On 24/07/17 07:48 AM, Werner Flamme wrote:
Of course, nonsense files like mail.err, mail.log, mail.warn are empty. I only look at /var/log/mail - I need to collect all data to a connection, and the mail.prio files do not have those.
Actually /var/log/mail is a mail.prio file as well :-) But that's beside the point. Clearly this isn't a 'conventional' email service. At the extreme, a rogue, or as Carlos mentions, some malware, a trojan or something, isn't going to write to log files. Lsof and fuser will tell you about network connections and their associated processes. if you can't account for them all, be suspicious. There may be some parasite calling home. if you're not running Thunderbird and Firefox, which account for most of the connections my workstation has to all manner of sites, then the deviations from patterns you need to watch out for a re going to be more obvious. A full listing of IP connections with lsof might show up something you can't account for. Please don't expect a single lsof parameter to instantly tell you. You are going to have to do a bit of creative detective work. Yes, there are 'watcher' programs that will look out for the opening or creation of file or a network link. The issue is that you need to know what you are looking for in the first place. Assuming that this really is port 134 or port 25 might be like the drunk looking for his keys under the lamp post. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org