Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Nov 2020 11:30:34 +0000
From: PaweĊ‚ Krawczyk <pawel.krawczyk@...h.com>
To: lkrg-users@...ts.openwall.com
Subject: Corrupted 'off' flag


Seeing these periodically:

Nov 17 11:25:18 curie kernel: [p_lkrg] <Exploit Detection> ON
process[25086 | last] has corrupted 'off' flag!

Nov 17 11:25:18 curie kernel: [p_lkrg] <Exploit Detection> Trying to
kill process[last | 25086]!


I suspect this is the `last` command is being run periodically by Wazuh.
When run as root from command line LKRG doesn't kick in. No harm done
otherwise, so just reporting this as a minor annoyance.

Kernel:

Linux curie 5.4.0-54-generic #60-Ubuntu SMP Fri Nov 6 10:37:59 UTC 2020
x86_64 x86_64 x86_64 GNU/Linux


LKRG is the latest git branch pulled & compiled yesterday.


Download attachment "smime.p7s" of type "application/pkcs7-signature" (4498 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.