SELinux last straw
Lamar Owen
lowen at pari.edu
Thu Oct 18 18:29:24 UTC 2007
On Wednesday 17 October 2007, Karl Larsen wrote:
> I am pleased your many computers were not effected by the selinux
> update. I have no idea what is special about my computer but it is and
> I, just an old EE am not capable of figuring out what it is so I can run
> selinux. A sure fix EVERY time is to turn off selinux, relabel selinux
> and forget selinux. I am wondering why I have to relabel the stupid thing.
Karl, as an EE you certainly ARE capable of figuring it out (getting an EE is
a hard thing; I know, got one myself). It will take some digging; but
anything worth knowing is worth digging for, and the engineering background
is perfect for this task. If you have decided you just don't want (or if you
don't have time) to figure it out, that's a different thing altogether. But
I have no doubts that you have the ability if you apply that ability.
Karl, you should really think hard about reinstalling your system from
scratch. You've had a root-level system compromise; this hour delay you're
experiencing could be a result of this compromise; something could be
triggered by specific updates, and it not be the updates themselves causing
the problem. Maybe someone is intentionally messing with you and has a
backdoor set up that you can't detect and is laughing at the situation even
now (and, who knows, might even be someone on this list). If a backdoor is
open it doesn't matter whether you've disabled ssh or not. Might even be
someone with a bone to pick about SELinux; I know I'm speculating here, but
it IS possible.
Think of a root-level compromise as being the computer equivalent to radio
equipment experiencing a lightning strike; even when you think you have it
fixed, you will miss something, or components will fail later. Equipment
that isn't too expensive that has failed due to a lightning strike needs
replacement; sometimes repair is not an option (I saw a $12,000 broadcast
audio console junked due to lightning; the repair bill was going to be at
least 3/4's the new retail price, and the manufacturer wasn't willing to
warranty the repair; the console's backplane itself had vaporized PC traces).
A new F7 install with all updates will likely behave in a different way than
what you are seeing. I've tried to duplicate your problem with an F7 machine
here; I wasn't able to do so.
But if you have decided to not determine the root cause of the issue, then
just simply run with SELinux disabled. Your machine was already compromised,
and it could still have a backdoor installed; only a thorough audit or a
reinstall will remove that possibility. The level of difficultly of an audit
that is thorough enough is very high; a reinstall is a much easier thing to
do.
--
Lamar Owen, KF4MYT
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
(828)862-5554
www.pari.edu
More information about the users
mailing list