network – How to mitigate against malicious browser extensions that rely on rtkit-daemon and dbus for remote control?

I lately noticed that my web browser (latest Firefox) is acting strange: form field content is getting deleted, text randomly marked and the system suddenly crashes as if the device is remotely controlled and overloaded.

Checking my system logs (Ubuntu), I found a couple of suspicious entries. Every time the browser seems to be remote controlled, I find the following entries in syslog:

Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9689) dhcp4 (lan0): option dhcp_lease_time      => '3600'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option domain_name          => 'My-I-S-Provider.com.'
Jul 16 11:44:45 MyComputer dbus-daemon(813): (system) Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-disp>
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option domain_name_servers  => '192.168.0.1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option expiry               => '1626450285'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option host_name            => 'MyComputer'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option ip_address           => '192.168.0.226'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option next_server          => '192.168.0.1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_broadcast_address => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_domain_name => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_domain_name_servers => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_domain_search => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_host_name  => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_interface_mtu => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_ms_classless_static_routes => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_nis_domain => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_nis_servers => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_ntp_servers => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_rfc3442_classless_static_routes => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_root_path  => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_routers    => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_static_routes => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_subnet_mask => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option requested_time_offset => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option requested_wpad       => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option routers              => '192.168.0.1'
Jul 16 11:44:46 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option subnet_mask          => '255.255.255.0'
Jul 16 11:44:46 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): state changed extended -> extended
Jul 16 11:44:46 MyComputer systemd(1): Starting Network Manager Script Dispatcher Service...
Jul 16 11:44:46 MyComputer dbus-daemon(813): (system) Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 16 11:44:46 MyComputer systemd(1): Started Network Manager Script Dispatcher Service.
Jul 16 11:44:56 MyComputer systemd(1): NetworkManager-dispatcher.service: Succeeded.

I interpret this as a remote session that is being created. Is it possible to tell if this session is created directly on the device or if the local router is infected and involved?

When the browser is overloaded and crashes, I notice the following or similar entries:

Jul 16 14:46:23 MyComputer rtkit-daemon(1031): Supervising 4 threads of 3 processes of 1 users.

Also the network adapter was suddenly shutting down several times:

Jul 16 16:21:38 MyComputer dbus-daemon(835): (system) Activating systemd to hand-off: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.13' (uid=0 pid=836 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Jul 16 16:23:47 MyComputer systemd(1): dbus.service: Found left-over process 835 (dbus-daemon) in control group while starting unit. Ignoring.
Jul 16 16:23:47 MyComputer dbus-daemon(3060): (system) Activating systemd to hand-off: service name='org.freedesktop.RealtimeKit1' unit='rtkit-daemon.service' requested by ':1.45' (uid=1000 pid=6629 comm="/usr/lib/firefox/firefox -contentproc -childID 60 " label="unconfined")

I was able to temporarily deactivate rtkit-daemon and dbus with systemctl stop / disable, but they would automatically switch back on after some time.

Is it possible to permanently deactivate those daemons without impacting the functionality of the rest of the system?

Clamav and chrootkit scan did not show any relevant findings.

I appreciate your feedback and advice.

vpn – OpenVPN client – session-start: ** ERROR ** Failed to start new session: Failed calling D-Bus method Connect: Timeout was reached

First I run: $ openvpn3 config-import --config jethro-cao.ovpn, and get the expected output of: Configuration imported. Configuration path: /net/openvpn/v3/configuration/339401a6xf41ex483ex8ea4x60cfa3e2a844

Now I try to connect like shown below:

$ openvpn3 session-start --config-path /net/openvpn/v3/configuration/339401a6xf41ex483ex8ea4x60cfa3e2a844
Session path: /net/openvpn/v3/sessions/c398f1cesbd60s4ae5sabbbs123b9bb27186
Auth User name: jethro.cao
Auth Password: 
Enter Authenticator Code: 629542

Then after about a 10sec hang, the following error gets displayed:

session-start: ** ERROR ** Failed to start new session: Failed calling D-Bus method Connect: Timeout was reached

My username and password (and OTP too ofc) should all be correct, since I’m able to log into the OpenVPN CWS using the same credentials to manage my profile.

Also running $ openvpn3 sessions-list, after a very long wait of over a minute, I get the following output:

-----------------------------------------------------------------------------
        Path: /net/openvpn/v3/sessions/c398f1cesbd60s4ae5sabbbs123b9bb27186
     Created: Mon Jul 12 18:56:36 2021                  PID: 38321
       Owner: jyscao                                 Device: (None)
 Config name: jethro-cao.ovpn
      Status: (No status)
-----------------------------------------------------------------------------

Anyone have experience with this issue?

Edit: I should add, up until today these commands were working well for me, for about 2 weeks.

gnome – Accesing UPower battery percentage via DBus in gjs: Access Denied

I am trying to make an extension that displays a notification when the battery level reaches certain value. To get the percentage level I am trying to implement this method, but as I don’t have a keyboard with backlight I modified the example to report the battery percentage and the state (if it is charging or not) using the information I found here abut UPower, and it ended up looking like this:

const Gio = imports.gi.Gio;
const GLib = imports.gi.GLib;

// This the D-Bus interface as XML
const batInterface = '<node>
<interface name="org.freedesktop.UPower.DisplayDevice"> 
    <method name="State"> 
        <arg name="State" type="u" direction="out"/> 
    </method> 
    <method name="Percentage"> 
        <arg name="Percentage" type="d" direction="out"/> 
    </method> 
</interface> 
</node>';

// Declare the proxy class based on the interface
const batProxy = Gio.DBusProxy.makeProxyWrapper(batInterface);

// Get the /org/freedesktop/UPower/KbdBacklight instance from the bus
let batInstanceProxy = new batProxy(
    Gio.DBus.system,
    "org.freedesktop.UPower",
    "/org/freedesktop/UPower/devices/DisplayDevice"
);

// You can use proxy.<method>Sync syntax to 
// call the D-Bus method in a Sync way
print("The percentage is " + batInstanceProxy.PercentageSync());

let loop = new GLib.MainLoop(null, false);
loop.run();

But when running gjs test.js I get the following output:


(gjs:66204): Gjs-WARNING **: 20:35:16.865: JS ERROR: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.689" (uid=1000 pid=66204 comm="gjs test.js " label="unconfined") interface="org.freedesktop.UPower.DisplayDevice" member="Percentage" error name="(unset)" requested_reply="0" destination=":1.41" (uid=0 pid=1322 comm="/usr/lib/upower/upowerd " label="unconfined")
_proxyInvoker@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:139:46
_makeProxyMethod/<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:164:30
@test.js:28:47


(gjs:66204): Gjs-CRITICAL **: 20:35:16.865: Script test.js threw an exception

Can anyone point out what could be wrong here?
I am new to gjs, DBus communication and relatively new to JS, but I have done programming before

Docker systemctl Failed to get D-Bus connection bug

When I execute any systemctl command inside a CentOS 7 container I get the Failed to get D-Bus connection: Operation not permitted error message. The container is started with docker container run --privileged -d -t -p 80:80 09fc90b6865e command. Yesterday this worked exactly like this and now docker is broken. All commands are executed as root.

c – D-Bus: No property can be created: sd_bus_add_object_vtable fails

I am trying to create a property on the system bus with a complex signature and two signed integers in my example. The source file test.c:

#include 
#include 
#include 
#include 

#define DATA_INTERFACE "com.myexample.myproject"
#define DATA_PATH "/com/myexample/myproject"
#define DATA_PROPERTY "data"
#define DATA_SIGNATURE "ii"

static int get_property_cb(sd_bus*_bus,         
                const char* path,
                const char* interface,
                const char* property,
                sd_bus_message* reply,
                void* userdata,
                sd_bus_error* ret_error)
{
    int ret = 1;
    sd_bus_message_open_container(reply, 'r', DATA_SIGNATURE);
    sd_bus_message_append(reply, "i", 111);
    sd_bus_message_append(reply, "i", 222);
    sd_bus_message_close_container(reply);
    return ret;
}

static const sd_bus_vtable prop_spec(3) = {
    SD_BUS_VTABLE_START(0),
    SD_BUS_PROPERTY(DATA_PROPERTY, DATA_SIGNATURE, get_property_cb, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
    SD_BUS_VTABLE_END
};

int main ()
{
    sd_bus* _bus = NULL;
    sd_bus_slot* _slot = NULL;
    int ret = 0;
    ret = sd_bus_open_system(&_bus);
    if(ret < 0) {
        fprintf(stderr, "Error: sd_bus_open ret %dn", ret);
        return -1;
    }
    ret = sd_bus_request_name(_bus, DATA_INTERFACE, 0);
    if(ret < 0) {
        fprintf(stderr, "Error: sd_bus_request_name ret %dn", ret);
        return -1;
    }
    ret = sd_bus_add_object_vtable(_bus, &_slot, DATA_PATH, DATA_INTERFACE, prop_spec, NULL);
    if(ret < 0) {
        fprintf(stderr, "Error: sd_bus_add_object_vtable ret %dn", ret);
        return -1;
    }
    printf("!!!Success!!!n");
    sd_bus_slot_unref(_slot);
    sd_bus_unref(_bus);
    return 0;
}

I also created the file /usr/share/dbus-1/system.d/com.myexample.myproject.conf
(also tried setting it to /etc/dbus-1/system.d/)



  
    
    
  

the interface file /usr/share/dbus-1/interfaces/com.myexample.myproject.xml



    
        
            
        
    

and /usr/share/dbus-1/services/com.myexample.myproject.service

(D-BUS Service)
Name=com.myexample.myproject
Exec=/home/user/test

I run it as root:

sudo ./test

and break my brain why sd_bus_add_object_vtable returns -22 (-EINVAL)

Does anyone know what's going on?

Error while establishing D-Bus connection: No operating permit

I'm using a Centos 7 operating system
I moved houses / var / run / dbus / system_bus_socket after accidentally removing the / var / run folder.
Now if I try to use systemctl Command I get the above error.
Note that I connect to this computer via SSH.
So I have two questions:

  1. Is there a way to recover the deleted files and especially those? system_bus_socket?
  2. When the computer restarts, the files are restored. (Because I'm worried that the system will not be able to start the services after the reboot or I can not connect to SSH)?

Apparmor: How to enable Apparmor's Dbus feature (# Dbus-Mediation) in the Linux kernel?

I would like to use Apparmor to restrict the specific Dbus communication in my system. The following line, however, appears in my Syslog:

December 28 09:36:21 Top caught[1127]: Status of AppArmor: Apparmor is enabled, but some features are missing: dbus, network

Have tested with the following Apparmor profile. Unfortunately, it does not limit the DBUS: _ (

# Last modified: Fri 28 Dec 09:20:30 2018
#include 

/ usr / bin / budgie-panel {
#include 

  # Allow all rules
enable *,

# Then deny binding access for the program / usr / bin / budgie-panel.
# on any bus (either the user's session bus or the system-wide bus),
# to prevent registration of the dbus endpoint address "org.freedesktop.Notifications"
#
# This is to keep the address free for other notification daemons
# (like # haze or # 39; mako #, which provide support for multiple screens)
# This also means that Budgerigar can not receive notifications (Raven sidebar and applets).
#
deny dbus bind name = org.freedesktop.Notifications,

}

Well, there should be a kernel flag? To see if this feature is enabled in the kernel, there should be a folder under / sys / kernel / security / apparmor / features / dbuscontaining a file with the name mask, However, this folder is missing on my system.

Maybe that's because I switched to update_ubuntu_kernel.sh. Which one will be .deb Kernel packages from https://kernel.ubuntu.com/. They are not the typical Ubuntu kernel. According to ubuntu's own documentation, the dbus function should be present in apparmor since ubuntu 13.10.

$ uname -a
Linux apex 4.20.0-042000-lowlatency # 201812232030 SMP submission from Mon Dec 24 01:42:05 UTC 2018 x86_64 x86_64 x86_64 GNU / Linux

So then! … wants to know how to enable kernel boot flags. Or load a module (modprobe). Or other steps to get this feature working in these newer Linux kernels. Not sure what to look for!

Dbus daemon crash after boot

Not always, but often I find this error at startup, but with nothing that crashes. For the moment I ignore it because I repeat it, it does not scratch anything on the screen, but is there a solution? Details can be found in this picture -> http://tinyimg.io/i/RaXqsym.jpg