我怀疑有人可能访问了我的 Ubuntu 系统,因为每当我做一些重要的事情(例如输入大量未保存的文本或训练深度学习模型(在云端使用 Chrome))时,Chrome 浏览器就会崩溃。我知道这可能只是 Chrome 的一个错误,但当我使用 Windows 10 时也会发生这种情况。所以我切换到 Ubuntu(双启动),因为 Windows 10 突然变得非常慢且滞后。
为了调查,我在 Ubuntu 操作系统上运行了一些互联网命令,我发现了一些奇怪的行为。请看一下我在运行一些用户登录命令后从终端获得的以下文本:
Nov 29 06:13:12 shivam-X510UNR PackageKit: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
Nov 29 06:13:12 shivam-X510UNR PackageKit: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh
Nov 29 06:15:52 shivam-X510UNR pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Nov 29 06:15:52 shivam-X510UNR pkexec[143327]: shivam: Executing command [USER=root] [TTY=unknown] [CWD=/home/shivam] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Nov 29 06:17:01 shivam-X510UNR CRON[143404]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 06:17:01 shivam-X510UNR CRON[143404]: pam_unix(cron:session): session closed for user root
Nov 29 06:25:01 shivam-X510UNR CRON[143823]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 06:25:01 shivam-X510UNR CRON[143823]: pam_unix(cron:session): session closed for user root
Nov 29 06:41:32 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 07:17:01 shivam-X510UNR CRON[148081]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 07:17:01 shivam-X510UNR CRON[148081]: pam_unix(cron:session): session closed for user root
Nov 29 07:30:01 shivam-X510UNR CRON[149104]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 07:30:01 shivam-X510UNR CRON[149104]: pam_unix(cron:session): session closed for user root
Nov 29 07:44:41 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 08:17:01 shivam-X510UNR CRON[153341]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 08:17:01 shivam-X510UNR CRON[153341]: pam_unix(cron:session): session closed for user root
Nov 29 08:30:02 shivam-X510UNR CRON[154580]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 08:30:02 shivam-X510UNR CRON[154580]: pam_unix(cron:session): session closed for user root
Nov 29 08:37:11 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 09:17:01 shivam-X510UNR CRON[159044]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 09:17:02 shivam-X510UNR CRON[159044]: pam_unix(cron:session): session closed for user root
Nov 29 09:30:02 shivam-X510UNR CRON[160402]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 09:30:02 shivam-X510UNR CRON[160402]: pam_unix(cron:session): session closed for user root
Nov 29 09:44:42 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 10:17:01 shivam-X510UNR CRON[164225]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 10:17:01 shivam-X510UNR CRON[164225]: pam_unix(cron:session): session closed for user root
Nov 29 10:30:01 shivam-X510UNR CRON[165465]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 10:30:01 shivam-X510UNR CRON[165465]: pam_unix(cron:session): session closed for user root
Nov 29 10:44:42 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 11:17:02 shivam-X510UNR CRON[169674]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 11:17:02 shivam-X510UNR CRON[169674]: pam_unix(cron:session): session closed for user root
Nov 29 11:30:01 shivam-X510UNR CRON[170798]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 11:30:01 shivam-X510UNR CRON[170798]: pam_unix(cron:session): session closed for user root
Nov 29 11:36:44 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 12:17:01 shivam-X510UNR CRON[175036]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 12:17:01 shivam-X510UNR CRON[175036]: pam_unix(cron:session): session closed for user root
Nov 29 12:19:18 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/2, but it's already registered
Nov 29 12:19:19 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/2, but it's already registered
Nov 29 12:26:43 shivam-X510UNR sudo: shivam : TTY=pts/0 ; PWD=/home/shivam ; USER=root ; COMMAND=/usr/sbin/iftop -i wlp2s0
Nov 29 12:26:43 shivam-X510UNR sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 29 12:28:42 shivam-X510UNR polkitd(authority=local): Operator of unix-session:1 successfully authenticated as unix-user:shivam to gain TEMPORARY authorization for action org.gnome.controlcenter.user-accounts.administration for unix-process:177638:17074536 [gnome-control-center] (owned by unix-user:shivam)
Nov 29 12:30:01 shivam-X510UNR CRON[177712]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 29 12:30:01 shivam-X510UNR CRON[177712]: pam_unix(cron:session): session closed for user root
Nov 29 12:44:42 shivam-X510UNR gnome-keyring-daemon[1189]: asked to register item /org/freedesktop/secrets/collection/login/6, but it's already registered
Nov 29 12:46:09 shivam-X510UNR sudo: shivam : TTY=pts/1 ; PWD=/home/shivam ; USER=root ; COMMAND=/usr/sbin/service ssh status
Nov 29 12:46:09 shivam-X510UNR sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 29 12:46:10 shivam-X510UNR sudo: pam_unix(sudo:session): session closed for user root
Nov 29 12:46:14 shivam-X510UNR sudo: shivam : TTY=pts/1 ; PWD=/home/shivam ; USER=root ; COMMAND=/usr/sbin/service ssh status
Nov 29 12:46:14 shivam-X510UNR sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 29 12:46:14 shivam-X510UNR sudo: pam_unix(sudo:session): session closed for user root
Nov 29 12:46:34 shivam-X510UNR sudo: shivam : TTY=pts/1 ; PWD=/home/shivam ; USER=root ; COMMAND=/usr/bin/systemctl status ssh
Nov 29 12:46:34 shivam-X510UNR sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Nov 29 12:46:34 shivam-X510UNR sudo: pam_unix(sudo:session): session closed for user root
这看起来可疑吗?Google Chrome 在我的 PC 上运行了一整天,因此其中一些会话可能与此有关。在这里,我就是运行 sudo 命令的人。我不明白其他会话是做什么用的。这是否意味着其他人也可以访问我的 PC?
此外,运行时我还会看到以下输出:
sudo iftop -i wlp2s0
与我的 PC 通信的这些 ec2 实例是什么?不确定后台进程,但当我运行该命令时,除了终端之外没有打开任何东西。