[Arm-netbook] Mysteries of Lemote Yeeloong MIPS netbook

freebirds at fastmail.fm freebirds at fastmail.fm
Thu Oct 18 23:13:04 BST 2012


On Thu, Oct 18, 2012, at 01:40 AM, Gordan Bobic wrote:

> > Init: Enter runlevel 2
> > Starting OpenBSD secure shell server: sshd
> > So it's running sshd by default. Just about all UNIXes do. Expected, 
> normal, and nothing to worry about if you use reasonably secure 
> passwords. But there's nothing stopping you from disabling it (check the 
> documentation for your links distro on how).

Yeeloong has preinstalled a Chinese variant of Debian, not preinstalled
OpenBSD. Bizarre a Debian distribution would run an OpenBSD by default.
I am perplexed why an OpenBSD secure shell server and rsync remote
offsite backup would start at shutdown unless I am being cracked.  What
is stopping me from disabling the server and rsync is: (1) I don't know
how; and (2) I may not have the privilege.  

> > as root run etc/rc2.d/Sl9hpo2setup
> > No hpoj devices have been configured.
> 
> No idea what this is. HP OfficeJet something or other, maybe?

I think you are correct that hpoj refers to HP OfficeJet. This is
mentioned in the DMESG message. However, my printer is in storage. No
printer is connected.

> > Starting file alteration monitor: FAM
> 
> I'm guessing this is a security feature not dissimilar from tripwire.

FAM is not preinstalled in Debian. I didn't install it. Nor do I have
access to its logs. FAM is available for BSD.
http://sourceforge.net/projects/bsdfam/

Second POST message screen:
> >using debug method to see details of our search for an access method
> > SCPlugin -
> > stopping rsync daemon
> 
> This is the only thing that might be deemed a bit unusual for a default 
> setup. But if you had perps trying to spy on you I'm sure they wouldn't 
> set up rsync on your machine running as a normal startup scripted 
> daemon. They'd probably bury it into one of the other startup scripts 
> silently, which wouldn't produce any mentions of it during 
> startup/shutdown sequence.

If there were also revealing POST messages during shut down on my Asus
netbook and MSI netbook, I didn't know to read them. Or perhaps POST
messages on MIPS have fewer lines so I was able to quickly read some of
it. There are two POST messages at boot up but they flash so quickly, I
cannot read any of it. The POST messages at shut down flash too quickly
to take screenshots. Good idea to make a video. I do not know how to
make a video. 

I think they buried scripts and alternate OS to boot to in new
partitions and hidden partitions. The partitions on my Yeeloong are very
unusual. Screenshots of hda2, hda6 and home directory are attached.
System Settings > hardware info > disk info depicts six partitions.
However, df - h in the terminal and 
Konqueror depict four partitions. 

hda3 and hda4 are hidden partitions. hda3 is 268 MB. hda4 is 1 KB. 1 KG
is adequate for a rootkit. 

df -h detected shm which I don't think is typical in a debian
installation.  

There is a boot.cfg file in hda1 and a hidden boot.cfg in hda2. Whereas,
there should be just one boot.cfg and it should be in hda1.

hda2 has two unknown octet stream img items: OSFab-0426.img of 61 MB
size and OSFab-thirdpart-o426.img of 885 MB size. They both were
modified two days ago, but not by me. I cannot delete these two img
files. Error: "Access denied." I researched "OSFab" but no results.
These img files are not the recovery files. The recovery file is a mere
13.5 MB and is posted at
http://dev.lemote.com/files/resource/download/rescue/rescue-yl.

hda2 also has basesys-en-20091201.tar.gz. Size 840 MB. Basesystem
defines the components of a basic CentOS system (for example, the
package installation order to use during bootstrapping). Basesystem
should be the first package installed on a system, and it should never
be removed.
http://rpmfind.net/linux/rpm2html/search.php?query=basesystem.  OpenBSD
and FreeBSD also have basesystem.
http://forums.freebsd.org/showthread.php?t=26140 However, Debian was
preinstalled. I don't think Debian uses basesystem.

The two OSFab files total 946 GB, almost 1 GB. The basesys is 840 MB.
These three files in hda2 are huge considering the SSD is a mere 8 GB.
There was less than 1 GB of space to copy my personal files in the home
directory on the SSD.

hda6 has a locked lost+found folder a home directory folder. The home
director folder has much more than what a home directory normally has:
documents, music, video, pictures and downloads. Home directory folder
is 1 GB and has 8,040 files and 1,437 subfolders. It has numerous system
files.

hda1 is 67 MB. Has locked lost+found and boot.cfg for recovery.

hda2 partition is 2.1 GB. Has two hidden files: boot.cfg and cfg.txt. 
OSFab-0426.img
OSFab-thirdpart-0426.img
basesys-en-20091201.tar.gz gzipped tar archive 840 MB

hda3 missing info 268 MB
hda4 missing info 1 KB

hda5 is 4.3 GB. Root folder. 

hda6 is 1.4 GB. Has a locked lost+found folder and a Yee folder. .
Modified and accessed Oct 18, 2012. Yee folder has home directory,
unknown office.db file, 

System Settings > hardware info > disk info depicts six partitions:

hda1 67 MB
hda2 2 GB
hda3 268 MB
hda4 1 KB
hda5 4 GB
hda6 1 GB

yee at Loong:~$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda5             4.0G  2.5G  1.3G  67% /
tmpfs                 503M   16K  503M   1% /lib/init/rw
udev                  503M  912K  502M   1% /dev
tmpfs                 503M   16K  503M   1% /dev/shm
/dev/hda6             1.3G  1.1G  178M  86% /home
shm                   503M   96K  503M   1% /tmp
/dev/hda2             2.0G  1.9G   58M  97% /media/disk-1
/dev/hda1              63M  5.3M   54M   9% /media/disk-2





-- 
http://www.fastmail.fm - Send your email first class




More information about the arm-netbook mailing list