Re: How to gain control over the system? [a security-side-note]
On Sunday, 9 July 2017 14:54:02 -04 Kaj Persson wrote:
> Thank you all for thoughts and viewpoints on what can be wrong in my
> installation of Debian 9. I have looked through places I might expect
> can contain some explanation, but so far I have not been able to exclaim
> an "Ah, that's it!". Here are some of my observations:
>
> * First source of install: Well, I do know I wrote that used the live
> image, but to be honest, for now I am not sure, I do not remember. I had
> downloaded the live image as well as the install image, and most
> probable choice would be the later. But I do not know. Anyway the
> install process itself went without any problems.
>
> * At the install I made it fully new from the bottom. The only directory
> I kept unchanged was my home directory. This is situated on an own
> partition. All the others were reformatted: /, /boot, /usr, /var and
> /tmp. All these are on individual partitions while e.g. /etc is
> contained in the root partition. At earlier installations I have noticed
> that the home directory can contain wrong configuration files, so as a
> test I moved all hidden files i.e. files starting with a dot to a new
> created directory "hidden". This was however after the install. So at a
> subsequent cold start the system had no configuration files there but
> created new ones with default values. This however had no positive
> impact on my problem.
>
> * Configuring sudo? No I have not done that explicitly, not more than
> what the install program did itself. I have looked at /etc/sudoers and
> what I think the important lines are:
>
> # User privilege specification
> root ALL=(ALL:ALL) ALL
>
> # Allow members of group sudo to execute any command
> %sudo ALL=(ALL:ALL) ALL
There the "security" went out of the building ...
Please have a look here:
https://blather.michaelwlucas.com/archives/2266
>
> #includedir /etc/sudoers.d
>
> In /etc/sudoers.d there are no more files than README.
>
> There is no /etc/sudo.conf file.
>
> * Regarding access to my user directory: During my search I did in fact
> find some files and directories owned by user root or group root. These
> are changed to be owned by my user id and group id, but this did not
> help. By the way, On this computer I have always had just one user,
> mine, and hence got the user id 1000 and group id 1000. This is the case
> now too.
>
> uid 1000 is a member of the sudo group.
>
> * As I wrote I have always used this method of not setting any password
> to the root account, and this is for quite many years now. My Linux path
> has gone via Ubuntu, well to be honest a couple of years after the
> Microsoft era I ran in Suse, but was not fully satisfied. And when
> Ubuntu and Canonical introduced Unity, I left that ship for Linux Mint
> Debian edition (LMDE) until I took the last(?) step into Debian a couple
> of years ago where the entrance point was jessie. The empty root
> password has always worked fine until now. Possibly Ubuntu has patched
> the sudologin but should LMDE? And jessie? I do not think so.
>
I didn't try this myself (didn't ever have to) but this might help for now:
https://unix.stackexchange.com/questions/205799/how-to-create-root-user-account-in-debian
>
> Hope someone can find something significant in this and give a hint on
> what to do.
I'd first try to go through the installation with the netinstall and without
reusing any home partition in a virtual machine. See if the problem is there
too.
If yes: place a bug-report.
If not: take a snapshot for later
put back the home partition, see if the problem is there or not.
If yes: restore the snapshot. And start putting back the config files for LMDE.
...
gradually testing out what can be reused and what not.
...
on second thought: I wouldn't invest the time ...
If the install in the virtual machine is doing allright, I'd just do the exact
same install on the real hardware and be happy.
Have a nice day
Eike
Reply to: