Is it possible to check the authenticity of a Linux distro once this is installed ?
(In the case where the ISO image wasn’t checked before installation) Thanks,
which distro?
you cant really do that considering how the filesystems on Linux works.
If you need to verify, best you verify the hash of the ISO.
Debian 12 stable
I no longer have the bootable USB stick
Forgive me for prying, but from where does your concern come from?
Like did you just happen to be handed a USB by a rando or did you buy a preloaded USB from ebay?
The way linux distributions are forked, it’s kinda hard to imagine someone would bother to make a fake distro. If you’re worried about having a compromised distro I’d just download a new debian ISO, check it’s hash, then install it over your current distro if possible. If you’re feeling paranoid and your distro isn’t already encrypted, encrypt your data then install debian over that to make sure the data that’s currently on you disc is useless.
While I understand taking precautions, unless you downloaded debain from somewhere sketchy I wouldn’t think over it too much. My biggest concern downloading from the proper channels would generally be something getting corrupted in the ISO and causing some issue I have to chase down once it’s installed.
In a previous topic, I asked the differences between sha256 sum and PGP ckecking.
The first verifies the ISO’s integritry while the second, its authenticity.
In my case, I’ve ever installed Debian from the official site and I only verified the sha256sum, because I’m less comfortable with the PGP fingerprint.
So, I’m not more worried than that.
Even in a distro like Debian wich tests a long time the packages before releasing them ?
Distros offer to do self-checks before installing, at least Fedora and RHEL does. That won’t help against malicious modifications, but against some random corruption.
Make a USB drive with the same Linux distro, boot into live mode, chroot and check from there package integrity and modifications. Both debian and RHEL family offer programs to check package integrity. This won’t cover modifications outside of packages installed through the distros package manager, so it’s not 100% reliable, but probably the closest you can get on a already installed and used system
That makes sense. I have hopped around distros so I figured I’d cover all eventualities as I honestly can’t remember the details or implementation of every distro I’ve used.