sts

Asked: 2020-08-09 10:50:04 +0800 CST2020-08-09 10:50:04 +0800 CST 2020-08-09 10:50:04 +0800 CST

Why does auditd report UID 1001 is trying to mount a disk when Ubuntu upon boot?

I'm seeing a message from auditd I don't understand. My OS is Ubuntu 20.04.

Every time I boot the server, an audit entry says user id 1001 (a normal user) is making a syscall to /usr/bin/mount. But that user is me (the only interactive user on the machine) and I'm not mounting anything that I know about.

Any idea why a regular user (auid=1001) is implicated as the user making a mount call on boot?

message - formatted for easy reading

type=PATH msg=audit(08/08/2020 18:15:21.901:256) : 
  item=0 name=/usr/bin/mount inode=1207 dev=08:01 
  mode=file,suid,755 ouid=root ogid=root rdev=00:00

type=EXECVE msg=audit(08/08/2020 18:15:21.901:256) : argc=1 a0=mount

type=SYSCALL msg=audit(08/08/2020 18:15:21.901:256) : 
  arch=x86_64 syscall=execve success=yes exit=0 .....
  ppid=696 pid=697 auid=1001 uid=root gid=root euid=root 
  suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) 
  ses=1 comm=mount exe=/usr/bin/mount key=privileged_command

Why does auditd report UID 1001 is trying to mount a disk when Ubuntu upon boot?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Why does auditd report UID 1001 is trying to mount a disk when Ubuntu upon boot?

0 Answers