据我所知,kjournald
这不是一个网络程序,而是一个处理 EXT3 日志的程序(我在 Ubuntu 16.04 上运行 EXT4)。然而,运行时sudo netstap -tapn
它出现了近 700 次,连接到意大利某家公司的 IP(bladerunner.consultingweb.it
)。
$ sudo netstat -tapn | grep 195.128.235.204
tcp 0 0 192.168.10.2:40298 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57720 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51432 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:41414 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40978 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:35624 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39832 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:54744 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58092 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51320 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34280 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53338 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51016 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58592 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34622 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57781 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:32810 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60852 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38062 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60430 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57078 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:41574 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51022 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40004 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58926 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58840 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44256 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:37728 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56234 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:59458 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:32922 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:49780 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38502 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:50161 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57556 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:54720 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57006 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:48682 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:46554 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58090 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38030 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38719 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56058 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38986 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44568 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39028 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56554 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56598 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45916 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53928 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34792 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:59738 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:35520 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:59982 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53700 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55614 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56916 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57932 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53244 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:47948 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57394 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44556 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60434 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55224 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56480 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34782 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:48428 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36124 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:37102 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:33032 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:52590 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45902 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44980 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60040 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:35432 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:48280 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:46228 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:46508 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45244 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:54024 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55690 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58760 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58204 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36384 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:35826 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:41240 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:35724 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56584 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40854 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:43338 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51895 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40430 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:41086 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53172 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36066 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56060 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55002 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55236 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:49310 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:47750 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36626 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34086 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55952 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39652 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:54506 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:48116 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:46141 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:54170 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39910 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38612 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36442 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:46938 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51056 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:32866 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:49762 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:42960 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:43648 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60578 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45604 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57336 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60136 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:50864 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53514 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:33970 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:49662 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39208 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:49070 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39336 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60948 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51636 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45510 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44562 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44269 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36108 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53422 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53904 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:50160 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:47702 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58108 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:52148 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57710 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51468 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:52660 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40262 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38000 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:38718 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:43164 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51926 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57748 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:49084 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36500 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:42730 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:42422 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58998 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:33216 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58696 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:52436 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:47180 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:50716 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53922 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:33278 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:43736 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:51336 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:42176 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57557 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:42606 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39050 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58302 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:48976 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:47338 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:33666 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56760 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:42672 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39714 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40634 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34132 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:58454 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36868 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:35094 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56484 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60266 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:33218 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:52490 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:34398 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:36502 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:46528 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:53344 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:55416 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56762 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:56990 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45376 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:40574 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:45362 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:57274 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:39122 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:44852 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
tcp 0 0 192.168.10.2:60802 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
...
etc
kaufman at timbuktu in ~
$ sudo netstat -tapn | grep 195.128.235.204 | wc -l
664
我真的不明白。这kjournald
看起来不像是被篡改的可执行文件,而是某种内部工具,所以我不确定该怎么做:
$ cat /proc/20086/cmdline
[kjournald]
我尝试了nmap
一遍又telnet
一遍的端口,但不明白它在做什么:
$ telnet 195.128.235.204 2525
Trying 195.128.235.204...
Connected to 195.128.235.204.
Escape character is '^]'.
NOTICE AUTH :*** Looking up your hostname...
第二次尝试
$ sudo nmap -p 2525 195.128.235.204
Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-08 11:36 CET
Nmap scan report for bladerunner.consultingweb.it (195.128.235.204)
Host is up (0.042s latency).
PORT STATE SERVICE
2525/tcp open ms-v-worlds
Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds
答案1
正如怀疑的那样,这是黑客攻击的结果。完整的事后分析可以在 GitHub 上找到,以及所有脚本和我发现的方式。
基本上:
# finding the process number
sudo netstap -tapn | grep kjournald
...
tcp 0 0 192.168.10.2:37126 195.128.235.204:2525 ESTABLISHED 20086/[kjournald]
# finding which executable is running under that process
sudo ls -lh /proc/20086/exe
lrwxrwxrwx 1 root root 0 feb. 8 15:56 /proc/20086/exe -> /var/tmp/32a1e380
# ehhh ... that seems weird
# goodbye
$ sudo rm /var/tmp/32a1e380*
$ sudo kill 20086