How to warn people that a repo has been hacked

rpm

The GetPageSpeed repo has been hacked. Anyone with the repo installed will have malicious code installed on their box by yum update, including the file /etc/cron.d/sysstat2. I've notified GetPageSpeed, but it is 1am their time.

How do I warn people about this repo? Is there some way to warn anyone with the file /etc/cron.d/sysstat2 on their system that they have been compromised?

Specifics at CentOS 7 hacked and How did installing this RPM create a file?

As of 6/25/19, the malicious packages have been removed from the repo and new ones published that remove the cron job they installed.

Best Answer

There's no way to warn anyone with that file.. sorry.

If you are trying to reach other users of that repository directly, I would suggest looking at their website and see where other users may be active; mailing list, Twitter, Facebook. In this particular instance they have Twitter, Facebook, and GitHub.

It's a shame this wasn't known sooner. He was just active 3 hours ago.

Related Solutions

RPM ignoring Requires version

Check what the symbols libclamav package provides with:

rpm -qp --provides ./libclamav-0.97.6-1.i386.rpm

and ensure there is no unversioned libclamav symbol. In my case this was the cause of a problem because unversioned symbols satisfies any versioned provides/conflicts stanzas.

Centos – Recover CentOS missing YUM and RPM

You could try to extract the following packages on another host:

http://mirror.mirohost.net/centos/5.9/updates/x86_64/RPMS/rpm-4.4.2.3-32.el5_9.x86_64.rpm http://mirror.mirohost.net/centos/5.9/updates/x86_64/RPMS/rpm-libs-4.4.2.3-32.el5_9.x86_64.rpm

and then just copy binary files with scp/wget/rsync. I have tried on vmware workstations and all works fine

# yum erase rpm
Loaded plugins: fastestmirror
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package rpm.x86_64 0:4.4.2.3-32.el5_9 set to be erased
--> Processing Dependency: rpm = 4.4.2.3-32.el5_9 for package: rpm-python
--> Processing Dependency: rpm = 4.4.2.3-32.el5_9 for package: rpm-libs
--> Processing Dependency: rpm for package: man
--> Processing Dependency: rpm = 4.4.2.3-32.el5_9 for package: rpm-build
--> Processing Dependency: rpm = 4.4.2.3-32.el5_9 for package: rpm-devel
--> Processing Dependency: rpm >= 4.4.2 for package: yum
--> Running transaction check
---> Package man.x86_64 0:1.6d-3.el5 set to be erased
--> Processing Dependency: man >= 1.6d-2 for package: man-pages-overrides
---> Package rpm-build.x86_64 0:4.4.2.3-32.el5_9 set to be erased
---> Package rpm-devel.x86_64 0:4.4.2.3-32.el5_9 set to be erased
--> Processing Dependency: rpm-devel for package: net-snmp-devel
---> Package rpm-libs.x86_64 0:4.4.2.3-32.el5_9 set to be erased
--> Processing Dependency: librpm-4.4.so()(64bit) for package: net-snmp
--> Processing Dependency: librpmio-4.4.so()(64bit) for package: net-snmp
---> Package rpm-python.x86_64 0:4.4.2.3-32.el5_9 set to be erased
--> Processing Dependency: rpm-python for package: system-config-network-tui
---> Package yum.noarch 0:3.2.22-40.el5.centos set to be erased
--> Processing Dependency: yum >= 3.2.22 for package: yum-updatesd
--> Processing Dependency: yum >= 3.0 for package: yum-fastestmirror
--> Running transaction check
---> Package man-pages-overrides.noarch 0:5.9.2-2.el5 set to be erased
---> Package net-snmp.x86_64 1:5.3.2.2-20.el5 set to be erased
---> Package net-snmp-devel.x86_64 1:5.3.2.2-20.el5 set to be erased
---> Package system-config-network-tui.noarch 0:1.3.99.21-1.el5 set to be erased
--> Processing Dependency: system-config-network-tui for package: firstboot-tui
---> Package yum-fastestmirror.noarch 0:1.1.16-21.el5.centos set to be erased
---> Package yum-updatesd.noarch 1:0.9-5.el5 set to be erased
--> Running transaction check
---> Package firstboot-tui.x86_64 0:1.4.27.9-1.el5.centos set to be erased
--> Processing Dependency: /usr/bin/man for package: redhat-lsb
--> Processing Dependency: /usr/bin/man for package: redhat-lsb
--> Processing Dependency: /bin/rpm for package: policycoreutils
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package policycoreutils.x86_64 0:1.33.12-14.8.el5_9 set to be erased
--> Processing Dependency: policycoreutils >= 1.33.12-14.5 for package: selinux-policy-targeted
--> Processing Dependency: policycoreutils for package: sudo
--> Processing Dependency: policycoreutils for package: sudo
--> Processing Dependency: policycoreutils >= 1.33.12-14.5 for package: selinux-policy
--> Processing Dependency: policycoreutils for package: setools
---> Package redhat-lsb.i386 0:4.0-2.1.4.el5 set to be erased
---> Package redhat-lsb.x86_64 0:4.0-2.1.4.el5 set to be erased
--> Running transaction check
---> Package selinux-policy.noarch 0:2.4.6-338.el5 set to be erased
---> Package selinux-policy-targeted.noarch 0:2.4.6-338.el5 set to be erased
---> Package setools.x86_64 0:3.0-3.el5 set to be erased
---> Package sudo.x86_64 0:1.7.2p1-22.el5_9.1 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                                      Arch                      Version                                    Repository                    Size
======================================================================================================================================================
Removing:
 rpm                                          x86_64                    4.4.2.3-32.el5_9                           installed                    3.6 M
Removing for dependencies:
 firstboot-tui                                x86_64                    1.4.27.9-1.el5.centos                      installed                    652 k
 man                                          x86_64                    1.6d-3.el5                                 installed                    354 k
 man-pages-overrides                          noarch                    5.9.2-2.el5                                installed                    181 k
 net-snmp                                     x86_64                    1:5.3.2.2-20.el5                           installed                    2.8 M
 net-snmp-devel                               x86_64                    1:5.3.2.2-20.el5                           installed                    8.0 M
 policycoreutils                              x86_64                    1.33.12-14.8.el5_9                         installed                    2.1 M
 redhat-lsb                                   i386                      4.0-2.1.4.el5                              installed                     21 k
 redhat-lsb                                   x86_64                    4.0-2.1.4.el5                              installed                     22 k
 rpm-build                                    x86_64                    4.4.2.3-32.el5_9                           installed                    1.5 M
 rpm-devel                                    x86_64                    4.4.2.3-32.el5_9                           installed                    4.1 M
 rpm-libs                                     x86_64                    4.4.2.3-32.el5_9                           installed                    2.0 M
 rpm-python                                   x86_64                    4.4.2.3-32.el5_9                           installed                    131 k
 selinux-policy                               noarch                    2.4.6-338.el5                              installed                    7.9 M
 selinux-policy-targeted                      noarch                    2.4.6-338.el5                              installed                     33 M
 setools                                      x86_64                    3.0-3.el5                                  installed                    3.3 M
 sudo                                         x86_64                    1.7.2p1-22.el5_9.1                         installed                    884 k
 system-config-network-tui                    noarch                    1.3.99.21-1.el5                            installed                    4.9 M
 yum                                          noarch                    3.2.22-40.el5.centos                       installed                    3.3 M
 yum-fastestmirror                            noarch                    1.1.16-21.el5.centos                       installed                     47 k
 yum-updatesd                                 noarch                    1:0.9-5.el5                                installed                     55 k

Transaction Summary
======================================================================================================================================================
Remove       21 Package(s)
Reinstall     0 Package(s)
Downgrade     0 Package(s)

Is this ok [y/N]: y

And then

# wget http://mirror.mirohost.net/centos/5.9/os/x86_64/CentOS/yum-3.2.22-40.el5.centos.noarch.rpm

# wget http://mirror.mirohost.net/centos/5.9/os/x86_64/CentOS/rpm-python-4.4.2.3-31.el5.x86_64.rpm

# wget http://mirror.mirohost.net/centos/5.9/os/x86_64/CentOS/yum-fastestmirror-1.1.16-21.el5.centos.noarch.rpm

# rpm -ivh --nodeps yum-3.2.22-40.el5.centos.noarch.rpm  rpm-python-4.4.2.3-31.el5.x86_64.rpm yum-fastestmirror-1.1.16-21.el5.centos.noarch.rpm
Preparing...                ########################################### [100%]
   1:rpm-python             ########################################### [ 33%]
   2:yum-fastestmirror      ########################################### [ 67%]
   3:yum                    ########################################### [100%]

Check that all works fine

# yum install mc
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.colocall.net
 * epel: ftp.colocall.net
 * extras: ftp.colocall.net
 * rpmforge: ftp.colocall.net
 * updates: centos.itt-consulting.com
base                                                                                                                           | 1.1 kB     00:00
epel                                                                                                                           | 3.6 kB     00:00
extras                                                                                                                         | 2.1 kB     00:00
rpmforge                                                                                                                       | 1.9 kB     00:00
updates                                                                                                                        | 1.9 kB     00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mc.x86_64 1:4.6.1a-35.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                        Arch                               Version                                     Repository                        Size
======================================================================================================================================================
Installing:
 mc                             x86_64                             1:4.6.1a-35.el5                             base                             2.1 M

Transaction Summary
======================================================================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 2.1 M
Is this ok [y/N]:
Downloading Packages:
mc-4.6.1a-35.el5.x86_64.rpm                                                                                                    | 2.1 MB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : mc                                                                                                                             1/1

Installed:
  mc.x86_64 1:4.6.1a-35.el5

Complete!

P.S After that don't forget to reinstall rpm via yum ;)

# yum install rpm

Best Answer

Related Solutions

RPM ignoring Requires version

Centos – Recover CentOS missing YUM and RPM

Related Topic