Re: Am I paranoid?

To: debian-user@lists.debian.org
Subject: Re: Am I paranoid?
From: ha <hiei.arhiva@gmail.com>
Date: Mon, 24 Feb 2014 17:28:32 +0100
Message-id: <lefrlt$7f4$1@ger.gmane.org>
In-reply-to: <20140224193636.644bbfe2c7ae59b2aa558b49@gmail.com>
References: <lefcou$68c$1@ger.gmane.org> <1e49a80919ffb381f02a4666487cf069@neutralite.org> <lefntf$kca$1@ger.gmane.org> <20140224193636.644bbfe2c7ae59b2aa558b49@gmail.com>


debsums -ac -r /mnt

Great, thanks! I didn't know about debsums.
However, it does not report anything when started from the debian live usb.

4) If, and only if debsums won't report anything unusual - purge
vmtoolsd, cleanup anything in /usr/local, change root password,
remove any ssh public keys from /root/.ssh/authorized_keys, reboot to
normal.

5) If debsums show any file replacements
(especially /usr/sbin/sshd, /bin/bash, etc) - reinstall the OS from the
scratch.

I will format disk and do the fresh install anyway, but I simply do notunderstand how something like this could be done. This is the first timeI noticed something like this, simply because it is a fresh install.


By the way, do not have sshd installed (and there is no /usr/sbin/sshd).

And no suspicious users in /etc/passwd.

Reply to:

Follow-Ups:
- Re: Am I paranoid?
  - From: Reco <recoverym4n@gmail.com>

References:
- Am I paranoid?
  - From: ha <hiei.arhiva@gmail.com>
- Re: Am I paranoid?
  - From: berenger.morel@neutralite.org
- Re: Am I paranoid?
  - From: ha <hiei.arhiva@gmail.com>
- Re: Am I paranoid?
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: Am I paranoid?
Next by Date: Re: Am I paranoid?
Previous by thread: Re: Am I paranoid?
Next by thread: Re: Am I paranoid?
Index(es):
- Date
- Thread