Results 1 to 4 of 4

Thread: Coder

  1. #1
    Join Date
    Oct 2008
    Location
    Central Texas, in the sticks
    Posts
    148

    Default Coder

    I need somebody that can read code on my journal file for Systemd Journal file. I am getting the impression someone is accessing my machine remotely and I can't determine from what I am reading. I am looking for someone that is honest and will not take advantage of me or my property. I don't want to paste on Suse Paste site.
    Last edited by deano_ferrari; 18-Sep-2019 at 00:28. Reason: Moderator Edit

  2. #2
    Join Date
    Jan 2017
    Location
    Nürnberg, Germany
    Posts
    179

    Default Re: Coder

    Quote Originally Posted by cherock1254 View Post
    I need somebody that can read code on my journal file for Systemd Journal file. I am getting the impression someone is accessing my machine remotely and I can't determine from what I am reading. I am looking for someone that is honest and will not take advantage of me or my property. I don't want to paste on Suse Paste site.
    It’s not easy to help without further details. It reminds me of a similar case when somebody suspected a security problem with apache2 when the logs showed differently. The OP’s final post was »These answers can't change my opinion« which, in turn, discouraged others to reply any further. Maybe we all can do better. The thread does contain some tips on how to check for intruders/malware etc, so it is well worth a read.

    As far as I know, the systemd journal doesn’t contain security-sensitive information like passwords or »code«, but this of course also depends on the programs/drivers/daemons etc that submit their messages into it. If any package provided by openSUSE generated messages exposing vulnerabilities or private info, this warrants submitting a bug report.

    A simple test to see if journal messages stem from intruders or not may simply be to work offline for some time (no wifi, no Ethernet, no Bluetooth etc) and compare the message output during that time with the messages generated while online.

    Does your installation show any other signs of being compromised?
    Excessive hard disk or processor activity? May be data-indexing activity (baloo, akonadi) or filesystem maintenance operations (btrfs/XFS/ZFS).
    Lost data? Intruders usually try to keep a low profile and not raise suspicion, so lost or corrupted files may be more likely due to faulty hardware, which can also explain cryptic journal logs.
    Network activity when you do nothing? That may stem from automatic searches for mail or software updates, or NAS-/NFS-/Dropbox/cloud-sharing automatisms.

    All this can be opportunity to optimize your rig and do away with unnecessary bloat (I’m quite radical at that, having disabled baloo/akonadi/Plymouth/ntp etc, using ext4 and ssh exclusively, no other filesystems or file-sharing stuff). Well, most of it can — if you have faulty hardware, not much can be done in regards to software. Other than that, going through the subsystems and services and daemons, disabling/uninstalling them in order to see how Linux performs without them, or testing alternatives (in my case: exim instead of postfix, kdm instead of sddm/gdm, KDE instead of Gnome, systemd-networkd instead of NetworkManager/wicked etc.) has major advantages: it increases your knowledge about Linux and its components, and it gives you control over your system.

    Well, I’ll stop rambling for now.
    Do you have any further details you feel comfortable sharing?

  3. #3
    Join Date
    Aug 2017
    Location
    Montréal. Canada
    Posts
    94

    Default Re: Coder

    If you have a router, you might start changing the setting of your WiFi. Some router give the option of authorize specific IP.
    Hard times create strong men,
    Strong men create good times,
    Good times create weak men,
    Weak men create hard times.

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,278
    Blog Entries
    2

    Default Re: Coder

    The following is an easy to read article that walks you through a very large number of commands which you can run to look at your system log pieces at a time. Do you want to look only at errors? warnings? Maybe events or behavior related to a particular application or service? Maybe something that happened only withing the past few minutes? or Maybe happened between 10 and 15 minutes ago?

    The above possible ways and more are all described in the following article.

    https://www.digitalocean.com/communi...e-systemd-logs

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •