Ubuntu Server can't be upgraded because it says that openssh-sftp-server package have unmet dependencies
The following packages have unmet dependencies:
openssh-sftp-server : Depends: openssh-client (= 1:8.2p1-4ubuntu0.2) but 1:8.2p1-4ubuntu0.1 is installed
When I try to use apt --fix-broken install to install what is missing I receive the following output:
...
dpkg: error processing archive /var/cache/apt/archives/openssh-server_1%3a8.2p1-4ubuntu0.2_amd64.deb (--unpack):
unable to make backup link of './usr/sbin/sshd' before installing new version: Operation not permitted
...
dpkg: error processing archive /var/cache/apt/archives/openssh-client_1%3a8.2p1-4ubuntu0.2_amd64.deb (--unpack):
unable to make backup link of './usr/bin/ssh' before installing new version: Operation not permitted
...
Investigating I found that both files have the immutable attribute.
$:~# lsattr /usr/bin/ssh
----i---------e----- /usr/bin/ssh
$:~# lsattr /usr/sbin/sshd
----i---------e----- /usr/sbin/sshd
Everytime I try to change attribute of '/usr/bin/ssh' or '/usr/sbin/sshd' with the command chattr -i /usr/bin/ssh or chattr -i /usr/sbin/sshd several processes spawns throwing
... chattr +i /usr/bin/chattr ... /usr/bin/ssh /usr/sbin/sshd (as can be seen in the image below).
The process is also changing attributes of the following files.
----i---------e----- /usr/share/doc/libbasechattr.0.so.2
----i---------e----- /usr/share/doc/libchattr-1.0.so
----i---------e----- /usr/bin/chattr
I can't find information on the Web for the terms libbasechattr and libchattr.
I found the same behavior in two unrelated machines that are on different sites and don't communicate directly.
System details:
- Ubuntu Server 20.04.02 LTS
- Kernel Linux 5.4.0-66-generic #74-Ubuntu SMP Wed Jan 27 22:54:38 UTC 2021 x86_64
- OpenSSH_8.2p1, OpenSSL 1.1.1f 31 Mar 2020
- Filesystem is ext4 in one machine and btrfs in the other.
Has anyone experienced this before, is this a bug or an attack?
