You are not logged in.
Pages: 1
Hola lei en linuxadictos.com que eset publico un hackeo a los servidores de paquetes de linux el tema es que el paquete openssh
o relacionados a este genera una puerta trasera o similar , y genera un archivo en /etc/ llamado gshadow- el cual he verificado que tengo .Quisiera saber si puedo eliminar dicho archivo (gshadow-) y como saber si ya no estoy infectado .He realizado un analisis con eset antivirus usblive y este no detecta infeccion pero sigo teniendo el archivo gshadow- lo cual me hace sospechar que sigo infectado
Offline
Here webpage which view vulnarability https://www.linuxadictos.com/eset-ident … enssh.html
Offline
/etc/shadow- and /etc/gshadow- are backup files that get created when you add/remove a user or group. Their presence does not indicate that you have been hacked. And if you have been hacked, removing those files will not help you.
Edit: If you remove /etc/shadow or /etc/gshadow, you won't be able to log in.
See man shadow and man gshadow for more information.
https://www.securityweek.com/researcher … -backdoors
On a Debian-based distribution,
debsums or dpkg -V can be used to compare MD5 hashes of installed files with a manifest stored on disk in /var/lib/dpkg/info/. It’s a start, but the manifest file, which only contains paths and MD5 sums, can be tampered with. An mportant thing to know is that in the Debian and Ubuntu official repositories, only the metadata is PGP-signed. The .deb package itself isn’t signed. The metadata contains the hash of .deb packages and that is the only thing that can be trusted.
Offline
Offline
I don't know how to interpret the output from dpkg -V. I like debsums better.
Check the installed package:
$ debsums openssh-server
/lib/systemd/system/ssh.service OK
/lib/systemd/system/ssh.socket OK
/lib/systemd/system/ssh@.service OK
/usr/lib/tmpfiles.d/sshd.conf OK
/usr/sbin/sshd OK
/usr/share/apport/package-hooks/openssh-server.py OK
/usr/share/doc/openssh-client/examples/sshd_config OK
/usr/share/lintian/overrides/openssh-server OK
/usr/share/man/man5/sshd_config.5.gz OK
/usr/share/man/man8/sshd.8.gz OK
List changed package files from all installed packages with checksums. (Run this one as root)
# debsums -ca
/usr/share/abiword-3.0/system.profile
/usr/share/applications/sol.desktop
/etc/apache2/sites-available/000-default.conf
/etc/cron.daily/apt
/etc/firejail/thunderbird.profile
/etc/firejail/firefox.profile
/usr/bin/firemenu
/usr/share/applications/gparted.desktop
/etc/grub.d/05_debian_theme
I have some files that were changed. This is OK - I know that I changed these files. (Note: I just learned this command, and I really like it a lot. The above list was much longer, but I truncated it. It shows all the system files I've edited, including all the ones I forgot about.)
Offline
Debsums openssh-server arroja
/lib/systemd/system/ssh.service OK
/lib/systemd/system/ssh.socket OK
/lib/systemd/system/ssh@.service OK
/usr/lib/openssh/ssh-session-cleanup OK
/usr/lib/tmpfiles.d/sshd.conf OK
/usr/sbin/sshd OK
/usr/share/apport/package-hooks/openssh-server.py OK
/usr/share/doc/openssh-client/examples/ssh-session-cleanup.service OK
/usr/share/lintian/overrides/openssh-server OK
/usr/share/man/man5/sshd_config.5.gz OK
/usr/share/man/man8/sshd.8.gz OK
/usr/share/openssh/sshd_config OK
/usr/share/openssh/sshd_config.md5sum OK
debsums openssh-client
/usr/bin/scp OK
/usr/bin/sftp OK
/usr/bin/ssh OK
/usr/bin/ssh-add OK
/usr/bin/ssh-agent OK
/usr/bin/ssh-argv0 OK
/usr/bin/ssh-copy-id OK
/usr/bin/ssh-keygen OK
/usr/bin/ssh-keyscan OK
/usr/lib/openssh/agent-launch OK
/usr/lib/openssh/ssh-keysign OK
/usr/lib/openssh/ssh-pkcs11-helper OK
/usr/lib/systemd/user/ssh-agent.service OK
/usr/share/apport/package-hooks/openssh-client.py OK
/usr/share/doc/openssh-client/ChangeLog.gssapi OK
/usr/share/doc/openssh-client/NEWS.Debian.gz OK
/usr/share/doc/openssh-client/OVERVIEW.gz OK
/usr/share/doc/openssh-client/README OK
/usr/share/doc/openssh-client/README.Debian.gz OK
/usr/share/doc/openssh-client/README.dns OK
/usr/share/doc/openssh-client/README.tun.gz OK
/usr/share/doc/openssh-client/changelog.Debian.gz OK
/usr/share/doc/openssh-client/changelog.gz OK
/usr/share/doc/openssh-client/copyright OK
/usr/share/doc/openssh-client/faq.html OK
/usr/share/lintian/overrides/openssh-client OK
/usr/share/man/man1/scp.1.gz OK
/usr/share/man/man1/sftp.1.gz OK
/usr/share/man/man1/ssh-add.1.gz OK
/usr/share/man/man1/ssh-agent.1.gz OK
/usr/share/man/man1/ssh-argv0.1.gz OK
/usr/share/man/man1/ssh-copy-id.1.gz OK
/usr/share/man/man1/ssh-keygen.1.gz OK
/usr/share/man/man1/ssh-keyscan.1.gz OK
/usr/share/man/man1/ssh.1.gz OK
/usr/share/man/man5/moduli.5.gz OK
/usr/share/man/man5/ssh_config.5.gz OK
/usr/share/man/man8/ssh-keysign.8.gz OK
/usr/share/man/man8/ssh-pkcs11-helper.8.gz OK
/usr/share/upstart/sessions/ssh-agent.conf OK
/usr/share/upstart/systemd-session/upstart/ssh-agent.override OK
Debsums -ca
/usr/share/applications/gufw.desktop
/etc/mime.types
Yo habia modificado gufw.desktop para que se ejecute con gksudo o gksu sea como sea la interfas grafica gufw no funciona
Offline
Yo antes de modificar gufw.desktop habia ejecutado varias veces gufw en i3wm y nunca se abrio ni tampoco un mensage de error entonces modifique el desktop lo ejecuto aparece la caja parA insertar contrasena e ingreso bien y no se abre gufw
Offline
Your ssh files look good. If you are very paranoid, you could download the deb package and compare against the md5sums inside the package instead of the list in /var/lib/dpkg/info/.
apt-get download openssh-server
debsums openssh-server_1%3a7.4p1-10+deb9u4_amd64.deb
Then do the same for the client package.
I don't know ufw. Maybe start a separate discussion for that problem. It might be a policykit problem.
Offline
a good online translator will help with posts. I suggest http://www.worldlingo.com/en/products_s … lator.html
Regarding UFW this may help: https://medium.com/@jasonrigden/a-guide … 0c3774d7f4
https://www.linux.com/learn/introductio … rewall-ufw
https://wiki.archlinux.org/index.php/Un … d_Firewall
Offline
I suppose I should quote the translation, in case one of our Spanish-speaking members notices a translation error, and also for the English-speaking members so they don't have to go to the translator just to follow the thread.
Offline
Hola disculpen la tardanza en responder quizas devuan tenga que resolver muchos errores quizas sea por quitar systemd el genera dependencias sobre muchos paquetes y tener que readaptar esos paquetes para que no dependan de systemd .Otro problema que observe en mi sistema es que instale clamav desde los repositorios oficiales y este es de una version inestable creo que la version que yo instale era 0.101.2 y la version que muestra en la pagina oficial de clam antivirus es 0.101.0 .claro la version que yo instale a mitad de analisis me mostro un error de libreria quizas por eso mi paranoia.O la verdad nose si hackearon servodores de paquetes de devuan y pusieron esa version de clamav
Offline
Bueno aunque ahorA la pagina oficial muestra la version 0.101.1 como version estable del clam antivirus, he buscado con
aptitude show clamav muestra la version 0.100.2+dfsg-0+deb9u1
Offline
Pages: 1