1. Ran backups 2. Verified integrity of ssh on my local system versus last backup; changed local passwords 3. Verified integrity of my linode chpass with md5sum versus previous backup 4. Locked accounts; fixed changes to shell for system programs, removed additional accounts, changed passwords 5. Killed root processes and shells; accounted for all of the shells and processes in ps 6. Compared md5sums of everything in ps, login shells, rsync, inetd, su, vmlinuz, ps and various things between previous backup and current 7. compared nmap to netstat -lnp; accounted for netstat -lnp entries 8. Ran find to find setuid/setgid programs; verified no additional ones exist; ran md5sum against existing ones 9. Replace sshd, ssh and their config files and host keys; restarted sshd; relogged and changed passwords 10. Upgrade sshd 11. Killed .ssh directories 12. Temporarily took some services down until I can decide if I trust/replace them (squid, cron, sendmail) 13. diff -r'd between the two backups; read through the output to account for all changes to the system (new files and changed files) (several notable) 14. Ran find to find world writable files; ran find to find device files in the wilds of the filesystem