Linux

48033 readers

1596 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

StrongSwan detected on my Raspberry Pi without having installed it myself. (feddit.de)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

7 comments fedilink hide all child comments

I have just seen that StrongSwan is installed and the service is enabled on my Raspberry Pi. But I have never used Strongswan before. Is there any way to research when it was installed? I just use the Raspi for OMV 5 with Portainer and various Docker containers. Should I be concerned that the package is installed without my active action?

EDIT:

I did some further investigation and found this commands in my .bash_history. This was approximately one year ago. Maybe I wanted to test something that I cannot remember. But interesting that despite those apt purge commands strongswan was still installed and running.

sudo apt install strongswan
sudo apt install strongswan-pki
sudo apt install libstrongswan-extra-plugins
sudo apt purge strongswan
sudo apt purge strongswan-pki
sudo apt purge libstrongswan-extra-plugins

top 7 comments

sorted by: hot top controversial new old

[–] [email protected] 15 points 1 year ago

Check dependencies, it might have been installed that way.

[–] [email protected] 9 points 1 year ago

Might be used by network-manager to auto connect to VPNs, if you have something like that set up for untrusted networks? Other distros do something similar for OpenVPN, Wireguard and such.

Remove it and see what breaks?

[–] [email protected] 8 points 1 year ago (1 children)

Take your device offline, asap.

ls -l on the executables (you'll have to find them yourself) will give the last modified time.

If it's logging to the journal, you can grep through that and find the first time it logged.

If it truely is malicious, none of those will be trustworthy, as they can be changed by a malicious actor. If you can't work out where it's from, wipe and start over is probably the best bet.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

The strongswan installation itself doesn't seem to be malicous.

It looks like these packages were installed via the apt repositories: strongswan-starter
strongswan-libcharon
strongswan-charon
libstrongswan

[–] [email protected] 7 points 1 year ago

Check /var/log/dpkg.log. See when they were installed, probably alongside something you wanted.

[–] [email protected] 6 points 1 year ago

Regarding the edit:

As far as I know your bash just tells you the purge commands were run but not if they were successful.

It also seems like the first purge would have removed all strongswan* package anyway so it sounds likely that you attempted to purge strongswan and decided not to. Maybe seeing the things that would be broken at the time you decided to reduce the scope of the great purge of strongswan in 2022 :)

[–] [email protected] 2 points 1 year ago

Maybe OMV installs it by default?