The officially official Devuan Forum!

You are not logged in.

#1 2020-08-01 20:33:22

freenet_bro
Member
Registered: 2018-12-23
Posts: 14  

Making Devuan more secure.

The question might be a bit odd, but I'm currently writing this message from a machine, which is under total surveillance, because of reasons. (I'm a good goy though. Don't worry.)

The thing is, that I would like to make the machine a bit less compromised at least.
- For example I don't like the fact that there are daily cron jobs running, which checks if the /etc/passwd and similar files have changed.
- Or a process running listed as "logsave -s /var/log/fsck/checkfs fsck -C -M -A -a -f in htop (I don't remember that process running on past installs and it seems suspicious.).
- Or that GRUB is listing "Debian" now instead of "Devuan".
- Or that firefox-esr was run from "/usr/lib/firefox" for some reason.
- Or that from time to time someone just starts an sshd on my system and chimes in into my xorg session, which makes the "/usr/lib/xorg/Xorg -nolisten tcp :0 vt1 -keeptty -auth /tmp/serverauth.LfORxzDu0z" process suddenly take up around 19% of my CPU, although I've explicitly not installed any sshd, because I don't want anyone to remote into my machine.
- Or that all files from /usr/share/bash-completion/ are sourced before a shell starts.
- Or that I get a "permission denied" error when trying to change the root password as root.
etc. etc.

I still need to get the work done, and I'm not knowledgeable enough to remove the bad firmware, so I'm making this post in the hopes of learning more and maybe gettingt some book or article recommendations. I want to learn from the pros with a lot of experience. I think there isn't already a thread for aspiring sysadmins.

I've have a copy of my entire root directory from several different installs.
After realizing my machine was cracked (Btw. thanks a lot for the very clean process list.), I did a backup of all my files, including the root file system for a post mortem (I've already learned quite a bit from viewing some funky files, which were malware scripts, which defined a bunch of stuff and then pushed their path to the top of the PATH environment variable.).
I've tried Guix, Gentoo, Artix and a few others, but it always ended up with the same set of bullshit spyware.


I did a "find / -iname "*systemd*" and found at least twenty entries on a fresh install with just a few packages added, so it looks like my Devuan install isn't so systemd-free afterall (Although the libsystemd.so I can understand.).
Gentoo provides signed .DIGEST files, which list all the files of an ISO, I wish Devuan had something like this. Because I find it kind suspicious if I'm getting asked three times directly in a row if I want to install proprietary firmware.

If you want me to run any commands on my system, just ask and I'll past the results.


P.S. Since I've remove the /etc/pam.d , I can no longer "su root". Any fix?

Offline

#2 2020-08-01 21:14:56

golinux
Administrator
Registered: 2016-11-25
Posts: 1,996  

Offline

#3 2020-08-01 21:41:50

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,601  

Re: Making Devuan more secure.

- Or that from time to time someone just starts an sshd on my system and chimes in into my xorg session, which makes the "/usr/lib/xorg/Xorg -nolisten tcp :0 vt1 -keeptty -auth /tmp/serverauth.LfORxzDu0z" process suddenly take up around 19% of my CPU, although I've explicitly not installed any sshd, because I don't want anyone to remote into my machine.

I would not boot that system again. Check it from another system, maybe a live-CD or live-USB.

You might want to run from live media from now on, so that you have a read-only system. That way if someone is able to install software on your system while you are running, you can just reboot to go back to the clean state. And figure out how to keep them from doing that. To save files, you can either set up a persistent volume or plug in another usb stick.

Some of your questions are answered in the release notes. (grub, su)

You can run without any policykit or dbus, but removing /etc/pam.d/ might have been a bad idea. This link is provided for general information. You don't want to use the nodbus isos I made because they are not secure. (ssh is running and the password is public)
https://dev1galaxy.org/viewtopic.php?id=2158

Offline

#4 2020-08-01 22:41:01

Altoid
Member
Registered: 2017-05-07
Posts: 418  

Re: Making Devuan more secure.

Hello:

freenet_bro wrote:

... tried Guix, Gentoo, Artix and a few others, but it always ended up with the same set of bullshit spyware.

Hmm ...

Just what is it that you do with your rig?

Did you sanitize your drive before each installation?

ie: with a bootable Linux install CD/DVD run gparted and clear the drive.
Then reboot, format it to FAT32, then reboot and clear it again.
Repeat till you have gone through ext3, ext4 and cleared one last time.

Only then install the OS again, from scratch.

freenet_bro wrote:

... a copy of my entire root directory from several different installs.

From what you say, I have the idea that whatever is dumping that crap into your installation is probably in your backups.
Have you gone through them and checked what was there?

Cheers,

A.

Last edited by Altoid (2020-08-01 22:46:02)

Offline

#5 2020-08-02 12:12:43

freenet_bro
Member
Registered: 2018-12-23
Posts: 14  

Re: Making Devuan more secure.

golinux wrote:

Why are systemd files present in Devuan?

Thanks for the link.

golinux wrote:

Have you tried heads?

I haven't tried it, because it seems unmaintained, which made me hesitant to use it.


fsmithred wrote:

You can run without any policykit or dbus, but removing /etc/pam.d/ might have been a bad idea.

That's what I've just realized as well. I can't log into a TTY. hehe


Altoid wrote:

From what you say, I have the idea that whatever is dumping that crap into your installation is probably in your backups.

That's what I thought as well, but I didn't connect the external hard drive to an install I made and even without installing xorg or any other package a bunch of additional things were downloaded on to my machine as soon as I've plugged in the ethernet cable.
It's also interesting to note that shutdown now worked properly, but then suddenly didn't shutdown my machine and asked for a root password. ;D

Altoid wrote:

Just what is it that you do with your rig?

Something somone might find interesting obviously. LOL
No, but seriously. It's not a rig. It's just a laptop I use to work. I'm rather poor, so I can't just buy a new machine.

Altoid wrote:

Did you sanitize your drive before each installation?

ie: with a bootable Linux install CD/DVD run gparted and clear the drive.
Then reboot, format it to FAT32, then reboot and clear it again.
Repeat till you have gone through ext3, ext4 and cleared one last time.

Only then install the OS again, from scratch.

Apparenty shredding the harddisk once wasn't enough.
But I'm pretty sure it wouldn't change a lot if I used a different hard disk or bootable USB.

Altoid wrote:

You might want to run from live media from now on, so that you have a read-only system. That way if someone is able to install software on your system while you are running, you can just reboot to go back to the clean state. And figure out how to keep them from doing that. To save files, you can either set up a persistent volume or plug in another usb stick.

That's what I'm currently doing from my other machine, which also shows a lot of strange behaviour.
My gues would be that someone used my pozzed router and switches in combination with some zero day to get access to my machines, because OpenBSD didn't show any weird behaviour.

I'm fine with certain people reading everything I do and having a copy of every file I create. But it's just too much for me if they start stealing half of my CPU and breaking my window manager shortcuts.

During these interesting geopolitical times I unfortunately can't bring up the money to buy a new machine, so I just use the current situation as a learning experience. big_smile

They've already gotten everything inside of my password data base so I'm totally transparent. I've learned to appreciate the offline world and reading physical books.

Thanks for the answers.

Offline

#6 2020-08-03 19:31:42

freenet_bro
Member
Registered: 2018-12-23
Posts: 14  

Re: Making Devuan more secure.

fsmithred wrote:

You might want to run from live media from now on, so that you have a read-only system. That way if someone is able to install software on your system while you are running, you can just reboot to go back to the clean state.

Iv'e installed Devuan live on a usb stick.
It used to have a regular xorg process.
Then the process became funky again, so I rebooted without internet and the process stayed that way.

$ ps axjf

 PPID   PID  PGID   SID TTY      TPGID STAT   UID   TIME COMMAND
    0     2     0     0 ?           -1 S        0   0:00 [kthreadd]
    2     3     0     0 ?           -1 I<       0   0:00  \_ [rcu_gp]
    2     4     0     0 ?           -1 I<       0   0:00  \_ [rcu_par_gp]
    2     5     0     0 ?           -1 I        0   0:00  \_ [kworker/0:0-events]
    2     6     0     0 ?           -1 I<       0   0:00  \_ [kworker/0:0H-kblockd]
    2     7     0     0 ?           -1 I        0   0:00  \_ [kworker/u8:0-events_unbound]
    2     8     0     0 ?           -1 I<       0   0:00  \_ [mm_percpu_wq]
    2     9     0     0 ?           -1 S        0   0:00  \_ [ksoftirqd/0]
    2    10     0     0 ?           -1 I        0   0:00  \_ [rcu_sched]
    2    11     0     0 ?           -1 I        0   0:00  \_ [rcu_bh]
    2    12     0     0 ?           -1 S        0   0:00  \_ [migration/0]
    2    13     0     0 ?           -1 I        0   0:00  \_ [kworker/0:1-pm]
    2    14     0     0 ?           -1 S        0   0:00  \_ [cpuhp/0]
    2    15     0     0 ?           -1 S        0   0:00  \_ [cpuhp/1]
    2    16     0     0 ?           -1 S        0   0:00  \_ [migration/1]
    2    17     0     0 ?           -1 S        0   0:00  \_ [ksoftirqd/1]
    2    18     0     0 ?           -1 I        0   0:00  \_ [kworker/1:0-pm]
    2    19     0     0 ?           -1 I<       0   0:00  \_ [kworker/1:0H-kblockd]
    2    20     0     0 ?           -1 S        0   0:00  \_ [cpuhp/2]
    2    21     0     0 ?           -1 S        0   0:00  \_ [migration/2]
    2    22     0     0 ?           -1 S        0   0:00  \_ [ksoftirqd/2]
    2    23     0     0 ?           -1 I        0   0:00  \_ [kworker/2:0-events]
    2    24     0     0 ?           -1 I<       0   0:00  \_ [kworker/2:0H-kblockd]
    2    25     0     0 ?           -1 S        0   0:00  \_ [cpuhp/3]
    2    26     0     0 ?           -1 S        0   0:00  \_ [migration/3]
    2    27     0     0 ?           -1 S        0   0:00  \_ [ksoftirqd/3]
    2    28     0     0 ?           -1 I        0   0:00  \_ [kworker/3:0-events]
    2    29     0     0 ?           -1 I<       0   0:00  \_ [kworker/3:0H-kblockd]
    2    30     0     0 ?           -1 S        0   0:00  \_ [kdevtmpfs]
    2    31     0     0 ?           -1 I<       0   0:00  \_ [netns]
    2    32     0     0 ?           -1 S        0   0:00  \_ [kauditd]
    2    33     0     0 ?           -1 I        0   0:00  \_ [kworker/1:1-events_long]
    2    34     0     0 ?           -1 S        0   0:00  \_ [khungtaskd]
    2    35     0     0 ?           -1 S        0   0:00  \_ [oom_reaper]
    2    36     0     0 ?           -1 I<       0   0:00  \_ [writeback]
    2    37     0     0 ?           -1 S        0   0:00  \_ [kcompactd0]
    2    38     0     0 ?           -1 SN       0   0:00  \_ [ksmd]
    2    39     0     0 ?           -1 SN       0   0:00  \_ [khugepaged]
    2    40     0     0 ?           -1 I<       0   0:00  \_ [crypto]
    2    41     0     0 ?           -1 I<       0   0:00  \_ [kintegrityd]
    2    42     0     0 ?           -1 I<       0   0:00  \_ [kblockd]
    2    43     0     0 ?           -1 I<       0   0:00  \_ [edac-poller]
    2    44     0     0 ?           -1 I<       0   0:00  \_ [devfreq_wq]
    2    45     0     0 ?           -1 S        0   0:00  \_ [watchdogd]
    2    46     0     0 ?           -1 S        0   0:00  \_ [kswapd0]
    2    64     0     0 ?           -1 I<       0   0:00  \_ [kthrotld]
    2    65     0     0 ?           -1 I        0   0:00  \_ [kworker/2:1-pm]
    2    66     0     0 ?           -1 I        0   0:00  \_ [kworker/3:1-rcu_gp]
    2    67     0     0 ?           -1 I<       0   0:00  \_ [ipv6_addrconf]
    2    68     0     0 ?           -1 I        0   0:02  \_ [kworker/u8:1-events_unbound]
    2    77     0     0 ?           -1 I        0   0:00  \_ [kworker/1:2-usb_hub_wq]
    2    78     0     0 ?           -1 I<       0   0:00  \_ [kstrp]
    2   123     0     0 ?           -1 I<       0   0:00  \_ [acpi_thermal_pm]
    2   124     0     0 ?           -1 I<       0   0:00  \_ [ata_sff]
    2   126     0     0 ?           -1 S        0   0:00  \_ [scsi_eh_0]
    2   127     0     0 ?           -1 I<       0   0:00  \_ [scsi_tmf_0]
    2   128     0     0 ?           -1 S        0   0:00  \_ [scsi_eh_1]
    2   129     0     0 ?           -1 I<       0   0:00  \_ [scsi_tmf_1]
    2   130     0     0 ?           -1 I        0   0:00  \_ [kworker/0:2-pm]
    2   131     0     0 ?           -1 I        0   0:00  \_ [kworker/u8:2-events_unbound]
    2   140     0     0 ?           -1 I        0   0:00  \_ [kworker/u8:3]
    2   142     0     0 ?           -1 I        0   0:00  \_ [kworker/u8:4]
    2   181     0     0 ?           -1 I        0   0:00  \_ [kworker/3:2-events]
    2   182     0     0 ?           -1 I<       0   0:00  \_ [kworker/u9:0-hci0]
    2   183     0     0 ?           -1 S        0   0:00  \_ [i915/signal:0]
    2   184     0     0 ?           -1 S        0   0:00  \_ [i915/signal:1]
    2   185     0     0 ?           -1 S        0   0:00  \_ [i915/signal:2]
    2   186     0     0 ?           -1 S        0   0:00  \_ [i915/signal:6]
    2   187     0     0 ?           -1 I<       0   0:00  \_ [kworker/2:1H-kblockd]
    2   189     0     0 ?           -1 I        0   0:00  \_ [kworker/3:3-events]
    2   190     0     0 ?           -1 S        0   0:00  \_ [scsi_eh_2]
    2   191     0     0 ?           -1 I<       0   0:00  \_ [scsi_tmf_2]
    2   192     0     0 ?           -1 S        0   0:00  \_ [usb-storage]
    2   197     0     0 ?           -1 I<       0   0:00  \_ [md]
    2   210     0     0 ?           -1 I<       0   0:00  \_ [kworker/3:1H-kblockd]
    2   211     0     0 ?           -1 I<       0   0:00  \_ [kworker/1:1H-kblockd]
    2   212     0     0 ?           -1 I<       0   0:00  \_ [kworker/0:1H-kblockd]
    2   213     0     0 ?           -1 I<       0   0:00  \_ [raid5wq]
    2   305     0     0 ?           -1 S<       0   0:00  \_ [loop0]
    2   350     0     0 ?           -1 I        0   0:00  \_ [kworker/2:2-mm_percpu_wq]
    2   756     0     0 ?           -1 S        0   0:00  \_ [irq/126-mei_me]
    2   768     0     0 ?           -1 I<       0   0:00  \_ [kmemstick]
    2   776     0     0 ?           -1 I        0   0:00  \_ [rtsx_usb_ms_1]
    2   796     0     0 ?           -1 I<       0   0:00  \_ [cfg80211]
    2   826     0     0 ?           -1 I<       0   0:00  \_ [kworker/u9:1-hci0]
    2   827     0     0 ?           -1 I<       0   0:00  \_ [ath10k_wq]
    2   828     0     0 ?           -1 I<       0   0:00  \_ [ath10k_aux_wq]
    2   830     0     0 ?           -1 I        0   0:00  \_ [kworker/1:3-rcu_gp]
    2   850     0     0 ?           -1 I<       0   0:00  \_ [kworker/u9:2-hci0]
    2  1714     0     0 ?           -1 I<       0   0:00  \_ [rpciod]
    2  1715     0     0 ?           -1 I<       0   0:00  \_ [xprtiod]
    2  1717     0     0 ?           -1 I<       0   0:00  \_ [nfsiod]
    0     1     1     1 ?           -1 Ss       0   0:01 init [2]
    1  1681  1681  1681 ?           -1 Ss     104   0:00 /sbin/rpcbind -w
    1  1709  1709  1709 ?           -1 Ss     106   0:00 /sbin/rpc.statd
    1  1724  1724  1724 ?           -1 Ss       0   0:00 /usr/sbin/rpc.idmapd
    1  2003  2003  2003 ?           -1 Ss       0   0:00 /usr/sbin/acpi_fakekeyd
    1  2088  2088  2088 ?           -1 Ssl      0   0:00 /usr/sbin/rsyslogd
    1  2116  2116  2116 ?           -1 Ss       0   0:00 /usr/sbin/acpid
    1  2178  2178  2178 ?           -1 Ss       0   0:00 /usr/sbin/cron
    1  2228  2228  2228 ?           -1 Ss     102   0:00 /usr/bin/dbus-daemon --system
    1  2261  2260  2260 ?           -1 S      110   0:00 avahi-daemon: running [devuan.local]
 2261  2262  2260  2260 ?           -1 S      110   0:00  \_ avahi-daemon: chroot helper
    1  2286  2285  2285 ?           -1 S        0   0:00 /usr/sbin/bluetoothd
    1  2314  2314  2314 ?           -1 Ss       0   0:00 /usr/sbin/cupsd -C /etc/cups/cupsd.conf -s /etc/cups/cups-files.conf
    1  2348  2347  2347 ?           -1 Sl       0   0:00 /usr/sbin/cups-browsed
    1  2372  2371  2371 ?           -1 S        0   0:00 elogind-daemon
    1  2641  2641  2641 ?           -1 Ss     103   0:00 /usr/sbin/exim4 -bd -q30m
    1  2668  2668  2668 ?           -1 Ss       0   0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
    1  2697  2697  2697 ?           -1 Ssl    101   0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 101:104
    1  2724  2724  2724 ?           -1 Ss       0   0:00 /usr/sbin/saned -a saned
 2724  2725  2724  2724 ?           -1 S        0   0:00  \_ /usr/sbin/saned -a saned
    1  2751  2751  2751 ?           -1 Ss       0   0:05 /usr/bin/slim -d
 2751  2776  2776  2776 tty7      2776 Ssl+     0   0:03  \_ /usr/lib/xorg/Xorg -nolisten tcp -auth /var/run/slim.auth vt07
 2751  3126  2751  2751 ?           -1 S     1000   0:00  \_ /bin/sh /etc/xdg/xfce4/xinitrc -- /etc/X11/xinit/xserverrc
 3126  3171  3171  3171 ?           -1 Ss    1000   0:00      \_ /usr/bin/ssh-agent x-session-manager
 3126  3182  2751  2751 ?           -1 Sl    1000   0:00      \_ xfce4-session
 3182  3217  2751  2751 ?           -1 Sl    1000   0:00          \_ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
 3182  3218  2751  2751 ?           -1 S     1000   0:02          \_ /usr/bin/python3 /usr/share/system-config-printer/applet.py
 3182  3223  2751  2751 ?           -1 Sl    1000   0:00          \_ /usr/bin/python -O /usr/share/wicd/gtk/wicd-client.py --tray
 3182  3229  2751  2751 ?           -1 S     1000   0:00          \_ xscreensaver -no-splash
    1  2798  2798  2798 ?           -1 Ss       0   0:00 /usr/sbin/uuidd
    1  2828  2827  2827 ?           -1 S        0   0:00 /usr/bin/python -O /usr/share/wicd/daemon/wicd-daemon.py --keep-connection
 2828  3034  2827  2827 ?           -1 S        0   0:00  \_ /usr/bin/python -O /usr/share/wicd/daemon/monitor.py
    1  2893  2892  2892 ?           -1 S        0   0:00 /sbin/udevd udevd
    1  3062  3062  3062 tty1      3102 Ss       0   0:00 /bin/login -f
 3062  3102  3102  3062 tty1      3102 S+    1000   0:00  \_ -bash
    1  3063  3063  3063 tty2      3099 Ss       0   0:00 /bin/login -f
 3063  3099  3099  3063 tty2      3099 S+    1000   0:00  \_ -bash
    1  3064  3064  3064 tty3      3098 Ss       0   0:00 /bin/login -f
 3064  3098  3098  3064 tty3      3098 S+    1000   0:00  \_ -bash
    1  3065  3065  3065 tty4      3101 Ss       0   0:00 /bin/login -f
 3065  3101  3101  3065 tty4      3101 S+    1000   0:00  \_ -bash
    1  3066  3066  3066 tty5      3097 Ss       0   0:00 /bin/login -f
 3066  3097  3097  3066 tty5      3097 S+    1000   0:00  \_ -bash
    1  3067  3067  3067 tty6      3100 Ss       0   0:00 /bin/login -f
 3067  3100  3100  3067 tty6      3100 S+    1000   0:00  \_ -bash
    1  3123  3122  3122 ?           -1 Sl    1000   0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
    1  3160  2751  2751 ?           -1 S     1000   0:00 /usr/bin/dbus-launch --exit-with-session --sh-syntax
    1  3161  3161  3161 ?           -1 Ss    1000   0:00 /usr/bin/dbus-daemon --syslog --fork --print-pid 6 --print-address 8 --session
    1  3184  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher
 3184  3189  3161  3161 ?           -1 S     1000   0:00  \_ /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
    1  3191  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
    1  3195  2228  2228 ?           -1 Sl       0   0:00 /usr/lib/policykit-1/polkitd --no-debug
    1  3202  3161  3161 ?           -1 S     1000   0:00 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
    1  3206  3206  3206 ?           -1 Ss    1000   0:00 /usr/bin/gpg-agent --sh --daemon --write-env-file /home/devuan/.cache/gpg-agent-info
    1  3208  2751  2751 ?           -1 S     1000   0:00 xfwm4
    1  3212  2751  2751 ?           -1 Sl    1000   0:01 xfce4-panel
 3212  3286  2751  2751 ?           -1 S     1000   0:00  \_ /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 20971558 systray Notification Area Area where notification icons appear
 3212  3289  2751  2751 ?           -1 S     1000   0:00  \_ /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 2 20971559 actions Action Buttons Log out, lock or other system actions
    1  3214  2751  2751 ?           -1 Sl    1000   0:00 Thunar --daemon
    1  3216  2751  2751 ?           -1 Sl    1000   0:00 xfdesktop
    1  3234  3233  3233 ?           -1 S<l   1000   0:01 /usr/bin/pulseaudio --start --log-target=syslog
    1  3236  2228  2228 ?           -1 SNl    105   0:00 /usr/lib/rtkit/rtkit-daemon
    1  3239  3239  3239 ?           -1 Ssl   1000   0:00 xfce4-power-manager
    1  3240  3240  3240 ?           -1 Ssl   1000   0:00 xfsettingsd
    1  3245  2228  2228 ?           -1 Sl       0   0:00 /usr/lib/upower/upowerd
    1  3251  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfsd
 3251  3362  3161  3161 ?           -1 Sl    1000   0:00  \_ /usr/lib/gvfs/gvfsd-trash --spawner :1.17 /org/gtk/gvfs/exec_spaw/0
    1  3276  3161  3161 ?           -1 SNl   1000   0:00 /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
    1  3288  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
    1  3314  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
    1  3318  2228  2228 ?           -1 Sl       0   0:00 /usr/lib/udisks2/udisksd
    1  3332  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor
    1  3337  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
    1  3342  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor
    1  3347  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
    1  3359  3161  3161 ?           -1 Sl    1000   0:00 /usr/lib/gvfs/gvfsd-metadata
    1  3397  2751  2751 ?           -1 Sl    1000   0:01 xfce4-terminal
 3397  3403  3403  3403 pts/0     3431 Ss    1000   0:00  \_ bash
 3403  3431  3431  3403 pts/0     3431 R+    1000   0:00      \_ ps axjf

Also it would be nice if you could tell me how I could get a root shell on the installation medium, so I could execute the steps proposed by Altoid in order to really clean the drive.

Offline

#7 2020-08-05 19:31:01

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 865  
Website

Re: Making Devuan more secure.

freenet_bro wrote:
 3126  3171  3171  3171 ?           -1 Ss    1000   0:00      \_ /usr/bin/ssh-agent x-session-manager

^ That's the only "ssh" program running but it's not an SSH client or server, it's just an authentication agent (see ssh-agent(1)). Uninstall the openssh-client package to get rid of it if you're that paranoid.

freenet_bro wrote:

how I could get a root shell on the installation medium

sudo -i

Black Lives Matter

Offline

#8 2020-08-05 20:19:16

freenet_bro
Member
Registered: 2018-12-23
Posts: 14  

Re: Making Devuan more secure.

Head_on_a_Stick wrote:
freenet_bro wrote:
 3126  3171  3171  3171 ?           -1 Ss    1000   0:00      \_ /usr/bin/ssh-agent x-session-manager

^ That's the only "ssh" program running but it's not an SSH client or server, it's just an authentication agent (see ssh-agent(1)). Uninstall the openssh-client package to get rid of it if you're that paranoid.

I don't have it installed. ^^ I mean it's not in the apt data base. It will just install itself after I've removed it.

Head_on_a_Stick wrote:
freenet_bro wrote:

how I could get a root shell on the installation medium

sudo -i

Thanks, that's what I needed.
I never use sudo, because it blurs the line between system administrator and regular user.

Last edited by freenet_bro (2020-08-05 20:20:50)

Offline

#9 2020-08-06 16:47:14

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 865  
Website

Re: Making Devuan more secure.

freenet_bro wrote:

It will just install itself after I've removed it

Logs or it never happened tongue


Black Lives Matter

Offline

Board footer