> Le 09/03/2019 ?? 10:03, Didier Kryn a ??crit??: > >Le 09/03/2019 ?? 09:34, goli...@dyne.org a ??crit??: > >>I'd recommend adding an inotify rule to record which processes > >>look at these files, and publishing this - here. > > > >Unfortunately inotify doesn't tell which process accessed the file > >)~: > > But fanotify() is perfectly suited (~:
Excellent. There are also tricks involving the audit subsystem, maybe fuse and certainly strace (strace -e open). I have checked some of my systems and so far I can see dnsmasq udev dbus systemd-* looking at machine ids. Dnsmasq might warrant a close look - hopefully that id does not get disclosed during dhcp negotiation... The other three in that list I disable whenever possible already, and the above provides yet further confirmation this is prudent. regards marc _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
