It is interesting to run a small security test with program arch-audit
(package arch-audit) on a system.
More info: https://security.archlinux.org
This is what I found on a test system:
$ arch-audit
nim is affected by multiple issues. High risk!
opera is affected by multiple issues. High risk!
aspell is affected by arbitrary code execution. Medium risk!
binutils is affected by multiple issues, arbitrary code execution. Medium risk!
cpio is affected by arbitrary command execution. Medium risk!
flac is affected by information disclosure. Medium risk!
giflib is affected by information disclosure. Medium risk!
glibc is affected by multiple issues. Medium risk!
intel-ucode is affected by information disclosure. Medium risk!
krb5 is affected by denial of service. Medium risk!
libarchive is affected by arbitrary code execution. Medium risk!
libde265 is affected by multiple issues. Medium risk!
libheif is affected by information disclosure. Medium risk!
libsndfile is affected by arbitrary code execution. Medium risk!
linux is affected by multiple issues, insufficient validation. Medium risk!
linux-lts is affected by multiple issues. Medium risk!
mkinitcpio-busybox is affected by multiple issues. Medium risk!
ncurses is affected by arbitrary code execution. Medium risk!
openjpeg2 is affected by multiple issues. Medium risk!
perl is affected by directory traversal. Medium risk!
python-pip is affected by silent downgrade. Medium risk!
qemu is affected by multiple issues. Medium risk!
rsync is affected by arbitrary command execution. Medium risk!
speex is affected by multiple issues. Medium risk!
squashfs-tools is affected by directory traversal. Medium risk!
wget is affected by information disclosure. Medium risk!
wpa_supplicant is affected by multiple issues. Medium risk!
xdg-utils is affected by information disclosure. Medium risk!
avahi is affected by denial of service. Low risk!
imagemagick is affected by denial of service. Low risk!
lua is affected by denial of service. Low risk!
lua52 is affected by denial of service. Low risk!
lua53 is affected by denial of service. Low risk!
mp3splt is affected by denial of service. Low risk!
openssh is affected by information disclosure. Low risk!
p7zip is affected by denial of service. Low risk!
vim is affected by arbitrary code execution. Low risk!
jdk8-openjdk is affected by multiple issues. High risk!
jre8-openjdk-headless is affected by multiple issues. High risk!
openssl-1.0 is affected by multiple issues. High risk!
binutils is affected by multiple issues, arbitrary code execution. Medium risk!
cpio is affected by arbitrary command execution. Medium risk!
flac is affected by information disclosure. Medium risk!
giflib is affected by information disclosure. Medium risk!
glibc is affected by multiple issues. Medium risk!
intel-ucode is affected by information disclosure. Medium risk!
krb5 is affected by denial of service. Medium risk!
libarchive is affected by arbitrary code execution. Medium risk!
libde265 is affected by multiple issues. Medium risk!
libgrss is affected by man-in-the-middle. Medium risk!
libheif is affected by information disclosure. Medium risk!
libsndfile is affected by arbitrary code execution. Medium risk!
linux is affected by multiple issues, insufficient validation, multiple issues. Medium risk! Update to at least 5.15.5.arch1-1!
linux-lts is affected by multiple issues, arbitrary code execution. Medium risk! Update to at least 5.10.82-1!
mkinitcpio-busybox is affected by multiple issues. Medium risk!
ncurses is affected by arbitrary code execution. Medium risk!
openjpeg2 is affected by multiple issues. Medium risk!
openvpn is affected by information disclosure. Medium risk!
perl is affected by directory traversal. Medium risk!
python-pip is affected by silent downgrade. Medium risk!
qemu is affected by multiple issues. Medium risk!
ruby is affected by multiple issues. Medium risk!
speex is affected by multiple issues. Medium risk!
squashfs-tools is affected by directory traversal. Medium risk!
wget is affected by information disclosure. Medium risk!
wpa_supplicant is affected by multiple issues. Medium risk!
xdg-utils is affected by information disclosure. Medium risk!
audacity is affected by information disclosure. Low risk!
avahi is affected by denial of service. Low risk!
imagemagick is affected by denial of service. Low risk!
lua is affected by denial of service. Low risk!
lua52 is affected by denial of service. Low risk!
lua53 is affected by denial of service. Low risk!
openssh is affected by information disclosure. Low risk!
sqlite is affected by denial of service. Low risk! Update to at least 3.37.0-1!
vim is affected by arbitrary code execution. Low risk!
Few days ago I installed endevouros gnome edition, I really liked it, gnome with some extensions was very nice, only thing was that i cannot suspend my laptop but I was in the search for a solution, but I ended up formatting because, the second day I was using it cause i cuold not suspend I left my laptop with the display off all the afternoon while I was out doing my busines, when i come back home I start to using the pc and all the time I was searcing on google the page ask me to solve the image thing and ask if I was a robot…
I installed nicotine+ telegram desktop…I don’t know wich software or simply a a script on the web expose my IP so someone exploit my machine and used for something I don’t know…it never asked me to solve the robot thing…
I formatted and changed os…I don’t feel secure
then I was googling endevouros privacy problem and here I’m, i didn’t know of the audit software
note
I’m not secure 100% my machine was hacked but the capcha ask if i was a robot was i sign that someone or some script used my connection in not conventional way
I’m not quite sure what to make of this. What site did ask you if you are a robot? How did you install nicotine? It’s normal to sometimes not get a captcha. If the site knows you aren’t a robot, some will not ask again.
The audit software also wouldn’t have helped you in this case.
google ask me if i was a robot, the search page of google, it never happen to me, i jumped lot of distros and mac an win, with this connection never happen…
i mention those apps because are the only ones that in some way make my ip visible (i think telegram don’t doit)
but i don’t think is even nicotine, because i used it on ubuntu and never had problem.
to install i used yay
with the audit software, if I knew that command, i cuold scan my system and see if something is high risk
I think you put too much value into arch-audit. It just gets its info from this page. Those issues may make your system vulnerable, but many things you use in your daily computing with Linux have some flaw, but won’t make you less safe in your daily use.
So arch-audit just gives you an idea of what may be problematic. For example, right now glibc is out of date for many months and has some vulnerabilities that need to get patched out. It’s a fundamental package on your system, but it most likely won’t cause you any trouble (security wise).
Also nicotine doesn’t have any problems listed on that page. arch-audit is not a way to check if your system is compromised, so it should not be used for that purpose.
Also to address the things you said before you edit your post, EOS is pretty much arch Linux. If you think EOS is not safe, then you think arch is not safe. Also the problems that for example glibc has were also not fixed in other distros until recently. Keep in mind that if you are surfing the internet, no matter the OS, the website usually knows what browser and OS you are using. Also it most likely will know your IP, unless you use a VPN.
I think you have a fundamentally wrong idea of what makes a system safe and secure to use and how to actually judge your system. No system is 100% save and there will never be one that is 100% safe, no matter the OS.
I0F appreciate your answer, very much, and the time to give me feedback
You are right, no OS is secure 100%
the thing that google ask me if i’m a robot make ring a bell because you got this when for example you use tor browser and for right reasons, because lot of people with bad intention use the same ip and then google flag all the connection come from that ip as suspicus…
seems like google think my ip was suspiciuos as well, my pc was under ubuntu osx win and never happen, than i installed endos and happen.
I know endos is almost 100% arch, but the few percentage of the other package are well managed?
the thing happen very fast, and i’m not a server, this make me think that ther is a corrupted package that signal that i use endevour and I’m ready to be hacked.
Thats are speculations, it might be a disfunctioning package that start to sending query.
The cause can be investigate by audit the system, but i have no time to do it.
this can be a false positive, but if other user encounter this thing mean that something is wrong, if this happen only to me from now on, the answer is that isn’t an endevour problem but mine.
As you said, those are speculations. Pretty far fetched speculations. I have nothing else to add here, because there simply is nothing to base your speculations on or somehow help you with anything involved. But do note(!), that arch-audit and the possible issues on the linked page won’t help you in any way with the problem you had. You will not be able to somehow link any suspicious behavior towards any of the listed issues. The cause needs to be investigated with your browsing habit and what the browser is doing. That would be the first step.
It might be just a false positive,
for sure endevouros is my favorite distro, the installation was smooth, the kde and gnome are great (the 2 i installed), i really like it.
I will reinstall as soon as i can.
thx
This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.
This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more
Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very quickly.
This simply shows already after you go to change your search language… and could have more false than positive reasons… may simply because browser has Archlinux as Distribution ID: about:support in firefox show you some info that the browser shares with webclients.
In this case I would be more concerned about what information google is asking/storing to show the capture
using it for some time now
