Bonjour,

Après avoir lancer sous Linux Debian 8 les logiciels :

• Rkhunter, chkrootkit et Lynis :

Voici les résultats :
[b]

1. Rkhunter :[/b]

[code]rkhunter -c
[ Rootkit Hunter version 1.4.2 ]

Checking system commands…

Performing ‘strings’ command checks
Checking ‘strings’ command [ OK ]

Performing ‘shared libraries’ checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]

Performing file properties checks
Checking for prerequisites [ OK ]
/usr/local/sbin/sshd [ Warning ]
/usr/local/bin/ssh [ Warning ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/rsyslogd [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/unhide-linux [ OK ]
/usr/sbin/unhide-posix [ OK ]
/usr/sbin/unhide-tcp [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/dpkg [ Warning ]
/usr/bin/dpkg-query [ Warning ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lsof [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/mlocate [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ Warning ]
/usr/bin/pgrep [ OK ]
/usr/bin/pkill [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/sha224sum [ OK ]
/usr/bin/sha256sum [ OK ]
/usr/bin/sha384sum [ OK ]
/usr/bin/sha512sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/ssh [ Warning ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ Warning ]
/usr/bin/tail [ OK ]
/usr/bin/telnet [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/unhide [ OK ]
/usr/bin/gawk [ OK ]
/usr/bin/lwp-request [ OK ]
/usr/bin/bsd-mailx [ OK ]
/usr/bin/telnet.netkit [ OK ]
/usr/bin/w.procps [ OK ]
/sbin/depmod [ OK ]
/sbin/fsck [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/route [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/fuser [ OK ]
/bin/grep [ OK ]
/bin/ip [ OK ]
/bin/kill [ OK ]
/bin/less [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/lsmod [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/ping [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/readlink [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/which [ OK ]
/bin/kmod [ OK ]
/bin/systemd [ OK ]
/bin/systemctl [ OK ]
/bin/dash [ OK ]
/lib/systemd/systemd [ OK ]

[Press to continue]

Checking for rootkits…

Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
Adore Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
cb Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy’s Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
Fu Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Jynx Rootkit [ Not found ]
KBeast Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
ld-linuxv.so Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe’s Rootkit [ Not found ]
RSHA’s Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
‘Spanish’ Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
trNkit Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
Xzibit Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]

[Press to continue]

Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]

Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Suspicious Shared Memory segments [ None found ]

Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]

[Press to continue]

Checking the network…

Performing checks on the network ports
Checking for backdoor ports [ None found ]
Checking for hidden ports [ None found ]

Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]

Checking the local host…

Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]

Performing system configuration file checks
Checking for an SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for a running system logging daemon [ Found ]
Checking for a system logging configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]

[Press to continue]

System checks summary

File properties checks…
Files checked: 146
Suspect files: 7

Rootkit checks…
Rootkits checked : 379
Possible rootkits: 0

Applications checks…
All checks skipped

The system checks took: 5 minutes and 25 seconds

All results have been written to the log file: /var/log/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
[/code]

2) Chkrootkit
chkrootkit
ROOTDIR is /' Checkingamd’… not found
Checking basename'... not infected Checkingbiff’… not found
Checking chfn'... not infected Checkingchsh’… not infected
Checking cron'... not infected Checkingcrontab’… not infected
Checking date'... not infected Checkingdu’… not infected
Checking dirname'... not infected Checkingecho’… not infected
Checking egrep'... not infected Checkingenv’… not infected
Checking find'... not infected Checkingfingerd’… not found
Checking gpm'... not found Checkinggrep’… not infected
Checking hdparm'... not found Checkingsu’… not infected
Checking ifconfig'... not infected Checkinginetd’… not infected
Checking inetdconf'... not found Checkingidentd’… not found
Checking init'... not infected Checkingkillall’… not infected
Checking ldsopreload'... not infected Checkinglogin’… not infected
Checking ls'... not infected Checkinglsof’… not infected
Checking mail'... not infected Checkingmingetty’… not found
Checking netstat'... not infected Checkingnamed’… not found
Checking passwd'... not infected Checkingpidof’… not infected
Checking pop2'... not found Checkingpop3’… not found
Checking ps'... not infected Checkingpstree’… not infected
Checking rpcinfo'... not infected Checkingrlogind’… not found
Checking rshd'... not found Checkingslogin’… not infected
Checking sendmail'... not infected Checkingsshd’… not found
Checking syslogd'... not tested Checkingtar’… not infected
Checking tcpd'... not infected Checkingtcpdump’… not infected
Checking top'... not infected Checkingtelnetd’… not found
Checking timed'... not found Checkingtraceroute’… not infected
Checking vdir'... not infected Checkingw’… not infected
Checking write'... not infected Checkingaliens’… no suspect files
Searching for sniffer’s logs, it may take a while… nothing found
Searching for rootkit HiDrootkit’s default files… nothing found
Searching for rootkit t0rn’s default files… nothing found
Searching for t0rn’s v8 defaults… nothing found
Searching for rootkit Lion’s default files… nothing found
Searching for rootkit RSHA’s default files… nothing found
Searching for rootkit RH-Sharpe’s default files… nothing found
Searching for Ambient’s rootkit (ark) default files and dirs… nothing found
Searching for suspicious files and dirs, it may take a while… The following suspicious files and directories were found:
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/pymodules/python2.7/.path

Searching for LPD Worm files and dirs… nothing found
Searching for Ramen Worm files and dirs… nothing found
Searching for Maniac files and dirs… nothing found
Searching for RK17 files and dirs… nothing found
Searching for Ducoci rootkit… nothing found
Searching for Adore Worm… nothing found
Searching for ShitC Worm… nothing found
Searching for Omega Worm… nothing found
Searching for Sadmind/IIS Worm… nothing found
Searching for MonKit… nothing found
Searching for Showtee… nothing found
Searching for OpticKit… nothing found
Searching for T.R.K… nothing found
Searching for Mithra… nothing found
Searching for LOC rootkit… nothing found
Searching for Romanian rootkit… nothing found
Searching for Suckit rootkit… nothing found
Searching for Volc rootkit… nothing found
Searching for Gold2 rootkit… nothing found
Searching for TC2 Worm default files and dirs… nothing found
Searching for Anonoying rootkit default files and dirs… nothing found
Searching for ZK rootkit default files and dirs… nothing found
Searching for ShKit rootkit default files and dirs… nothing found
Searching for AjaKit rootkit default files and dirs… nothing found
Searching for zaRwT rootkit default files and dirs… nothing found
Searching for Madalin rootkit default files… nothing found
Searching for Fu rootkit default files… nothing found
Searching for ESRK rootkit default files… nothing found
Searching for rootedoor… nothing found
Searching for ENYELKM rootkit default files… nothing found
Searching for common ssh-scanners default files… nothing found
Searching for Linux/Ebury - Operation Windigo ssh… Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit … nothing found
Searching for 64-bit Linux Rootkit modules… nothing found
Searching for suspect PHP files… nothing found
Searching for anomalies in shell history files… nothing found
Checking asp'... not infected Checkingbindshell’… not infected
Checking lkm'... chkproc: nothing detected chkdirs: nothing detected Checkingrexedcs’… not found
Checking sniffer'... lo: not promisc and no packet sniffer sockets wlan0: PACKET SNIFFER(/sbin/wpa_supplicant[873], /sbin/wpa_supplicant[873], /sbin/dhclient[1624]) Checkingw55808’… not infected
Checking wted'... chkwtmp: nothing deleted Checkingscalper’… not infected
Checking slapper'... not infected Checkingz2’… user Linux-2
deleted or never logged from lastlog!
Checking `chkutmp’… The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 649 tty7 /usr/bin/Xorg :0 -novtswitch -background none -noreset -verbose 3 -auth /var/run/gdm3/auth-for-Debian-gdm-z3kfA8/database -seat seat0 -nolisten tcp vt7

netstat -nap | grep "@/proc/udevd" find /lib* -type f -name libns2.so ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System infected

Comment se débarrasser de ces logiciels malveillants et les bloquer définitivement ?

Ayant eu déjà à faire a des rootkit dans le passé, je conseille définitivement de réinstaller le serveur. Il est parfois trop difficile de trouver quels fichiers exacts ont été compromis avec le risque d’en oublier un.

Je sais pas pour le virus.
Mais si tu vas tout reinstaller, essaye de trouver le soucis, tu pourrais peut-etre eviter que ca se reproduise sur la nouvelle installation.

Bonsoir,

Comment se fait-il qu’un rootkit soit possible, alors que Linux est infaillible ?

–> Mis à jour régulièrement
–> Antivirus … -> Clamav, Chrootkit …

Parefeu : Iptables / GuFw

Je ne souhaites pas réinstaller Linux car les partitions sont importantes.

Quelles sont les vérifications à effectuer ?

D’avance merci.

après quelques recherches sur la Toile il s’agirait d’un “faux positif” , j’ai moi aussi le même message d’un possible Linux/Ebury sur mon système.

askubuntu.com/questions/709545/c … possible-l

Salut,
C’est plutôt ( comme disait Milou) windigo qui pose un éventuel problème
clubic.com/antivirus-securit … troie.html

root@desktop:/# ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System clean

welivesecurity.com/wp-conten … indigo.pdf

$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"
System infected

Que dois-je faire ? Comment se prémunir contre ça ? J’ai fait une installation classique, je n’ai pas sudo, et mon mot de passe root est béton.

[quote=“Morovaille”] $ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System infected

Que dois-je faire ? Comment se prémunir contre ça ? J’ai fait une installation classique, je n’ai pas sudo, et mon mot de passe root est béton.[/quote]

des tests sérieux:

https://www.cert-bund.de/ebury-faq

[quote=“Arnold59”]Bonsoir,
Comment se fait-il qu’un rootkit soit possible, alors que Linux est infaillible ?
[/quote]

Votre distribution est une compilation de centaine de programmes, probablement tous plus ou moins vulnérables, comme tout programme informatique. Le zero bug n’existe pas vraiment… Cependant il est très probable que vous ayez fait une erreur de configuration ou installé un logiciel malveillant directement sans le vouloir.

Bon courage,

[quote=“Morovaille”]
J’ai fait une installation classique[/quote]
@Morovaille
@Arnold59
@avram

Ces retours, s’il vous plaît.

$ dpkg -l |grep openssh $ apt-cache policy $ ssh -G

avram@sda5-stretch:~$ dpkg -l |grep openssh
ii openssh-client 1:7.1p2-2 i386 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.1p2-2 i386 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.1p2-2 i386 secure shell (SSH) sftp server module, for SFTP access from remote machines
avram@sda5-stretch:~$

avram@sda5-stretch:~$ apt-cache policy
Fichiers du paquet :
100 /var/lib/dpkg/status
release a=now
500 download.jitsi.org/deb unstable/ Packages
release o=jitsi.org,a=unstable,n=sid,l=Jitsi Debian packages repository,c=
origin download.jitsi.org
500 dl.google.com/linux/chrome/deb stable/main i386 Packages
release v=1.0,o=Google, Inc.,a=stable,n=stable,l=Google,c=main,b=i386
origin dl.google.com
500 download.jitsi.org/nightly/deb unstable/ Packages
release o=jitsi.org,a=unstable,n=sid,l=Jitsi Debian packages repository,c=
origin download.jitsi.org
500 ftp.fr.debian.org/debian stretch-updates/non-free i386 Packages
release o=Debian,a=testing-updates,n=stretch-updates,l=Debian,c=non-free,b=i386
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian stretch-updates/contrib i386 Packages
release o=Debian,a=testing-updates,n=stretch-updates,l=Debian,c=contrib,b=i386
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian stretch-updates/main i386 Packages
release o=Debian,a=testing-updates,n=stretch-updates,l=Debian,c=main,b=i386
origin ftp.fr.debian.org
500 duinsoft.nl/pkg debs/all i386 Packages
release o=pkg@duinsoft.nl,a=debs,n=debs,l=Duinsoft repository,c=all,b=i386
origin www.duinsoft.nl
500 security.debian.org stretch/updates/non-free i386 Packages
release o=Debian,a=testing,n=stretch,l=Debian-Security,c=non-free,b=i386
origin security.debian.org
500 security.debian.org stretch/updates/contrib i386 Packages
release o=Debian,a=testing,n=stretch,l=Debian-Security,c=contrib,b=i386
origin security.debian.org
500 security.debian.org stretch/updates/main i386 Packages
release o=Debian,a=testing,n=stretch,l=Debian-Security,c=main,b=i386
origin security.debian.org
500 ftp.fr.debian.org/debian stretch/non-free i386 Packages
release o=Debian,a=testing,n=stretch,l=Debian,c=non-free,b=i386
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian stretch/contrib i386 Packages
release o=Debian,a=testing,n=stretch,l=Debian,c=contrib,b=i386
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian stretch/main i386 Packages
release o=Debian,a=testing,n=stretch,l=Debian,c=main,b=i386
origin ftp.fr.debian.org
Paquets épinglés :
avram@sda5-stretch:~$

avram@sda5-stretch:~$ ssh -G
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]
avram@sda5-stretch:~$

[quote=“avram”]avram@sda5-stretch:~$ dpkg -l |grep openssh ii openssh-client 1:7.1p2-2 i386 secure shell (SSH) client, for secure access to remote machines ii openssh-server 1:7.1p2-2 i386 secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.1p2-2 i386 secure shell (SSH) sftp server module, for SFTP access from remote machines avram@sda5-stretch:~$ [/quote]

[20:06:36] ~ # dpkg -l | grep openssh ii openssh-client 1:6.7p1-5+deb8u1 amd64 secure shell (SSH) client, for secure access to remote machines ii openssh-server 1:6.7p1-5+deb8u1 amd64 secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:6.7p1-5+deb8u1 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines [20:06:39] ~ #
Rétrogrades ces paquets en version [mono]Jessie[/mono], relances les tests, conclusion ?

Je m’en expliquerai, plus tard.

Rajoutes ces retours, stp.

[code]# ls -la /usr/bin/s*

ls -la /usr/lib/s*

ls -la /usr/lib/cups/backend/s*

ls -la /usr/lib/cups/filter/s*

ls -la /usr/sbin/s*[/code]

@BelZéButh,je vous renvoie toutes les commandes faites depuis jessie

root@sdb5-jessie:/home/avram# dpkg -l |grep openssh
ii openssh-client 1:6.7p1-5+deb8u1 i386 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:6.7p1-5+deb8u1 i386 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:6.7p1-5+deb8u1 i386 secure shell (SSH) sftp server module, for SFTP access from remote machines
root@sdb5-jessie:/home/avram#

root@sdb5-jessie:/home/avram# apt-cache policy
Fichiers du paquet :
100 /var/lib/dpkg/status
release a=now
500 dl.google.com/linux/chrome/deb/ stable/main i386 Packages
release v=1.0,o=Google, Inc.,a=stable,n=stable,l=Google,c=main
origin dl.google.com
500 mozilla.debian.net/ jessie-backports/iceweasel-release i386 Packages
release o=Debian Mozilla Team,a=jessie-backports,n=jessie-backports,l=Debian Mozilla Team,c=iceweasel-release
origin mozilla.debian.net
500 ftp.fr.debian.org/debian/ jessie-updates/non-free Translation-en
500 ftp.fr.debian.org/debian/ jessie-updates/main Translation-en
500 ftp.fr.debian.org/debian/ jessie-updates/contrib Translation-en
500 ftp.fr.debian.org/debian/ jessie-updates/non-free i386 Packages
release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian/ jessie-updates/contrib i386 Packages
release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian/ jessie-updates/main i386 Packages
release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
origin ftp.fr.debian.org
500 duinsoft.nl/pkg/ debs/all i386 Packages
release o=pkg@duinsoft.nl,a=debs,n=debs,l=Duinsoft repository,c=all
origin www.duinsoft.nl
500 security.debian.org/ jessie/updates/non-free Translation-en
500 security.debian.org/ jessie/updates/main Translation-en
500 security.debian.org/ jessie/updates/contrib Translation-en
500 security.debian.org/ jessie/updates/non-free i386 Packages
release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
origin security.debian.org
500 security.debian.org/ jessie/updates/contrib i386 Packages
release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
origin security.debian.org
500 security.debian.org/ jessie/updates/main i386 Packages
release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
origin security.debian.org
500 ftp.fr.debian.org/debian/ jessie/non-free Translation-en
500 ftp.fr.debian.org/debian/ jessie/main Translation-fr
500 ftp.fr.debian.org/debian/ jessie/main Translation-en
500 ftp.fr.debian.org/debian/ jessie/contrib Translation-en
500 ftp.fr.debian.org/debian/ jessie/non-free i386 Packages
release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian/ jessie/contrib i386 Packages
release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
origin ftp.fr.debian.org
500 ftp.fr.debian.org/debian/ jessie/main i386 Packages
release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
origin ftp.fr.debian.org
Paquets épinglés :
root@sdb5-jessie:/home/avram#

root@sdb5-jessie:/home/avram# ssh -G
unknown option – G
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R [bind_address:]port:host] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_

root@sdb5-jessie:/home/avram# ls -la /usr/bin/s*
-rwxr-xr-x 2 root root 53329 janv. 15 05:44 /usr/bin/s2p
-rwxr-xr-x 1 root root 59724 déc. 28 23:28 /usr/bin/samba-regedit
-rwxr-xr-x 1 root root 1554 déc. 28 23:28 /usr/bin/samba-tool
-rwxr-xr-x 1 root root 120824 déc. 27 2014 /usr/bin/sane-find-scanner
-rwxr-xr-x 1 root root 10469 nov. 8 2014 /usr/bin/savelog
-rwxr-xr-x 1 root root 46884 déc. 27 2014 /usr/bin/scanimage
-rwxr-xr-x 1 root root 91500 janv. 13 23:37 /usr/bin/scp
-rwxr-xr-x 1 root root 90 oct. 23 2014 /usr/bin/scp-dbus-service
-rwxr-xr-x 1 root root 9624 oct. 25 2014 /usr/bin/screendump
-rwxr-xr-x 1 root root 17964 mars 30 2015 /usr/bin/script
-rwxr-xr-x 1 root root 9656 mars 30 2015 /usr/bin/scriptreplay
lrwxrwxrwx 1 root root 16 sept. 3 2014 /usr/bin/scrollkeeper-config -> rarian-sk-config
lrwxrwxrwx 1 root root 17 sept. 3 2014 /usr/bin/scrollkeeper-extract -> rarian-sk-extract
lrwxrwxrwx 1 root root 18 sept. 3 2014 /usr/bin/scrollkeeper-gen-seriesid -> rarian-sk-gen-uuid
lrwxrwxrwx 1 root root 16 sept. 3 2014 /usr/bin/scrollkeeper-get-cl -> rarian-sk-get-cl
lrwxrwxrwx 1 root root 26 sept. 3 2014 /usr/bin/scrollkeeper-get-content-list -> rarian-sk-get-content-list
lrwxrwxrwx 1 root root 35 sept. 3 2014 /usr/bin/scrollkeeper-get-extended-content-list -> rarian-sk-get-extended-content-list
lrwxrwxrwx 1 root root 21 sept. 3 2014 /usr/bin/scrollkeeper-get-index-from-docpath -> rarian-sk-get-scripts
lrwxrwxrwx 1 root root 21 sept. 3 2014 /usr/bin/scrollkeeper-get-toc-from-docpath -> rarian-sk-get-scripts
lrwxrwxrwx 1 root root 21 sept. 3 2014 /usr/bin/scrollkeeper-get-toc-from-id -> rarian-sk-get-scripts
lrwxrwxrwx 1 root root 17 sept. 3 2014 /usr/bin/scrollkeeper-install -> rarian-sk-install
lrwxrwxrwx 1 root root 20 sept. 3 2014 /usr/bin/scrollkeeper-preinstall -> rarian-sk-preinstall
lrwxrwxrwx 1 root root 17 sept. 3 2014 /usr/bin/scrollkeeper-rebuilddb -> rarian-sk-rebuild
lrwxrwxrwx 1 root root 17 sept. 3 2014 /usr/bin/scrollkeeper-uninstall -> rarian-sk-install
lrwxrwxrwx 1 root root 16 sept. 3 2014 /usr/bin/scrollkeeper-update -> rarian-sk-update
-rwxr-xr-x 1 root root 38808 avril 13 2014 /usr/bin/sctp_darn
-rwxr-xr-x 1 root root 18000 avril 13 2014 /usr/bin/sctp_status
-rwxr-xr-x 1 root root 30328 avril 13 2014 /usr/bin/sctp_test
-rwxr-xr-x 1 root root 46724 nov. 8 2014 /usr/bin/sdiff
-rwxr-xr-x 1 root root 194084 janv. 3 2015 /usr/bin/sdptool
lrwxrwxrwx 1 root root 11 déc. 28 2014 /usr/bin/see -> run-mailcap
-rwxr-xr-x 1 root root 474 nov. 28 2014 /usr/bin/select-default-iwrap
-rwxr-xr-x 1 root root 1215 juin 6 2013 /usr/bin/select-editor
-rwxr-xr-x 1 root root 1436 juin 6 2013 /usr/bin/sensible-browser
-rwxr-xr-x 1 root root 1109 juin 6 2013 /usr/bin/sensible-editor
-rwxr-xr-x 1 root root 288 juin 6 2013 /usr/bin/sensible-pager
-rwxr-xr-x 1 root root 17980 mai 8 2014 /usr/bin/sensors
-rwxr-xr-x 1 root root 14023 mai 8 2014 /usr/bin/sensors-conf-convert
-rwxr-xr-x 1 root root 46728 mars 14 2015 /usr/bin/seq
lrwxrwxrwx 1 root root 28 juin 27 2015 /usr/bin/servertool -> /etc/alternatives/servertool
-rwxr-xr-x 1 root root 9656 nov. 8 2014 /usr/bin/sessreg
-rwxr-xr-x 1 root root 13744 mars 30 2015 /usr/bin/setarch
lrwxrwxrwx 1 root root 12 sept. 8 2014 /usr/bin/setfacl -> /bin/setfacl
-rwxr-xr-x 1 root root 9600 oct. 25 2014 /usr/bin/setkeycodes
-rwxr-xr-x 1 root root 9644 oct. 25 2014 /usr/bin/setleds
-rwxr-xr-x 1 root root 5496 oct. 25 2014 /usr/bin/setlogcons
-rwxr-xr-x 1 root root 5560 oct. 25 2014 /usr/bin/setmetamode
-rwxr-xr-x 1 root root 17888 sept. 9 2014 /usr/bin/setpci
-rwxr-xr-x 1 root root 9644 mars 30 2015 /usr/bin/setsid
-rwxr-xr-x 1 root root 34320 mars 30 2015 /usr/bin/setterm
-rwxr-xr-x 1 root root 9720 oct. 25 2014 /usr/bin/setvtrgb
-rwxr-xr-x 1 root root 18376 déc. 25 2013 /usr/bin/setxkbmap
-rwxr-xr-x 1 root root 153044 janv. 13 23:37 /usr/bin/sftp
lrwxrwxrwx 1 root root 6 nov. 19 22:35 /usr/bin/sg -> newgrp
-rwxr-xr-x 1 root root 42632 mars 14 2015 /usr/bin/sha1sum
-rwxr-xr-x 1 root root 50824 mars 14 2015 /usr/bin/sha224sum
-rwxr-xr-x 1 root root 50824 mars 14 2015 /usr/bin/sha256sum
-rwxr-xr-x 1 root root 87688 mars 14 2015 /usr/bin/sha384sum
-rwxr-xr-x 1 root root 87688 mars 14 2015 /usr/bin/sha512sum
-rwxr-xr-x 1 root root 9027 janv. 15 05:44 /usr/bin/shasum
-rwxr-xr-x 1 root root 13752 oct. 25 2014 /usr/bin/showconsolefont
-rwxr-xr-x 1 root root 9368 déc. 25 2013 /usr/bin/showfont
-rwxr-xr-x 1 root root 9624 oct. 25 2014 /usr/bin/showkey
-rwxr-xr-x 1 root root 5492 nov. 8 2014 /usr/bin/showrgb
-rwxr-xr-x 1 root root 59112 mars 14 2015 /usr/bin/shred
-rwxr-xr-x 1 root root 50888 mars 14 2015 /usr/bin/shuf
-rwxr-xr-x 1 root root 26412 févr. 25 2015 /usr/bin/size
-rwxr-xr-x 1 root root 22056 mars 7 2015 /usr/bin/skill
-rwxr-xr-x 1 root root 35884872 mai 22 2014 /usr/bin/skype
-rwxr-xr-x 1 root root 13792 mars 7 2015 /usr/bin/slabtop
lrwxrwxrwx 1 root root 3 janv. 13 23:37 /usr/bin/slogin -> ssh
-rwxr-xr-x 1 root root 34676 déc. 28 23:28 /usr/bin/smbcacls
-rwxr-xr-x 1 root root 154032 déc. 28 23:28 /usr/bin/smbclient
-rwxr-xr-x 1 root root 22216 déc. 28 23:28 /usr/bin/smbcquotas
-rwxr-xr-x 1 root root 26276 déc. 28 23:28 /usr/bin/smbget
-rwxr-xr-x 1 root root 30436 déc. 28 23:28 /usr/bin/smbpasswd
-rwxr-xr-x 1 root root 13908 déc. 28 23:28 /usr/bin/smbspool
-rwxr-xr-x 1 root root 4896 juin 13 2013 /usr/bin/smbtar
-rwxr-xr-x 1 root root 13904 déc. 28 23:28 /usr/bin/smbtree
-rwxr-xr-x 1 root root 27264 déc. 4 2014 /usr/bin/smime_keys
-rwxr-xr-x 1 root root 2851216 oct. 4 2014 /usr/bin/smplayer
-rwxr-xr-x 1 root root 17952 déc. 26 2013 /usr/bin/smproxy
lrwxrwxrwx 1 root root 5 mars 7 2015 /usr/bin/snice -> skill
-rwxr-xr-x 1 root root 87780 oct. 28 21:31 /usr/bin/sntp
-rwxr-xr-x 1 root root 34184 sept. 4 2014 /usr/bin/soelim
lrwxrwxrwx 1 root root 34 août 29 13:23 /usr/bin/soffice -> …/lib/libreoffice/program/soffice
-rwxr-xr-x 1 root root 4259 août 23 2013 /usr/bin/software-properties-gtk
-rwxr-xr-x 1 root root 104552 mars 14 2015 /usr/bin/sort
-rwxr-xr-x 1 root root 4340 janv. 1 23:49 /usr/bin/sotruss
-rwxr-xr-x 1 root root 26256 juil. 8 2014 /usr/bin/speaker-test
-rwxr-xr-x 1 root root 18768 janv. 15 05:44 /usr/bin/splain
-rwxr-xr-x 1 root root 71884 mars 14 2015 /usr/bin/split
-rwxr-xr-x 1 root root 3186 avril 14 2014 /usr/bin/splitdiff
-rwxr-xr-x 1 root root 5492 oct. 25 2014 /usr/bin/splitfont
-rwxr-xr-x 1 root root 22096 janv. 1 23:55 /usr/bin/sprof
-rwxr-xr-x 1 root root 109960 oct. 21 2014 /usr/bin/spumux
-rwxr-xr-x 1 root root 43528 oct. 21 2014 /usr/bin/spuunmux
-rwxr-xr-x 1 root root 5556 déc. 10 2012 /usr/bin/sq
-rwxr-xr-x 1 root root 808576 janv. 13 23:37 /usr/bin/ssh
-rwxr-xr-x 1 root root 410988 janv. 13 23:37 /usr/bin/ssh-add
-rwxr-sr-x 1 root ssh 419192 janv. 13 23:37 /usr/bin/ssh-agent
-rwxr-xr-x 1 root root 1456 janv. 13 21:59 /usr/bin/ssh-argv0
-rwxr-xr-x 1 root root 9325 juin 5 2013 /usr/bin/ssh-copy-id
-rwxr-xr-x 1 root root 509444 janv. 13 23:37 /usr/bin/ssh-keygen
-rwxr-xr-x 1 root root 566664 janv. 13 23:37 /usr/bin/ssh-keyscan
-rwxr-xr-x 1 root root 1300 oct. 12 2014 /usr/bin/start-pulseaudio-kde
-rwxr-xr-x 1 root root 1524 oct. 12 2014 /usr/bin/start-pulseaudio-x11
-rwxr-xr-x 1 root root 5479 sept. 12 2014 /usr/bin/startx
-rwxr-xr-x 1 root root 2968 janv. 11 2015 /usr/bin/startxfce4
-rwxr-xr-x 1 root root 75528 mars 14 2015 /usr/bin/stat
-rwxr-xr-x 1 root root 67272 mars 14 2015 /usr/bin/stdbuf
-rwxr-xr-x 1 root root 26456 févr. 25 2015 /usr/bin/strings
-rwxr-xr-x 1 root root 233388 févr. 25 2015 /usr/bin/strip
-rwsr-xr-x 1 root root 180496 janv. 11 01:06 /usr/bin/sudo
lrwxrwxrwx 1 root root 4 janv. 11 01:06 /usr/bin/sudoedit -> sudo
-rwxr-xr-x 1 root root 79824 janv. 11 01:06 /usr/bin/sudoreplay
-rwxr-xr-x 1 root root 38572 mars 14 2015 /usr/bin/sum
-rwxr-xr-x 1 root root 446 nov. 20 2014 /usr/bin/sushi
-rwxr-xr-x 1 root root 3120 juin 14 2014 /usr/bin/su-to-root
-rwxr-xr-x 1 root root 46 janv. 6 05:02 /usr/bin/svlc
-rwxr-xr-x 1 root root 128628 févr. 22 2015 /usr/bin/symcryptrun
-rwxr-xr-x 1 root root 43 janv. 30 2012 /usr/bin/synaptic-pkexec
-rwxr-xr-x 1 root root 12756 sept. 18 2014 /usr/bin/synclient
-rwxr-xr-x 1 root root 11724 sept. 18 2014 /usr/bin/syndaemon
-rwxr-xr-x 1 root root 95 oct. 23 2014 /usr/bin/system-config-printer
-rwxr-xr-x 1 root root 80 oct. 23 2014 /usr/bin/system-config-printer-applet
-rwxr-xr-x 1 root root 292372 nov. 27 05:25 /usr/bin/systemd-analyze
-rwxr-xr-x 1 root root 30228 nov. 27 05:25 /usr/bin/systemd-cat
-rwxr-xr-x 1 root root 259608 nov. 27 05:25 /usr/bin/systemd-cgls
-rwxr-xr-x 1 root root 54820 nov. 27 05:25 /usr/bin/systemd-cgtop
-rwxr-xr-x 1 root root 46616 nov. 27 05:25 /usr/bin/systemd-delta
-rwxr-xr-x 1 root root 26124 nov. 27 05:25 /usr/bin/systemd-detect-virt
-rwxr-xr-x 1 root root 386604 nov. 27 05:25 /usr/bin/systemd-nspawn
-rwxr-xr-x 1 root root 34316 nov. 27 05:25 /usr/bin/systemd-path
-rwxr-xr-x 1 root root 267788 nov. 27 05:25 /usr/bin/systemd-run
lrwxrwxrwx 1 root root 31 nov. 27 05:25 /usr/bin/systemd-stdio-bridge -> /lib/systemd/systemd-bus-proxyd
root@sdb5-jessie:/home/avram#

root@sdb5-jessie:/home/avram# ls -la /usr/lib/s*
lrwxrwxrwx 1 root root 13 déc. 15 05:18 /usr/lib/sendmail -> …/sbin/exim4
lrwxrwxrwx 1 root root 19 janv. 13 23:37 /usr/lib/sftp-server -> openssh/sftp-server

/usr/lib/samba:
total 24
drwxr-xr-x 2 root root 4096 mars 7 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …

/usr/lib/sasl2:
total 24
drwxr-xr-x 2 root root 4096 juin 27 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …

/usr/lib/software-properties:
total 28
drwxr-xr-x 2 root root 4096 juin 27 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …
-rwxr-xr-x 1 root root 1928 juil. 14 2013 software-properties-dbus

/usr/lib/sse2:
total 2100
drwxr-xr-x 2 root root 4096 juin 27 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …
lrwxrwxrwx 1 root root 19 oct. 21 2014 libxapian.so.22 -> libxapian.so.22.6.6
-rw-r–r-- 1 root root 2122780 oct. 21 2014 libxapian.so.22.6.6

/usr/lib/ssl:
total 28
drwxr-xr-x 3 root root 4096 déc. 4 10:05 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …
lrwxrwxrwx 1 root root 14 juin 13 2015 certs -> /etc/ssl/certs
drwxr-xr-x 2 root root 4096 déc. 4 10:05 misc
lrwxrwxrwx 1 root root 20 déc. 3 19:37 openssl.cnf -> /etc/ssl/openssl.cnf
lrwxrwxrwx 1 root root 16 juin 13 2015 private -> /etc/ssl/private

/usr/lib/sudo:
total 456
drwxr-xr-x 2 root root 4096 janv. 19 11:46 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …
-rw-r–r-- 1 root root 13480 janv. 11 01:06 group_file.so
-rwxr-xr-x 1 root root 34384 janv. 11 01:06 sesh
-rw-r–r-- 1 root root 362280 janv. 11 01:06 sudoers.so
-rw-r–r-- 1 root root 5220 janv. 11 01:06 sudo_noexec.so
-rw-r–r-- 1 root root 13476 janv. 11 01:06 system_group.so

/usr/lib/sushi:
total 104
drwxr-xr-x 3 root root 4096 juin 27 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …
drwxr-xr-x 2 root root 4096 juin 27 2015 girepository-1.0
-rw-r–r-- 1 root root 76272 nov. 20 2014 libsushi-1.0.so

/usr/lib/sysctl.d:
total 24
drwxr-xr-x 2 root root 4096 mai 26 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …

/usr/lib/systemd:
total 44
drwxr-xr-x 7 root root 4096 juin 27 2015 .
drwxr-xr-x 143 root root 20480 janv. 27 22:06 …
drwxr-xr-x 2 root root 4096 janv. 27 22:04 catalog
drwxr-xr-x 2 root root 4096 mai 26 2015 network
drwxr-xr-x 2 root root 4096 janv. 27 22:04 ntp-units.d
drwxr-xr-x 2 root root 4096 janv. 27 22:04 user
drwxr-xr-x 2 root root 4096 mai 26 2015 user-generators
root@sdb5-jessie:/home/avram#

root@sdb5-jessie:/home/avram# ls -la /usr/lib/cups/backend/s*
lrwxrwxrwx 1 root root 21 déc. 28 23:28 /usr/lib/cups/backend/smb -> …/…/…/bin/smbspool
root@sdb5-jessie:/home/avram#

root@sdb5-jessie:/home/avram# ls -la /usr/lib/cups/filter/s*
ls: impossible d’accéder à /usr/lib/cups/filter/s*: Aucun fichier ou dossier de ce type
root@sdb5-jessie:/home/avram#

root@sdb5-jessie:/home/avram# ls -la /usr/sbin/s*
-rwxr-xr-x 1 root root 9768 janv. 12 2014 /usr/sbin/safe_finger
-rwxr-xr-x 1 root root 96961 déc. 28 23:28 /usr/sbin/samba_kcc
-rwxr-xr-x 1 root root 66988 déc. 27 2014 /usr/sbin/saned
-rwxr-xr-x 1 root root 1877 nov. 28 2014 /usr/sbin/select-default-ispell
-rwxr-xr-x 1 root root 1867 nov. 28 2014 /usr/sbin/select-default-wordlist
lrwxrwxrwx 1 root root 5 déc. 15 05:18 /usr/sbin/sendmail -> exim4
-rwxr-xr-x 1 root root 200851 mai 8 2014 /usr/sbin/sensors-detect
-rwxr-xr-x 1 root root 9593 avril 6 2015 /usr/sbin/service
-rwxr-xr-x 1 root root 5492 oct. 25 2014 /usr/sbin/setvesablank
-rwxr-xr-x 1 root root 949144 janv. 13 23:37 /usr/sbin/sshd
-rwxr-xr-x 1 root root 298 août 13 2014 /usr/sbin/start-statd
lrwxrwxrwx 1 root root 17 juin 14 2014 /usr/sbin/su-to-root -> …/bin/su-to-root
-rwxr-xr-x 1 root root 736952 mai 16 2014 /usr/sbin/synaptic
-rwxr-xr-x 1 root root 1445 déc. 15 05:18 /usr/sbin/syslog2eximlog
root@sdb5-jessie:/home/avram#

Non, (ci-plus haut) tu invoquais une [mono]Testing[/mono] (soit, [mono]Stretch[/mono]) et je te demandais depuis cette [mono]Testing[/mono] de rétrograder les paquets concernés (soit, [mono]openssh[/mono]).
Le tout suivit, par les tests ([mono]ssh -G 2>&1 | […][/mono], [mono]rkhunter[/mono], [mono]chkrootkit[/mono]) et les retours console (Cf. ci-plus haut) + conclusions.

Correction …

[quote=“avram”]avram@sda5-stretch:~$ apt-cache policy
Fichiers du paquet :
100 /var/lib/dpkg/status
release a=now
[mono]500[/mono] download.jitsi.org/deb [mono]unstable[/mono]/ Packages
[…]
[mono]500[/mono] ftp.fr.debian.org/debian [mono]stretch[/mono]-updates/non-free i386 Packages
[…]
[/quote]

Non, (ci-plus haut) tu invoquais[strike]une [mono]Testing[/mono] (soit, [mono]Stretch[/mono])[/strike] et je te demandais depuis [strike]cette [mono]Testing[/mono][/strike] de rétrograder les paquets concernés (soit, [mono]openssh[/mono]).
Le tout suivit, par les tests ([mono]ssh -G 2>&1 | […][/mono], [mono]rkhunter[/mono], [mono]chkrootkit[/mono]) et les retours console (Cf. ci-plus haut) + conclusions.[/quote]
Depuis une [mono]Sid[/mono].

[quote=“avram”][quote=“Morovaille”] $ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System infected

Que dois-je faire ? Comment se prémunir contre ça ? J’ai fait une installation classique, je n’ai pas sudo, et mon mot de passe root est béton.[/quote]

des tests sérieux:

https://www.cert-bund.de/ebury-faq[/quote]

Merci, j’ai tout testé, et je n’ai rien
Ça m’aurait étonné aussi d’être infecté.

Salut,
Faut d’abord être certain que ssh est bien installé sur la machine:

root@desktop:/# dpkg -l *ssh* Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-installé/W=attend-traitement-déclenchements |/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais) ||/ Nom Version Architecture Description +++-==============-============-============-================================= ii libssh-gcrypt- 0.6.3-4+deb8 i386 tiny C SSH library (gcrypt flavor ii libssh2-1:i386 1.4.3-4.1 i386 SSH2 client-side library un openssh-client <aucune> <aucune> (aucune description n'est disponi un openssh-server <aucune> <aucune> (aucune description n'est disponi ii ssh-askpass 1:1.2.4.1-9 i386 under X, asks user for a passphra un ssh-client <aucune> <aucune> (aucune description n'est disponi root@desktop:/#

j’ai tout desinstallé ssh car sur mon petit desktop je n’en vois pas l’utilité

[code]Commit Log for Fri Jan 29 11:42:50 2016

Les paquets suivants ont été supprimés :
openssh-client
Commit Log for Fri Jan 29 11:41:50 2016

Les paquets suivants ont été complètement supprimés :
openssh-sftp-server

Les paquets suivants ont été supprimés :
openssh-server
task-ssh-server
[/code]

root@desktop:/# ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" System infected

Trop drôle ce test il aurait du me dire:

root@desktop:/# ssh -G bash: ssh : commande introuvable

Tout simplement, ce rootkit ([mono]Linux/Ebury - Operation Windigo ssh[/mono]) tu aurais pu aller le chercher toi-même, sans même le savoir.
Que je sache, cela ne concernait [mono]Testing[/mono] et [mono]Sid[/mono].
Ceci, avec une simple mise à jour (quotidienne) qui aurait été effectuée entre le 18/07/2016 et le 20/08/2015, date où les serveurs de dépôts se sont vus hacker.
Un simple [mono]upgrade[/mono], suffisait.

[code][12:29:06] ~ # cat /media/loreleil/Documents/rootkit/binaires_suspicieux.txt
*deleting usr/bin/stxhzD6y
*deleting usr/bin/stwo7N2U
*deleting usr/bin/stvb1LPB
*deleting usr/bin/stuX8woM
*deleting usr/bin/struct2osd.sh
*deleting usr/bin/strXRh2f
*deleting usr/bin/stpYkmng
*deleting usr/bin/stlmYRaD
*deleting usr/bin/stkF6mpq
*deleting usr/bin/stjLJZzJ
*deleting usr/bin/stiJHHDa
*deleting usr/bin/step
*deleting usr/bin/stdta8QS
*deleting usr/bin/stdPCRTF
*deleting usr/bin/stcdsNhU
*deleting usr/bin/stc6UPhs
*deleting usr/bin/stb6N91L
*deleting usr/bin/stXB3cOO
*deleting usr/bin/stUGbm4c
*deleting usr/bin/stSUWmnu
*deleting usr/bin/stQn5qEI
*deleting usr/bin/stKxbdkE
*deleting usr/bin/stIMnWJv
*deleting usr/bin/stGjsYur
*deleting usr/bin/stFFvsGX
*deleting usr/bin/stF1Z8jL
*deleting usr/bin/stEzZydu
*deleting usr/bin/stCqphEn
*deleting usr/bin/stAtmhzM
*deleting usr/bin/stAno5PV
*deleting usr/bin/st8KzgUs
*deleting usr/bin/st7bTcwx
*deleting usr/bin/st7DuQ5z
*deleting usr/bin/st5f8x1p

[…]

*deleting usr/lib/stebYAxM
*deleting usr/lib/stdMEAUJ
*deleting usr/lib/stJpJBFU
*deleting usr/lib/stIyqZ8g
*deleting usr/lib/stIVkp13
*deleting usr/lib/stGGW5Qd
*deleting usr/lib/st5B3lB6
*deleting usr/lib/st3rFTFY
*deleting usr/lib/st3CI2lx
*deleting usr/lib/st2JnJ74

[…]

*deleting usr/lib/cups/backend/stzy0Q4F
*deleting usr/lib/cups/backend/stvck5NM
*deleting usr/lib/cups/backend/stpEgViG
*deleting usr/lib/cups/backend/stmBImR1
*deleting usr/lib/cups/backend/stj9704N
*deleting usr/lib/cups/backend/stbPFjeJ
*deleting usr/lib/cups/backend/stSiqGYJ
*deleting usr/lib/cups/backend/stMWEVrP
*deleting usr/lib/cups/backend/stKEK48D
*deleting usr/lib/cups/backend/stAxQS0z
*deleting usr/lib/cups/backend/st4ERXPD
*deleting usr/lib/cups/backend/st1iOD4y

[…]

*deleting usr/lib/cups/filter/stvRTADp
*deleting usr/lib/cups/filter/strqFBGr
*deleting usr/lib/cups/filter/stkz4AGk
*deleting usr/lib/cups/filter/stjFEGgn
*deleting usr/lib/cups/filter/stiRmMrA
*deleting usr/lib/cups/filter/sti5A85f
*deleting usr/lib/cups/filter/stYwsKAh
*deleting usr/lib/cups/filter/stWeO9jq
*deleting usr/lib/cups/filter/stSegAXn
*deleting usr/lib/cups/filter/stPiRNmw
*deleting usr/lib/cups/filter/stIcJE0o
*deleting usr/lib/cups/filter/stDqsqSt
*deleting usr/lib/cups/filter/stCi1E1t
*deleting usr/lib/cups/filter/st5sQg6r

[…]

*deleting usr/sbin/stzaMz3b
*deleting usr/sbin/stwmcgDm
*deleting usr/sbin/stsN6j5b
*deleting usr/sbin/strSTM5Y
*deleting usr/sbin/stnAVjfh
*deleting usr/sbin/steM6Mbi
*deleting usr/sbin/stc3XPIi
*deleting usr/sbin/stTZHEqg
*deleting usr/sbin/stRb03vR
*deleting usr/sbin/stRGYpCh
*deleting usr/sbin/stOvu6te
*deleting usr/sbin/stKL1vCe
*deleting usr/sbin/stI8rtrW
*deleting usr/sbin/stGZNiYj
*deleting usr/sbin/stFwmiaU
*deleting usr/sbin/stEI35lT
*deleting usr/sbin/st4gGqa3
*deleting usr/sbin/st0xhH1f

[…][12:29:14] ~ #[/code]

[code]14:04:30] ~ # ll /media/usr/bin/stxhzD6y
-rw------- 1 root root 0 2015-12-25 09:49 /media/usr/bin/stxhzD6y
[14:04:35] ~ #
[14:04:36] ~ # nn /media/usr/bin/stxhzD6y
[14:04:49] ~ #
[14:04:50] ~ # lsattr /media/usr/bin/stxhzD6y
-------------e-- /media/usr/bin/stxhzD6y
[14:04:56] ~ #
[14:10:17] ~ # lsattr /media/usr/bin/stwo7N2U
-------------e-- /media/usr/bin/stwo7N2U
[14:10:24] ~ #
[14:10:30] ~ # nn usr/bin/stwo7N2U
[14:10:39] ~ #
[14:10:47] ~ # lsattr /media/usr/bin/stwo7N2U
-------------e-- /media/usr/bin/stwo7N2U
[14:10:58] ~ #
[14:10:58] ~ # ll /media/usr/bin/stwo7N2U
-rw------- 1 root root 0 2015-12-25 13:18 /media/usr/bin/stwo7N2U
[14:11:03] ~ #
[14:11:05] ~ # nn /media/usr/bin/stwo7N2U
[14:11:13] ~ # nn /media/usr/bin/suspicious-source
[14:14:04] ~ #
[14:16:44] ~ # ll /media/usr/bin/st5f8x1p
-rw------- 1 root root 0 2015-12-25 09:49 /media/usr/bin/st5f8x1p
[14:16:51] ~ #
[14:16:52] ~ # ll /media/usr/bin/s
Display all 208 possibilities? (y or n)
sadt sensors sharesec smproxy ssh-keyscan stpYkmng svn-clean-kde
samba-regedit sensors-conf-convert shasum snice st4topgm stQn5qEI svndumpfilter
samba-tool seq showconsolefont soelim st5f8x1p strace svnforwardport
sane-find-scanner servicemenudeinstallation showfont solid-action-desktop-gen st7bTcwx stream svnfsfs
savelog servicemenuinstallation showkey solid-hardware st7DuQ5z stream-im6 svngettags
sbigtopgm sessreg showrgb sopranocmd st8KzgUs strings svnintegrate
scan setarch shred sopranod stAno5PV strip svnlastchange
scanadf setcifsacl shuf sort startfluxbox struct2osd.sh svnlastlog
scan-build setfacl sieveeditor sort-dctrl startkde strXRh2f svnlook
scan-build-3.6 setkeycodes sigtool sotruss startx stSUWmnu svnmucc
scandeps setleds simpdftex spam stat stUGbm4c svnpath
scanimage setlogcons sirtopnm spctoppm stAtmhzM stuX8woM svnrdump
scan-view setmetamode size spd-say stb6N91L stvb1LPB svnrevertlast
scan-view-3.6 setpci skanlite speaker-test stc6UPhs stwo7N2U svnserve
sccmap setsid skill speech-dispatcher stcdsNhU stXB3cOO svnsync
scp setterm slabtop spent stCqphEn stxhzD6y svnversion
screen setvtrgb sldtoppm splain stdbuf sudo svnversions
screendump setxkbmap slogin split stdPCRTF sudoedit swappo
script sfdp smart-notifier split2po stdta8QS sudoreplay sweeper
scriptreplay sftp smbcacls splitfont step sum symcryptrun
sdiff sg smbclient sprof stEzZydu surveille synclient
sdptool sgitopnm smbcontrol sputoppm stF1Z8jL suspicious-source synctex
see sgml2xml smbcquotas ssft.sh stFFvsGX su-to-root syndaemon
seeks sgmlnorm smbget ssh stGjsYur svn syslinux
seeks_cli sha1sum smbpasswd ssh-add stiJHHDa svnadmin systemd2init
select-default-iwrap sha224sum smbspool ssh-agent stIMnWJv svnauthz systemmonitor
select-editor sha256sum smbstatus ssh-argv0 stjLJZzJ svnauthz-validate systemsettings5
sensible-browser sha384sum smbtar ssh-copy-id stkF6mpq svnbackport szap
sensible-editor sha512sum smbta-util sshfs stKxbdkE svnbench
sensible-pager shar smbtree ssh-keygen stlmYRaD svnchangesince
[14:16:52] ~ # ll /media/usr/bin/s
ls: impossible d’accéder à /media/usr/bin/s: Aucun fichier ou dossier de ce type
[14:17:11] ~ #
[14:17:11] ~ #
[14:17:11] ~ # ll /media/usr/bin/stCqphEn
-rw------- 1 root root 0 2015-12-25 13:18 /media/usr/bin/stCqphEn
[14:19:52] ~ #
[14:20:28] ~ # ll /media/usr/bin/struct2osd.sh
-rwxr-xr-x 1 root root 751 2015-09-01 13:42 /media/usr/bin/struct2osd.sh
[14:23:01] ~ #
[14:23:02] ~ # nn /media/usr/bin/struct2osd.sh
[14:23:21] ~ # nn /media/usr/include/nettle/serpent.h
[14:28:47] ~ #
[14:31:09] ~ # ll /media/usr/bin/s
Display all 208 possibilities? (y or n)
sadt sensors sharesec smproxy ssh-keyscan stpYkmng svn-clean-kde
samba-regedit sensors-conf-convert shasum snice st4topgm stQn5qEI svndumpfilter
samba-tool seq showconsolefont soelim st5f8x1p strace svnforwardport
sane-find-scanner servicemenudeinstallation showfont solid-action-desktop-gen st7bTcwx stream svnfsfs
savelog servicemenuinstallation showkey solid-hardware st7DuQ5z stream-im6 svngettags
sbigtopgm sessreg showrgb sopranocmd st8KzgUs strings svnintegrate
scan setarch shred sopranod stAno5PV strip svnlastchange
scanadf setcifsacl shuf sort startfluxbox struct2osd.sh svnlastlog
scan-build setfacl sieveeditor sort-dctrl startkde strXRh2f svnlook
scan-build-3.6 setkeycodes sigtool sotruss startx stSUWmnu svnmucc
scandeps setleds simpdftex spam stat stUGbm4c svnpath
scanimage setlogcons sirtopnm spctoppm stAtmhzM stuX8woM svnrdump
scan-view setmetamode size spd-say stb6N91L stvb1LPB svnrevertlast
scan-view-3.6 setpci skanlite speaker-test stc6UPhs stwo7N2U svnserve
sccmap setsid skill speech-dispatcher stcdsNhU stXB3cOO svnsync
scp setterm slabtop spent stCqphEn stxhzD6y svnversion
screen setvtrgb sldtoppm splain stdbuf sudo svnversions
screendump setxkbmap slogin split stdPCRTF sudoedit swappo
script sfdp smart-notifier split2po stdta8QS sudoreplay sweeper
scriptreplay sftp smbcacls splitfont step sum symcryptrun
sdiff sg smbclient sprof stEzZydu surveille synclient
sdptool sgitopnm smbcontrol sputoppm stF1Z8jL suspicious-source synctex
see sgml2xml smbcquotas ssft.sh stFFvsGX su-to-root syndaemon
seeks sgmlnorm smbget ssh stGjsYur svn syslinux
seeks_cli sha1sum smbpasswd ssh-add stiJHHDa svnadmin systemd2init
select-default-iwrap sha224sum smbspool ssh-agent stIMnWJv svnauthz systemmonitor
select-editor sha256sum smbstatus ssh-argv0 stjLJZzJ svnauthz-validate systemsettings5
sensible-browser sha384sum smbtar ssh-copy-id stkF6mpq svnbackport szap
sensible-editor sha512sum smbta-util sshfs stKxbdkE svnbench
sensible-pager shar smbtree ssh-keygen stlmYRaD svnchangesince
[14:31:09] ~ # ll /media/usr/bin/s
ls: impossible d’accéder à /media/usr/bin/s: Aucun fichier ou dossier de ce type
[14:32:51] ~ #
[14:32:51] ~ #
[14:32:51] ~ #
[14:32:51] ~ # ll /media/usr/lib/stebYAxM
-rw------- 1 root root 0 2015-12-25 13:18 /media/usr/lib/stebYAxM
[14:33:01] ~ #
[14:33:09] ~ # ll /media/usr/lib/cups/backend/st1iOD4y
-rw------- 1 root root 0 2015-12-25 09:49 /media/usr/lib/cups/backend/st1iOD4y
[14:37:56] ~ #
[14:40:04] ~ # ll /media/usr/lib/stebYAxM
-rw------- 1 root root 0 2015-12-25 13:18 /media/usr/lib/stebYAxM
[14:40:23] ~ #

[…]

[14:41:53] ~ #
[14:42:03] ~ # ll /media/usr/bin/split2po
-rwxr-xr-x 1 root root 80K 2014-08-22 18:40 /media/usr/bin/split2po
[14:42:12] ~ #
[14:42:55] ~ # ll /media/usr/bin/st5f8x1p
-rw------- 1 root root 0 2015-12-25 09:49 /media/usr/bin/st5f8x1p
[14:43:00] ~ #
[14:43:02] ~ # ldd /media/usr/bin/st5f8x1p
n’est pas un exécutable dynamique
[14:43:07] ~ #
[14:56:05] ~ # ll /media/usr/sbin/stKL1vCe
-rw------- 1 root root 0 2015-12-25 09:49 /media/usr/sbin/stKL1vCe
[14:56:13] ~ #[/code]

Les résultats des commandes indiquent :

dpkg -l |grep openssh

ii openssh-client 1:6.7p1-5+deb8u1 i386 secure shell (SSH) client, for secure access to remote machines

$ apt-cache policy

apt-cache policy
Fichiers du paquet :
 100 /var/lib/dpkg/status
     release a=now
 500 https://dl.google.com/linux/chrome/deb/ stable/main i386 Packages
     release v=1.0,o=Google, Inc.,a=stable,n=stable,l=Google,c=main
     origin dl.google.com
 500 http://dl.google.com/linux/earth/deb/ stable/main i386 Packages
     release v=1.0,o=Google, Inc.,a=stable,n=stable,l=Google,c=main
     origin dl.google.com
 500 http://deb.opera.com/opera/ stable/non-free i386 Packages
     release o=Opera Software ASA,a=stable,n=stable,l=The Opera web browser,c=non-free
     origin deb.opera.com
 500 http://ftp.fr.debian.org/debian/ jessie-backports/non-free Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-backports/main Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-backports/contrib Translation-en
 100 http://ftp.fr.debian.org/debian/ jessie-backports/non-free i386 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
     origin ftp.fr.debian.org
 100 http://ftp.fr.debian.org/debian/ jessie-backports/contrib i386 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
     origin ftp.fr.debian.org
 100 http://ftp.fr.debian.org/debian/ jessie-backports/main i386 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie-proposed-updates/non-free Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-proposed-updates/main Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-proposed-updates/contrib Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-proposed-updates/non-free i386 Packages
     release v=8-updates,o=Debian,a=proposed-updates,n=jessie-proposed-updates,l=Debian,c=non-free
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie-proposed-updates/contrib i386 Packages
     release v=8-updates,o=Debian,a=proposed-updates,n=jessie-proposed-updates,l=Debian,c=contrib
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie-proposed-updates/main i386 Packages
     release v=8-updates,o=Debian,a=proposed-updates,n=jessie-proposed-updates,l=Debian,c=main
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie-updates/non-free Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-updates/main Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-updates/contrib Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie-updates/non-free i386 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie-updates/contrib i386 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie-updates/main i386 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
     origin ftp.fr.debian.org
 500 http://security.debian.org/ jessie/updates/non-free Translation-en
 500 http://security.debian.org/ jessie/updates/main Translation-en
 500 http://security.debian.org/ jessie/updates/contrib Translation-en
 500 http://security.debian.org/ jessie/updates/non-free i386 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
     origin security.debian.org
 500 http://security.debian.org/ jessie/updates/contrib i386 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
     origin security.debian.org
 500 http://security.debian.org/ jessie/updates/main i386 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
     origin security.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie/non-free Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie/main Translation-fr
 500 http://ftp.fr.debian.org/debian/ jessie/main Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie/contrib Translation-en
 500 http://ftp.fr.debian.org/debian/ jessie/non-free i386 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie/contrib i386 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
     origin ftp.fr.debian.org
 500 http://ftp.fr.debian.org/debian/ jessie/main i386 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
     origin ftp.fr.debian.org
Paquets épinglés :

$ ssh -G
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]

Est-ce correct ?

D’avance merci.