:: Re: [DNG] Who remembers rootkit..
Top Page
Delete this message
Reply to this message
Author: Jimmy Johnson
Date:  
To: dng
Subject: Re: [DNG] Who remembers rootkit..
On 10/21/18 1:19 AM, Andrew McGlashan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Rick,
>
> On 21/10/18 14:42, Rick Moen wrote:
>> Quoting Jimmy Johnson (field.engineer@???):
>>
>>> Who remembers when rootkit hunter started showing problems and
>>> Debian said they where false positive problems? I think it was
>>> sometime during the development of Stretch. Well they fixed
>>> rootkit hunter to not show those problems any longer and so goes
>>> systemd, one BIG FAT security problem and has made security
>>> software pretty much useless. At lest with a firewall and no
>>> systemd you can stop kernel calls to get outside http or at lest
>>> I can. I think it's to bad we have to live with a kernel that's
>>> passing our activity to outside sources. I have this stuff
>>> logged, it can't be denied.
>
> I think he means the callout by some systemd setup that does a http or
> some other test for "connenctivity" ... perhaps it is more than that,
> but that alone is a concern. It was suggested in /that/ thread to
> which I think he is talking about, that the test should be to the
> router or the first outside gateway from your local network.
>
> Anyways, I'm not too sure.
>
> Cheers


Thanks for the post.

I first noticed it while testing Stretch, I run a multimedia setup no
problem with Jessie without systemd or wheezy, I was running a intel
laptop HDMI to a big screen smart tv, the screen would go black and the
audio would stop, I'm not the only on who has seen the problem as it's
been mentioned on the Debian mailing list. Since then I have ran it on
other systems, like Devuan, PCLinuxOS and Slackware too and have seen
the the problem in real time while looking at the system log and I would
see the kernel making calls to get a outside HTTP, I bring down my net
connection and the kernel calls avahi daemon to bring it back up and
make a HTTP connection, I stop avahi daemon and the kernel binds with
the NIC and tries to get outside HTTP, that's where my firewall stops
it. But the kernel keeps trying over and over and over endlessly to get
outside HTTP and all this makes it imposable to watch my movie. Using
the Intel laptop was convenient, but I got the idea to try my AMD nvidia
desktop, I got the same kernel activity but no interference with
audio/video, I'm now using ATI Radeon laptop, works the same as nvidia
or maybe it's because their both AMD as I don't have nvidia or ATI
running on a intel system that I can test.

Questions?
--
Jimmy Johnson

Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9
Registered Linux User #380263