[LUNI] Regenerate all binaries?

[David Ehle]

>
> This sounds like the sort of logic that a familiar Popeye character might use.
> "I will gladly pay you Tuesday, for a hamburger today."
>
> Seriously, as long as your system remains usable by you there is good chance it
> is usable by your new friend. If the system is important enough to have
> production applications running on it, it is also important enough to be
> rebuild immediately because of a break in.
>
> //Ed

Seriously, the only service still running is ssh. Apt-get update replaced
the ssh binary just a bit ago.  lsof |grep LIS showed all the listening
and established jobs, including the ones he/she/it had set up as
backdoors.  passwd has been replaced with a binary from a known good
system and all passwords changed.

My "new friend" didn't cover his tracks well. I'm not dealing with a
Mitnick or Fu Manchu - I've got some shmuck script kiddy who wants to
stash his porn on my computer so his mother doesn't find it.

The whole "always assume the bad guys are smarter than your are" thing is
a good rule of thumb, but sometimes the evidence is to the contrary.

The box is going to be wiped, just not right now.

So, is there an apt expert out there who can answer the original question?

Thanks!
David.