u/TilapiaTango
Horse Manager on Duty
Finley, doing good work just being a good girl and making sure waffle doesn’t wander anywhere..
AUR Malware Check - Start with your actual exposure
If you haven't seen the AUR package malware running amok, then it's a good idea to start here with the official Arch AUR Report Thread being maintained. Someone compiled the thread reports into a checklist script. I just saved that as aur_check.md and saved it to Downloads because I'm lazy.
You may or may not be impacted, and if you're new(er) to Cachy and linux in general, don't freak out just yet because it's quite simple to find out if you're even impacted or not.
There's some scripts circulating around that run pacman -Qi on every one of the 400+ infected packages. This is helpful, however, running these is essentially running 400+ unnecessary checks if you don't have any of the infected packages installed - so don't just blindly run these ( unless you want to, they're actually good learning ).
Instead, start with your foreign package list - that's your actual attack surface on your machine(s).
NOTE: I'm no expert, just a hobbyist but run only arch and cachy. This is just my process - you have your own risk threshold and should follow that. I just hope this helps a little, but if anyone sees anything awful in the following please let us all know in the comments!
Step 1: See if you're exposed
pacman -Qm
This lists every AUR/foreign package you have installed. It's probably less than 20 packages for you. If none of them look familiar from the infected list, you're likely fine already.
Step 2: Check install history (catches packages you've already removed)
What this does is checks your system against what you've got in that aur_check file you just saved somewhere. If yours is named something different or lives somewhere else, you need to replace ~/Downloads/aur_check.md with whatever you've got.
Do this in bash, not in fish btw
grep -oP "installed \K[a-z0-9@._+-]+" /var/log/pacman.log | sort -u > /tmp/ever-installed.txt
sed -n '/^INFECTED_PKGS=(/,/^)/p' ~/Downloads/aur_check.md | grep -v 'INFECTED_PKGS\|^)' | tr -d ' "' > /tmp/infected.txt
grep -Fxf /tmp/infected.txt /tmp/ever-installed.txt
If you get zilch, you're clean and never touched any of them, including packages you already removed.
Step 3: Verify your kernel if you're on CachyOS
pacman -Qi linux-cachyos | grep Packager
Should say CachyOS <admin@cachyos.org> - not "Unknown Packager." The infected list includes AUR impostors mimicking CachyOS kernel package names I noticed, which is genuinely helpful from this thread from u/friendlyreminder_
https://www.reddit.com/r/cachyos/comments/1u3lqes/aur_has_been_hit_by_a_malware_campaign/
Step 4: Do some cleaning
rm /tmp/infected.txt /tmp/ever-installed.txt
Helpful while this incident is still active:
- The official thread is still open and the list is still growing: aur-general mailing list
- Hold AUR rebuilds for a few days - official repo updates are fine. Step 3 is just about past exposure, so if something fishy is in there, it's not from the official updates
- Re-check every few days once the list stabilizes
- If you get a hit: don't just remove the package. Check for persistence (
systemctl list-unit-files --state=enabled), check your shell rc files, and consider rotating credentials if you need to. But that stuff is beyond this thread here and you should consult legitimate Linux guys and documentation
The other methods I have seen are fine and read-only - this is just a faster starting point for the majority of users who have minimal AUR footprints, like me.
Stay safe compadres!
Fruit and Cheese Bowl
A favorite of mine.
- Avocado
- strawberries
- blackberries
- cottage cheese
- everything bagel seasoning
Simple and fast and fills you up
Tomato + Micro Green Scramble
- maters
- micro greens
- truffle olive oil
Requesting help for mother's Day kindle replacement
My wife has a Kindle from 2019 and uses it every single day. It's the 10th gen kindle basic.
Is there any benefit to buying her a new Kindle to replace this one? And if so, what model should I look at? She reads primarily in bed and on flights and only reads her books - she would not be doing any work or anything like that.
Thank you everyone in advance!
Haven’t seen this before but it’s a great, spicy / almost brown mustard!