0

I am trying to figure out if my raspi was meddled with and users where created. What is the list of users created by default on jessie? (Release date: 2017-01-11) Here is a list from my machine after installing xrdp.

pi@p3:~ $ compgen -u
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-timesync
systemd-network
systemd-resolve
systemd-bus-proxy
pi
messagebus
avahi
ntp
sshd
statd
lightdm
pulse
rtkit
xrdp
Stowoda
  • 446
  • 3
  • 9
  • 5
    Why not create a second SD card and check for yourself. Not to mention that this is not a fullproof method of detecting malicious activity. – Steve Robillard Feb 20 '17 at 08:19
  • 2
    Alright, I will do that and post the results. It's just one of the things I am testing... – Stowoda Feb 20 '17 at 09:42
  • 1
    That looks close to the list of users on my fresh Jessie install, with the exception of lightdm, pulse, rtkit and xrdp. That doesn't mean you're safe by any means. Are you particularly concerned that your system was exposed and compromised? – bobstro Feb 20 '17 at 15:47
  • Most of these are system users, as you would see from cat /etc/passwd – Milliways Feb 20 '17 at 08:10

1 Answers1

0

OK, here is the standard user list after a fresh install plus enable SSH. The list is identical to the one in my original post with the only exception of xrdp. My first post was initiated after I tried to SSH into the wrong server (mixed .org with .com). This was my first login so I accepted the SSH warning. Using DynDNS I noticed a lot of traffic trying to login to my raspi. So probably good idea to start fresh, and learn about securing this thing, before using portforwarding and DynDNS... 

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
systemd-timesync
systemd-network
systemd-resolve
systemd-bus-proxy
pi
messagebus
avahi
ntp
sshd
statd
lightdm
pulse
rtkit
Stowoda
  • 446
  • 3
  • 9