J'ai trouvé une fenêtre de terminal ouverte avec le texte ci-dessous.
J'ai couru /bin/bash -x
et il semble que l'on ait accédé à VMware et aux outils GPG.
Il a également ajouté quelque chose de suspect à mes éléments de connexion... ai-je été piraté ? ! Et qui est "James" ?
Voici le résultat de bash -x
. Je ne vois pas comment j'aurais pu faire ça accidentellement :
Last login: Fri Dec 24 13:49:08 on ttys000
+ '[' -x /usr/libexec/path_helper ']'
++ /usr/libexec/path_helper -s
+ eval 'PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware' 'Fusion.app/Contents/Public:/usr/local/MacGPG2/bin";' export 'PATH;'
++ PATH='/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/usr/local/MacGPG2/bin'
++ export PATH
+ '[' /bin/bash '!=' no ']'
+ '[' -r /etc/bashrc ']'
+ . /etc/bashrc
++ '[' -z '\s-\v\$ ' ']'
++ PS1='\h:\W \u\$ '
++ shopt -s checkwinsize
++ '[' -r /etc/bashrc_Apple_Terminal ']'
++ . /etc/bashrc_Apple_Terminal
+++ '[' -z '' ']'
+++ PROMPT_COMMAND=update_terminal_cwd
+++ '[' 0 -eq 0 ']'
+++ '[' -n B3526B6E-3B69-45CD-8A59-121709AEFBEA ']'
+++ '[' '!' -e /Users/USER/.bash_sessions_disable ']'
+++ SHELL_SESSION_DID_INIT=1
+++ SHELL_SESSION_DIR=/Users/USER/.bash_sessions
+++ SHELL_SESSION_FILE=/Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.session
+++ mkdir -m 700 -p /Users/USER/.bash_sessions
+++ '[' -r /Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.session ']'
+++ '[' 1 -eq 1 ']'
+++ SHELL_SESSION_HISTFILE=/Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.history
+++ SHELL_SESSION_HISTFILE_NEW=/Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.historynew
+++ SHELL_SESSION_HISTFILE_SHARED=/Users/USER/.bash_history
+++ '[' -s /Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.history ']'
+++ PROMPT_COMMAND='shell_session_history_check; update_terminal_cwd'
+++ SHELL_SESSION_TIMESTAMP_FILE=/Users/USER/.bash_sessions/_expiration_check_timestamp
+++ trap shell_session_update EXIT
The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.
++ shell_session_history_check
++ '[' 0 -eq 0 ']'
++ SHELL_SESSION_DID_HISTORY_CHECK=1
++ shell_session_history_allowed
++ '[' -n /Users/USER/.bash_history ']'
++ local allowed=0
++ shopt -q histappend
++ '[' -n '' ']'
++ allowed=1
++ '[' 1 -eq 1 ']'
++ return 0
++ shell_session_history_enable
++ umask 077
++ /usr/bin/touch /Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.historynew
++ HISTFILE=/Users/USER/.bash_sessions/B3526B6E-3B69-45CD-8A59-121709AEFBEA.historynew
++ SHELL_SESSION_HISTORY=1
++ '[' 'shell_session_history_check; update_terminal_cwd' = shell_session_history_check ']'
++ [[ shell_session_history_check; update_terminal_cwd =~ (.*)(; *shell_session_history_check *| *shell_session_history_check *; *)(.*) ]]
++ PROMPT_COMMAND=update_terminal_cwd
++ update_terminal_cwd
++ local url_path=
++ local i ch hexch LC_CTYPE=C LC_COLLATE=C LC_ALL= LANG=
++ (( i = 0 ))
++ (( i < 19 ))
++ ch=/
++ [[ / =~ [/._~A-Za-z0-9-] ]]
++ url_path+=/
++ (( ++i ))
++ (( i < 19 ))
++ ch=U
++ [[ U =~ [/._~A-Za-z0-9-] ]]
++ url_path+=U
++ (( ++i ))
++ (( i < 19 ))
++ ch=s
++ [[ s =~ [/._~A-Za-z0-9-] ]]
++ url_path+=s
++ (( ++i ))
++ (( i < 19 ))
++ ch=e
++ [[ e =~ [/._~A-Za-z0-9-] ]]
++ url_path+=e
++ (( ++i ))
++ (( i < 19 ))
++ ch=r
++ [[ r =~ [/._~A-Za-z0-9-] ]]
++ url_path+=r
++ (( ++i ))
++ (( i < 19 ))
++ ch=s
++ [[ s =~ [/._~A-Za-z0-9-] ]]
++ url_path+=s
++ (( ++i ))
++ (( i < 19 ))
++ ch=/
++ [[ / =~ [/._~A-Za-z0-9-] ]]
++ url_path+=/
++ (( ++i ))
++ (( i < 19 ))
++ ch=t
++ [[ t =~ [/._~A-Za-z0-9-] ]]
++ url_path+=t
++ (( ++i ))
++ (( i < 19 ))
++ ch=r
++ [[ r =~ [/._~A-Za-z0-9-] ]]
++ url_path+=r
++ (( ++i ))
++ (( i < 19 ))
++ ch=a
++ [[ a =~ [/._~A-Za-z0-9-] ]]
++ url_path+=a
++ (( ++i ))
++ (( i < 19 ))
++ ch=v
++ [[ v =~ [/._~A-Za-z0-9-] ]]
++ url_path+=v
++ (( ++i ))
++ (( i < 19 ))
++ ch=i
++ [[ i =~ [/._~A-Za-z0-9-] ]]
++ url_path+=i
++ (( ++i ))
++ (( i < 19 ))
++ ch=s
++ [[ s =~ [/._~A-Za-z0-9-] ]]
++ url_path+=s
++ (( ++i ))
++ (( i < 19 ))
++ ch=d
++ [[ d =~ [/._~A-Za-z0-9-] ]]
++ url_path+=d
++ (( ++i ))
++ (( i < 19 ))
++ ch=a
++ [[ a =~ [/._~A-Za-z0-9-] ]]
++ url_path+=a
++ (( ++i ))
++ (( i < 19 ))
++ ch=r
++ [[ r =~ [/._~A-Za-z0-9-] ]]
++ url_path+=r
++ (( ++i ))
++ (( i < 19 ))
++ ch=g
++ [[ g =~ [/._~A-Za-z0-9-] ]]
++ url_path+=g
++ (( ++i ))
++ (( i < 19 ))
++ ch=i
++ [[ i =~ [/._~A-Za-z0-9-] ]]
++ url_path+=i
++ (( ++i ))
++ (( i < 19 ))
++ ch=e
++ [[ e =~ [/._~A-Za-z0-9-] ]]
++ url_path+=e
++ (( ++i ))
++ (( i < 19 ))
++ printf '\e]7;%s\a' file://USER-MacBook-Pro.local/Users/USER
USER-MacBook-Pro:~ USER$