Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Andrew McGlashan writes
> Thomas Krichel wrote:
> >chattr -sia /bin/ps ; scp root@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y install --reinstall procps
> So, in effect, did you possibly give away your root password or pass
> phrase key for the netbka machine?
Yup. After killing the "dropbear" process.
> I wouldn't be that trusting,
I wouldn't be either, but what is man to do who is
not a security expert to do?
> you already know you were compromised
> -- best to re-install clean if you ask me.
yeah, but I have no physical access to the infected
box and must keep its data. I reinstalled all the
packages. psutils was the one that got aptitude
Thomas Krichel http://openlib.org/home/krichel