without backing up and reimaging but you may be able to achieve it if
you try first rkhunter and second apparmor which is similar to selinux
which was developed by the nsa and made accessible as a Red Hat
package. Both solutions have the ability to limit what root can do and
is your only real option for saving a rooted system. It is important
that if you try this that you dump your memory rkunter picks up a
memory
anomaly. Fileless malware is popular among sophisticated threat actors
and rkhunter is equipped to find malware that resides in memory.
Apparmor is included in Debian.
Thanks,
Michael Lazin