Arch/Manjaro Linux: Checking Installed P ...

Arch/Manjaro Linux: Checking Installed Package Integrity (πŸ”’ Checksums/File Changes)

Jan 09, 2022

(Posted first at main BMAC blog. Welcome to sign up for email of only most important articles. All articles/videos are searchable by topic, and organized into categories.)immagine

WHO THIS ARTICLE IS FOR? Anyone running an Arch based Linux system
(examples include: Arch (DanctNIX) for Pinephone (used here in screenshots), x86 Arch, Manjaro Linux, Artix Linux, Blackarch, EndeavourOS, ArcoLinux, Parabola, RebornOS)

WHY? Someone commented on the Pop!_OS video asking what they could do to check installed package checksums for Arch. Thank you.


A day or so ago I wrote a tutorial (with screenshots) continuing the Pop!_OS tutorial series. We covered sha1sum (show SHA1), sha256sum (show SHA2) and others in the same file output family of commands (these are found on all Linux systems).

TIP: If you come across other valid hashes such as MD5 or SHA512, you can at 'sum' to the end after the hash name (in all lowercase) to show the checksum hash output of the file (see the example below for md5 hashes).

root@debian-10:/home/user/Documents# md5sum test1
3e7705498e8be60520841409ebc69bc1 test1

See original tutorial here to learn how to compare individual file checksums on any Linux system (with additional tips for Debian or Pop!_OS/Ubuntu based Linux OS towards the end).


"Re-Hashing": WHY CHECKSUMS MATTER

I created a video beginning with the importance of why: how every single network you are a part of, is vulnerable to MITM (man in the middle attacks).

From your home WiFi, public WiFi, cellular provider, even your ISP (video covers example), all are vulnerable to MITM. It's one reason we use checksum hash checking to verify integrity. If you missed that video, catch it here.


Some commands the other day were Debian specific, and a commenter asked about Arch.

Today we will cover some quick Arch Linux (in my case, DanctNIX on Pinephone) commands of interest. Not only Arch, these commands will work on Artix, Manjaro. Any build from Arm devices to x86.

One command built into into Arch is pacman. Most are familiar with its use in package searching, and installation...

Did you know pacman can make checks for altered files/checksum comparisons for installed packages?

pacman -Qkk

immagine

immagine

Seeing the screenshots above we can utilize a few flags to automate analyzing installed packages, look for altered files, compare checksums.


Manual Pages: How It All Works

Q "flag":

immagine


kk "flag":

immagine

Reading the above manual pages, kk provides additional content on the file checks than does a single k.


See below for the comparison screenshot when only -Qk is used:

immagine A single k doesn't provide checksum information or missing files in all cases (see below -Qkk screenshot to compare, and try this one on your own system!)


'grepping' pacman -Qkk for efficiency:

immagine

In the above screenshot, we condense the output to only show what has been changed/modified from permissions to checksums.

Command used: pacman -Qkk | grep -v '0 altered files'

The pipe sends the output to be filtered by grep. And grep's -v disregards all lines with '0 altered files' (as we don't need to know about those).


Stat Command

You may be curious about the time period for access and modification of certain files (maybe you had more concerning results?). Having the exact time a file has last been accessed can be valuable when sifting/grepping through logs for malicious activity signs.

immagine

From here, you can investigate suspicious file changes in your Linux system, and explore other ways to check integrity. Looking forward to covering tips for this in future articles.

That's the end of my tip of the day.

Thanks for reading and don't forget to share with others who use Arch based Linux.


If you would like to show support work like this, options are listed below, and on Front Page


Thank You to everyone who takes the time to Share and/or Support my videos. As all my channels/pages are completely demonetized.

Thoughts, comments and any questions welcome below.

πŸ˜€ Thank you for Sharing this (Telegram/Social media + everywhere).

----------------------------------------------------------------------
πŸ§…πŸ” ANONYMOUS GITEA (.onion): Books, Code/Scripts, Wiki, more (make a repository)
πŸ§…πŸ” PASTEBIN (.onion): options- password protect, zk-256bit, "Burn After Reading" + more
----------------------------------------------------------------------
πŸ€— SUPPORT OPTIONS (If you like to):
πŸ’²CASHAPP
βœπŸ—’πŸŽž Politictech (BMAC Memberships (monthly supporter option)
🎁 EXTRAS: Unique extra Services (get something back for your support)
πŸ’³ Politictech Main Page: (info + current Crypto)
----------------------------------------------------------------------
FOLLOW:
βœπŸ—’MASTODON
🐦 TWITTER
🎞 PEERTUBE
🎞 BITCHUTE
🎞 ODYSEE
---------------------------------------------------------------------
βœ‰ CONTACT
-------------------------------------------------------------------------
THANK YOU for Sharing this, Liking, and Subscribing.
-------------------------------------------------------------------------
If you aren't registered for Odysee I'd love to see you over there.
Use my invite link: https://odysee.com/$invite/@RTP
--------------------------------------------------------------------------

Ti piace questo post?

Offri un caffΓ¨ a πŸ₯· (RTP) Privacy Tech Tips πŸ“‘

Altro da πŸ₯· (RTP) Privacy Tech Tips πŸ“‘