Insuring a healthy install - is there a guide?

The last 4 days, my linux system has been hacked twice, today was a very serious hacking, the APC UPS unit attached to the computer also was apparently hacked, cycling endlessly between battery and line, although line power was fine.

I got the question about data integrity of the 64 bit Leap 15.1 iso-image answered, so I know that I have a safe installation disk, but how can I insure that my system will be safe, when YAST2 does the updates to the software?

Apparently, in my system on Saturday I had to do 5,329 updates and something slipped in during that time, or when I installed wavemon and Kismet on the machine, some root kit slipped in over the wireless internet connection, without my knowledge.

Is there some type of program similar to tripwire, which can check the binary signatures of the executable files, to detect any faulty or modified ones? How can one insure that the install and updates went okay, and all are healthy?

Is there any guide written for this?

I am going to have to bring up the computer again (after I replace the UPS) from scratch, which is a lengthly process, but I want to avoid a 3rd hack.

Just wondering how all this done in a safe or controlled environment?

  • Randall

That’s a lot of updates.

Check your repos. I’m going to guess that you somehow managed to add a repo for Tumbleweed or Factory. And an accidental update to Tumbleweed or Factory might cause enough problem to explain much of what you are seeing.

Post the output of:


zypper lr -d

and use code tags to post that.

Leap simply dos not do that many updates so you must have managed to add a factory or TW repo. That many packages also show you have installed about every package in the world LOL :stuck_out_tongue:

Maybe UPS is simply dying, or its battery is too old.
I wonder how it is possible to hack UPS, especially if it is not connected to a PC with a USB or COM or any other data cable.

If you install OS with a DVD image you don’t need internet connection, so you can disable any net connection (and WiFi of course).

Take a look at the Leap 15.1 OSS repository: <http://download.opensuse.org/distribution/leap/15.1/repo/oss/&gt; – there’s couple of files in there: “CHECKSUMS” and “CHECKSUMS.asc” …

  • But, AFAIK, Zypper and RPM are using these Checksums to verify the Package downloads anyway …

openSUSE upgrade SDBs: <https://en.opensuse.org/SDB:System_upgrade&gt; and <https://en.opensuse.org/SDB:Offline_upgrade&gt;.

Consider, downloading the Leap 15.1 .ISO image and burning that to either a DVD or USB-Stick.

If there are severe security issues, consider moving to SELinux: <https://doc.opensuse.org/documentation/leap/security/html/book.security/part.selinux.html&gt;.

Can you show us some evidence of the system being hacked? Like already replied, I too have my doubts about the UPS being hacked, and want to add that f.e. rkhunter is known to easily come up with false positives.
And, given to # of updates, you must have somehow added TW repos to your system.