What could a regular user do with a .rpmdb directory uploaded?
I think I've found a compromised user account.
This is on Debian but alien is installed. The attackers have
not made a move yet, but have done some tests and kept
their connections to scp/sftp to be unnoticed by last.
There is a directory .rpmdb uploaded to their home
directory. How could this be used to set up their
software? I mean, is there a special angle they
are aiming at which achieves a result they would
not have realized by only using make on their sources?
Reply to: