We are deploying in Chinese datacentre, it took us a while to get our account approved with Aliyun (some kind of Amazon AWS).
We are protecting all in and out data transfer but what guarantees that the OS itself hasn't been compromised? How do I check our Ubuntu has the same kernels and libs released by the official Ubuntu. Is there some kind of
sfc /scannow command for linux?
Taking note that Chinese run their own mirrors of Ubuntu and all HTTP communications are routed through Government agencies (data gets altered, replaced and censored). Government also does deep packet inspection to block VPN connection. Our server is in Beijing.