www.aarnet.edu.au Centos5.3 mirror ISO corruption?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
www.aarnet.edu.au Centos5.3 mirror ISO corruption?
Dear Moderator
Could you please check this out and post in relevant forums.
A quick comparison will show a suspicious DVD .iso file dated 1st April 2009 on the aarnet.edu.au server. I downloaded but didn't open the file and trashed and deleted it immediately, so I don't know what the payload if any is. I did notice my modem disconnecting a few times, but that may have been my ISP. Chkrootkit and rkhunter are ok, this morning.
This is not a joke, just think people should be aware. I don't know if other servers for Centos mirrors have been affected or not. Could not find anything about this on centos.org or googling.
Interestingly AARNET took a long time to update whe n5.3 came out. I ended up using base URLs in yum since there was no sign that a 5.3 directory was being created. This was probably 6 hours post release. Maybe things just got screwed up.
I already have notified aarnet.edu.au, but maybe their webmaster isn't in today?, also centos.org and aussie.hq.centos.org. so get your facts right before you have another go at me!
As ISO D/L's have a SHA1 or MD5sum it would be easy to check if your DL was corrupted. Since you deleted the ISO you have no indication, and thus no reason, to shout wolf. Please don't tell us something is hacked unless you have some proof to show. If you have no means to check, then next time please use a less sensationalist thread title. LQ and the Linux Security forum will value quality of content over instant satisfaction or slashdotting any time. I'm gonna moderate this thread title to reflect the current situation. Thanks for understanding.
Last edited by unSpawn; 04-04-2009 at 04:03 AM.
Reason: clarity
I already have notified aarnet.edu.au, but maybe their webmaster isn't in today?, also centos.org and aussie.hq.centos.org. so get your facts right before you have another go at me!
I guess the suspicion was because of the differing iso sizes.
Exactly the reason for my response: next to fish vs fishing rod issues, in this forum we should always aim to provide clarity not FUD or guesstimations.
As ISO D/L's have a SHA1 or MD5sum it would be easy to check if your DL was corrupted. Since you deleted the ISO you have no indication, and thus no reason, to shout wolf. Please don't tell us something is hacked unless you have some proof to show. If you have no means to check, then next time please use a less sensationalist thread title. LQ and the Linux Security forum will value quality of content over instant satisfaction or slashdotting any time. I'm gonna moderate this thread title to reflect the current situation. Thanks for understanding.
My apologies if I was unclear, I thought pictures would explain the situation adequately. I don't have the luxury of a crash-test dummy machine at home. I was suspicious because of the similar sizes, except one was Mb and the other Gb, the date 1st April 2009, and because 37Mb was a bit small for a DVD iso. I thought I posted a ? on my title, implying that my statement was a question. I guess it was sensationalist, but I wanted to know if other people had more info about the situation, and I wanted to know urgently if they had been hacked or not. 'Hacking' or a 'joke' were the only terms I could think of at the time. I also just wanted to alert people to be wary until the matter was clarified.
[B]Some time later[/B] the web admin at aarnet.edu.au emailed me that it was just a failed download. I just thought it odd that they hadn't noticed the situation themselves and remedied it if that were the case, especially from an organisation like aarnet.edu.au.
Anyway the site is up again with an amended DVD iso.
I do appreciate your info on security issues. Guess I was just a bit paranoid this time.
I do appreciate your info on security issues. Guess I was just a bit paranoid this time.
No problem. I agree we should trust mirrors to be and keep up to date and check what they mirror. However that does not exempt individuals from checking their downloads themselves because they have the means to verify things are OK. It's a good thread in that I hope it will remind people to actually check things, communicate and investigate things. Thanks for the feedback.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.