A process seems to have gained control of my system and it has edited a couple of files.
I have tried to restore these files, but the uninvited process has changed the permissions to “read-only”
I have tried the following:
Change owner/permissions and then try editing the file.
Result: Both owner and permissions are changed back automatically
Change owner/permissions and then try deleting the file
Result: The file appears to be deleted but is recreated again with the same edited content a millisecond later
Also experimented with auditctl to monitor the file, but without success as it only logs my commands on the file and nothing from the other process
So my questions are how do I get control of the file and how can I detect the process causing this so I can shut it down? Any suggestions on what I can try to do?