Skip to main content
Topic: Security Issue (Read 1014 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

Security Issue

Hello, I am having a serious security issue regarding artix linux. I downloaded and verified the ISO . After installing I was preparing artix for my use by installing apps. But after installing gcc for neovim compile I was unable to install other packages and got restricted from using sudo command and others. Please help .. Looks like someone  have remote access to my OS and I am unable to do stuff with sudo command.
Note: No one have physicall access to my laptop and my account lost sudo access during my presence when I was done almost needed packages.
in the screenshot I used get command so don't be confused it is an alias which I added in the .bashrc file . so get= sudo pacman -S
get vim means sudo pacman -S vim
 

Re: Security Issue

Reply #1
did you try rebooting?  3 incorrect password attempts locks you out for 10 minutes
Cat Herders of Linux

Re: Security Issue

Reply #2
The most likely problem here is wrong permissions on the sudo executable.

If you still have access to su and set up a root password, I'd try su -c 'chmod 4711 /usr/bin/sudo'.


Quote from: cat herders of linux – on
did you try rebooting?  3 incorrect password attempts locks you out for 10 minutes

That ain't it, the error message for 3 incorrect passwords is "This acount is locked (X minutes remaining)".

Re: Security Issue

Reply #4
In the event of suspected remote access, it's simple and quick to physically turn off or disconnect the internet connection, for example by unplugging the ethernet cable or wifi adapter if it's an external one, flip the wifi off switch on a laptop if it has one, turn off the router, or power off the computer.
Hopefully not that though. You could try typing the password and see if it's coming out as you think, also perhaps try it in another tty (CTRL ALT F2 etc) as sudo seems to use the terminal keymap, not the graphic one.

Re: Security Issue

Reply #6
...

Cat Herders of Linux

Re: Security Issue

Reply #8
Quote from: gripped – on
I doubt this is a case of remote access but on a new install, with even the slightest of doubt about security, I suggest you just start the install again.

The only possible doubt here is a user that don't know what he is doing. Who the fuck `hacks' a computer to change sudo executable permissions?

Quote from: gripped – on
Change your alias
Code: [Select]
alias get="sudo pacman -Syu "
pacman -S is not a good practice.
https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_unsupported

There is definitely nothing wrong with pacman -S, it is pacman -Sy that can be harmful. The only risk with running pacman -S is to get some error 404 if the packages you want to install got updated since your last sync. (and the link you sent totally backs that)

Re: Security Issue

Reply #9
This is not the case  that I don't know what I am doing. I know what I am doing and this is my aliases ....

Re: Security Issue

Reply #10
any moment now a dev will be along to tell you why you shouldn't be using -Syyu
Cat Herders of Linux

Re: Security Issue

Reply #11
Quote from: spellb – on
This is not the case  that I don't know what I am doing. I know what I am doing and this is my aliases ....
in 20 years as a desktop linux user i think you are the only one i have seen using an alias like this.  i concur with gripped that a fresh install is the best solution here.
Cat Herders of Linux

Re: Security Issue

Reply #12
You can get root access for recovery by chrooting in from an iso on a usb or another partition if you want to try and fix things. Then you could do stuff like reset the password, reinstalll things and so on. You could check logs in /var/log for signs of remote access, perhaps use clamav, chkrootkit, and rkhunter to scan the system to look for malware.  Of course a reinstall is the best way to ensure there's nothing like that, but if you want to go that route then those are some ideas.