jean-christophe@blues-softwares:~/Admin$ apt search lynis
forensics-extra/stable 2.58 all
Forensics Environment - extra console components (metapackage)
lynis/stable,now 3.1.4-1 all [installed]
security auditing tool for Unix based systems
tiger/stable 1:3.2.4~rc1-3.4 amd64
security auditing and intrusion detection tools for Linux
jean-christophe@blues-softwares:~/Admin$ sud o
On Thu, 2025-11-06 at 23:47 +0100, Jean-Christophe Énée wrote:
> On Thu, 2025-11-06 at 23:04 +0100, Jean-Christophe Énée wrote:
> > salut,
> > je constate une activité suspect sur mon ip
> > que faire ?
> === RAPPORT DE SÉCURITÉ DEBIAN TRIXIE ===
> Généré le : Thu Nov 6 11:46:08 PM CET 2025
> Hôte : blues-softwares
> Version Debian : 13.1
>
> [+] Vérification des mises à jour et paquets...
> --- Paquets à mettre à jour ---
> Listing...
>
> --- Paquets obsolètes ou inutiles ---
> Aucun paquet obsolète.
>
> --- Paquets cassés ou mal configurés ---
>
> [+] Analyse des services et processus...
> --- Services en échec ---
> UNIT LOAD ACTIVE SUB DESCRIPTION
>
> 0 loaded units listed.
>
> --- Processus suspects (top 10 CPU/RAM) ---
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
> COMMAND
> jean-ch+ 16817 12.4 0.4 2899568 320948 ? Sl 22:43 7:45
> /usr/lib/firefox-esr/firefox-esr -contentproc -isForBrowser -
> prefsHandle 0:43529 -prefMapHandle 1:271902 -jsInitHandle 2:242716 -
> parentBuildID 20251009121631 -sandboxReporter 3 -chrootClient 4 -
> ipcHandle 5 -initialChannelId {db5307ea-061e-47ea-8075-0e3cf8b4d68d}
> -
> parentPid 16073 -crashReporter 6 -crashHelper 7 -greomni
> /usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-
> esr/browser/omni.ja -appDir /usr/lib/firefox-esr/browser 12 tab
> jean-ch+ 16073 11.6 0.8 11981992 585560 ? Sl 22:26 9:14
> /usr/lib/firefox-esr/firefox-esr
> jean-ch+ 2010 2.0 0.3 4740848 258604 ? Ssl 14:03 12:02
> /usr/bin/gnome-shell
> jean-ch+ 133863 1.8 0.0 7024 3408 pts/0 S+ 23:46 0:00
> /bin/bash ./security-repport.sh
> jean-ch+ 16166 0.9 0.1 523660 104676 ? Sl 22:26 0:47
> /usr/lib/firefox-esr/firefox-esr -contentproc -parentBuildID
> 20251009121631 -prefsHandle 0:37395 -prefMapHandle 1:271902 -
> sandboxReporter 2 -chrootClient 3 -ipcHandle 4 -initialChannelId
> {b01b180b-cc9c-4d23-9dbd-a64ec7116111} -parentPid 16073 -
> crashReporter
> 5 -crashHelper 6 -appDir /usr/lib/firefox-esr/browser 3 rdd
> jean-ch+ 5702 0.7 0.4 76467224 293228 ? SLl 14:49 3:51
> /usr/bin/evolution
> jean-ch+ 16227 0.6 0.4 23946992 305956 ? Sl 22:26 0:32
> /usr/lib/firefox-esr/firefox-esr -contentproc -isForBrowser -
> prefsHandle 0:46801 -prefMapHandle 1:271902 -jsInitHandle 2:242716 -
> parentBuildID 20251009121631 -sandboxReporter 3 -chrootClient 4 -
> ipcHandle 5 -initialChannelId {0b60060d-c971-4aba-8fbe-ae982bc569d6}
> -
> parentPid 16073 -crashReporter 6 -crashHelper 7 -greomni
> /usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-
> esr/browser/omni.ja -appDir /usr/lib/firefox-esr/browser 4 tab
> jean-ch+ 133800 0.4 0.1 2432204 81076 ? Sl 23:45 0:00
> /usr/lib/firefox-esr/firefox-esr -contentproc -isForBrowser -
> prefsHandle 0:43528 -prefMapHandle 1:271902 -jsInitHandle 2:242716 -
> parentBuildID 20251009121631 -sandboxReporter 3 -chrootClient 4 -
> ipcHandle 5 -initialChannelId {75e90390-5fda-488a-b76c-23ddd99a5816}
> -
> parentPid 16073 -crashReporter 6 -crashHelper 7 -greomni
> /usr/lib/firefox-esr/omni.ja -appomni /usr/lib/firefox-
> esr/browser/omni.ja -appDir /usr/lib/firefox-esr/browser 34 tab
> root 17921 0.4 0.0 0 0 ? I 23:11 0:08
> [kworker/u32:8-kcryptd-254:0-1]
> root 133489 0.2 0.0 0 0 ? I 23:37 0:01
> [kworker/5:1-mm_percpu_wq]
>
> [+] Audit des utilisateurs et permissions...
> --- Utilisateurs avec UID 0 (root) ---
> root
>
> --- Fichiers avec bit SUID/SGID ---
> /usr/lib/xorg/Xorg.wrap
> /usr/lib/dbus-1.0/dbus-daemon-launch-helper
> /usr/lib/x86_64-linux-gnu/utempter/utempter
> /usr/lib/openssh/ssh-keysign
> /usr/lib/polkit-1/polkit-agent-helper-1
> /usr/bin/crontab
> /usr/bin/gpasswd
> /usr/bin/chsh
> /usr/bin/chfn
> /usr/bin/passwd
>
> [+] Analyse réseau...
> --- Ports ouverts ---
> Netid State Recv-Q Send-Q Local Address:Port Peer
> Address:PortProcess
> udp UNCONN 0 0 192.168.122.1:53 0.0.0.0:*
> udp UNCONN 0 0 0.0.0.0%virbr0:67 0.0.0.0:*
> udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
> udp UNCONN 0 0 0.0.0.0:40122 0.0.0.0:*
> udp UNCONN 0 0 [::]:59440 [::]:*
> udp UNCONN 0 0 [::]:5353 [::]:*
> tcp LISTEN 0 4096 127.0.0.1:631 0.0.0.0:*
> tcp LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
> tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
> tcp LISTEN 0 128 [::]:22 [::]:*
> tcp LISTEN 0 4096 [::1]:631 [::]:*
>
> --- Connexions actives ---
> Total: 1097
> TCP: 17 (estab 11, closed 1, orphaned 0, timewait 0)
>
> Transport Total IP IPv6
> RAW 1 0 1
> UDP 7 5 2
> TCP 16 12 4
> INET 24 17 7
> FRAG 0 0 0
>
>
> --- Règles pare-feu (iptables/ufw) ---
> Aucune règle de pare-feu active.
>
> [+] Analyse des logs système...
> --- Dernières erreurs système ---
> Nov 06 03:01:11 blues-softwares sudo[18388]: pam_unix(sudo:auth):
> auth
> could not identify password for [jean-christophe]
> Nov 06 03:01:11 blues-softwares sudo[18388]: jean-christophe : user
> NOT
> in sudoers ; TTY=pts/1 ; PWD=/home/jean-christophe/Videos/.perso ;
> USER=root ; COMMAND=/usr/bin/apt install xchat
> Nov 06 03:01:32 blues-softwares sudo[18391]: jean-christophe : user
> NOT
> in sudoers ; TTY=pts/1 ; PWD=/home/jean-christophe/Videos/.perso ;
> USER=root ; COMMAND=/usr/bin/apt install hexchat
> Nov 06 04:07:11 blues-softwares python3[27775]: Settings schema
> 'org.virt-manager.virt-manager' is not installed
> Nov 06 04:07:14 blues-softwares python3[28921]: Settings schema
> 'org.virt-manager.virt-manager' is not installed
> Nov 06 04:07:18 blues-softwares python3[32003]: Settings schema
> 'org.virt-manager.virt-manager' is not installed
> Nov 06 04:07:24 blues-softwares python3[32416]: Settings schema
> 'org.virt-manager.virt-manager' is not installed
> Nov 06 05:22:38 blues-softwares sudo[36970]: jean-christophe : user
> NOT
> in sudoers ; TTY=pts/1 ; PWD=/home/jean-christophe/Videos/.perso ;
> USER=root ; COMMAND=/usr/bin/apt install blueman-manager
> -- Boot f54a9c62dcd54442bf9453659c2a9b82 --
> Nov 06 11:44:01 blues-softwares systemd[1997]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dpkcs11-2152.scope - Application launched by
> gnome-session-binary.
> Nov 06 11:44:01 blues-softwares systemd[1997]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dsecrets-2154.scope - Application launched
> by
> gnome-session-binary.
> Nov 06 11:44:01 blues-softwares systemd[1997]: Failed to start app-
> gnome-xdg\x2duser\x2ddirs-2171.scope - Application launched by gnome-
> session-binary.
> -- Boot 02d44016b12040d79b52587d1dd77703 --
> Nov 06 11:58:18 blues-softwares systemd[1861]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dpkcs11-2014.scope - Application launched by
> gnome-session-binary.
> Nov 06 11:58:18 blues-softwares systemd[1861]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dsecrets-2016.scope - Application launched
> by
> gnome-session-binary.
> Nov 06 11:58:19 blues-softwares systemd[1861]: Failed to start app-
> gnome-user\x2ddirs\x2dupdate\x2dgtk-2156.scope - Application launched
> by gnome-session-binary.
> -- Boot f77eade28fc942059b29d207be4ae8cb --
> Nov 06 12:26:13 blues-softwares systemd[1846]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dpkcs11-2000.scope - Application launched by
> gnome-session-binary.
> Nov 06 12:26:13 blues-softwares systemd[1846]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dsecrets-2002.scope - Application launched
> by
> gnome-session-binary.
> Nov 06 12:26:13 blues-softwares systemd[1846]: Failed to start app-
> gnome-xdg\x2duser\x2ddirs-2019.scope - Application launched by gnome-
> session-binary.
> -- Boot 5ef4fe990242451890d13505a2a2304d --
> Nov 06 14:03:20 blues-softwares systemd[1840]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dpkcs11-1993.scope - Application launched by
> gnome-session-binary.
> Nov 06 14:03:20 blues-softwares systemd[1840]: Failed to start app-
> gnome-gnome\x2dkeyring\x2dsecrets-1995.scope - Application launched
> by
> gnome-session-binary.
> Nov 06 14:03:20 blues-softwares systemd[1840]: Failed to start app-
> gnome-xdg\x2duser\x2ddirs-2012.scope - Application launched by gnome-
> session-binary.
>
> --- Tentatives de connexion SSH échouées ---
>
> [+] Vérification de l'intégrité des fichiers système...
> --- Hash des fichiers critiques ---
> 8be8cbeddef08e99c9c53f5a5b552ebe /etc/passwd
> bc42be5b53891bc2c29e291f629b447d /etc/group
> Impossible de vérifier les hash.
>
> [!] Lynis non installé. Installe-le avec : sudo apt install lynis
>
> === FIN DU RAPPORT ===
> Ce rapport a été généré automatiquement.
> Pour toute question, contactez votre administrateur système.
