Got it mounted and now I can cd into the ROS filesystem(s)Re: ... since Mikrotik doesn't allow us shell access to our routers to perform this kind of examination. Lack of shell access also makes it hard to tell if upgrading a compromised device actually removes the compromise ... VPNfilte ...
Re: ... A thought on how to possibly examine a Mikrotik x86/CHR file system. ... Then just cd /mnt/"Mikrotiks-x86-CHR-file-system ... I would guess the bad guys already do something like this all of the time when looking for possible exploits on Internet connected devices ...
*Please don't ask me how to do this - I assume any decent Linux admin can already probably do the same thing*
So a question to me is what is supposed to be in the /dev/sda /rw/store/user.dat file -and- ??? (take a look yourself if you know how to). Any security concerns here ?
I am by no means a Linux internals person , but I can't help but ask myself a question "What other methods/accounts might be built-in that we don't have normal access to see or manage?"
Part of the reason I ask myself is way back in the late 1980s I did find some hidden access (non-documented) systems in another very popular operating system which was in all distributions.
North Idaho Tom Jones