Recently, someone or something has been turning off IP forwarding on my CentOS server: -------------------------- [tim@william NumberTheory]$ sudo sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 [tim@william NumberTheory]$ sudo sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 [tim@william NumberTheory]$ sudo sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 -------------------------- Who or what can this be?
On 2015-01-22, Timothy Murphy gayleard@eircom.net wrote:
Recently, someone or something has been turning off IP forwarding on my CentOS server:
[tim@william NumberTheory]$ sudo sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 [tim@william NumberTheory]$ sudo sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 [tim@william NumberTheory]$ sudo sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
Who or what can this be?
The file /etc/sudoers (and any fragments under /etc/sudoers.d/) will tell you which users are allowed to run that command. If you cross-reference that information with the output of the 'last' command you might be able to identify the user in question.
-
Liam O'Toole -
Timothy Murphy