Score:3

Ubuntu

Can my Ubuntu 22.04 LTS be compromised?

Stephanie De Jager

10/28/23, 12:25 PM

I installed Ubuntu for the first time 27 Aug this year. Some packages installed shows 27 Aug, whereas others show 9 Aug. If I check these folders/files it shows created 27 Aug and modified 9 Aug. Also have a lot of Ubuntu updates in the Software Updater and it also gave me a notification to update my laptop’s firmware in Ubuntu Software program.

I checked etc/apt/trusted.gpg.d and these files also have weird dates - created on 27 Aug and Modified 27 Mar 2021.

Every time I restart my laptop it also downloads linux packages.

I think I might just download new and install new Ubuntu, but would just like to know if this is normal as it’s the first time using Ubuntu.

Screenshots of software updater

enter image description here

Image below shows directory created on date installed and modified on earlier date

From terminal zgrep ‘install’

Linux modules installed with every restart that didn’t happen before 17 Sep

795

1 + 5

updates

update-manager

lts

22.04

David

10/28/23, 12:32 PM

Anything is possible. If you think you have a virus download a Ubuntu compatible virus checker and run that. If you are asking if an update through official channel is infected, not when it was installed. There can be updates everyday but since you have not said what the updates are no clue. Are you sure you are not mixing installed and created dates? What is the tag gnupg? Are you sure it was not updating the OS firmware?

Artur Meinild

10/28/23, 12:36 PM

Everything can be compromised. However, you can't speculate in which dates stuff was updated - the system takes care of this. And yes, there are weekly (and sometimes even daily) security updates - which should indicate that security is taken rather seriously with Ubuntu and Linux in general.

raj

10/28/23, 1:31 PM

For me it looks like something is broken with apt package database on your system, but it's hard to tell what. Doesn't look as malware infection however.

raj

10/28/23, 1:42 PM

@ArturMeinild Software updater lists a lot of updates, but also says that "You may not be able to check for updates or download new updates" (see the bottom of the screen). This is what looks broken for me. There are updates, but you can't download them?

Stephanie De Jager

10/28/23, 1:47 PM

@raj someone was working on our internet while that was showing. It’s not showing anymore. Thanks

Score:6

Ubuntu

user535733

10/28/23, 1:34 PM

Everything shown and described seems normal to me. Unlikely to be a compromised system.

Packages showing file-creation dates before your install dates are normal. Those packages were indeed built earlier, and added to the installer image.

When crooks compromise a system, they try to make their work undetectable. If malware could easily be detected by checking file-creation dates, there would not be any malware.

Security experts would start by looking at:

CPU and GPU activity. The most common current (known) malware are cryptominers.
The network input/output (not file-creation dates) to see if the system is exchanging traffic with nefarious botnet controllers.
Open ports by unexpected services.

...and even after those inspections, some forms of malware can be undetectable.

Folks interested in learning more about security, and who can understand rapidly-spoken english, should listen to an episode or two of the Ubuntu Security Podcast for a good introduction and overview of the topic.

+ 3

Stephanie De Jager

10/28/23, 1:46 PM

thank you. I’ll definitely listen to the podcast as I am very interested to know more. What can cause the automatic installations of linux modules with every restart of the system?

user535733

10/28/23, 1:53 PM

That also looks normal. The version numbers are incrementing each time, and those do correspond to kernel updates, which do indeed happen several times each month. Each event in your log is a newly-updated kernel package. And, yes, a set of five packages for each date is also normal for many users.

Stephanie De Jager

10/29/23, 5:30 AM

Oky, thank you for the reassurance.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can my Ubuntu 22.04 LTS be compromised?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.