Web lists-archives.com

Re: Strange attacks in my log




Am Donnerstag, 21. Februar 2019, 16:46:42 CET schrieb Reco:
Yes, worked. However, I did not find any unusual, however, putting a stick in 
is starting "colord-sane", which will explain the UDP request.

This does not explain, why a sd-card or usb-stick is calling this.

The only explanation I have, is that the kernel starts some module, which acts 
as watched. 

I wonder, why no one else noticed this behaviour, as this looks a "normal" 
behaviour on all systems.

Very strange.....

Best 

Hans
> 	Hi.
> 
> On Thu, Feb 21, 2019 at 04:29:11PM +0100, Hans wrote:
> > Hmm, tried "auditctl -a always,exit -S connect -F arch=b64
> 
> auditctl -a always,exit -S connect
> 
> Ignore 'syscall mismatch' warning, it will work anyway.
> 
> > Tha manual told nothing about a logfile.
> 
> It's /var/log/audit/audit.log.
> Red Hat documentation at it's finest.
> 
> Reco

Attachment: signature.asc
Description: This is a digitally signed message part.