Highly Suspected Compromised Solus ISO / Rootkits Post Fresh Install

DataDrake I will hopefully have that documented soon. I completly understand you wanting to see proof. Don't we all but you cannot just expect any average user to have such proof.

You have to be able to deal with things on a case by case basis and take every reasonable post with caution and concern.

JoshStrobl I am very happy to hear Solus is taking the security of it's ISO's so seriously. Thanks for letting me know this. I will hopefull be able to get proof of my finding again soon. I just didn't have time or patience to save the documentation last time. I was in a dead rush working with clients.

I appologize for any undue turmoil this may have caused. My findings were serious and concerning to me which led me to making this post. I sincerely wanted help and still do wish to resolve the issue.

DataDrake Fake News really. It's clearly not fake news. It's my real world experience this past June 2019 weekend.

I've had so much anxiety over this and it was over the weekend. For you to call my serious hard work and findings fake news is a little concerning. I use my system for work. I

'm being brutally honest just like always. Would you please remove your childish flag. It's very off putting, judgmental and unhelpful.

[deleted] It's fake news because you haven't substantiated your claim. When you do provide proof, please do it through the APPROPRIATE channels like any IT professional would do, then it can be reviewed and analyzed. Until then, this post does nothing to help security.

[deleted] Don't we all but you cannot just expect any average user to have such proof.

I would expect anyone making such accusations no matter their expertise to have proof.

[deleted] We currently use a SHA1 hash for our package index. It's not as big a deal as you think, and is something we will be improving when we replace eopkg. Inside every package you will also find a listing of files with both sizes and SHA1 hashes. Fooling a SHA1 is possible, but not at the same file size. It's also something that we can verify in seconds if there's even a mild concern.

[deleted] I will not remove the flag. You have demonstrated no proof of your claims and have unnecessarily spread fear to other users. On top of that you did not even remotely choose the right channels to send this information through which shows either a lack of respect or experience for how to report potential security vulnerabilities. One does not inform their friend that their front door is unlocked at a specific address, out loud, in a quiet public place for all to hear.

[deleted]

I completly understand you wanting to see proof. Don't we all but you cannot just expect any average user to have such proof.

If you have reason to suspect something, that reason should be given in order to serve as proof of needing to investigate.

[deleted]

DataDrake Your passive aggressive behavior is quite comical. What is your technical competency that's going to be necessary to help me resolve this issue.

I am literally the Technical Lead for Solus. So far you have demonstrated to me that you overestimate your own knowledge of Linux and computer security, you have absolutely no clue how to properly report security issues, and that you have no desire to show me or JoshStrobl the respect that is deserved for our years of service to Solus and in our current roles as leaders of the project. Put simply, you came into our house, uninvited, with wild accusations, and couldn't be bothered to provide thorough and complete evidence even when prompted.

Now you are insulting us over our rightful hostility towards this inflammatory post that was irresponsibly presented to us through an unsecure channel.

You are also insulting me without bothering to learn one iota of information about my background. It just so happens that I have done one variety of IT or another for over 15 years and have been using Linux for longer. I also happen to have both a BS and MS in Computer Engineering, with a Minor is Computer Science during my undergraduate studies. I have been with the Solus project since 2016. Our founder Ikey was convinced enough with my technical skills that I was asked to join the Core Team, our highest level of leadership, less than 6 months after my first contribution to the project.

Meanwhile, a quick waltz around the internet shows that you do some level of IT support, of which I am uncertain because a website for your company doesn't even show up in a google search. You also appear to lack a LinkedIn, so I could not find any information about your technical background. What I could find, was a series of references to your poor attitude and behavior in the comment sections of various YouTubers and a series of videos from yourself which in my own opinion demonstrate poor respect for people who don't agree with your ideologies or assessments.

So forgive me if I have a hard time being pleasant in the face of all of this.

DataDrake eloquent and accurate.

I have barely said a harsh word to you. I bit my tongue at the shocking lack of customer service skills shown here. I have been the consummate professional throughout. Respect is earned and I've shown nothing but it to reasonable responses of course and even where I could have easily spoken in anger and off the cuff. I reported the issue directly from the forum after establishing my account. I have followed the guidelines.

I wasn't seeking a history of your accomplishments and credentials. I was only seeking a resolution to my problem and findings. I've been awfully nice and professional throughout discourse today and bit my tongue several times. Your team and yourself have been quite rude towards me from the onset of my posting.

If I came off a little direct well that's just me. I am direct but I try not to be hateful or disrespectful towards anyone. Which video did you come across that made you think I was spewing hate and vitriol because I assure you I've never done so in any of my videos.

Actually YouTube green lighted me based on my google record to have a lot of the benefits for a brand new channel that I'm not aware that anyone has access to immediately. This must be do to my track record on YouTube. I've made an effort to watch how I respond and if and when I do come off harshly I'm always sure to edit my comments and make sure I'm presenting myself in a professional tone.

I've made great efforts to protect my reputation online without hiring anyone. My LinkedIn profile being non existent results from my opting out of the social network and may or may not return but likely not. I have my reasons.

Again I'm sorry you feel this way. I am sorry for any negative way that I made you feel. I truly am but I will say I have a completely different perception of what has occurred here today. I am sure that I must not be alone in my feelings.

With that said dropping all the drama and personal feelings let's get to resolving the issue at hand; shall we. You mentioned that my support request was submitted from an unsecured channel.

What channel would that be. I am sitting here speaking to you from an adequately secured wireless network on my laptop in my home office.

I only use secure channels. I would like to address that once I am more aware of what is showing on your end giving you the impression this is an unsecured channel?

DataDrake Now there we go. That's what I'm talking about. Why we could not have just responded like this from the onset I will never understand.

With that said then here is what I will do and I'll get back with you. I will change out the wireless router with a backup one that I have supplied by my ISP. Then I will reconnect with you regarding this.

Furthermore with the opening of the files and the file contents changing or reverting to a previously opened document I mean that they are not showing the correct contents and LibreOffice opens them blank. Focus writer shows the wrong content for the files that I opened. It's so weird but I hope that makes sense.

I can get you a log file of Rkhunter if you like but it's for Peppermint OS. I wasn't able to get Sophos AV working in Solus OS due to the kernel modules not being compatible or something similar dealing with the lack of kernel module support. I wanted to scan with it but I didn't ever get to; sadly.

Yes I am finding that to definitely be the case with RKHunter myself. This all very well may just be due to faulty WiFi oddly enough though it's working now the best it has in several months since just simply updating the wireless routers firmware. It's a TPLink Archer C59 AC 1200 Wireless Router.

[deleted] https://dev.getsol.us/maniphest/task/edit/form/3/ is the link on the Solus dev tracker to file security issues. These issues are not viewable by the public, unlike here on the forum where anyone can see it and potentially exploit a posted security concern.

In general, it is really bad practice to disclose security threats or vulnerabilities in the public space; most projects have a secure way of letting the project developers/maintainers know while still keeping it out of the public eye, reducing the chance for someone else to exploit the issue.

[deleted] I only use secure channels. I would like to address that once I am more aware of what is showing on your end giving you the impression this is an unsecured channel?

https://dev.getsol.us/maniphest/task/edit/form/3/ - A dedicated security reporting feature on our development tracker

I'm just curious why you're yet to provide proof of this alleged compromise. If you are so serious about security I would appreciate it if you can provide it ASAP. Our team has checked the ISOs already and found no issue. If you are truly serious about this I don't recommend posting further until you provide proof. Every comment you make without proof only solidifies the Fake News tag.

EbonJaeger Damn, I was too slow at typing.