Endwall
01/06/2017 (Fri) 13:55:55
No.
767
del
>>766As in a documented case of an audit being performed on systemd uncovering a backdoor?
No I haven't seen anything about this on any website or about it or in any talks or in any literature.
As in what happend to me? Yeah I was gang raped on those systems. I had port 53 crowbarred open so that I couldn't shut it off, couldn't turn of bind9 or rebind the port, I had targeted feedback from my terminal and desktop relayed to me through third parties, I don't want to go into it tin foil style, but don't use it, if you have to use it, use it in text mode with no gui. My estimate was that the attacks were from the inside out, but I wasn't using jails and used firefox regularly so I don't know.
From a process standpoint installing it to text mode (CentOS 6.6) (minimal) releases the shell to you at pid 4100, on a fresh install parabola releases the shell to you at ~ pid 650. So there are more background processes running on centos 6.6 then on parabola. With a full gui install this is much higher. The anaconda installer is really simple and gives you encrypted partitions without much work. CentOS never really crashed, parabola with grsec kernel locks up all the time, on CentOS gnome was smooth never crashed, never locked up, on parabola startx with blackbox or openbox starts getting the jitters and locks up hard at least once a day. The rpm packages always worked, and had good configs on centos, the packages on parabola/arch often have empty configs that don't allow the services to start.
I'd run centos if I didn't care about being spied on, but I do so I don't. Red Hat are the Microsoft of the linux world, and they are definitely in bed with the NSA and the Government.
My personal opinion is to install the minimum number of packages to get the job done, compile from source, get the source code directly from the upstream vendor. Gentoo is your best shot for this approach. The more packages you install the bigger your attack surface and the sooner you will install a malware backdoored "Free software" package. Using binary packages is giving trust to the person that compiled the package that they didn't insert their own backdoor into the code before packaging it.
Someone should do tcpdump and wireshark packet capture analysis on fresh installs for each distribution for a 1 week capture period and see what turns up. Also there are probably secret protocols that won't be captured by tcpdump or wireshark. But maybe you can do this? So if you do it tell us about it or make a tutorial and link it.
Edited last time by Endwall on 01/15/2017 (Sun) 16:55:44.