This is a new server I provisioned on my VPS in racknerd. The command looks safe, but I'm wondering if these commands were executed on its own? Or someone has logged in to my VPS? This is also not normal, isn't it?
From the location of that script usr lib virt-sysprep looks to be a script put in the image by the provided to do a few things on first boot.
Would have thought it was normal, but you can always ask them to double check
so what are the options for the customers like us if we don't want them to access our server? how do i know if they logged in using a different method other than ssh?