0

I'd ordered a VPS with Ubuntu 16.04/64-bit LTS server edition with some ports opened, which are essential to my application.

recently the VPS was delivered to me, so I accessed the VPS using ssh and changed the ssh password.

now my question is:

how can I make sure that the Ubuntu 16.04 installation that was delivered to me, is a clean installation and does not have any extra functionality (malicious or not) and/or extra files with respect to the original OS that Ubuntu provides publicly?

now I have to say that I trust my VPS provider, but I have this question in general.

unfortunately I wasn't able to find any similar question. so I would be happy, if you refer me to one.

following are more details that might be helpful.

thanks.

cat /etc/os-release output:

NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

hostnamectl output:

Static hostname: ubuntu
Icon name: computer-vm
Chassis: vm
Machine ID: *** (not shown deliberately)
Boot ID: *** (not shown deliberately)
Virtualization: vmware
Operating System: Ubuntu 16.04.6 LTS
Kernel: Linux 4.4.0-157-generic
Architecture: x86-64

uname -r output:

4.4.0-157-generic
Improve this question

2 Answers 2

Reset to default
0

Look around for an intrusion detection system. tiger is one of them and should be available in the standard Ubuntu repository. I don't think it detects all possible system changes, but will give you a long report on what's going on.

Improve this answer
3
  • thanks, but I don't see how this directly correlates to my question, as intrusion detection systems generally are used for server security after the server operating system has been setup. rather what I want is how can I make sure that the operating system that was delivered to me does not contain any extra and/or malicious file or functionality. Commented Aug 1, 2019 at 22:06
  • @Moher I thought it has a list of what to expect from a system. Commented Aug 1, 2019 at 22:06
  • I don't know about that. but what I do know is that IDS looks at byte-stream and tries to find patterns whether fixed patterns or using machine learning methods to detect if the byte-stream corresponds to an attack. these systems stand along firewalls mainly to improve server security and are used in many honeypot systems to detect attackers and their intrusion methods in a network. but thanks anyway. Commented Aug 1, 2019 at 22:10
0

You could start with an apt list --installed and look at what all is installed. If you find anything that you think should be removed then go ahead and uninstall it. I would also suggest looking in the /opt directory to see if there is anything installed there. Maybe check into the /etc/passwd file and see if there are any extra accounts created.

The actual chance of them installing a bunch of extra stuff, especially malicious, is extremely low. People would have already found out and called them on it, so unless you're the first person to ever purchase anything from them you shouldn't really need to look into it.

Improve this answer
2
  • 1. doing apt list --installed wouldn't even come close to what I expect for an answer nor this command is intended for such use case. I'm familiar enough with Ubuntu server to know about approaches like this. this does not help with extra files nor with any malicious functionality. Commented Aug 2, 2019 at 1:22
  • 2. I explicitly mentioned in my question that I trust the provider with good faith. but my question is for general case, how one can know about this. but thanks anyway for your contribution. Commented Aug 2, 2019 at 1:28

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.