I've noticed a lot of weird logs in /var/log
on my server.
For example:
cd /var/log/DIST00000001ARGC00000005ARGV00000002ccARGV00000002-cARGV00000006nmap.cARGV00000002-oARGV00000006nmap.oDOTI00000000
sudo cat user.log
Jun 30 16:48:08 DIST00000001ARGC00000005ARGV00000002ccARGV00000002-cARGV00000006nmap.cARGV00000002-oARGV00000006nmap.oDOTI00000000
Another example:
cd /var/log/Nmap
sudo cat user.log
Jun 30 16:48:28 Nmap
Note Nmap is not installed on my server.
Another example:
cd get_info
sudo cat user.log
Jun 30 16:48:25 get_info
I'm worried this may be a sign my server has been compromised, but perhaps it's something else?
The server is Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64)
with unattended-upgrades turned on for security updates.