Admittedly I'm faily new to linux but something just seems very strange. I downloaded alpine Linux because of the Grsecurity, PAX etx and additional protections I feel nessacery. 3 days after being plugged into a BT router things stated going odd.
Maybe I'm paranoid but firstly,
1. A script appeared a long with a load of others, one of them was called GFXPAYLOAD
Now this actualy turns off the graphics on the motherboard if I attempt to change any of the core system files.
2. A third partition that is only visible under certain circumstances – yet Im faily sure I only setup 1 partition and a swap on SDA2 yet theres 3 visible but only if I bot in with certain disks like M linux – strangely even if I enter as root or with M linux I cannot access or change permissions of most of the file system of the third partition.
Now heres what makes it interesting, this is
1. A brand new PC
2. A brand new copy of Alpine-Linux written off by the computer shop
3. Brand new phone line, router and ISP
None of my old media have been near the system and wireless is turned off and I'm ethernet only.
I also noticed it has created an Atheros wi-fi emulation driver – yet I don't have a wi-fi card and if I did it wouldn't be atheros since they are used for hacking.
Now, today I attempted to download Lubuntu – the file size was reported by the website at 696mb and would fit on a CDR. The download however was 729mb once finished???
I've stated to analyse my system more and there are so far 34 TTY connections via the serial bus. Although Terminal reports only 2 belong to me. The root account is now in a group called root as well. I never created a group for it. It was simply a username root account. There appears to be another 16 groups as well which are anonymous logins, samaba shares etc
Theres a strange directory that is a never ending loop. You click it and it just continues forever /boot/boot/boot/boot/boot/boot/boot etc etc
My GRSECURITY file seems to of altered and is now a symlik to a program called BUSYBOX. What is this?
Also a dir appeared called tmp and I looked inside and theres a locked file called orbit.pulse that I cannot access and theres an SSH-xxxxxx dir with a file caled agentxxxx and inside this a PID number.
I also found in my /SBIN directory ZFS executables although tried ZPOOL but it wouldn't allow me access. I thought no Linux kernals used the ZHS/ZFS filesystem??? I read that in a magazine last week.
Another file apeared in sbin called OCS-onthefly any idea what this is?
I just want to know – am I getting worried about nothing – normal Linux processes or is something very bad happening. It just doesn't seem right to me. Oh yeah I also ran some digital forensics and it stated “CD-rom drive has triple octet magic-mime” I don't know what that means though or if it supposed to be there.
It appears I'm being blocked too, any ISO's I download I cannot write to CD. Ive tried every GUI program out there and they all report “mount” errors.
The computer seemed fine – until I plugged in my BT router. I changed the admin PW and turned off WIFI for security ut ever since all this stuff has happened. It appears to me to be a government /ISP attack on my system. Unless I'm just paranoid :/