On Thu, Feb 5, 2015 at 5:29 PM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
Be it me, I would consider box compromised. All done on/from that box since probable day it happened compromised as well. If there is no way to establish the day, then since that system originally build. With full blown sweeping up the consequences. Finding really-really-really convincing proof it is not a result of compromise (and yes, fight one's wishful thinking!).
You aren't being paranoid enough.
Really? My take is to take it as seriously as it can potentially be. It _is_ paranoid, and is paranoid enough. Which would constitute pretty good compliment responsible sysadmin can get ;-)
No, you are saying don't trust that box.
If it happened as a result of following some instructions or running a script, it's not just the box that is compromised, it is everything you think you know. On the other hand it could have just been an accidental typo.
That's why I said "avoid wishful thinking".
I'm saying don't trust the source of the advice you were following when this happened.