Hi,
Please add Transaction Integrity to APT. So that the Whole Set of package upgrades are checked to ensure that no unauthorized updates are inserted into the upgrade stream. Fedora's DNF already does this. It is about time that we also catch up and have this feature.
Also APT or it's libraries seems to have a vulnerability. I cannot prove this, but every time I do a 'apt update' I seem to get something installed into my system. (process of elimination) I don't know how to check for it. Please suggest a method for me to check. I am doubling up my monitoring efforts.
My AIDE logs are too long. And I use tcpdump to capture transmissions that go over 4 kb. I have a sudo log. I use clamAV. I use logwatch. And I have a few apparmor app profiles (systemd-resolved, timesync,). And I have a hardware firewall standing in between me and the modem; but I have a few favorite forums I always have open so it is easy to spoof traffic thru it. And I resumed use of my VPN.
I have an infected cable modem. The attackers seems to have multiple exploits for different brands/models. I have changed 3 ISPs, this is still an on-going concern. One time, I was able to find an intruder using nmap. The attackers are near my apartment, they have spoofed and over-powered my SSID so that I connect to them instead and cannot connect online - so I no longer use WiFi. In the past, they have also attacked via WiFi Direct, because Windows accepts WiFi Direct connections bypassing it's firewall. System was noticeably slower after this attack. This I fixed via removing the Windows WiFi Direct driver. If you live in an apartment complex I suggest you do the same via Device Manager. (There is no functionality loss to these 2 drivers' removal) There was another attack on taskhostw, that time they inserted a certificate into Windows registry and was thus able to bypass WDAC because their payload was thus 'properly' signed. This was picked up by my EDR.
I suspect this new intrusion onto Ubuntu 24 is an info stealer. The last time the attacker made it thru to Ubuntu, he disabled my AIDE by fiddling with the conf file. (without the conf file, you cannot even do a aide check) and he zero kb my aide db files; and changed my wallpaper. Fun and games.
Thanks for reading.
Bookmarks