What could a regular user do with a .rpmdb directory uploaded?



I think I've found a compromised user account.

This is on Debian but alien is installed. The attackers have
not made a move yet, but have done some tests and kept
their connections to scp/sftp to be unnoticed by last.

There is a directory .rpmdb uploaded to their home
directory. How could this be used to set up their
software? I mean, is there a special angle they
are aiming at which achieves a result they would
not have realized by only using make on their sources?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/CA+AKB6HHMEU1Wh8JpC7mxM0Y2WGJjTudNhdNVEro8R=jjir4Bw@xxxxxxxxxxxxxx