

Offline

#12 2019-01-23 23:14:43

Hectagon
Member
Registered: 2019-01-20
Posts: 7  

Re: Openssh problems virus

Bueno aunque ahorA la pagina oficial muestra la version 0.101.1 como version estable del clam antivirus, he buscado con
aptitude show clamav muestra la version 0.100.2+dfsg-0+deb9u1

Offline

Board footer