You are not logged in.
The question might be a bit odd, but I'm currently writing this message from a machine, which is under total surveillance, because of reasons. (I'm a good goy though. Don't worry.)
The thing is, that I would like to make the machine a bit less compromised at least.
- For example I don't like the fact that there are daily cron jobs running, which checks if the /etc/passwd and similar files have changed.
- Or a process running listed as "logsave -s /var/log/fsck/checkfs fsck -C -M -A -a -f in htop (I don't remember that process running on past installs and it seems suspicious.).
- Or that GRUB is listing "Debian" now instead of "Devuan".
- Or that firefox-esr was run from "/usr/lib/firefox" for some reason.
- Or that from time to time someone just starts an sshd on my system and chimes in into my xorg session, which makes the "/usr/lib/xorg/Xorg -nolisten tcp :0 vt1 -keeptty -auth /tmp/serverauth.LfORxzDu0z" process suddenly take up around 19% of my CPU, although I've explicitly not installed any sshd, because I don't want anyone to remote into my machine.
- Or that all files from /usr/share/bash-completion/ are sourced before a shell starts.
- Or that I get a "permission denied" error when trying to change the root password as root.
etc. etc.
I still need to get the work done, and I'm not knowledgeable enough to remove the bad firmware, so I'm making this post in the hopes of learning more and maybe gettingt some book or article recommendations. I want to learn from the pros with a lot of experience. I think there isn't already a thread for aspiring sysadmins.
I've have a copy of my entire root directory from several different installs.
After realizing my machine was cracked (Btw. thanks a lot for the very clean process list.), I did a backup of all my files, including the root file system for a post mortem (I've already learned quite a bit from viewing some funky files, which were malware scripts, which defined a bunch of stuff and then pushed their path to the top of the PATH environment variable.).
I've tried Guix, Gentoo, Artix and a few others, but it always ended up with the same set of bullshit spyware.
I did a "find / -iname "*systemd*" and found at least twenty entries on a fresh install with just a few packages added, so it looks like my Devuan install isn't so systemd-free afterall (Although the libsystemd.so I can understand.).
Gentoo provides signed .DIGEST files, which list all the files of an ISO, I wish Devuan had something like this. Because I find it kind suspicious if I'm getting asked three times directly in a row if I want to install proprietary firmware.
If you want me to run any commands on my system, just ask and I'll past the results.
P.S. Since I've remove the /etc/pam.d , I can no longer "su root". Any fix?
Offline
Why are systemd files present in Devuan?
Have you tried heads?
Offline
- Or that from time to time someone just starts an sshd on my system and chimes in into my xorg session, which makes the "/usr/lib/xorg/Xorg -nolisten tcp :0 vt1 -keeptty -auth /tmp/serverauth.LfORxzDu0z" process suddenly take up around 19% of my CPU, although I've explicitly not installed any sshd, because I don't want anyone to remote into my machine.
I would not boot that system again. Check it from another system, maybe a live-CD or live-USB.
You might want to run from live media from now on, so that you have a read-only system. That way if someone is able to install software on your system while you are running, you can just reboot to go back to the clean state. And figure out how to keep them from doing that. To save files, you can either set up a persistent volume or plug in another usb stick.
Some of your questions are answered in the release notes. (grub, su)
You can run without any policykit or dbus, but removing /etc/pam.d/ might have been a bad idea. This link is provided for general information. You don't want to use the nodbus isos I made because they are not secure. (ssh is running and the password is public)
https://dev1galaxy.org/viewtopic.php?id=2158
Offline
Hello:
... tried Guix, Gentoo, Artix and a few others, but it always ended up with the same set of bullshit spyware.
Hmm ...
Just what is it that you do with your rig?
Did you sanitize your drive before each installation?
ie: with a bootable Linux install CD/DVD run gparted and clear the drive.
Then reboot, format it to FAT32, then reboot and clear it again.
Repeat till you have gone through ext3, ext4 and cleared one last time.
Only then install the OS again, from scratch.
... a copy of my entire root directory from several different installs.
From what you say, I have the idea that whatever is dumping that crap into your installation is probably in your backups.
Have you gone through them and checked what was there?
Cheers,
A.
Last edited by Altoid (2020-08-01 22:46:02)
Offline
Why are systemd files present in Devuan?
Thanks for the link.
Have you tried heads?
I haven't tried it, because it seems unmaintained, which made me hesitant to use it.
You can run without any policykit or dbus, but removing /etc/pam.d/ might have been a bad idea.
That's what I've just realized as well. I can't log into a TTY. hehe
From what you say, I have the idea that whatever is dumping that crap into your installation is probably in your backups.
That's what I thought as well, but I didn't connect the external hard drive to an install I made and even without installing xorg or any other package a bunch of additional things were downloaded on to my machine as soon as I've plugged in the ethernet cable.
It's also interesting to note that shutdown now worked properly, but then suddenly didn't shutdown my machine and asked for a root password. ;D
Just what is it that you do with your rig?
Something somone might find interesting obviously. LOL
No, but seriously. It's not a rig. It's just a laptop I use to work. I'm rather poor, so I can't just buy a new machine.
Did you sanitize your drive before each installation?
ie: with a bootable Linux install CD/DVD run gparted and clear the drive.
Then reboot, format it to FAT32, then reboot and clear it again.
Repeat till you have gone through ext3, ext4 and cleared one last time.Only then install the OS again, from scratch.
Apparenty shredding the harddisk once wasn't enough.
But I'm pretty sure it wouldn't change a lot if I used a different hard disk or bootable USB.
You might want to run from live media from now on, so that you have a read-only system. That way if someone is able to install software on your system while you are running, you can just reboot to go back to the clean state. And figure out how to keep them from doing that. To save files, you can either set up a persistent volume or plug in another usb stick.
That's what I'm currently doing from my other machine, which also shows a lot of strange behaviour.
My gues would be that someone used my pozzed router and switches in combination with some zero day to get access to my machines, because OpenBSD didn't show any weird behaviour.
I'm fine with certain people reading everything I do and having a copy of every file I create. But it's just too much for me if they start stealing half of my CPU and breaking my window manager shortcuts.
During these interesting geopolitical times I unfortunately can't bring up the money to buy a new machine, so I just use the current situation as a learning experience.
They've already gotten everything inside of my password data base so I'm totally transparent. I've learned to appreciate the offline world and reading physical books.
Thanks for the answers.
Offline
You might want to run from live media from now on, so that you have a read-only system. That way if someone is able to install software on your system while you are running, you can just reboot to go back to the clean state.
Iv'e installed Devuan live on a usb stick.
It used to have a regular xorg process.
Then the process became funky again, so I rebooted without internet and the process stayed that way.
$ ps axjf
PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
0 2 0 0 ? -1 S 0 0:00 [kthreadd]
2 3 0 0 ? -1 I< 0 0:00 \_ [rcu_gp]
2 4 0 0 ? -1 I< 0 0:00 \_ [rcu_par_gp]
2 5 0 0 ? -1 I 0 0:00 \_ [kworker/0:0-events]
2 6 0 0 ? -1 I< 0 0:00 \_ [kworker/0:0H-kblockd]
2 7 0 0 ? -1 I 0 0:00 \_ [kworker/u8:0-events_unbound]
2 8 0 0 ? -1 I< 0 0:00 \_ [mm_percpu_wq]
2 9 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/0]
2 10 0 0 ? -1 I 0 0:00 \_ [rcu_sched]
2 11 0 0 ? -1 I 0 0:00 \_ [rcu_bh]
2 12 0 0 ? -1 S 0 0:00 \_ [migration/0]
2 13 0 0 ? -1 I 0 0:00 \_ [kworker/0:1-pm]
2 14 0 0 ? -1 S 0 0:00 \_ [cpuhp/0]
2 15 0 0 ? -1 S 0 0:00 \_ [cpuhp/1]
2 16 0 0 ? -1 S 0 0:00 \_ [migration/1]
2 17 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/1]
2 18 0 0 ? -1 I 0 0:00 \_ [kworker/1:0-pm]
2 19 0 0 ? -1 I< 0 0:00 \_ [kworker/1:0H-kblockd]
2 20 0 0 ? -1 S 0 0:00 \_ [cpuhp/2]
2 21 0 0 ? -1 S 0 0:00 \_ [migration/2]
2 22 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/2]
2 23 0 0 ? -1 I 0 0:00 \_ [kworker/2:0-events]
2 24 0 0 ? -1 I< 0 0:00 \_ [kworker/2:0H-kblockd]
2 25 0 0 ? -1 S 0 0:00 \_ [cpuhp/3]
2 26 0 0 ? -1 S 0 0:00 \_ [migration/3]
2 27 0 0 ? -1 S 0 0:00 \_ [ksoftirqd/3]
2 28 0 0 ? -1 I 0 0:00 \_ [kworker/3:0-events]
2 29 0 0 ? -1 I< 0 0:00 \_ [kworker/3:0H-kblockd]
2 30 0 0 ? -1 S 0 0:00 \_ [kdevtmpfs]
2 31 0 0 ? -1 I< 0 0:00 \_ [netns]
2 32 0 0 ? -1 S 0 0:00 \_ [kauditd]
2 33 0 0 ? -1 I 0 0:00 \_ [kworker/1:1-events_long]
2 34 0 0 ? -1 S 0 0:00 \_ [khungtaskd]
2 35 0 0 ? -1 S 0 0:00 \_ [oom_reaper]
2 36 0 0 ? -1 I< 0 0:00 \_ [writeback]
2 37 0 0 ? -1 S 0 0:00 \_ [kcompactd0]
2 38 0 0 ? -1 SN 0 0:00 \_ [ksmd]
2 39 0 0 ? -1 SN 0 0:00 \_ [khugepaged]
2 40 0 0 ? -1 I< 0 0:00 \_ [crypto]
2 41 0 0 ? -1 I< 0 0:00 \_ [kintegrityd]
2 42 0 0 ? -1 I< 0 0:00 \_ [kblockd]
2 43 0 0 ? -1 I< 0 0:00 \_ [edac-poller]
2 44 0 0 ? -1 I< 0 0:00 \_ [devfreq_wq]
2 45 0 0 ? -1 S 0 0:00 \_ [watchdogd]
2 46 0 0 ? -1 S 0 0:00 \_ [kswapd0]
2 64 0 0 ? -1 I< 0 0:00 \_ [kthrotld]
2 65 0 0 ? -1 I 0 0:00 \_ [kworker/2:1-pm]
2 66 0 0 ? -1 I 0 0:00 \_ [kworker/3:1-rcu_gp]
2 67 0 0 ? -1 I< 0 0:00 \_ [ipv6_addrconf]
2 68 0 0 ? -1 I 0 0:02 \_ [kworker/u8:1-events_unbound]
2 77 0 0 ? -1 I 0 0:00 \_ [kworker/1:2-usb_hub_wq]
2 78 0 0 ? -1 I< 0 0:00 \_ [kstrp]
2 123 0 0 ? -1 I< 0 0:00 \_ [acpi_thermal_pm]
2 124 0 0 ? -1 I< 0 0:00 \_ [ata_sff]
2 126 0 0 ? -1 S 0 0:00 \_ [scsi_eh_0]
2 127 0 0 ? -1 I< 0 0:00 \_ [scsi_tmf_0]
2 128 0 0 ? -1 S 0 0:00 \_ [scsi_eh_1]
2 129 0 0 ? -1 I< 0 0:00 \_ [scsi_tmf_1]
2 130 0 0 ? -1 I 0 0:00 \_ [kworker/0:2-pm]
2 131 0 0 ? -1 I 0 0:00 \_ [kworker/u8:2-events_unbound]
2 140 0 0 ? -1 I 0 0:00 \_ [kworker/u8:3]
2 142 0 0 ? -1 I 0 0:00 \_ [kworker/u8:4]
2 181 0 0 ? -1 I 0 0:00 \_ [kworker/3:2-events]
2 182 0 0 ? -1 I< 0 0:00 \_ [kworker/u9:0-hci0]
2 183 0 0 ? -1 S 0 0:00 \_ [i915/signal:0]
2 184 0 0 ? -1 S 0 0:00 \_ [i915/signal:1]
2 185 0 0 ? -1 S 0 0:00 \_ [i915/signal:2]
2 186 0 0 ? -1 S 0 0:00 \_ [i915/signal:6]
2 187 0 0 ? -1 I< 0 0:00 \_ [kworker/2:1H-kblockd]
2 189 0 0 ? -1 I 0 0:00 \_ [kworker/3:3-events]
2 190 0 0 ? -1 S 0 0:00 \_ [scsi_eh_2]
2 191 0 0 ? -1 I< 0 0:00 \_ [scsi_tmf_2]
2 192 0 0 ? -1 S 0 0:00 \_ [usb-storage]
2 197 0 0 ? -1 I< 0 0:00 \_ [md]
2 210 0 0 ? -1 I< 0 0:00 \_ [kworker/3:1H-kblockd]
2 211 0 0 ? -1 I< 0 0:00 \_ [kworker/1:1H-kblockd]
2 212 0 0 ? -1 I< 0 0:00 \_ [kworker/0:1H-kblockd]
2 213 0 0 ? -1 I< 0 0:00 \_ [raid5wq]
2 305 0 0 ? -1 S< 0 0:00 \_ [loop0]
2 350 0 0 ? -1 I 0 0:00 \_ [kworker/2:2-mm_percpu_wq]
2 756 0 0 ? -1 S 0 0:00 \_ [irq/126-mei_me]
2 768 0 0 ? -1 I< 0 0:00 \_ [kmemstick]
2 776 0 0 ? -1 I 0 0:00 \_ [rtsx_usb_ms_1]
2 796 0 0 ? -1 I< 0 0:00 \_ [cfg80211]
2 826 0 0 ? -1 I< 0 0:00 \_ [kworker/u9:1-hci0]
2 827 0 0 ? -1 I< 0 0:00 \_ [ath10k_wq]
2 828 0 0 ? -1 I< 0 0:00 \_ [ath10k_aux_wq]
2 830 0 0 ? -1 I 0 0:00 \_ [kworker/1:3-rcu_gp]
2 850 0 0 ? -1 I< 0 0:00 \_ [kworker/u9:2-hci0]
2 1714 0 0 ? -1 I< 0 0:00 \_ [rpciod]
2 1715 0 0 ? -1 I< 0 0:00 \_ [xprtiod]
2 1717 0 0 ? -1 I< 0 0:00 \_ [nfsiod]
0 1 1 1 ? -1 Ss 0 0:01 init [2]
1 1681 1681 1681 ? -1 Ss 104 0:00 /sbin/rpcbind -w
1 1709 1709 1709 ? -1 Ss 106 0:00 /sbin/rpc.statd
1 1724 1724 1724 ? -1 Ss 0 0:00 /usr/sbin/rpc.idmapd
1 2003 2003 2003 ? -1 Ss 0 0:00 /usr/sbin/acpi_fakekeyd
1 2088 2088 2088 ? -1 Ssl 0 0:00 /usr/sbin/rsyslogd
1 2116 2116 2116 ? -1 Ss 0 0:00 /usr/sbin/acpid
1 2178 2178 2178 ? -1 Ss 0 0:00 /usr/sbin/cron
1 2228 2228 2228 ? -1 Ss 102 0:00 /usr/bin/dbus-daemon --system
1 2261 2260 2260 ? -1 S 110 0:00 avahi-daemon: running [devuan.local]
2261 2262 2260 2260 ? -1 S 110 0:00 \_ avahi-daemon: chroot helper
1 2286 2285 2285 ? -1 S 0 0:00 /usr/sbin/bluetoothd
1 2314 2314 2314 ? -1 Ss 0 0:00 /usr/sbin/cupsd -C /etc/cups/cupsd.conf -s /etc/cups/cups-files.conf
1 2348 2347 2347 ? -1 Sl 0 0:00 /usr/sbin/cups-browsed
1 2372 2371 2371 ? -1 S 0 0:00 elogind-daemon
1 2641 2641 2641 ? -1 Ss 103 0:00 /usr/sbin/exim4 -bd -q30m
1 2668 2668 2668 ? -1 Ss 0 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
1 2697 2697 2697 ? -1 Ssl 101 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 101:104
1 2724 2724 2724 ? -1 Ss 0 0:00 /usr/sbin/saned -a saned
2724 2725 2724 2724 ? -1 S 0 0:00 \_ /usr/sbin/saned -a saned
1 2751 2751 2751 ? -1 Ss 0 0:05 /usr/bin/slim -d
2751 2776 2776 2776 tty7 2776 Ssl+ 0 0:03 \_ /usr/lib/xorg/Xorg -nolisten tcp -auth /var/run/slim.auth vt07
2751 3126 2751 2751 ? -1 S 1000 0:00 \_ /bin/sh /etc/xdg/xfce4/xinitrc -- /etc/X11/xinit/xserverrc
3126 3171 3171 3171 ? -1 Ss 1000 0:00 \_ /usr/bin/ssh-agent x-session-manager
3126 3182 2751 2751 ? -1 Sl 1000 0:00 \_ xfce4-session
3182 3217 2751 2751 ? -1 Sl 1000 0:00 \_ /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
3182 3218 2751 2751 ? -1 S 1000 0:02 \_ /usr/bin/python3 /usr/share/system-config-printer/applet.py
3182 3223 2751 2751 ? -1 Sl 1000 0:00 \_ /usr/bin/python -O /usr/share/wicd/gtk/wicd-client.py --tray
3182 3229 2751 2751 ? -1 S 1000 0:00 \_ xscreensaver -no-splash
1 2798 2798 2798 ? -1 Ss 0 0:00 /usr/sbin/uuidd
1 2828 2827 2827 ? -1 S 0 0:00 /usr/bin/python -O /usr/share/wicd/daemon/wicd-daemon.py --keep-connection
2828 3034 2827 2827 ? -1 S 0 0:00 \_ /usr/bin/python -O /usr/share/wicd/daemon/monitor.py
1 2893 2892 2892 ? -1 S 0 0:00 /sbin/udevd udevd
1 3062 3062 3062 tty1 3102 Ss 0 0:00 /bin/login -f
3062 3102 3102 3062 tty1 3102 S+ 1000 0:00 \_ -bash
1 3063 3063 3063 tty2 3099 Ss 0 0:00 /bin/login -f
3063 3099 3099 3063 tty2 3099 S+ 1000 0:00 \_ -bash
1 3064 3064 3064 tty3 3098 Ss 0 0:00 /bin/login -f
3064 3098 3098 3064 tty3 3098 S+ 1000 0:00 \_ -bash
1 3065 3065 3065 tty4 3101 Ss 0 0:00 /bin/login -f
3065 3101 3101 3065 tty4 3101 S+ 1000 0:00 \_ -bash
1 3066 3066 3066 tty5 3097 Ss 0 0:00 /bin/login -f
3066 3097 3097 3066 tty5 3097 S+ 1000 0:00 \_ -bash
1 3067 3067 3067 tty6 3100 Ss 0 0:00 /bin/login -f
3067 3100 3100 3067 tty6 3100 S+ 1000 0:00 \_ -bash
1 3123 3122 3122 ? -1 Sl 1000 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
1 3160 2751 2751 ? -1 S 1000 0:00 /usr/bin/dbus-launch --exit-with-session --sh-syntax
1 3161 3161 3161 ? -1 Ss 1000 0:00 /usr/bin/dbus-daemon --syslog --fork --print-pid 6 --print-address 8 --session
1 3184 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher
3184 3189 3161 3161 ? -1 S 1000 0:00 \_ /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
1 3191 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
1 3195 2228 2228 ? -1 Sl 0 0:00 /usr/lib/policykit-1/polkitd --no-debug
1 3202 3161 3161 ? -1 S 1000 0:00 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
1 3206 3206 3206 ? -1 Ss 1000 0:00 /usr/bin/gpg-agent --sh --daemon --write-env-file /home/devuan/.cache/gpg-agent-info
1 3208 2751 2751 ? -1 S 1000 0:00 xfwm4
1 3212 2751 2751 ? -1 Sl 1000 0:01 xfce4-panel
3212 3286 2751 2751 ? -1 S 1000 0:00 \_ /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 20971558 systray Notification Area Area where notification icons appear
3212 3289 2751 2751 ? -1 S 1000 0:00 \_ /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 2 20971559 actions Action Buttons Log out, lock or other system actions
1 3214 2751 2751 ? -1 Sl 1000 0:00 Thunar --daemon
1 3216 2751 2751 ? -1 Sl 1000 0:00 xfdesktop
1 3234 3233 3233 ? -1 S<l 1000 0:01 /usr/bin/pulseaudio --start --log-target=syslog
1 3236 2228 2228 ? -1 SNl 105 0:00 /usr/lib/rtkit/rtkit-daemon
1 3239 3239 3239 ? -1 Ssl 1000 0:00 xfce4-power-manager
1 3240 3240 3240 ? -1 Ssl 1000 0:00 xfsettingsd
1 3245 2228 2228 ? -1 Sl 0 0:00 /usr/lib/upower/upowerd
1 3251 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfsd
3251 3362 3161 3161 ? -1 Sl 1000 0:00 \_ /usr/lib/gvfs/gvfsd-trash --spawner :1.17 /org/gtk/gvfs/exec_spaw/0
1 3276 3161 3161 ? -1 SNl 1000 0:00 /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
1 3288 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
1 3314 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
1 3318 2228 2228 ? -1 Sl 0 0:00 /usr/lib/udisks2/udisksd
1 3332 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor
1 3337 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
1 3342 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor
1 3347 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
1 3359 3161 3161 ? -1 Sl 1000 0:00 /usr/lib/gvfs/gvfsd-metadata
1 3397 2751 2751 ? -1 Sl 1000 0:01 xfce4-terminal
3397 3403 3403 3403 pts/0 3431 Ss 1000 0:00 \_ bash
3403 3431 3431 3403 pts/0 3431 R+ 1000 0:00 \_ ps axjf
Also it would be nice if you could tell me how I could get a root shell on the installation medium, so I could execute the steps proposed by Altoid in order to really clean the drive.
Offline
3126 3171 3171 3171 ? -1 Ss 1000 0:00 \_ /usr/bin/ssh-agent x-session-manager
^ That's the only "ssh" program running but it's not an SSH client or server, it's just an authentication agent (see ssh-agent(1)). Uninstall the openssh-client package to get rid of it if you're that paranoid.
how I could get a root shell on the installation medium
sudo -i
Brianna Ghey — Rest In Power
Offline
freenet_bro wrote:3126 3171 3171 3171 ? -1 Ss 1000 0:00 \_ /usr/bin/ssh-agent x-session-manager
^ That's the only "ssh" program running but it's not an SSH client or server, it's just an authentication agent (see ssh-agent(1)). Uninstall the openssh-client package to get rid of it if you're that paranoid.
I don't have it installed. ^^ I mean it's not in the apt data base. It will just install itself after I've removed it.
freenet_bro wrote:how I could get a root shell on the installation medium
sudo -i
Thanks, that's what I needed.
I never use sudo, because it blurs the line between system administrator and regular user.
Last edited by freenet_bro (2020-08-05 20:20:50)
Offline
It will just install itself after I've removed it
Logs or it never happened
Brianna Ghey — Rest In Power
Offline
The question might be a bit odd, but I'm currently writing this message from a machine, which is under total surveillance, because of reasons. (I'm a good goy though. Don't worry.)
I was in about the same situation as you a couple of years ago.
I can indicate you some steps to at least remove their active presence on your machine, after that they still can see anything you do and even read your mind.
1) Get an older hardware like Core2 Duo with good old BIOS (instead of UEFI) and process it with ME_cleaner to remove IntelME, better to libreboot of course if you can get a right hardware.
2) Get somewhere a very old SD card of size like 256Mb and an ancient SD card reader USB1 or USB2, they are free from modern firmware backdoors. Place your bootloader and kernel onto this SD card.
Always boot your system from USB SD reader, this prevents injecting trojans during boot phase by storage devices.
3) Encrypt all your HDDs to partially isolate from their firmware trojans.
All file systems shall be created above LUKSed block devices.
Use the shortest SATA cables you can get, 10-15cm are the best, it will make it harder to kill data on your disks by active EMI attacks injecting intelligent noise making your HDD working incorrectly for some time.
And try to always use ZFS, it sees all checksums errors when you are under a EMI attack, otherwise you can silently loose your data and files.
4) Use Devuan without systemD, it is an absolute MUST.
5) Do not use modern bloated DE like KDE4 or KDE5, they are full of backdoors and can erase your important ideas in knotes and kalarm at least. I have found TrinityDE is the best DE for a workstation and NoDM+IceWM+matchbox-desktop is the best thing for a server.
With IceWM you can disable almost all services even like dbus, etc.
6) Never run proprietary software like Skype of Chrome on your sensitive computer, have a dedicated different motherboard for them and run them only in a dedicated KVM on it.
7) For SSH access to other hosts keep your secret keys in hardware devices like Nitrokey PRO2 or HSM2.
8) I am going to make an installation of a combi of Devuan+ZFS volume and OpenBSD running from that volume over a dedicated Ethernet link. They will both run on ARM hardware (two separated boards) free from X86 backdoors and trojans. Add Nitrokey PRO2 or HSM2 here and get a relatively good protection at least from general hackers, agencies still can replace your hardware or reflash something (though I guess it is harder to do on a SoC) and they can enter your room not via a front door or a window (don't ask me how).
May be I will share it in the corresponding forum area for ARM builds.
Last edited by bimon (2020-08-18 18:02:00)
Offline
process it with ME_cleaner to remove IntelME, better to libreboot of course if you can get a right hardware
That doesn't completely remove the ME and even if it did there would still be blobs in the motherboard controller firmware.
The FSF only lists a few motherboards that are blob-free: https://ryf.fsf.org/categories/mainboards
Of those boards only the POWER9 versions from Talos offer a decent level of performance. Not cheap though
ARM hardware (two separated boards) free from X86 backdoors and trojans
ARM is a very opaque architecture, both the motherboard controllers and the Mali graphics require blobs. Again, POWER9 is better (or perhaps RISC-V).
Last edited by Head_on_a_Stick (2020-08-18 21:11:41)
Brianna Ghey — Rest In Power
Offline
...KDE4 or KDE5, they are full of backdoors and can erase your important ideas in knotes and kalarm at least.
Do you have proof for these claims? And you should probably report those problems with knotes and kalarm to the upstream's or Debian's bug tracker.
Former maintainer of the iwd package. See #639!
You can also find me on the Pale Moon forums. I develop XUL add-ons for Pale Moon.
My PGP public key
Offline
bimon wrote:...KDE4 or KDE5, they are full of backdoors and can erase your important ideas in knotes and kalarm at least.
Do you have proof for these claims? And you should probably report those problems with knotes and kalarm to the upstream's or Debian's bug tracker.
I just experienced information lost from KAlarm and KNotes in KDE4 many times after their store was ported from a file system to a database integrated into KDE.
It generally happened when I wrote down some discrediting evidence against the attackers and when wrote to forum topics like this.
I guess the whole idea about open source backdoors is to make them available as legitimate network services say via TCP sockets, while users think they are protected by a firewall it is not actually the truth because agencies run their invisible trojans in protected rings of modern CPUs (most likely even negative rings) and such trojans can even saliently virtualize your whole computer in addition that X86 itself is not a pure hardware by itself, it is like a VM running on their mutable/updatable microcode. It is not possible to detect those trojans in your operation system, though in a case of virtualization it sometimes may be possible by measuring some calculation speeds of the CPU.
Most likely it is not easy without unified API available via a socket like systemD to manage applications from trojans because it is not easy to conform to ABIs needed to be called and out of process communication without network stack, but via network services it is much easier just like a RPC call.
Last edited by bimon (2020-08-19 06:22:00)
Offline
bimon wrote:process it with ME_cleaner to remove IntelME, better to libreboot of course if you can get a right hardware
That doesn't completely remove the ME and even if it did there would still be blobs in the motherboard controller firmware.
The FSF only lists a few motherboards that are blob-free: https://ryf.fsf.org/categories/mainboards
Of those boards only the POWER9 versions from Talos offer a decent level of performance. Not cheap though
bimon wrote:ARM hardware (two separated boards) free from X86 backdoors and trojans
ARM is a very opaque architecture, both the motherboard controllers and the Mali graphics require blobs. Again, POWER9 is better (or perhaps RISC-V).
We talk about different price ranges, ganstalkers often attack people on a low budget just to make them even more financially vulnerable trying to get them on their slavery galleys in their corporations.
And I think it is still not easy to verify there are no backdoors in POWER9. And it is a CPU with speculative execution yet most likely vulnerable to SPECTRE and like it? When we talk about getting some better performance than ARM it may be enough to get a cheap system with Libreboot or at least Coreboot, run KVM or software emulation on it and manage it from a secure ARM device.
IMHO Talos is a good toy for wealthy men who can purchase a few of them just for experiments and trash them if they do not like something without any financial regret. I just purchased many ARMv5 and ARMv7 SoCs just for experiments, it is affordable for me and I still do not know if they solve the problems which I experienced in the past, but it is not a significant loss for my budget if something goes wrong for some of those boards.
As for ARM I would not trust anything more recent than old ARMv7 boards like Orange PI with a wireless chip removed from the board.
Modern ARMs may have large BLOBs in their SoC boot ROM and they can have trojans working in an ARM TrustZone.
To make me more confident in a current ARM hardware a vendor would have to provide an open source code for his BROM which is inside a SoC.
It shall be built reproducible and result to the same verifiable binaries which could be read from BROM. But it still most likely does not prevent them to have some hidden code running in a TrustZone anyway or even making such verifiable BROM a fake ROM while running another proprietary BLOB hidden from us.
On the other hand there are a plenty of Cortex A7 oranges free from speculative issues which are good for a mini server running under OpenBSD.
Please understand performance does not matter at all when we talk about security, slow ARMv7 for $30-$50 may be much better and stronger in these terms than a modern shiny computer for a few thousands of USD.
Beagle bone black boards are already free from radio chips and their BROM is relatively small which is less in size than RAM of a good old ZXSpectrum, unfortunately it is not Cortex A7, therefore it is good only for a secure client SSH terminal, for a micro server it is better to use Cortex A7.
You can install only light and the most critical services like SSH, Firewall, some proxies, DNS, monitoring, intrusion detection, Jabber, e-mail, etc. on those mini boards while running more resource demanding applications as KVM guests on other Coreboot hosts behind this secure gateway based on ARMv7 CortexA7 + Nitrokey + OpenBSD. Just allow connections to KVM hosts only from secure OpenBSD ARM host.
Last edited by bimon (2020-08-19 07:39:01)
Offline
And as for defending from BLOBs in storage controllers someone already discussed that in the topics like:
http://dev1galaxy.org/viewtopic.php?pid=17208#p17208
http://dev1galaxy.org/viewtopic.php?pid=16484#p16484
And unfortunately there are no affordable RISC-V having at least 1-2GB or RAM comparable to many cheap Cortex A7 boards like OrangePI some of which are even compatible with OpenBSD.
May be some MIPS like Octeons can be interesting for running OpenBSD on them too.
Do we really have any affordable choices even already in 2020 year for a hardware more secure than X86 with at least 1-2 GB of RAM except ARM Cortex A7 and MIPS?
And I would not trust even to the same Cortex A7 chips produced recently compared to older ones from a second hand market. I have already experienced several bad recent simple SATA controllers which destroyed a half of my ZFS mirrors (recoved later of course), recent chips compatible with earlier specifications look different in some cases under attacks and behave like a beasty. Most likely they have more recent backdoors in hardware and firmware. So the older BROM and SoC are the better it is in terms of resistance to ganstalker attacks.
And never trust intelligent agencies, they almost always lie just to make some profit from their public declarations, they inject many their backdoors everywhere they can to control everything and even make criminal harm to law-abiding citizens in favor of corporations who sponsor them. The same about trust to some doctors and lawers, there is a significant amount of those "specialists" who lie to you just to support the whole corrupted construction and make a harm to individuals targeted by agencies. Sometimes even police behave the same way.
If you a targeted individual then try to never eat anything except what you get by yourself from a supermarket choosen randomly because ganstalkers sometimes use to poison people with a slowly influencing bio substances like staphylococcus which in a long term together with their electromagnetic attacks may lead to decrease of immunoresistance of your body, dermatosis, bad reactions to the meds used and even to small mutations like a chronical blood mutations like leucosis and insomnia. They even may use mind control of your oldery relatives to make them behave like mads, often disturbing you in the most critical moments of your life for example during your sleep, trying to feed you with a food they got from unknown sources, such unverified food they were often received for free from someones may contain psychotic stuff to make you temporary mad too.
And then ganstalkers tell, you need to go to a psychiatrist, their win - congratulations! And you get a bad reputation finally.
A few of examples:
https://web.archive.org/web/20190624163 … duals.html
https://web.archive.org/web/20200314022 … cults.com/
http://www.freezepage.com/1562758630UEPBNMQAJI
https://web.archive.org/web/20190610035 … BJJVVBJ/64
https://archive.is/1ipek
https://web.archive.org/web/20190608024 … ad/1348072
I think more anonymization for key developers of Devuan and OpenBSD would not be bad for them and all of us to prevent them to repeat what happened to original Debian leader and what happened to Debian after that.
Last edited by bimon (2020-08-19 11:06:49)
Offline
Just FYI:
If you a targeted individual then try to never eat anything except what you get by yourself from a supermarket choosen randomly because ganstalkers sometimes use to poison people with a slowly influencing bio substances like staphylococcus which in a long term together with their electromagnetic attacks may lead to decrease of immunoresistance of your body, dermatosis, bad reactions to the meds used and even to small mutations like a chronical blood mutations like leucosis and insomnia. They even may use mind control of your oldery relatives to make them behave like mads, often disturbing you in the most critical moments of your life for example during your sleep, trying to feed you with a food they got from unknown sources, such unverified food they were often received for free from someones may contain psychotic stuff to make you temporary mad too.
^ This makes you sound like a crazy person, perhaps keep such thoughts to yourself in future. Or start taking the little blue pills the doctor gave you...
Brianna Ghey — Rest In Power
Offline
Very probable that I was poisoned by a significant portion of staphylococcus (diagnosed later by analysis) during training courses for IBM DB2 administration in a "Network Academy" located in a building of their police academy located in Kazan, Russia on October 13, 2008 in their dining-hall, they brought a meal by themselves. During all night in their hotel I experienced continuous almost non uninterruptible meteorism, there is a eye-witness classmate, we had even to open window inspite of almost winter weather, I never used to eat in their dining-hall anymore and got food in supermarkets during the rest of training days.
When we had meeting with other classmates from different cities in the evening they talked about terror from FSB in their cities like fires and pressure, women mentioned very bad quality of doctor service in maternity hospital and how they got even disability after accouchement and could not sue the doctors in a court.
Also I felt myself sick like in a winter like getting a flue virus, gravedo and feeling very weak, it is an indication of an attack on immune system.
Later when I returned to my city large dark-red sometimes almost black pustules appeared on my head and body for many years and a few still now, during many years I experienced significant headaches. Doctors could not find a course when I asked them earlier.
I had to part with my lovely girlfriend in about two years since that DB2 training
And finally in 2017 I was diagnosed a polycythemia.
After I wrote several times about corruption in Russia my body experienced burning pain and vibration, my mother too (she experienced it even today after this post asking me for a tablet of aspirin), several neurologists led me to a psychiatrists, they did not do anything to help me except harm in their clinic where I even did not get enough air to breath (a body with blood problems requires more oxygen for living) , persistent constipation problems during a whole month period of being in their clinic when I repeatedly could not get defecation up to five days even visiting toilet room tens of times and it is even not always allowed by personal to travel to that room, btw. And it was very hard to convince them to purchase and give me laxative, without it most likely I would already be dead. After leaving their clinic all symptoms returned in about two weeks like body burning and vibration.
Later I have found a med by myself to heal myself successfully from vibration and burning, it is neuromedin and human interferon alfa, blood returned to a relatively good condition too, I do not have an insomnia or headaches anymore except days when I do a med injection.
After that I often treat doctors (I visited tens of them before getting to psychiatrists) like charlatans just serving ZOG and agencies to make tortures against targeted individuals, they are almost like fascist in their activity against targeted individuals.
It works something like following:
Last edited by bimon (2020-08-21 08:49:16)
Offline
freenet_bro wrote:The question might be a bit odd, but I'm currently writing this message from a machine, which is under total surveillance, because of reasons. (I'm a good goy though. Don't worry.)
I was in about the same situation as you a couple of years ago.
I can indicate you some steps to at least remove their active presence on your machine, after that they still can see anything you do and even read your mind.
1) Get an older hardware like Core2 Duo with good old BIOS (instead of UEFI) and process it with ME_cleaner to remove IntelME, better to libreboot of course if you can get a right hardware.
2) Get somewhere a very old SD card of size like 256Mb and an ancient SD card reader USB1 or USB2, they are free from modern firmware backdoors. Place your bootloader and kernel onto this SD card.
Always boot your system from USB SD reader, this prevents injecting trojans during boot phase by storage devices.3) Encrypt all your HDDs to partially isolate from their firmware trojans.
All file systems shall be created above LUKSed block devices.
Use the shortest SATA cables you can get, 10-15cm are the best, it will make it harder to kill data on your disks by active EMI attacks injecting intelligent noise making your HDD working incorrectly for some time.
And try to always use ZFS, it sees all checksums errors when you are under a EMI attack, otherwise you can silently loose your data and files.4) Use Devuan without systemD, it is an absolute MUST.
5) Do not use modern bloated DE like KDE4 or KDE5, they are full of backdoors and can erase your important ideas in knotes and kalarm at least. I have found TrinityDE is the best DE for a workstation and NoDM+IceWM+matchbox-desktop is the best thing for a server.
With IceWM you can disable almost all services even like dbus, etc.6) Never run proprietary software like Skype of Chrome on your sensitive computer, have a dedicated different motherboard for them and run them only in a dedicated KVM on it.
7) For SSH access to other hosts keep your secret keys in hardware devices like Nitrokey PRO2 or HSM2.
8) I am going to make an installation of a combi of Devuan+ZFS volume and OpenBSD running from that volume over a dedicated Ethernet link. They will both run on ARM hardware (two separated boards) free from X86 backdoors and trojans. Add Nitrokey PRO2 or HSM2 here and get a relatively good protection at least from general hackers, agencies still can replace your hardware or reflash something (though I guess it is harder to do on a SoC) and they can enter your room not via a front door or a window (don't ask me how).
May be I will share it in the corresponding forum area for ARM builds.
Thanks for understanding my threat model and sharing your insights.
1) I have a x200, but I don't have the necessary tools to libreboot it. I have three Raspberry Pis, but not the necessary connectors.
Currently I use two laptops. One offline laptop, where I've removed the wireless card. And an online laptop, which has OpenBSD installed and runs Devuan from a live USB (Which I'm using right now.).
"If noone is supposed to see it, then do it offline." Is my current mantra.
I don't have the knowledge to secure my systems. It's a fun learning experience though. ahahahaha...fuck
I store all my data on several external encrypted hard drives.
4) Already doing that.
5) I use suckless' dwm+st+dmenu. No gvfs policykit or all that crap.
That's the only reason I was able to figure out what was going on.
(Although dbus is somehow necessary for xorg to start, which doesn't suprise me, because my xorg binaries have been replaced. ^^)
6) I've freed myself from proprietary software a couple of years ago. I'm 100% free. (If you exclude hardware and firmware.)
7) I'll keep that in mind for the future.
8) Noone entered my home, I'm sure of that. But they're already in all the machines in my home, so does it really matter? haha
Last edited by freenet_bro (2020-08-19 13:39:21)
Offline
bimon, would it be possible to contact you outside of this forum?
I would love to be able to talk to someone, who has a deep understanding of technology as you appear to have.
Learning all that shit just through reading man-pages is very hard, because they often times assume formal training.
Offline
For now please write here, may be later when I have a better anonymization like I2P+Tor router we can chat sometimes in a Tox or Jabber.
Last edited by bimon (2020-08-19 17:49:51)
Offline
I have three Raspberry Pis, but not the necessary connectors.
Raspberry Pis could not even start without large BLOBs for video chip.
The best what I was able to find are AllWinner Cortex A7 and Beagle Bone Black boards.
They are affordable and can work (at least in a text mode) without BLOBs except their small BROM inside their SoC.
IMHO even librebooted X86 is not good as a secure SSH terminal to control other hosts, they can be used only to host something non critical in terms of security.
I do not know anything affordable for a secure trusted terminal better than an old ARM Cortex A7 free from BLOBs and wireless chips with a Nitrokey or may be GNUK for keeping your secret keys there.
Btw, there is an interesting ARM laptop trying to be as free as possible (not Cortex A7 though):
https://web.archive.org/web/20200828204 … _Main_Page
https://www.bunniestudios.com/blog/?cat=28
Last edited by bimon (2020-08-28 20:43:02)
Offline
Hello bimon,
The staphylococcus poisoning was probably an accident. It's impossible to say exactly what effect it would have on any given individual. So it's not any use to control someone.
There's an old saying, "Never ascribe to malice anything adequately explained by stupidity". Which fits this case quite well.
But if you do need to keep secrets:
1: The safest option is to keep it all in your head. If you must share information talk face to face and make sure there are no listening devices around.
2: Use pencil (or pen) and paper. Mass surveilance of mail is too much work for the authorities (at least in civilised countries). If you must use a computer use one that's not connected to the internet (check for wireless adapters etc). This is standard for tax advisers etc (not illegal but laws can be changed to your disadvantage if they know what you are planning).
3: If you have to use the internet then use normal computer security procedures. And keep anything really sensitive off the system.
Chris
Offline
Hello bimon,
The staphylococcus poisoning was probably an accident. It's impossible to say exactly what effect it would have on any given individual. So it's not any use to control someone.
Hello Chris,
The accident happened only to me, not to my classmate who was eating at the same place (the same small table) and he was brought his meal too by a staff and it looked on the surface the same as mine.
The effects of poisoning by golden staphylococcus are predictable: persistent meteorism, bad microflora and as a consequence a bad immune resistance, insomnia, dermatosis and bad blood reaction on meds used for handling of dermatosis.
The whole effect is a gain for ganstalkers, a person becomes more vulnerable to their attacks (including load sounds at night, anonymous calls, etc.), harder life, personal problems, difficult to work productively because of regular insomnia.
Last edited by bimon (2020-08-20 11:59:35)
Offline
But if you do need to keep secrets:
1: The safest option is to keep it all in your head. If you must share information talk face to face and make sure there are no listening devices around.2: Use pencil (or pen) and paper. Mass surveilance of mail is too much work for the authorities (at least in civilised countries). If you must use a computer use one that's not connected to the internet (check for wireless adapters etc). This is standard for tax advisers etc (not illegal but laws can be changed to your disadvantage if they know what you are planning).
3: If you have to use the internet then use normal computer security procedures. And keep anything really sensitive off the system.
Chris
1. Two very important channels for data leakage often not taken into account are:
1.1 Electromagnetic emanation from all computer buses (like SATA, USB, Ethernet, PS2, VGA, HDMI, etc.)
1.2 Psi operators can read your mind (your current thoughts and may be even memory) distantly, predict some future and try to correct it in their favor.
Though these two channels are not directly related to each other they are often used by some agencies together at the same time.
So you shall never use passwords as they can be intercepted both from computer bus and your head without any visible connection like LAN, etc.
Always try to use keys which are not stored on devices like HDDs or SSDs. For example Nitrokey company states HSM2 is protected from data leakage by emanation channel (but at which grade? a few layers of tin foil?), though there may be other backdoors in Nitrokey of course. Even their crypto algorithms most likely are not strong enough against NSA and may be other agencies too.
May be GNUK (or Nitrokey Start) sometimes can be better in terms of its open source, I do not know unfortunately.
2,3. My computers were attacked by electromagnetic attacks too, it does not matter if Internet is connected or not.
https://web.archive.org/web/20191105180 … ssues/9518
Also a standalone (without Internet and even without LAN connection) relatively old computer (Intel about 2002 model) which was almost always turned off at my home was reflashed somehow and did not boot into Linux until I reflashed it again back to a stock BIOS from a floppy.
Another standalone computer (AMD about 2010 model) with a modern HGST 6TB HUS drive was controlled remotely and replaced some of video surveillance files into a binary rubish, and it had ZFS, it means HDD most likely has a backdoor for remote wireless control and its Linux drivers have an interface to bypass control into the kernel and may be some userspace.
Last edited by bimon (2020-08-21 06:16:30)
Offline
Btw, Nitrokey HSM2 USB token and a flat SC-HSM2 4K smart card both implement a data channel encryption (between your PC PKCS11 lib and their crypto chip) via BSI TR-03110 protocol also used in some national personal ID cards. May be it just is so called protection from attacks on emanation side channel.
Another standalone computer (AMD about 2010 model) with a modern HGST 6TB HUS drive was controlled remotely and replaced some of video surveillance files into a binary rubish, and it had ZFS, it means HDD most likely has a backdoor for remote wireless control and its Linux drivers have an interface to bypass control into the kernel and may be some userspace.
Actually it may be a wired (not wireless as I mentioned earlier) backdoor, IMHO the most probable channel for remote control is an AC power line, a signal can be modulated somehow and some modern devices with a powerful enough MCUs or SoCs for example like modern HDDs can have corresponding modems to phone via AC line in an active mode, not like a relatively safe for us good old passive readonly TEMPEST known earlier.
Last edited by bimon (2020-10-10 04:12:14)
Offline