Comparing file differences between an offline and an online linux image

so I hired a freelancer to do some work on my server that required admin access.

Before hiring him I took a backup of my debian installation on that server.

I have a basic level of trust with this guy but just to be sure is there a way to check the complete debian installation for differences in files?

Something that will preferably output a list of directories that either do not exist in my offline backup or files that have different size or have been edited recently.

So that I can check upon any added config file/software that he may have installed without my approval?

Thanks.

Use your backup software to take another backup and list files changed. A long list, and there is no general purpose way to evaluate it. Perhaps spot check that security critical authentication configuration was not touched, and the installed software set is reasonable.

Your help should not have permissions to write to backup storage if not in the scope of work. Otherwise a malicious person could modify history.

Consider implementing centralized logging, also restricted access so it cannot be modified. syslog, possibly additional audit or application logging. Also large volume, so reading it all is not feasible. Yet having such logs secured enables reconstructing what happened if required.

Responsible people will understand these precautions as a part of principles like separation of duties. Audit trails and recovery systems are not to be tampered with.

An automation centered approach may reduce your dependence on how one host is configured. Deliverables could include scripts to do the requested tasks. Review the scripts, test them. Burn the test environment down and rebuild it, as if you really were compromised and needed to recover on clean installs.