Re: Am I infected with a rootkit?

To: debian-user@lists.debian.org
Subject: Re: Am I infected with a rootkit?
From: David Christensen <dpchrist@holgerdanske.com>
Date: Sun, 16 Apr 2023 18:10:18 -0700
Message-id: <[🔎] 002853f9-6fc5-df06-1ddb-e10e25cbb49a@holgerdanske.com>
In-reply-to: <[🔎] 8759d727-f80a-61af-ee6c-13d37a3ab2f1@dybdal.dk>
References: <[🔎] 8759d727-f80a-61af-ee6c-13d37a3ab2f1@dybdal.dk>

On 4/16/23 05:19, Jesper Dybdal wrote:

I have a Debian pc functioning as router, firewall, file server, nameserver, webserver, ...
It has very recently been upgraded to Bullseye.

On the internal network I have a Windows 10 pc.

And there in the bash history were 4 lines that I had not written :-(

md5users
sp md5users
sp /x/md5users
ps /x/md5users



On 4/16/23 07:30, Jesper Dybdal wrote:

> ... I really need to be able to run ssh [on Windows to] administer
> [the Debian] machine (which normally has neither keyboard nor
> monitor).

What about installing a KVM switch and administering the Debian computerfrom the console?

If the two computers are separated, you could use a KVM extender and putthe KVM switch near the Windows computer. Or, you could get networkedKVM equipment.

That said, using one computer as router, firewall, file server, nameserver, web server, and more represents "all of your eggs in onebasket". I suggest using dedicated hardware for networking, networksegmentation (e.g. DMZ), and kernel or hypervisor compartmentalizationof services. Qubes looks very appealing:


        https://www.qubes-os.org/


David

Reply to:

Follow-Ups:
- Re: Am I infected with a rootkit?
  - From: Michel Verdier <mv524@free.fr>
- Re: Am I infected with a rootkit?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>

References:
- Am I infected with a rootkit?
  - From: Jesper Dybdal <jd-debian-user@dybdal.dk>

Prev by Date: Re: Apt sources.list
Next by Date: Re: Apt sources.list
Previous by thread: Re: Am I infected with a rootkit?
Next by thread: Re: Am I infected with a rootkit?
Index(es):
- Date
- Thread