Page 4 of 4 FirstFirst ... 234
Results 31 to 34 of 34

Thread: Disk Usage Analyzer - Need help understanding result

  1. #31
    Join Date
    Dec 2014
    Beans
    2,635

    Re: Disk Usage Analyzer - Need help understanding result

    cups can send notifications to programs that subscribe to them. /etc/cups/subscriptions.conf is the file cups uses to keep track of these subscriptions. There's a manual page in section 5 (file formats) of the manual. On my system - which has no printer except the 'print to pdf-file' pseudo-printer - there are two subscriptions, one owned by root for 'Printer changed' events and one that sends all notifcations to the dbus. The file is owned by root and belongs to the group 'lp' (line printer) and is rw for root and read-only for members of lp. Since cups is run by root, that's okay. If there was an update, then subscriptions.conf was updated and subscription.confO is probably the 'O'riginal file from before the update.

    Are you sure about '/etc/resolv.config' ? It should only be 'resolv.conf' and that should be a symbolic link to a file in /run/systemd/resolve/. And since /run is normally a ram-disk (tmpfs), this file is created by systemd on every boot. So if your disk analyzer examines the file the link points to then it will find it has changed and will find so each and every day that you reboot your system ...

    Holger

  2. #32
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Disk Usage Analyzer - Need help understanding result

    Reviewing this, here's what it seems to me.

    We have someone who believes that computers don't do things when they aren't using it. If the computer is on, it does things. File get changed. If you allow automatic updates or use snap packages, then the system will update things for your. You've allowed it by allowing automatic updates. If you don't like that, disable it.

    In your HOME directory, files are changed all the time related to the DE session management and assorted end-user programs that save data, especially cached files. Browsers and email programs do this all the time. Some more than others.

    Some browsers will automatically refresh pages and some will pre-follow links to make your browsing appear faster. If you never click on the link, it was all wasted download and wasted cache files placed in your $HOME, somewhere.

    I don't see anything to make me think anyone is hacking the system. If the system isn't properly tuned for the workload, it is easy for some programs to eat lots of CPU and RAM, forcing swap to be used. I suspect this is the most likely issue happening.

    There are things called "standard warnings". Gnome is known to shovel a ton of those into logs. Same for snap packages. If you don't like those messages, you can quiet them. I don't know how, but google does. I suspect for Gnome there would be a mix of settings in gconf and possibly an environment variable to be set to drastically reduce output from GTK+ programs.

    Of course, if you are a target by someone - perhaps you work for a govt or NGO, then people may actively be trying to hack you. I don't see anything to make me think this is true, but I didn't look at the logs THAT closely. My $day_job has me looking at system logs far too much already. No interest whatsoever in looking at anyone else's logs.

    To learn about logs, look for warnings and errors, then use google to look up what each means. There's no shortcut. Sorry.

    There's are sticky threads in the "Security" subforum. Have your read those and are you following what those say to do? For 95+% of Ubuntu Users, that's all the security they need. If you are in the last 5%, you'll need to learn much more or pay someone $xxxx.xx to help setup your entire connected life to mitigate all the risks across all your platforms, especially phones and tablets. Handling just 1 device when you use 3+ devices, will just shift where the attackers try to enter your life.

  3. #33
    Join Date
    Mar 2019
    Beans
    215

    Re: Disk Usage Analyzer - Need help understanding result

    Quote Originally Posted by Holger_Gehrke View Post
    cups can send notifications to programs that subscribe to them. /etc/cups/subscriptions.conf is the file cups uses to keep track of these subscriptions. There's a manual page in section 5 (file formats) of the manual. On my system - which has no printer except the 'print to pdf-file' pseudo-printer - there are two subscriptions, one owned by root for 'Printer changed' events and one that sends all notifcations to the dbus. The file is owned by root and belongs to the group 'lp' (line printer) and is rw for root and read-only for members of lp. Since cups is run by root, that's okay. If there was an update, then subscriptions.conf was updated and subscription.confO is probably the 'O'riginal file from before the update.

    Are you sure about '/etc/resolv.config' ? It should only be 'resolv.conf' and that should be a symbolic link to a file in /run/systemd/resolve/. And since /run is normally a ram-disk (tmpfs), this file is created by systemd on every boot. So if your disk analyzer examines the file the link points to then it will find it has changed and will find so each and every day that you reboot your system ...

    Holger
    Hi Holger,
    Thanks for your thoughtful reply.

    Earlier you said that the changes in the etc file were cause for worry, see post #7. But I take it based on your comments that the three file folders I pegged, are no cause for worry, which is good to know.

    Thanks again for your expert explanations. Much appreciated:
    Last edited by bhubunt; June 28th, 2023 at 09:28 PM.

  4. #34
    Join Date
    Mar 2019
    Beans
    215

    Re: Disk Usage Analyzer - Need help understanding result

    Quote Originally Posted by TheFu View Post
    Reviewing this, here's what it seems to me.

    Hi The Fu,

    Just to update you:

    Holger already replied to the three file folder changes I posted earlier (cups, printcap). I posted those because in an earlier comment Holger suggested that changes in the etc file folder might be cause for worry (see #7). He asked me to check which files had been changed, which I did. As it turns out, these specific changes were no cause for worry after all, see his post # 31.

    So that was good to know.

    However, my laptop is still producing mysterious remote files, about which I have posted here and elsewhere. I repeat that I do not have remote set up, not did I by accident check off remote desktop, as someone asked. I also do not share my laptop with anyone, as yet another person here asked. Plus I am not a member of a private or other network. So there is no reason in the world, why I should have remote files on my laptop. Every single day, my laptop generates such remote files.

    Below is today's latest screenshot of such a bizarre remote file. The cause of these mysterious remote files, so far is unknown.

    BTW, I also get these remote files on another laptop, which is in fact an airgap laptop (no internet connection, no wifi and no bluetooth modules, which have been removed.)
    Attached Images Attached Images

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •