1
I have my original Problem discribed here: https://serverfault.com/questions/958571/what-these-dns-queries-means. It's about UDP packets, the origin of which I can not determine. To solve the problem I have followed the advice of user @A.B and namely here: https://serverfault.com/questions/192893/how-i-can-identify-which-process-is-making-udp-traffic-on-linux/193088#193088. According to this advice I have installed auditd
, apparently with success:
auditctl -l
No rules
But when I run a auditctl
command, I get an error:
auditctl -a exit,always -F arch=b32 -F a0=2 -F a1\&=2 -S socket -k SOCKET
Syscall name unknown: socket
Can you help me in my issue?
What CPU architecture are you running on? What kernel and auditctl versions do you run? – user1686 – 2019-03-17T09:41:50.527
I run 32-bit OS:.
uname -a Linux hp 4.4.0-143-generic #169-Ubuntu SMP Thu Feb 7 07:56:51 UTC 2019 i686 i686 i686 GNU/Linux
.dpkg -l | grep auditd
:ii auditd 1:2.4.5-1ubuntu2.1 i386 User space tools for security auditing
. – klpu39 – 2019-03-17T10:03:43.930