Date: Tue, 17 Nov 2020 11:30:34 +0000 From: Paweł Krawczyk <pawel.krawczyk@...h.com> To: lkrg-users@...ts.openwall.com Subject: Corrupted 'off' flag Seeing these periodically: Nov 17 11:25:18 curie kernel: [p_lkrg] <Exploit Detection> ON process[25086 | last] has corrupted 'off' flag! Nov 17 11:25:18 curie kernel: [p_lkrg] <Exploit Detection> Trying to kill process[last | 25086]! I suspect this is the `last` command is being run periodically by Wazuh. When run as root from command line LKRG doesn't kick in. No harm done otherwise, so just reporting this as a minor annoyance. Kernel: Linux curie 5.4.0-54-generic #60-Ubuntu SMP Fri Nov 6 10:37:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux LKRG is the latest git branch pulled & compiled yesterday. Download attachment "smime.p7s" of type "application/pkcs7-signature" (4498 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.