Arch Linux

polson136

Member

Registered: 2012-03-03

Posts: 39

Detecting security problems in Arch

I have been using arch on two machines for some time. I recently found out from my bank that, my online account has been suspended because it was accessed by a known fraudulent device, and that I need to change my email password and run a virus scan on all of my computers. I would think that it is more likely that my email account has been hacked than my computer itself, but I still want to check.

What would be the best way to either verify that my computer is clean or find an infection if there is one?

I will, of course, pay more attention to security from now on.

bleach

Member

Registered: 2013-07-26

Posts: 264

Re: Detecting security problems in Arch

thats bad news I would contact my bank directly and make sure of all issues even in person or a known direct line.
Edit: dont use any links, and check the address of the email and report/spam it if neccissary.

there are false positive to such checks as well check the device and how you connect to what they have.

I dont see how this applies to any os directly though. there could be a lot of ways this could happen what do you know?

Last edited by bleach (2015-06-09 01:19:22)

polson136

Member

Registered: 2012-03-03

Posts: 39

Re: Detecting security problems in Arch

There was no email. Online there was no information regarding the problem, just that there was one. All of the information I got was over the phone, after verifying my identity, talking to several different people in order to try to get more information, but they all read it off of the same screen.

My interpretion is that someone got login information, and they think that that person may have gotten it by infecting my computer through a keylogger or something, or somehow through my email (I don't know how that's even possible), although I have no way of knowing since they won't give me any useful information.

It could be a false positive, but I, for one, want to make sure, but I don't know how to do that, not specifically anyway.

bleach

Member

Registered: 2013-07-26

Posts: 264

Re: Detecting security problems in Arch

I would keep an eye on my account in that situation and change the password and be carfull of email. emails from banks are always just info(there is no go here do this or anything) for security remember that. it sounds like a false positive to me but you would know better and your bank can only give some info also if woried to much change your email. keylogger? unless its hardware check outgoing connections but dought it on both fronts then again I dont know your "absolute" situation.

polson136

Member

Registered: 2012-03-03

Posts: 39

Re: Detecting security problems in Arch

No, you don't understand. There was no email. When I went to log into the web site, it told me my account was locked! I thank you for your advice for avoiding phishing scams. It is very good advice that not enough people follow, but not relevant to the situation.

All of that aside, even if this is a false alarm, I still want to make my computer more secure, both by checking to make more difficult to compromise in the future (there is a lot of very practical advice that I intend to follow in the near future on the Arch wiki), and making sure that it hasn't already been compromised, which given my circumstances is a real possibility (there is not a whole lot of information about this on the wiki. This is what I want help with, since if the intruder is already here, it doesn't matter how much I bolster defenses.)

esa

Member

Registered: 2011-12-29

Posts: 143

Website

Re: Detecting security problems in Arch

Have you made sure that email itself isnt a fraud?
I've been recieving such emails like a dozen times a month - all fraud attempts.

Just saying, never click on url provided in emails!

EDIT:
Doh, should read all before posting.. sorry.

EDIT2:
One option would be to check all services running, and make a list of services you dont know or cannot identify.

EDIT3:
Another option for this warning could be if you're using a laptop, and your last connection was made from a place you're usualy not connecting to your bank.
They loged the IP and figured its not the same range as usualy - giving you that warning.

Last edited by esa (2015-06-09 10:16:27)

---

Author of: TUI (Text User Interface for scripts), VHS (Video Handler Script, using ffmpeg) and YASSI (Yet Another Simple Script Installer)

polson136

Member

Registered: 2012-03-03

Posts: 39

Re: Detecting security problems in Arch

So, if someone could, you know, actually address the question I'm asking, that would be great... (to be fair, the service answer is slightly helpful, but definitely not complete)

Spider.007

Member

Registered: 2004-06-20

Posts: 1,175

Re: Detecting security problems in Arch

You can use `pacman -Qkk` to verify installed packages. It will have a few false positives for permissions but that's okay. You could also try installing rkhunter. if you didn't install any software other then through pacman that should be enough

Lone_Wolf

Forum Moderator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 11,938

Re: Detecting security problems in Arch

try this :

Boot from an arch install iso
setup networking & set a mirror for pacman

use pacman to install rkhunter & clamav to the install environment & run them

Ofcourse you could also use a live distro like knoppix for this.

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)