LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-01-2020, 10:33 PM   #1
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Rep: Reputation: Disabled
Can malware get on a livedvd?


I have an infected computer where many personal files and usb flash drives were corrupted.


I bought a livedvd for Debian9 and put it into my infected computer many times.
Is there any risk of putting it into a new computer? I've been told there is zero chance it can infect the new computer b/c the disk is READ-ONLY (unless the people who made the livedvd put malware on it).


I've heard the same thing is true for store bought 'music dvds' and 'movies'.


thanks

Last edited by duupunisher2x; 09-01-2020 at 11:02 PM.
 
Old 09-01-2020, 11:02 PM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,258

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
If it's a regular CDROM or DVDROM, it can't be overwritten after its creation.

Even if it's in a format that permits overwriting, Debian should publish a checksum that permits you to exclude tampering. Checksums for ISO files are indeed published, but I need to leave it to you to find a checksum for your live CD.
 
1 members found this post helpful.
Old 09-02-2020, 01:00 AM   #3
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,489

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
read only means it was created somehow and the content cannot be altered. You can only destroy (make them unreadable) such DVDs.
 
1 members found this post helpful.
Old 09-02-2020, 01:20 AM   #4
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
If it were an .iso image, i would do "sha256sum xyz.iso".

But since it is a dvd, I went to the dvd directory, opened terminal, and typed "sha256sum". It seems like it is running the command, but not sure if this is correct as it is taking a very long time to run. Maybe it is supposed to, don't really know.

Should it be a different command? I have the dvd in the dvd player while using a different OS other than the livedvd so I can check the dvd.
 
Old 09-02-2020, 01:25 AM   #5
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,258

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
sha256sum waits for input.

I suggest you get in touch with the seller of your CDs or DVDs.
 
1 members found this post helpful.
Old 09-02-2020, 02:12 AM   #6
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
I found something like this on the web:

Code:
"sha256sum /dev/cdrom"
It seemed to work. The dvd was accessed, ran for about 5 minutes and printed out a long number!

Now I need to find the 'default' checksum online.
 
Old 09-02-2020, 02:27 AM   #7
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
Can someone help me interpret exactly how to use the following? I put it into the terminal just to see what would happen and got the message: "no such file/directory".

Code:
Alternatively, there is a useful helper script called check_debian_iso which can verify ISO image files and optical media, reading the appropriate amount of bytes from media then computing the checksum and comparing it against the checksum file.

ISO image file verification. This will compare the checksum of the debian-6.0.3-amd64-netinst.iso image file against the corresponding checksum found in the SHA512SUMS checksum file.
$ ./check_debian_iso SHA512SUMS debian-6.0.3-amd64-netinst.iso
Optical media verification. This will compare the checksum of the media accessible as /dev/dvd against the checksum of debian-6.0.3-amd64-DVD-1.iso as found in the SHA512SUMS checksum file. Note that the ISO image file itself is not needed, its name is merely used to locate the corresponding checksum in the checksum file.
$ ./check_debian_iso SHA512SUMS debian-6.0.3-amd64-DVD-1.iso /dev/dvd

SOURCE:
Code:
https://www.debian.org/CD/faq/#verify
My particular dvd is:
Code:
"9.4.0 gn amd64"

thanks

Last edited by duupunisher2x; 09-02-2020 at 02:29 AM.
 
Old 09-02-2020, 02:49 AM   #8
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
Right above that, I found the following:

Code:
The problem with the verification of written optical media is that some media types will possibly return more bytes than those found in the ISO image. This trailing garbage is impossible to avoid with CD written in TAO mode, incrementally recorded DVD-R[W], formatted DVD-RW, DVD+RW, BD-RE, and also with USB keys. Therefore, we need to read exactly the same number of sectors of data from the media as are found in the ISO image itself; reading any more bytes from the media will alter the checksum result.

The isosize program can be used to find out the appropriate amount of bytes to be read from the optical media. It shows the sector count and the sector size from the optical media, where <device> is the device file of the loaded optical media.
$ /sbin/isosize -x <device>
sector count: 25600, sector size: 2048
Then sector count and sector size are passed to dd to read the appropriate amount of bytes from the optical media and the byte stream is then piped to the appropriate checksum tool (sha512sum, sha256sum, etc).
$ dd if=<device> count=<sector count> bs=<sector size> | sha512sum
The computed checksum is to be compared against the corresponding checksum found in the appropriate checksum file (SHA512SUMS, SHA256SUMS, etc).
I did the calculation as written above and got 2 exact checksum file numbers.

I'm assuming I still have to take this number and compare it with a checksum value online.
 
Old 09-02-2020, 02:58 AM   #9
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,489

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
https://cdimage.debian.org/mirror/cdimage/archive/
here you can find the official images, just you need to know the correct version.
 
1 members found this post helpful.
Old 09-02-2020, 03:00 AM   #10
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
WISHFUL THINKING: Is there a page online that lists the checksum values for each distro (checksum for Debian 9.4.0 amd64)?

I found the following. Is this supposed to guide me towards finding the checksum value for my livedvd?

Code:
Debian Public Key Server
This public key server provides simple HKP lookup and add requests for Debian developer and maintainer public keys.

The server may be accessed with gpg by using the --keyserver option in combination with either of the --recv-keys or --send-keys actions.

Please note that this server is meant only for basic key retreive/update operation, and does not implement search functionality. To search for a specific Debian Developer, use the Developer LDAP Search interface.

Only keys in the Debian keyrings (ie those for DDs and DMs) will be returned by this server and only pre-existing keys will be updated, although a copy of all updates will be forwarded to the keyserver network.

You can use the keyring server for the following purposes:

Fetch a key
Once you know the key's ID, just ask the server for it:
$ gpg --keyserver keyring.debian.org --recv-keys 0x673A03E4C1DB921F
Debian keys may also be retrieved by using the form at db.debian.org or:
finger user@db.debian.org
 
Old 09-02-2020, 03:02 AM   #11
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
Thanks pan64. I got to here and got stuck...

Code:
https://cdimage.debian.org/mirror/cdimage/archive/9.4.0/amd64/
UPDATE:
I checked all of them EXCEPT for the ".GZ" files.

I did NOT find a matching checksum #.

2ND UPDATE:

I wasn't checking "LIVE", I was checking the wrong one.
Upon checking the correct one, I found my matching checksum!!!

Last edited by duupunisher2x; 09-02-2020 at 03:20 AM.
 
Old 09-02-2020, 03:21 AM   #12
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,258

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
Quote:
Originally Posted by duupunisher2x View Post
WISHFUL THINKING: Is there a page online that lists the checksum values for each distro (checksum for Debian 9.4.0 amd64)?
If you think that you found a gap, fill it!
Quote:
I found the following. Is this supposed to guide me towards finding the checksum value for my livedvd?

Code:
Debian Public Key Server
...
$ gpg --keyserver keyring.debian.org --recv-keys 0x673A03E4C1DB921F
Debian keys may also be retrieved by using the form at db.debian.org or:
finger user@db.debian.org
This is something else, though the purpose is similar. GPG keys are used do digitally sign Debian repositories so that you know you are installing legitimate software. They have nothing to do with ISO file checksums, though.
 
1 members found this post helpful.
Old 09-02-2020, 03:22 AM   #13
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,258

Rep: Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979Reputation: 1979
Quote:
Originally Posted by duupunisher2x View Post
2ND UPDATE:

I wasn't checking "LIVE", I was checking the wrong one.
Upon checking the correct one, I found my matching checksum!!!
I admire your persistence. Congratulations!
 
1 members found this post helpful.
Old 09-02-2020, 03:24 AM   #14
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,489

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
https://cdimage.debian.org/mirror/cd...dvd/SHA256SUMS
but you need to check if your DVD was really debian-9.4.0-amd64-DVD-1.iso. As it was mentioned the seller may have additional info.
Or you can try to download a new image and create a new dvd.
(sorry late)
 
Old 09-02-2020, 04:32 AM   #15
duupunisher2x
Member
 
Registered: Aug 2020
Posts: 88

Original Poster
Rep: Reputation: Disabled
Thanks BDB!! You got me started down the path!

PAN64 - would you happen to have a url for Linux Mint?


NOTE:
I am not getting the correct checksum for one of the cd's I checked. I seem to have the correct version and I checked it using the 'sector size and sector count' formula, but I don't get the correct checksum. I'm hoping there is a mistake. It is 9.4.0 amd64 like the other ones I checked.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can malware on comp get onto mounted read-only media when using livedvd? duupunisher2x Linux - Newbie 8 08-24-2020 09:25 AM
[SOLVED] Facing issue with 'jQuery Malware' and 'JS Malware' virus attack taru.tarak Linux - Security 2 11-09-2017 11:18 PM
[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 22 08-17-2008 01:05 PM
May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 1 06-12-2008 05:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration