I need somebody that can read code on my journal file for Systemd Journal file. I am getting the impression someone is accessing my machine remotely and I can’t determine from what I am reading. I am looking for someone that is honest and will not take advantage of me or my property. I don’t want to paste on Suse Paste site.

It’s not easy to help without further details. It reminds me of a similar case when somebody suspected a security problem with apache2 when the logs showed differently. The OP’s final post was »These answers can’t change my opinion«]( which, in turn, discouraged others to reply any further. Maybe we all can do better. The thread does contain some tips on how to check for intruders/malware etc, so it is well worth a read.

As far as I know, the systemd journal doesn’t contain security-sensitive information like passwords or »code«, but this of course also depends on the programs/drivers/daemons etc that submit their messages into it. If any package provided by openSUSE generated messages exposing vulnerabilities or private info, this warrants submitting a bug report.

A simple test to see if journal messages stem from intruders or not may simply be to work offline for some time (no wifi, no Ethernet, no Bluetooth etc) and compare the message output during that time with the messages generated while online.

Does your installation show any other signs of being compromised?
Excessive hard disk or processor activity? May be data-indexing activity (baloo, akonadi) or filesystem maintenance operations (btrfs/XFS/ZFS).
Lost data? Intruders usually try to keep a low profile and not raise suspicion, so lost or corrupted files may be more likely due to faulty hardware, which can also explain cryptic journal logs.
Network activity when you do nothing? That may stem from automatic searches for mail or software updates, or NAS-/NFS-/Dropbox/cloud-sharing automatisms.

All this can be opportunity to optimize your rig and do away with unnecessary bloat (I’m quite radical at that, having disabled baloo/akonadi/Plymouth/ntp etc, using ext4 and ssh exclusively, no other filesystems or file-sharing stuff). Well, most of it can — if you have faulty hardware, not much can be done in regards to software. Other than that, going through the subsystems and services and daemons, disabling/uninstalling them in order to see how Linux performs without them, or testing alternatives (in my case: exim instead of postfix, kdm instead of sddm/gdm, KDE instead of Gnome, systemd-networkd instead of NetworkManager/wicked etc.) has major advantages: it increases your knowledge about Linux and its components, and it gives you control over your system.

Well, I’ll stop rambling for now. :slight_smile:
Do you have any further details you feel comfortable sharing?

If you have a router, you might start changing the setting of your WiFi. Some router give the option of authorize specific IP.

The following is an easy to read article that walks you through a very large number of commands which you can run to look at your system log pieces at a time. Do you want to look only at errors? warnings? Maybe events or behavior related to a particular application or service? Maybe something that happened only withing the past few minutes? or Maybe happened between 10 and 15 minutes ago?

The above possible ways and more are all described in the following article.