On 11/13/2014 03:57 AM, Erwan David wrote:
I just got a call form police, that they have arrested a pirate who "tried" to connect to one of my (debian) servers. They tell me he is gifted, but since the policewoman I had one phone mixes server, web site and email address, it may not be completely accurate. However, I'd prefer be sure my server was not compromised, and at the lower possibe cost (in time and work). Is there a way to check the packages/installed files from outside sources (I may boot a fresh live system in order to have clean utilities), or even provoke a reinstall with a new download of the whole system ? Thank you.
It's clearly not the most efficient way, but I use debsums against my local repos, like this one line script:
# cat check-debsums debsums -ca --generate=all --deb-path=/mnt/$1/install/deblinks The deblinks directory just contains links to all debs in the repo: # cat make-deblinks DEBIAN_DEST=$1 #rm -rf $DEBIAN_DEST/deblinks.old rm -rf $DEBIAN_DEST/deblinks #mv $DEBIAN_DEST/deblinks $DEBIAN_DEST/deblinks.old mkdir $DEBIAN_DEST/deblinks cd $DEBIAN_DEST/deblinks find $DEBIAN_DEST/debian* -regex .*\\.deb$ | while read filepath do #echo "$filepath" file=`echo $filepath | sed 's/.*\///'` #echo $file' would be linked to '$filepath ln $filepath $file done ------------------As I said, not efficient, but who cares? It's easy and I don't have anything public facing, and it only takes a few minutes to check each upgrade. Obviously the safest thing is reinstall from the package list.