[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree

  Andrew McGlashan writes

> Thomas Krichel wrote:
> >chattr -sia /bin/ps ; scp root@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y install --reinstall procps
> So, in effect, did you possibly give away your root password or pass
> phrase key for the netbka machine?

  Yup. After killing the "dropbear" process.

> I wouldn't be that trusting,

  I wouldn't be either, but what is man to do who is
  not a security expert to do?

> you already know you were compromised
> -- best to re-install clean if you ask me.

  yeah, but I have no physical access to the infected
  box and must keep its data. I reinstalled all the
  packages. psutils was the one that got aptitude


  Thomas Krichel                    http://openlib.org/home/krichel
                                               skype: thomaskrichel

Reply to: