Needing some advice on a Linux server. We had a dumb user plug a powered off dumb phone (old Samsung flip phone) straight into the front of an Ubuntu server to charge it.
This server was setup several years ago with no real security in mind. Since the incident I've installed OSSEC and rkhunter. The OSSEC rootkit scan hasn't turned up anything. The rkhunter is only reporting the usual Ubuntu false positives, but I don't have skdet or Tripwire installed, so it's skipping a few tests.
I'm not a super experienced Linux admin so I don't know what to do at this point. I can either chance it and call it good, or I can engage a forensics vendor for a pretty steep price. No backups unfortunately and this is a server responsible for imaging machines...
Any thoughts?
[link][11 comments]
