Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree

To: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
From: Thomas Krichel <krichel@openlib.org>
Date: Sat, 18 Dec 2010 15:04:03 +0100
Message-id: <[🔎] 20101218140403.GA11875@openlib.org>
In-reply-to: <[🔎] 4D0CBDDD.2060001@affinityvision.com.au>
References: <201012171349.25795.vladislav.kurz@webstep.net> <4D0B5DC3.8090100@ovm-group.com> <201012171401.12219.vladislav.kurz@webstep.net> <[🔎] 4D0B627F.4070501@ovm-group.com> <[🔎] AANLkTinkua+N-EZU4906T7Lmjc2b5WR0Jcf+PQYySE=B@mail.gmail.com> <[🔎] AANLkTik182-iXdK44Nzm083z+hA2cDjpbCDx7rOwhx49@mail.gmail.com> <[🔎] 4D0B692B.2000104@ovm-group.com> <[🔎] AANLkTinc3tak5XFaha+YHynv0B9-eYai=fHvPfvd63L5@mail.gmail.com> <[🔎] 20101218135042.GA11706@openlib.org> <[🔎] 4D0CBDDD.2060001@affinityvision.com.au>

  Andrew McGlashan writes

> Thomas Krichel wrote:
> >chattr -sia /bin/ps ; scp root@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y install --reinstall procps
> 
> So, in effect, did you possibly give away your root password or pass
> phrase key for the netbka machine?

  Yup. After killing the "dropbear" process.

> I wouldn't be that trusting,

  I wouldn't be either, but what is man to do who is
  not a security expert to do?

> you already know you were compromised
> -- best to re-install clean if you ask me.

  yeah, but I have no physical access to the infected
  box and must keep its data. I reinstalled all the
  packages. psutils was the one that got aptitude
  stymied.

  Cheers,

  Thomas Krichel                    http://openlib.org/home/krichel
                                http://authorclaim.org/profile/pkr1
                                               skype: thomaskrichel

Reply to:

Follow-Ups:
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

References:
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Thorsten Göllner <tg@ovm-group.com>
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Michael Cassano <mcassano@gmail.com>
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Izak Burger <isburger@gmail.com>
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Thorsten Göllner <tg@ovm-group.com>
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Izak Burger <isburger@gmail.com>
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Thomas Krichel <krichel@openlib.org>
- Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Next by Date: Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Previous by thread: Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Next by thread: Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Index(es):
- Date
- Thread