On 2015-01-22, Timothy Murphy <gayleard at eircom.net> wrote: > Recently, someone or something has been turning off IP forwarding > on my CentOS server: > -------------------------- > [tim at william NumberTheory]$ sudo sysctl net.ipv4.ip_forward > net.ipv4.ip_forward = 0 > [tim at william NumberTheory]$ sudo sysctl -w net.ipv4.ip_forward=1 > net.ipv4.ip_forward = 1 > [tim at william NumberTheory]$ sudo sysctl net.ipv4.ip_forward > net.ipv4.ip_forward = 1 > -------------------------- > Who or what can this be? > The file /etc/sudoers (and any fragments under /etc/sudoers.d/) will tell you which users are allowed to run that command. If you cross-reference that information with the output of the 'last' command you might be able to identify the user in question. -- Liam