grsec-unoff RAP related Call Traces, 171124-0102 oops
(No. 0) 171114-1000-manu 171117-1426-oops 171118-0933-rsys 171118-1030-none 171122-1348-rsys 171123-1254 171123-1530 171124-0102-none 180101-1917-rsync
Only where (the gap) it happened, but nothing has been in the logs.
Nov 24 00:55:04 gdOv kernel: [ 1711.731331] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/nsprpub by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0 Nov 24 00:55:04 gdOv kernel: [ 1711.731368] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/nsprpub/tools by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0 Nov 24 00:55:04 gdOv kernel: [ 1711.731559] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/nsprpub by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0 Nov 24 00:55:04 gdOv kernel: [ 1711.731569] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0 Nov 24 00:55:04 gdOv kernel: [ 1711.731602] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/other-licenses by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0 Nov 24 00:55:04 gdOv kernel: [ 1711.731837] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/other-licenses/7zstub by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.394372] grsec: exec of /bin/sed (sed s/ *#.*// ) by /bin/sed[cryptdisks:1288] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1286] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.399101] grsec: exec of /bin/sed (sed s/=.*// ) by /bin/sed[cryptdisks:1291] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1289] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.401623] grsec: exec of /bin/sed (sed /=/!d;s/^.*=// ) by /bin/sed[cryptdisks:1294] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1292] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.403790] grsec: exec of /bin/readlink (readlink -f /dev/disk/by-uuid/445f3d74-3251-4b48-a0f3-911e75f70548 ) by /bin/readlink[cryptdisks:1295] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1274] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.405481] grsec: exec of /bin/sed (sed s/ *#.*// ) by /bin/sed[cryptdisks:1298] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1296] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.408144] grsec: exec of /bin/sed (sed s/=.*// ) by /bin/sed[cryptdisks:1301] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1299] uid/euid:0/0 gid/egid:0/0 Nov 24 01:15:27 gdOv kernel: [ 93.410455] grsec: exec of /bin/sed (sed /=/!d;s/^.*=// ) by /bin/sed[cryptdisks:1304] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1302] uid/euid:0/0 gid/egid:0/0
But we've seen this behavior already, this time, on the first reboot, it looked like this:
early console in extract_kernel input_data: 0x0000000002d703b4 input_len: 0x000000000086d05c output: 0x0000000001000000 output_len: 0x00000000024b9868 kernel_total_size: 0x0000000002600000 Decompressing Linux... XZ-compressed data is corrupt -- System halted
And on the second reboot, it looked like this:
early console in extract_kernel input_data: 0x0000000002d703b4 input_len: 0x000000000086d05c output: 0x0000000001000000 output_len: 0x00000000024b9868 kernel_total_size: 0x0000000002600000 Decompressing Linux... XZ-compressed data is corrupt -- System halted
id est, exactly the same :-) .
But afterward, after the next boot, all was fine, and continues to be so (it's past half day on as I'm writing these lines).
To me, this looks sinister, and I'm not at all sure I'm going to be able to protect my system, if these are some kind of intrusional events.
I'm unable to learn computing fast enough to defend from these... (Namely, why is it that these, and other stuff, almost exclusively only happen in my for-online clone?)
---
The verifiable files necessary for this study, if any, are listed in the main page of this section.
---