On Thu, 2025-11-06 at 23:04 +0100, Jean-Christophe Énée wrote:
> salut,
> je constate une activité suspect sur mon ip
> que faire ?
=== RAPPORT DE SÉCURITÉ DEBIAN TRIXIE ===
Généré le : Thu Nov 6 11:46:08 PM CET 2025
Hôte : blues-softwares
Version Debian : 13.1
[+] Vérification des mises à jour et paquets...
--- Paquets à mettre à jour ---
Listing...
--- Paquets obsolètes ou inutiles ---
Aucun paquet obsolète.
--- Paquets cassés ou mal configurés ---
[+] Analyse des services et processus...
--- Services en échec ---
UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
--- Processus suspects (top 10 CPU/RAM) ---
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
jean-ch+ 16817 12.4 0.4 2899568 320948 ? Sl 22:43 7:45
/usr/lib/firefox-esr/firefox-esr -contentproc -isForBrowser -
prefsHandle 0:43529 -prefMapHandle 1:271902 -jsInitHandle 2:242716 -
parentBuildID 20251009121631 -sandboxReporter 3 -chrootClient 4 -
ipcHandle 5 -initialChannelId {db5307ea-061e-47ea-8075-0e3cf8b4d68d} -
parentPid 16073 -crashReporter 6 -crashHelper 7 -greomni
/usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-
esr/browser/omni.ja -appDir /usr/lib/firefox-esr/browser 12 tab
jean-ch+ 16073 11.6 0.8 11981992 585560 ? Sl 22:26 9:14
/usr/lib/firefox-esr/firefox-esr
jean-ch+ 2010 2.0 0.3 4740848 258604 ? Ssl 14:03 12:02
/usr/bin/gnome-shell
jean-ch+ 133863 1.8 0.0 7024 3408 pts/0 S+ 23:46 0:00
/bin/bash ./security-repport.sh
jean-ch+ 16166 0.9 0.1 523660 104676 ? Sl 22:26 0:47
/usr/lib/firefox-esr/firefox-esr -contentproc -parentBuildID
20251009121631 -prefsHandle 0:37395 -prefMapHandle 1:271902 -
sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId
{b01b180b-cc9c-4d23-9dbd-a64ec7116111} -parentPid 16073 -crashReporter
5 -crashHelper 6 -appDir /usr/lib/firefox-esr/browser 3 rdd
jean-ch+ 5702 0.7 0.4 76467224 293228 ? SLl 14:49 3:51
/usr/bin/evolution
jean-ch+ 16227 0.6 0.4 23946992 305956 ? Sl 22:26 0:32
/usr/lib/firefox-esr/firefox-esr -contentproc -isForBrowser -
prefsHandle 0:46801 -prefMapHandle 1:271902 -jsInitHandle 2:242716 -
parentBuildID 20251009121631 -sandboxReporter 3 -chrootClient 4 -
ipcHandle 5 -initialChannelId {0b60060d-c971-4aba-8fbe-ae982bc569d6} -
parentPid 16073 -crashReporter 6 -crashHelper 7 -greomni
/usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-
esr/browser/omni.ja -appDir /usr/lib/firefox-esr/browser 4 tab
jean-ch+ 133800 0.4 0.1 2432204 81076 ? Sl 23:45 0:00
/usr/lib/firefox-esr/firefox-esr -contentproc -isForBrowser -
prefsHandle 0:43528 -prefMapHandle 1:271902 -jsInitHandle 2:242716 -
parentBuildID 20251009121631 -sandboxReporter 3 -chrootClient 4 -
ipcHandle 5 -initialChannelId {75e90390-5fda-488a-b76c-23ddd99a5816} -
parentPid 16073 -crashReporter 6 -crashHelper 7 -greomni
/usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-
esr/browser/omni.ja -appDir /usr/lib/firefox-esr/browser 34 tab
root 17921 0.4 0.0 0 0 ? I 23:11 0:08
[kworker/u32:8-kcryptd-254:0-1]
root 133489 0.2 0.0 0 0 ? I 23:37 0:01
[kworker/5:1-mm_percpu_wq]
[+] Audit des utilisateurs et permissions...
--- Utilisateurs avec UID 0 (root) ---
root
--- Fichiers avec bit SUID/SGID ---
/usr/lib/xorg/Xorg.wrap
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/x86_64-linux-gnu/utempter/utempter
/usr/lib/openssh/ssh-keysign
/usr/lib/polkit-1/polkit-agent-helper-1
/usr/bin/crontab
/usr/bin/gpasswd
/usr/bin/chsh
/usr/bin/chfn
/usr/bin/passwd
[+] Analyse réseau...
--- Ports ouverts ---
Netid State Recv-Q Send-Q Local Address:Port Peer
Address:PortProcess
udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:40122 0.0.0.0:*
udp UNCONN 0 0 [::]:59440 [::]:*
udp UNCONN 0 0 [::]:5353 [::]:*
tcp LISTEN 0 4096 127.0.0.1:631 0.0.0.0:*
tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 4096 [::1]:631 [::]:*
--- Connexions actives ---
Total: 1097
TCP: 17 (estab 11, closed 1, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 1 0 1
UDP 7 5 2
TCP 16 12 4
INET 24 17 7
FRAG 0 0 0
--- Règles pare-feu (iptables/ufw) ---
Aucune règle de pare-feu active.
[+] Analyse des logs système...
--- Dernières erreurs système ---
Nov 06 03:01:11 blues-softwares sudo[18388]: pam_unix(sudo:auth): auth
could not identify password for [jean-christophe]
Nov 06 03:01:11 blues-softwares sudo[18388]: jean-christophe : user NOT
in sudoers ; TTY=pts/1 ; PWD=/home/jean-christophe/Videos/.perso ;
USER=root ; COMMAND=/usr/bin/apt install xchat
Nov 06 03:01:32 blues-softwares sudo[18391]: jean-christophe : user NOT
in sudoers ; TTY=pts/1 ; PWD=/home/jean-christophe/Videos/.perso ;
USER=root ; COMMAND=/usr/bin/apt install hexchat
Nov 06 04:07:11 blues-softwares python3[27775]: Settings schema
'org.virt-manager.virt-manager' is not installed
Nov 06 04:07:14 blues-softwares python3[28921]: Settings schema
'org.virt-manager.virt-manager' is not installed
Nov 06 04:07:18 blues-softwares python3[32003]: Settings schema
'org.virt-manager.virt-manager' is not installed
Nov 06 04:07:24 blues-softwares python3[32416]: Settings schema
'org.virt-manager.virt-manager' is not installed
Nov 06 05:22:38 blues-softwares sudo[36970]: jean-christophe : user NOT
in sudoers ; TTY=pts/1 ; PWD=/home/jean-christophe/Videos/.perso ;
USER=root ; COMMAND=/usr/bin/apt install blueman-manager
-- Boot f54a9c62dcd54442bf9453659c2a9b82 --
Nov 06 11:44:01 blues-softwares systemd[1997]: Failed to start app-
gnome-gnome\x2dkeyring\x2dpkcs11-2152.scope - Application launched by
gnome-session-binary.
Nov 06 11:44:01 blues-softwares systemd[1997]: Failed to start app-
gnome-gnome\x2dkeyring\x2dsecrets-2154.scope - Application launched by
gnome-session-binary.
Nov 06 11:44:01 blues-softwares systemd[1997]: Failed to start app-
gnome-xdg\x2duser\x2ddirs-2171.scope - Application launched by gnome-
session-binary.
-- Boot 02d44016b12040d79b52587d1dd77703 --
Nov 06 11:58:18 blues-softwares systemd[1861]: Failed to start app-
gnome-gnome\x2dkeyring\x2dpkcs11-2014.scope - Application launched by
gnome-session-binary.
Nov 06 11:58:18 blues-softwares systemd[1861]: Failed to start app-
gnome-gnome\x2dkeyring\x2dsecrets-2016.scope - Application launched by
gnome-session-binary.
Nov 06 11:58:19 blues-softwares systemd[1861]: Failed to start app-
gnome-user\x2ddirs\x2dupdate\x2dgtk-2156.scope - Application launched
by gnome-session-binary.
-- Boot f77eade28fc942059b29d207be4ae8cb --
Nov 06 12:26:13 blues-softwares systemd[1846]: Failed to start app-
gnome-gnome\x2dkeyring\x2dpkcs11-2000.scope - Application launched by
gnome-session-binary.
Nov 06 12:26:13 blues-softwares systemd[1846]: Failed to start app-
gnome-gnome\x2dkeyring\x2dsecrets-2002.scope - Application launched by
gnome-session-binary.
Nov 06 12:26:13 blues-softwares systemd[1846]: Failed to start app-
gnome-xdg\x2duser\x2ddirs-2019.scope - Application launched by gnome-
session-binary.
-- Boot 5ef4fe990242451890d13505a2a2304d --
Nov 06 14:03:20 blues-softwares systemd[1840]: Failed to start app-
gnome-gnome\x2dkeyring\x2dpkcs11-1993.scope - Application launched by
gnome-session-binary.
Nov 06 14:03:20 blues-softwares systemd[1840]: Failed to start app-
gnome-gnome\x2dkeyring\x2dsecrets-1995.scope - Application launched by
gnome-session-binary.
Nov 06 14:03:20 blues-softwares systemd[1840]: Failed to start app-
gnome-xdg\x2duser\x2ddirs-2012.scope - Application launched by gnome-
session-binary.
--- Tentatives de connexion SSH échouées ---
[+] Vérification de l'intégrité des fichiers système...
--- Hash des fichiers critiques ---
8be8cbeddef08e99c9c53f5a5b552ebe /etc/passwd
bc42be5b53891bc2c29e291f629b447d /etc/group
Impossible de vérifier les hash.
[!] Lynis non installé. Installe-le avec : sudo apt install lynis
=== FIN DU RAPPORT ===
Ce rapport a été généré automatiquement.
Pour toute question, contactez votre administrateur système.
