Re: Am I paranoid?

To: debian-user@lists.debian.org
Subject: Re: Am I paranoid?
From: Brian <ad44@cityscape.co.uk>
Date: Mon, 24 Feb 2014 19:08:33 +0000
Message-id: <24022014185708.e78a1ed5cc33@desktop.copernicus.demon.co.uk>
In-reply-to: <1393266209.1127.5.camel@archlinux>
References: <lefcou$68c$1@ger.gmane.org> <1943927.mP18IQJb7E@twilight> <20140224154804.GB4691@hawking> <1521775.fCcAIDVUWK@twilight> <1393266209.1127.5.camel@archlinux>

On Mon 24 Feb 2014 at 19:23:29 +0100, Ralf Mardorf wrote:

> On Mon, 2014-02-24 at 09:51 -0600, yaro@marupa.net wrote:
> > Thank you. Using that command it'd be trivial to see if those files
> > were installed by the package manager, maybe a dependency, which is
> > more likely than being compromised, in all honesty.
> 
> When something is installed as a dependency, then it would show up in
> the history. Assumed the OP isn't mistaken and the OP didn't install
> something that included those stuff, then somebody has got access to the
> machine. Somebody mentioned this already and I agree with this. I only
> wonder why somebody should install this. Perhaps it's something else,
> with this harmless, but faked name. I suspect the OP installed it,
> without being aware of it and didn't find it in the history or deleted
> parts of the history. In case of doubt only a new install is secure.

   apt-cache rdepends --no-breaks open-vm-tools

gives

   Reverse Depends:
     open-vm-tools-dbg
     open-vm-toolbox
     open-vm-dkms

Does that resolve the ". . . . maybe a dependency" question?

Reply to:

References:
- Am I paranoid?
  - From: ha <hiei.arhiva@gmail.com>
- Re: Am I paranoid?
  - From: yaro@marupa.net
- Re: Am I paranoid?
  - From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
- Re: Am I paranoid?
  - From: yaro@marupa.net
- Re: Am I paranoid?
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: DHCP request IP address
Next by Date: very slow Xorg and/or bash
Previous by thread: Re: Am I paranoid?
Next by thread: Re: Am I paranoid?
Index(es):
- Date
- Thread