Ubuntu: What are the best practices to secure a local Ubuntu mirror and prevent it from syncing malicious packages?



Question:

Background-

We inherited 2 local servers at our firm which mirror the official Canonical Ubuntu repositories for select distro versions using apt-mirror. The servers are supposed to sync nightly, although originally only SERVER1 was pointed to the official Canonical mirror, while SERVER2 mirrored trusty and precise from SERVER1. This week we decided to point SERVER2 to the official Canonical servers and finally start mirroring xenial. While apt-mirror was syncing xenial our security team detected malicious packages (hashes below) and we aborted the synchronization. Now my manager would like to ensure we have taken steps to prevent downloading the culprit packages (file hashes below) to our mirrors. Although I agree with her reasoning I am at a loss as to what can be done to prevent this in the future, and a bit confused as to why SERVER1 syncs has not been flagged despite mirroring xenial since August 2016 with an almost identical configuration to SERVER2.

Questions-

What are some ways I can verify whether these are legitimately malicious or just false positives? Are there any trusted online sources which keep track of flagged packages that I can reference?

Is there anything else I can do to verify/prevent that we are not pulling down malicious content?

Since I did not configure these servers originally it’s possible that I am missing something here, please let me know if there’s any other info I should add to the post.

Malicious file hashes

93a8f31b06c4a7f04e6f9b69f8d7357ba750819e6348177536b23255616e8937 sup-mail_0.12.1 git20120407.aaa852f.orig.tar[.]gz  7bb478a4f9512e1dfe77c658f0410d62d9af91cedc35ee7aaaff6bc9a56d7f85 pymilter_0.9.5.orig.tar[.]gz  e2f29a94e4b3fb17e4c0d1f03f5733d0e944211bfbf9a9e52d5214e51da196d7 pymilter-milters_0.8.13.orig.tar[.]gz  9fcb05a0951527c7b33aeb20735747f84bca88a4e122c93537120d1014f650e9 dbacl_1.12.orig.tar[.]gz   c09620afb90dcb1055b7c23dad622994e9bf455afe7e5683eca987a20e1dbbcb sup-mail_0.22.1.orig.tar[.]gz  c9f2c8327d0e8dd28058f148c663a62d7eda72f06c56e4dda128fca847b8327f sup-mail_0.12.1 git20120407.aaa852f.orig.tar[.]gz  

SERVER1 Xenial mirror list config:

#amd64 mirrors for xenial  deb http://archive.ubuntu.com/ubuntu xenial main restricted universe   multiverse  deb http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-proposed main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse  deb http://archive.canonical.com xenial partner  deb http://archive.ubuntu.com/ubuntu xenial main/debian-installer restricted/debian-installer  deb http://archive.ubuntu.com/ubuntu xenial-updates main/debian-installer restricted/debian-installer  deb http://archive.ubuntu.com/ubuntu xenial-proposed main/debian-installer restricted/debian-installer  deb http://archive.ubuntu.com/ubuntu xenial-security main/debian-installer restricted/debian-installer  deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main  

SERVER2 Xenial mirror list config:

#amd64 mirrors for xenial  deb http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-proposed main restricted universe multiverse  deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse  deb http://security.ubuntu.com/ubuntu xenial main restricted universe multiverse  deb http://archive.canonical.com/ xenial partner  deb http://archive.ubuntu.com/ubuntu xenial main/debian-installer restricted/debian-installer  

Please let me know if there is any additional info I could provide to better answer this question. Thanks in advance!


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »