| |
15.03.2016, 23:17
| #16 |
 |  Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Der junge Padawan scheint wirklich etwas verwirrt zu sein. Vielleicht muß der Kopf nur einfach mal wieder richtig frei gemacht werden. Für mich reicht dann so etwas: Taylors Fine White Port oder Delaforce Special White Port  : |
|
16.03.2016, 08:15
| #17 |
| /// TB-Senior    | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Aber man kann doch als Normalmensch mit kaum einem Eintrag aus dmesg wirklich was anfangen. Der TO hat aber nicht das halbe Log unterstrichen, sondern einige ausgewählte Einträge. Da muss er doch irgendwelche Kriterien dafür haben.
__________________Hmmm... evtl. Vergleich mit einem älteren Ubuntu, auf dem systemd noch nicht am Start war?
__________________ |
|
16.03.2016, 09:12
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Ähm ja, und?
__________________ Die allermeisten Einträge zeigt auch mein dmesg. Da wird halt jeder sch... drin protokolliert: Code:
ATTFilter cosinus@ubuntu:~$ dmesg |grep Calg
[ 0.000000] Calgary: detecting Calgary via BIOS EBDA area
[ 0.000000] Calgary: Unable to locate Rio Grande table in EBDA - bailing!
cosinus@ubuntu:~$ dmesg |grep parav
[ 0.000000] Booting paravirtualized kernel on bare hardware
cosinus@ubuntu:~$ dmesg |grep Fak
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000041effffff]
cosinus@ubuntu:~$ dmesg |grep checksum
[ 0.000000] ACPI: Early table checksum verification disabled
[ 0.865195] r8169 0000:03:00.0 eth0: jumbo features [frames: 9200 bytes, tx checksumming: ko]
cosinus@ubuntu:~$ dmesg |grep -i "acpi error"
[ 1.203714] ACPI Error: [DSSP] Namespace lookup failure, AE_NOT_FOUND (20150619/psargs-359)
[ 1.204096] ACPI Error: Method parse/execution failed [\_SB_.PCI0.SAT0.SPT4._GTF] (Node ffff88040e0d1460), AE_NOT_FOUND (20150619/psparse-536)
[ 1.213999] ACPI Error: [DSSP] Namespace lookup failure, AE_NOT_FOUND (20150619/psargs-359)
[ 1.214369] ACPI Error: Method parse/execution failed [\_SB_.PCI0.SAT0.SPT4._GTF] (Node ffff88040e0d1460), AE_NOT_FOUND (20150619/psparse-536)
 iceweasel, Hilfe! 
__________________ |
|
16.03.2016, 09:27
| #19 |
| /// TB-Senior | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Vielleicht ist dein "Bootkit" auch systemd und andere neuere Entwicklungen bei Linux :-) Ich meine ja bloß, wenn er uns erklärt, wie er darauf kommt, hätten wir eine Basis, ihm zu erklären, was da wirklich los ist.
__________________ Zum Schutz vor Trojanerinnen und Femaleware ist bei einem aktuellen Windows 10 die Windows-Defenderin ausreichend. |
|
16.03.2016, 11:36
| #20 | |||
| /// Mac Expert | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Für mich sieht das so aus als ob alles wild durcheinander zusammengesucht wurde Um mal das Log von Cosinus auf die schnelle zu analysieren: Zitat:
Zitat:
Zudem ist das Netzwerk von @cosinus auf Jumbo-Frames ausgelegt. Zitat:
Andernfalls sollte man im Bios mal nach ACPI=Legacy schauen. Also alles Rootkits die für das System entwickelt wurden
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche?  Spende fürs trojaner-board? Geändert von Dante12 (16.03.2016 um 11:51 Uhr) |
|
16.03.2016, 23:29
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Das richtige fiese rootkit hast du übersehen, sieht man auf Mac OS X nicht, weil mit Linux Geheimtinte hier gepostet  Code:
ATTFilter cosinus@ubuntu:~$ dmesg |grep Fak
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000041effffff]
__________________ --> Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR |
|
17.03.2016, 01:54
| #22 |
| | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Will euch nicht weiter nerven mit meinen Einbildungen und meiner Unwissenheit, aber drei Logs habe ich noch....Nach /Während Clientenzugriff: Code:
ATTFilter
ruut@ruut-HP-280-G1-MT:~$ sudo chkrootkit
[sudo] password for ruut:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/debug/.build-id /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/noentry/.htaccess /lib/modules/4.2.0-34-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
/usr/lib/debug/.build-id /lib/modules/4.2.0-34-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
enp3s0: PACKET SNIFFER(/sbin/dhclient[1007], /usr/bin/ettercap[4481])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user ruut deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1291 tty7 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
ruut@ruut-HP-280-G1-MT:~$
Code:
ATTFilter [00:40:56] Running Rootkit Hunter version 1.4.2 on ruut-HP-280-G1-MT
[00:40:56]
[00:40:56] Info: Start date is Do 17. Mär 00:40:56 CET 2016
[00:40:56]
[00:40:56] Checking configuration file and command-line options...
[00:40:56] Info: Detected operating system is 'Linux'
[00:40:56] Info: Found O/S name: Ubuntu 15.10
[00:40:56] Info: Command line is /usr/bin/rkhunter -c
[00:40:56] Info: Environment shell is /bin/bash; rkhunter is using dash
[00:40:56] Info: Using configuration file '/etc/rkhunter.conf'
[00:40:56] Info: Installation directory is '/usr'
[00:40:56] Info: Using language 'en'
[00:40:56] Info: Using '/var/lib/rkhunter/db' as the database directory
[00:40:56] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[00:40:56] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin' as the command directories
[00:40:56] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[00:40:56] Info: No mail-on-warning address configured
[00:40:56] Info: X will be automatically detected
[00:40:56] Info: Using second color set
[00:40:56] Info: Found the 'basename' command: /usr/bin/basename
[00:40:57] Info: Found the 'diff' command: /usr/bin/diff
[00:40:57] Info: Found the 'dirname' command: /usr/bin/dirname
[00:40:57] Info: Found the 'file' command: /usr/bin/file
[00:40:57] Info: Found the 'find' command: /usr/bin/find
[00:40:57] Info: Found the 'ifconfig' command: /sbin/ifconfig
[00:40:57] Info: Found the 'ip' command: /sbin/ip
[00:40:57] Info: Found the 'ipcs' command: /usr/bin/ipcs
[00:40:57] Info: Found the 'ldd' command: /usr/bin/ldd
[00:40:57] Info: Found the 'lsattr' command: /usr/bin/lsattr
[00:40:57] Info: Found the 'lsmod' command: /sbin/lsmod
[00:40:57] Info: Found the 'lsof' command: /usr/bin/lsof
[00:40:57] Info: Found the 'mktemp' command: /bin/mktemp
[00:40:57] Info: Found the 'netstat' command: /bin/netstat
[00:40:57] Info: Found the 'perl' command: /usr/bin/perl
[00:40:57] Info: Found the 'pgrep' command: /usr/bin/pgrep
[00:40:57] Info: Found the 'ps' command: /bin/ps
[00:40:57] Info: Found the 'pwd' command: /bin/pwd
[00:40:57] Info: Found the 'readlink' command: /bin/readlink
[00:40:57] Info: Found the 'stat' command: /usr/bin/stat
[00:40:57] Info: Found the 'strings' command: /usr/bin/strings
[00:40:57] Info: System is not using prelinking
[00:40:57] Info: Using the '/usr/bin/sha256sum' command for the file hash checks
[00:40:57] Info: Stored hash values used hash function '/usr/bin/sha256sum'
[00:40:57] Info: Stored hash values did not use a package manager
[00:40:57] Info: The hash function field index is set to 1
[00:40:57] Info: No package manager specified: using hash function '/usr/bin/sha256sum'
[00:40:57] Info: Previous file attributes were stored
[00:40:57] Info: Enabled tests are: all
[00:40:57] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps apps
[00:40:58] Info: Found ksym file '/proc/kallsyms'
[00:40:58] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.
[00:40:58] Info: Using 'date' to process epoch second times
[00:40:58]
[00:40:58] Checking if the O/S has changed since last time...
[00:40:58] Info: Nothing seems to have changed.
[00:40:58] Info: Locking is not being used
[00:40:58]
[00:40:58] Starting system checks...
[00:40:58]
[00:40:58] Info: Starting test name 'system_commands'
[00:40:58] Checking system commands...
[00:40:58]
[00:40:58] Info: Starting test name 'strings'
[00:40:58] Performing 'strings' command checks
[00:40:58] Scanning for string /usr/sbin/ntpsx [ OK ]
[00:40:58] Scanning for string /usr/sbin/.../bkit-ava [ OK ]
[00:40:58] Scanning for string /usr/sbin/.../bkit-d [ OK ]
[00:40:58] Scanning for string /usr/sbin/.../bkit-shd [ OK ]
[00:40:58] Scanning for string /usr/sbin/.../bkit-f [ OK ]
[00:40:59] Scanning for string /usr/include/.../proc.h [ OK ]
[00:40:59] Scanning for string /usr/include/.../.bash_history [ OK ]
[00:40:59] Scanning for string /usr/include/.../bkit-get [ OK ]
[00:40:59] Scanning for string /usr/include/.../bkit-dl [ OK ]
[00:40:59] Scanning for string /usr/include/.../bkit-screen [ OK ]
[00:40:59] Scanning for string /usr/include/.../bkit-sleep [ OK ]
[00:40:59] Scanning for string /usr/lib/.../bkit-adore.o [ OK ]
[00:40:59] Scanning for string /usr/lib/.../ls [ OK ]
[00:40:59] Scanning for string /usr/lib/.../netstat [ OK ]
[00:40:59] Scanning for string /usr/lib/.../lsof [ OK ]
[00:41:00] Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[00:41:00] Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[00:41:00] Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[00:41:00] Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[00:41:00] Scanning for string /usr/lib/.../bkit-ssh/bkit-mots [ OK ]
[00:41:00] Scanning for string /usr/lib/.../uconf.inv [ OK ]
[00:41:00] Scanning for string /usr/lib/.../psr [ OK ]
[00:41:01] Scanning for string /usr/lib/.../find [ OK ]
[00:41:01] Scanning for string /usr/lib/.../pstree [ OK ]
[00:41:01] Scanning for string /usr/lib/.../slocate [ OK ]
[00:41:01] Scanning for string /usr/lib/.../du [ OK ]
[00:41:01] Scanning for string /usr/lib/.../top [ OK ]
[00:41:01] Scanning for string /usr/sbin/... [ OK ]
[00:41:01] Scanning for string /usr/include/... [ OK ]
[00:41:01] Scanning for string /usr/include/.../.tmp [ OK ]
[00:41:01] Scanning for string /usr/lib/... [ OK ]
[00:41:01] Scanning for string /usr/lib/.../.ssh [ OK ]
[00:41:01] Scanning for string /usr/lib/.../bkit-ssh [ OK ]
[00:41:02] Scanning for string /usr/lib/.bkit- [ OK ]
[00:41:02] Scanning for string /tmp/.bkp [ OK ]
[00:41:02] Scanning for string /tmp/.cinik [ OK ]
[00:41:02] Scanning for string /tmp/.font-unix/.cinik [ OK ]
[00:41:02] Scanning for string /lib/.sso [ OK ]
[00:41:02] Scanning for string /lib/.so [ OK ]
[00:41:02] Scanning for string /var/run/...dica/clean [ OK ]
[00:41:03] Scanning for string /var/run/...dica/dxr [ OK ]
[00:41:03] Scanning for string /var/run/...dica/read [ OK ]
[00:41:03] Scanning for string /var/run/...dica/write [ OK ]
[00:41:03] Scanning for string /var/run/...dica/lf [ OK ]
[00:41:03] Scanning for string /var/run/...dica/xl [ OK ]
[00:41:03] Scanning for string /var/run/...dica/xdr [ OK ]
[00:41:03] Scanning for string /var/run/...dica/psg [ OK ]
[00:41:03] Scanning for string /var/run/...dica/secure [ OK ]
[00:41:03] Scanning for string /var/run/...dica/rdx [ OK ]
[00:41:04] Scanning for string /var/run/...dica/va [ OK ]
[00:41:04] Scanning for string /var/run/...dica/cl.sh [ OK ]
[00:41:04] Scanning for string /var/run/...dica/last.log [ OK ]
[00:41:04] Scanning for string /usr/bin/.etc [ OK ]
[00:41:04] Scanning for string /etc/sshd_config [ OK ]
[00:41:04] Scanning for string /etc/ssh_host_key [ OK ]
[00:41:04] Scanning for string /etc/ssh_random_seed [ OK ]
[00:41:04] Scanning for string /dev/ptyp [ OK ]
[00:41:05] Scanning for string /dev/ptyq [ OK ]
[00:41:05] Scanning for string /dev/ptyr [ OK ]
[00:41:05] Scanning for string /dev/ptys [ OK ]
[00:41:05] Scanning for string /dev/ptyt [ OK ]
[00:41:05] Scanning for string /dev/fd/.88/freshb-bsd [ OK ]
[00:41:06] Scanning for string /dev/fd/.88/fresht [ OK ]
[00:41:06] Scanning for string /dev/fd/.88/zxsniff [ OK ]
[00:41:06] Scanning for string /dev/fd/.88/zxsniff.log [ OK ]
[00:41:06] Scanning for string /dev/fd/.99/.ttyf00 [ OK ]
[00:41:06] Scanning for string /dev/fd/.99/.ttyp00 [ OK ]
[00:41:06] Scanning for string /dev/fd/.99/.ttyq00 [ OK ]
[00:41:06] Scanning for string /dev/fd/.99/.ttys00 [ OK ]
[00:41:06] Scanning for string /dev/fd/.99/.pwsx00 [ OK ]
[00:41:06] Scanning for string /etc/.acid [ OK ]
[00:41:06] Scanning for string /usr/lib/.fx/sched_host.2 [ OK ]
[00:41:07] Scanning for string /usr/lib/.fx/random_d.2 [ OK ]
[00:41:07] Scanning for string /usr/lib/.fx/set_pid.2 [ OK ]
[00:41:07] Scanning for string /usr/lib/.fx/setrgrp.2 [ OK ]
[00:41:07] Scanning for string /usr/lib/.fx/TOHIDE [ OK ]
[00:41:07] Scanning for string /usr/lib/.fx/cons.saver [ OK ]
[00:41:07] Scanning for string /usr/lib/.fx/adore/ava/ava [ OK ]
[00:41:08] Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[00:41:08] Scanning for string /bin/sysback [ OK ]
[00:41:08] Scanning for string /usr/local/bin/sysback [ OK ]
[00:41:08] Scanning for string /usr/lib/.tbd [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/t0rns [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/du [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/ls [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/t0rnsb [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/ps [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/t0rnp [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/find [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/ifconfig [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/pg [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/ssh.tgz [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/top [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/sz [ OK ]
[00:41:08] Scanning for string /dev/.lib/lib/lib/login [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/1i0n.sh [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/pstree [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/mjy [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/sush [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/tfn [ OK ]
[00:41:09] Scanning for string /dev/.lib/lib/lib/name [ OK ]
[00:41:10] Scanning for string /dev/.lib/lib/lib/getip.sh [ OK ]
[00:41:10] Scanning for string /usr/info/.torn/sh* [ OK ]
[00:41:10] Scanning for string /usr/src/.puta/.1addr [ OK ]
[00:41:10] Scanning for string /usr/src/.puta/.1file [ OK ]
[00:41:10] Scanning for string /usr/src/.puta/.1proc [ OK ]
[00:41:10] Scanning for string /usr/src/.puta/.1logz [ OK ]
[00:41:11] Scanning for string /usr/info/.t0rn [ OK ]
[00:41:11] Scanning for string /dev/.lib [ OK ]
[00:41:11] Scanning for string /dev/.lib/lib [ OK ]
[00:41:11] Scanning for string /dev/.lib/lib/lib [ OK ]
[00:41:11] Scanning for string /dev/.lib/lib/lib/dev [ OK ]
[00:41:11] Scanning for string /dev/.lib/lib/scan [ OK ]
[00:41:11] Scanning for string /usr/src/.puta [ OK ]
[00:41:11] Scanning for string /usr/man/man1/man1 [ OK ]
[00:41:12] Scanning for string /usr/man/man1/man1/lib [ OK ]
[00:41:12] Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[00:41:12] Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[00:41:12]
[00:41:12] Info: Starting test name 'shared_libs'
[00:41:12] Performing 'shared libraries' checks
[00:41:12] Checking for preloading variables [ None found ]
[00:41:12] Checking for preloaded libraries [ None found ]
[00:41:12]
[00:41:12] Info: Starting test name 'shared_libs_path'
[00:41:12] Checking LD_LIBRARY_PATH variable [ Not found ]
[00:41:13]
[00:41:13] Info: Starting test name 'properties'
[00:41:13] Performing file properties checks
[00:41:13] Checking for prerequisites [ OK ]
[00:41:20] /usr/sbin/adduser [ OK ]
[00:41:20] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[00:41:20] /usr/sbin/chroot [ OK ]
[00:41:20] /usr/sbin/cron [ OK ]
[00:41:21] /usr/sbin/groupadd [ OK ]
[00:41:21] /usr/sbin/groupdel [ OK ]
[00:41:22] /usr/sbin/groupmod [ OK ]
[00:41:22] /usr/sbin/grpck [ OK ]
[00:41:22] /usr/sbin/inetd [ OK ]
[00:41:23] /usr/sbin/nologin [ OK ]
[00:41:24] /usr/sbin/pwck [ OK ]
[00:41:24] /usr/sbin/rsyslogd [ OK ]
[00:41:25] /usr/sbin/tcpd [ OK ]
[00:41:25] /usr/sbin/useradd [ OK ]
[00:41:25] /usr/sbin/userdel [ OK ]
[00:41:26] /usr/sbin/usermod [ OK ]
[00:41:26] /usr/sbin/vipw [ OK ]
[00:41:26] /usr/sbin/unhide-linux [ OK ]
[00:41:27] /usr/sbin/unhide-posix [ OK ]
[00:41:27] /usr/sbin/unhide-tcp [ OK ]
[00:41:28] /usr/bin/awk [ OK ]
[00:41:28] /usr/bin/basename [ OK ]
[00:41:28] /usr/bin/chattr [ OK ]
[00:41:28] /usr/bin/curl [ Warning ]
[00:41:28] Warning: The file properties have changed:
[00:41:28] File: /usr/bin/curl
[00:41:28] Current hash: be7fc9358c59203365c697aa690c199e3b82a4f434f0fc17645adef2943a3999
[00:41:28] Stored hash : fdac692288d2bbecdad5ceb047a661a9991dd04c4788e788443ffac2fe0f9c96
[00:41:28] Current inode: 12719688 Stored inode: 12714172
[00:41:28] Current file modification time: 1453828450 (26-Jan-2016 18:14:10)
[00:41:28] Stored file modification time : 1439252085 (11-Aug-2015 02:14:45)
[00:41:28] /usr/bin/cut [ OK ]
[00:41:29] /usr/bin/diff [ OK ]
[00:41:29] /usr/bin/dirname [ OK ]
[00:41:29] /usr/bin/dpkg [ Warning ]
[00:41:29] Warning: The file properties have changed:
[00:41:29] File: /usr/bin/dpkg
[00:41:29] Current hash: 75869329a6e4836540f6668faa742b7924d0dbabe124251184e538e3b360fffa
[00:41:29] Stored hash : a9d36f0882382ebee82e3ba9aa2c155e6e306ce086987d60c47f40ee302c6eb2
[00:41:29] Current inode: 12714064 Stored inode: 12714222
[00:41:29] Current file modification time: 1448544353 (26-Nov-2015 14:25:53)
[00:41:29] Stored file modification time : 1445122210 (18-Okt-2015 00:50:10)
[00:41:29] /usr/bin/dpkg-query [ Warning ]
[00:41:29] Warning: The file properties have changed:
[00:41:30] File: /usr/bin/dpkg-query
[00:41:30] Current hash: 4b52d7f69c86b7ef392e6207edfa44f11fed9b3487114ecaa7dedb8255cf31cd
[00:41:30] Stored hash : bf117ff011b6cf1eb2469611f61b8cdb7fae4a0d61c7538cf080dc7ac3048934
[00:41:30] Current inode: 12714165 Stored inode: 12714238
[00:41:30] Current file modification time: 1448544353 (26-Nov-2015 14:25:53)
[00:41:30] Stored file modification time : 1445122210 (18-Okt-2015 00:50:10)
[00:41:30] /usr/bin/du [ OK ]
[00:41:30] /usr/bin/env [ OK ]
[00:41:30] /usr/bin/file [ OK ]
[00:41:30] /usr/bin/find [ OK ]
[00:41:31] /usr/bin/GET [ OK ]
[00:41:31] /usr/bin/groups [ OK ]
[00:41:31] /usr/bin/head [ OK ]
[00:41:31] /usr/bin/id [ OK ]
[00:41:31] /usr/bin/killall [ OK ]
[00:41:32] /usr/bin/last [ OK ]
[00:41:32] /usr/bin/lastlog [ OK ]
[00:41:32] /usr/bin/ldd [ Warning ]
[00:41:32] Warning: The file properties have changed:
[00:41:32] File: /usr/bin/ldd
[00:41:32] Current hash: 7b253d20dcc8c0d57e1e15bdae100f57e1a3a80e6e5c7b5940f695a2dba5c622
[00:41:32] Stored hash : 1700e8168588e8036760cb1cb039f955d569bec1d63d579542d6f0ecfa08ac99
[00:41:32] Current inode: 12716834 Stored inode: 12714663
[00:41:32] Current size: 5422 Stored size: 5420
[00:41:32] Current file modification time: 1455650074 (16-Feb-2016 20:14:34)
[00:41:32] Stored file modification time : 1427353185 (26-Mär-2015 07:59:45)
[00:41:32] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[00:41:32] /usr/bin/less [ OK ]
[00:41:33] /usr/bin/locate [ OK ]
[00:41:33] /usr/bin/logger [ OK ]
[00:41:33] /usr/bin/lsattr [ OK ]
[00:41:33] /usr/bin/lsof [ OK ]
[00:41:34] /usr/bin/mail [ OK ]
[00:41:34] /usr/bin/md5sum [ OK ]
[00:41:34] /usr/bin/mlocate [ OK ]
[00:41:35] /usr/bin/newgrp [ OK ]
[00:41:35] /usr/bin/passwd [ OK ]
[00:41:35] /usr/bin/perl [ Warning ]
[00:41:35] Warning: The file properties have changed:
[00:41:35] File: /usr/bin/perl
[00:41:35] Current hash: c980066b572f250b51f59ccdd75b8321a8e164523e9edfa6ea876d45d832e91c
[00:41:35] Stored hash : 35825ede4da1106b1cf0fc63191c86b9cd14a446c7fc5ae0f53779025719f460
[00:41:35] Current inode: 12714158 Stored inode: 12714913
[00:41:35] Current size: 1742800 Stored size: 1739120
[00:41:35] Current file modification time: 1456852740 (01-Mär-2016 18:19:00)
[00:41:35] Stored file modification time : 1431625758 (14-Mai-2015 19:49:18)
[00:41:35] /usr/bin/pgrep [ OK ]
[00:41:35] /usr/bin/pkill [ OK ]
[00:41:36] /usr/bin/pstree [ OK ]
[00:41:36] /usr/bin/rkhunter [ OK ]
[00:41:36] /usr/bin/runcon [ OK ]
[00:41:36] /usr/bin/sha1sum [ OK ]
[00:41:37] /usr/bin/sha224sum [ OK ]
[00:41:37] /usr/bin/sha256sum [ OK ]
[00:41:37] /usr/bin/sha384sum [ OK ]
[00:41:37] /usr/bin/sha512sum [ OK ]
[00:41:37] /usr/bin/size [ Warning ]
[00:41:37] Warning: The file properties have changed:
[00:41:37] File: /usr/bin/size
[00:41:38] Current hash: fd068f1b22fd74204858cff7f3b3e3a493a1971c0c70802582ae39362f7ff705
[00:41:38] Stored hash : d0286b512b60fd985b59f34b279f4189cff5c5e507c97fc9fd8ec0b6083dc4ca
[00:41:38] Current inode: 12720013 Stored inode: 12715174
[00:41:38] Current file modification time: 1445450142 (21-Okt-2015 19:55:42)
[00:41:38] Stored file modification time : 1444464508 (10-Okt-2015 10:08:28)
[00:41:38] /usr/bin/sort [ OK ]
[00:41:38] /usr/bin/ssh [ Warning ]
[00:41:38] Warning: The file properties have changed:
[00:41:38] File: /usr/bin/ssh
[00:41:38] Current hash: 2b5d0118c7b5401b8466683564662e0799752952b8f537b18fae638a491c45af
[00:41:38] Stored hash : 885edd8fe917c30cfbe4b07b46b4bc22f27994d6a584efec8ae8eeeb3d2c7eda
[00:41:38] Current inode: 12715389 Stored inode: 12715199
[00:41:38] Current file modification time: 1452703368 (13-Jan-2016 17:42:48)
[00:41:38] Stored file modification time : 1441964023 (11-Sep-2015 11:33:43)
[00:41:38] /usr/bin/stat [ OK ]
[00:41:38] /usr/bin/strace [ OK ]
[00:41:39] /usr/bin/strings [ Warning ]
[00:41:39] Warning: The file properties have changed:
[00:41:39] File: /usr/bin/strings
[00:41:39] Current hash: d021a5d313adc2edbb7e5baaa8b75a6db8b888ede9a784679642b0e060719e02
[00:41:39] Stored hash : a99840c71c5e98f8be825bdb3af40f51682cff1b7e3283fd9007fc7a4e567d5f
[00:41:39] Current inode: 12720015 Stored inode: 12715212
[00:41:39] Current file modification time: 1445450142 (21-Okt-2015 19:55:42)
[00:41:39] Stored file modification time : 1444464508 (10-Okt-2015 10:08:28)
[00:41:39] /usr/bin/sudo [ OK ]
[00:41:39] /usr/bin/tail [ OK ]
[00:41:40] /usr/bin/telnet [ OK ]
[00:41:40] /usr/bin/test [ OK ]
[00:41:40] /usr/bin/top [ OK ]
[00:41:40] /usr/bin/touch [ OK ]
[00:41:41] /usr/bin/tr [ OK ]
[00:41:41] /usr/bin/uniq [ OK ]
[00:41:41] /usr/bin/users [ OK ]
[00:41:41] /usr/bin/vmstat [ OK ]
[00:41:41] /usr/bin/w [ OK ]
[00:41:41] /usr/bin/watch [ OK ]
[00:41:42] /usr/bin/wc [ OK ]
[00:41:42] /usr/bin/wget [ OK ]
[00:41:42] /usr/bin/whatis [ OK ]
[00:41:42] /usr/bin/whereis [ OK ]
[00:41:42] /usr/bin/which [ OK ]
[00:41:43] /usr/bin/who [ OK ]
[00:41:43] /usr/bin/whoami [ OK ]
[00:41:43] /usr/bin/unhide [ OK ]
[00:41:43] /usr/bin/mawk [ OK ]
[00:41:44] /usr/bin/lwp-request [ OK ]
[00:41:44] /usr/bin/bsd-mailx [ OK ]
[00:41:44] /usr/bin/telnet.netkit [ OK ]
[00:41:44] /usr/bin/w.procps [ OK ]
[00:41:45] /sbin/depmod [ OK ]
[00:41:46] /sbin/fsck [ OK ]
[00:41:47] /sbin/ifconfig [ OK ]
[00:41:47] /sbin/ifdown [ Warning ]
[00:41:47] Warning: The file properties have changed:
[00:41:47] File: /sbin/ifdown
[00:41:47] Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2
[00:41:47] Stored hash : 6484df5d9545ec0f788ea36b0c8e24b787f58f0fcc9a414e2e40692c55e05d4c
[00:41:47] Current inode: 23855359 Stored inode: 23855172
[00:41:47] Current file modification time: 1456422700 (25-Feb-2016 18:51:40)
[00:41:47] Stored file modification time : 1458114793 (16-Mär-2016 08:53:13)
[00:41:47] /sbin/ifup [ Warning ]
[00:41:48] Warning: The file properties have changed:
[00:41:48] File: /sbin/ifup
[00:41:48] Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2
[00:41:48] Stored hash : 6484df5d9545ec0f788ea36b0c8e24b787f58f0fcc9a414e2e40692c55e05d4c
[00:41:48] Current inode: 23855162 Stored inode: 23855174
[00:41:48] Current size: 63184 Stored size: 59440
[00:41:48] Current file modification time: 1456422701 (25-Feb-2016 18:51:41)
[00:41:48] Stored file modification time : 1436504199 (10-Jul-2015 06:56:39)
[00:41:48] /sbin/init [ OK ]
[00:41:48] /sbin/insmod [ OK ]
[00:41:48] /sbin/ip [ OK ]
[00:41:49] /sbin/lsmod [ OK ]
[00:41:50] /sbin/modinfo [ OK ]
[00:41:51] /sbin/modprobe [ OK ]
[00:41:52] /sbin/rmmod [ OK ]
[00:41:52] /sbin/route [ OK ]
[00:41:53] /sbin/runlevel [ OK ]
[00:41:55] /sbin/sulogin [ OK ]
[00:41:55] /sbin/sysctl [ OK ]
[00:41:57] /bin/bash [ OK ]
[00:41:57] /bin/cat [ OK ]
[00:41:58] /bin/chmod [ OK ]
[00:41:58] /bin/chown [ OK ]
[00:41:58] /bin/cp [ OK ]
[00:41:58] /bin/date [ OK ]
[00:41:59] /bin/df [ OK ]
[00:41:59] /bin/dmesg [ OK ]
[00:41:59] /bin/echo [ OK ]
[00:41:59] /bin/ed [ OK ]
[00:42:00] /bin/egrep [ OK ]
[00:42:00] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[00:42:00] /bin/fgrep [ OK ]
[00:42:00] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[00:42:00] /bin/fuser [ OK ]
[00:42:00] /bin/grep [ OK ]
[00:42:01] /bin/ip [ OK ]
[00:42:01] /bin/kill [ OK ]
[00:42:01] /bin/less [ OK ]
[00:42:02] /bin/login [ OK ]
[00:42:02] /bin/ls [ OK ]
[00:42:02] /bin/lsmod [ OK ]
[00:42:02] /bin/mktemp [ OK ]
[00:42:03] /bin/more [ OK ]
[00:42:03] /bin/mount [ OK ]
[00:42:03] /bin/mv [ OK ]
[00:42:04] /bin/netstat [ OK ]
[00:42:04] /bin/ping [ OK ]
[00:42:04] /bin/ps [ OK ]
[00:42:04] /bin/pwd [ OK ]
[00:42:05] /bin/readlink [ OK ]
[00:42:05] /bin/sed [ OK ]
[00:42:05] /bin/sh [ OK ]
[00:42:06] /bin/su [ OK ]
[00:42:06] /bin/touch [ OK ]
[00:42:07] /bin/uname [ OK ]
[00:42:07] /bin/which [ OK ]
[00:42:07] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[00:42:07] /bin/kmod [ OK ]
[00:42:08] /bin/systemd [ OK ]
[00:42:08] /bin/systemctl [ OK ]
[00:42:08] /bin/dash [ OK ]
[00:42:13] /lib/systemd/systemd [ OK ]
[00:42:23]
[00:42:23] Info: Starting test name 'rootkits'
[00:42:23] Checking for rootkits...
[00:42:23]
[00:42:23] Info: Starting test name 'known_rkts'
[00:42:23] Performing check of known rootkit files and directories
[00:42:23]
[00:42:23] Checking for 55808 Trojan - Variant A...
[00:42:23] Checking for file '/tmp/.../r' [ Not found ]
[00:42:23] Checking for file '/tmp/.../a' [ Not found ]
[00:42:23] 55808 Trojan - Variant A [ Not found ]
[00:42:24]
[00:42:24] Checking for ADM Worm...
[00:42:24] Checking for string 'w0rm' [ Not found ]
[00:42:24] ADM Worm [ Not found ]
[00:42:24]
[00:42:24] Checking for AjaKit Rootkit...
[00:42:24] Checking for file '/dev/tux/.addr' [ Not found ]
[00:42:24] Checking for file '/dev/tux/.proc' [ Not found ]
[00:42:24] Checking for file '/dev/tux/.file' [ Not found ]
[00:42:24] Checking for file '/lib/.libgh-gh/cleaner' [ Not found ]
[00:42:24] Checking for file '/lib/.libgh-gh/Patch/patch' [ Not found ]
[00:42:24] Checking for file '/lib/.libgh-gh/sb0k' [ Not found ]
[00:42:24] Checking for directory '/dev/tux' [ Not found ]
[00:42:24] Checking for directory '/lib/.libgh-gh' [ Not found ]
[00:42:24] AjaKit Rootkit [ Not found ]
[00:42:25]
[00:42:25] Checking for Adore Rootkit...
[00:42:25] Checking for file '/usr/secure' [ Not found ]
[00:42:25] Checking for file '/usr/doc/sys/qrt' [ Not found ]
[00:42:25] Checking for file '/usr/doc/sys/run' [ Not found ]
[00:42:25] Checking for file '/usr/doc/sys/crond' [ Not found ]
[00:42:25] Checking for file '/usr/sbin/kfd' [ Not found ]
[00:42:25] Checking for file '/usr/doc/kern/var' [ Not found ]
[00:42:25] Checking for file '/usr/doc/kern/string.o' [ Not found ]
[00:42:25] Checking for file '/usr/doc/kern/ava' [ Not found ]
[00:42:25] Checking for file '/usr/doc/kern/adore.o' [ Not found ]
[00:42:25] Checking for file '/var/log/ssh/old' [ Not found ]
[00:42:25] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[00:42:25] Checking for directory '/usr/doc/kern' [ Not found ]
[00:42:25] Checking for directory '/usr/doc/backup' [ Not found ]
[00:42:25] Checking for directory '/usr/doc/backup/txt' [ Not found ]
[00:42:25] Checking for directory '/lib/backup' [ Not found ]
[00:42:26] Checking for directory '/lib/backup/txt' [ Not found ]
[00:42:26] Checking for directory '/usr/doc/work' [ Not found ]
[00:42:26] Checking for directory '/usr/doc/sys' [ Not found ]
[00:42:26] Checking for directory '/var/log/ssh' [ Not found ]
[00:42:26] Checking for directory '/usr/doc/.spool' [ Not found ]
[00:42:26] Checking for directory '/usr/lib/kterm' [ Not found ]
[00:42:26] Adore Rootkit [ Not found ]
[00:42:26]
[00:42:26] Checking for aPa Kit...
[00:42:26] Checking for file '/usr/share/.aPa' [ Not found ]
[00:42:26] aPa Kit [ Not found ]
[00:42:26]
[00:42:26] Checking for Apache Worm...
[00:42:26] Checking for file '/bin/.log' [ Not found ]
[00:42:26] Apache Worm [ Not found ]
[00:42:26]
[00:42:26] Checking for Ambient (ark) Rootkit...
[00:42:26] Checking for file '/usr/lib/.ark?' [ Not found ]
[00:42:27] Checking for file '/dev/ptyxx/.log' [ Not found ]
[00:42:27] Checking for file '/dev/ptyxx/.file' [ Not found ]
[00:42:27] Checking for file '/dev/ptyxx/.proc' [ Not found ]
[00:42:27] Checking for file '/dev/ptyxx/.addr' [ Not found ]
[00:42:27] Checking for directory '/dev/ptyxx' [ Not found ]
[00:42:27] Ambient (ark) Rootkit [ Not found ]
[00:42:27]
[00:42:27] Checking for Balaur Rootkit...
[00:42:27] Checking for file '/usr/lib/liblog.o' [ Not found ]
[00:42:27] Checking for directory '/usr/lib/.kinetic' [ Not found ]
[00:42:27] Checking for directory '/usr/lib/.egcs' [ Not found ]
[00:42:27] Checking for directory '/usr/lib/.wormie' [ Not found ]
[00:42:27] Balaur Rootkit [ Not found ]
[00:42:27]
[00:42:27] Checking for BeastKit Rootkit...
[00:42:27] Checking for file '/usr/sbin/arobia' [ Not found ]
[00:42:27] Checking for file '/usr/sbin/idrun' [ Not found ]
[00:42:27] Checking for file '/usr/lib/elm/arobia/elm' [ Not found ]
[00:42:27] Checking for file '/usr/lib/elm/arobia/elm/hk' [ Not found ]
[00:42:28] Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[00:42:28] Checking for file '/usr/lib/elm/arobia/elm/sc' [ Not found ]
[00:42:28] Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[00:42:28] Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[00:42:28] Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[00:42:28] Checking for directory '/lib/ldd.so/bktools' [ Not found ]
[00:42:28] BeastKit Rootkit [ Not found ]
[00:42:28]
[00:42:28] Checking for beX2 Rootkit...
[00:42:28] Checking for file '/usr/info/termcap.info-5.gz' [ Not found ]
[00:42:28] Checking for file '/usr/bin/sshd2' [ Not found ]
[00:42:28] Checking for directory '/usr/include/bex' [ Not found ]
[00:42:28] beX2 Rootkit [ Not found ]
[00:42:28]
[00:42:28] Checking for BOBKit Rootkit...
[00:42:28] Checking for file '/usr/sbin/ntpsx' [ Not found ]
[00:42:28] Checking for file '/usr/sbin/.../bkit-ava' [ Not found ]
[00:42:28] Checking for file '/usr/sbin/.../bkit-d' [ Not found ]
[00:42:28] Checking for file '/usr/sbin/.../bkit-shd' [ Not found ]
[00:42:28] Checking for file '/usr/sbin/.../bkit-f' [ Not found ]
[00:42:28] Checking for file '/usr/include/.../proc.h' [ Not found ]
[00:42:28] Checking for file '/usr/include/.../.bash_history' [ Not found ]
[00:42:28] Checking for file '/usr/include/.../bkit-get' [ Not found ]
[00:42:28] Checking for file '/usr/include/.../bkit-dl' [ Not found ]
[00:42:28] Checking for file '/usr/include/.../bkit-screen' [ Not found ]
[00:42:28] Checking for file '/usr/include/.../bkit-sleep' [ Not found ]
[00:42:28] Checking for file '/usr/lib/.../bkit-adore.o' [ Not found ]
[00:42:28] Checking for file '/usr/lib/.../ls' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../netstat' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../lsof' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../bkit-ssh/bkit-mots' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../uconf.inv' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../psr' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../find' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../pstree' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../slocate' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../du' [ Not found ]
[00:42:29] Checking for file '/usr/lib/.../top' [ Not found ]
[00:42:29] Checking for directory '/usr/sbin/...' [ Not found ]
[00:42:29] Checking for directory '/usr/include/...' [ Not found ]
[00:42:29] Checking for directory '/usr/include/.../.tmp' [ Not found ]
[00:42:29] Checking for directory '/usr/lib/...' [ Not found ]
[00:42:29] Checking for directory '/usr/lib/.../.ssh' [ Not found ]
[00:42:29] Checking for directory '/usr/lib/.../bkit-ssh' [ Not found ]
[00:42:29] Checking for directory '/usr/lib/.bkit-' [ Not found ]
[00:42:29] Checking for directory '/tmp/.bkp' [ Not found ]
[00:42:29] BOBKit Rootkit [ Not found ]
[00:42:30]
[00:42:30] Checking for cb Rootkit...
[00:42:30] Checking for file '/dev/srd0' [ Not found ]
[00:42:30] Checking for file '/lib/libproc.so.2.0.6' [ Not found ]
[00:42:30] Checking for file '/dev/mounnt' [ Not found ]
[00:42:30] Checking for file '/etc/rc.d/init.d/init' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/cl' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/.x.tgz' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/statdx' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/wted' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/write' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/scan' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/sc' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/sl2' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/wroot' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/wscan' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/wu' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/v' [ Not found ]
[00:42:30] Checking for file '/usr/bin/.zeen/..<SP>/read' [ Not found ]
[00:42:30] Checking for file '/usr/lib/sshrc' [ Not found ]
[00:42:30] Checking for file '/usr/lib/ssh_host_key' [ Not found ]
[00:42:30] Checking for file '/usr/lib/ssh_host_key.pub' [ Not found ]
[00:42:30] Checking for file '/usr/lib/ssh_random_seed' [ Not found ]
[00:42:31] Checking for file '/usr/lib/sshd_config' [ Not found ]
[00:42:31] Checking for file '/usr/lib/shosts.equiv' [ Not found ]
[00:42:31] Checking for file '/usr/lib/ssh_known_hosts' [ Not found ]
[00:42:31] Checking for file '/u/zappa/.ssh/pid' [ Not found ]
[00:42:31] Checking for file '/usr/bin/.system/..<SP>/tcp.log' [ Not found ]
[00:42:31] Checking for file '/usr/bin/.zeen/..<SP>/curatare/attrib' [ Not found ]
[00:42:31] Checking for file '/usr/bin/.zeen/..<SP>/curatare/chattr' [ Not found ]
[00:42:31] Checking for file '/usr/bin/.zeen/..<SP>/curatare/ps' [ Not found ]
[00:42:31] Checking for file '/usr/bin/.zeen/..<SP>/curatare/pstree' [ Not found ]
[00:42:31] Checking for file '/usr/bin/.system/..<SP>/.x/xC.o' [ Not found ]
[00:42:31] Checking for directory '/usr/bin/.zeen' [ Not found ]
[00:42:31] Checking for directory '/usr/bin/.zeen/..<SP>/curatare' [ Not found ]
[00:42:31] Checking for directory '/usr/bin/.zeen/..<SP>/scan' [ Not found ]
[00:42:31] Checking for directory '/usr/bin/.system/..<SP>' [ Not found ]
[00:42:31] cb Rootkit [ Not found ]
[00:42:31]
[00:42:31] Checking for CiNIK Worm (Slapper.B variant)...
[00:42:31] Checking for file '/tmp/.cinik' [ Not found ]
[00:42:31] Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[00:42:31] CiNIK Worm (Slapper.B variant) [ Not found ]
[00:42:31]
[00:42:31] Checking for Danny-Boy's Abuse Kit...
[00:42:31] Checking for file '/dev/mdev' [ Not found ]
[00:42:32] Checking for file '/usr/lib/libX.a' [ Not found ]
[00:42:32] Danny-Boy's Abuse Kit [ Not found ]
[00:42:32]
[00:42:32] Checking for Devil RootKit...
[00:42:32] Checking for file '/var/lib/games/.src' [ Not found ]
[00:42:32] Checking for file '/dev/dsx' [ Not found ]
[00:42:32] Checking for file '/dev/caca' [ Not found ]
[00:42:32] Checking for file '/dev/pro' [ Not found ]
[00:42:32] Checking for file '/bin/bye' [ Not found ]
[00:42:32] Checking for file '/bin/homedir' [ Not found ]
[00:42:32] Checking for file '/usr/bin/xfss' [ Not found ]
[00:42:32] Checking for file '/usr/sbin/tzava' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/holber' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/sense' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/clear' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/tzava' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/citeste' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/killrk' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/searchlog' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/gaoaza' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/cleaner' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/shk' [ Not found ]
[00:42:32] Checking for file '/usr/doc/tar/.../.dracusor/stuff/srs' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/utile.tgz' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/webpage' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/getpsy' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/getbnc' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/getemech' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/localroot.sh' [ Not found ]
[00:42:33] Checking for file '/usr/doc/tar/.../.dracusor/stuff/old/sense' [ Not found ]
[00:42:33] Checking for directory '/usr/doc/tar/.../.dracusor' [ Not found ]
[00:42:33] Devil RootKit [ Not found ]
[00:42:33]
[00:42:33] Checking for Dica-Kit Rootkit...
[00:42:33] Checking for file '/lib/.sso' [ Not found ]
[00:42:33] Checking for file '/lib/.so' [ Not found ]
[00:42:33] Checking for file '/var/run/...dica/clean' [ Not found ]
[00:42:33] Checking for file '/var/run/...dica/dxr' [ Not found ]
[00:42:33] Checking for file '/var/run/...dica/read' [ Not found ]
[00:42:33] Checking for file '/var/run/...dica/write' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/lf' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/xl' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/xdr' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/psg' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/secure' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/rdx' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/va' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/cl.sh' [ Not found ]
[00:42:34] Checking for file '/var/run/...dica/last.log' [ Not found ]
[00:42:34] Checking for file '/usr/bin/.etc' [ Not found ]
[00:42:34] Checking for file '/etc/sshd_config' [ Not found ]
[00:42:34] Checking for file '/etc/ssh_host_key' [ Not found ]
[00:42:34] Checking for file '/etc/ssh_random_seed' [ Not found ]
[00:42:34] Checking for directory '/var/run/...dica' [ Not found ]
[00:42:34] Checking for directory '/var/run/...dica/mh' [ Not found ]
[00:42:34] Checking for directory '/var/run/...dica/scan' [ Not found ]
[00:42:34] Dica-Kit Rootkit [ Not found ]
[00:42:34]
[00:42:34] Checking for Dreams Rootkit...
[00:42:34] Checking for file '/dev/ttyoa' [ Not found ]
[00:42:34] Checking for file '/dev/ttyof' [ Not found ]
[00:42:34] Checking for file '/dev/ttyop' [ Not found ]
[00:42:35] Checking for file '/usr/bin/sense' [ Not found ]
[00:42:35] Checking for file '/usr/bin/sl2' [ Not found ]
[00:42:35] Checking for file '/usr/bin/logclear' [ Not found ]
[00:42:35] Checking for file '/usr/bin/(swapd)' [ Not found ]
[00:42:35] Checking for file '/usr/bin/initrd' [ Not found ]
[00:42:35] Checking for file '/usr/bin/crontabs' [ Not found ]
[00:42:35] Checking for file '/usr/bin/snfs' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libsss' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libsnf.log' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libshtift/top' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libshtift/ps' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libshtift/netstat' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libshtift/ls' [ Not found ]
[00:42:35] Checking for file '/usr/lib/libshtift/ifconfig' [ Not found ]
[00:42:35] Checking for file '/usr/include/linseed.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/linpid.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/linkey.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/linconf.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/iceseed.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/icepid.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/icekey.h' [ Not found ]
[00:42:35] Checking for file '/usr/include/iceconf.h' [ Not found ]
[00:42:35] Checking for directory '/dev/ida/.hpd' [ Not found ]
[00:42:36] Checking for directory '/usr/lib/libshtift' [ Not found ]
[00:42:36] Dreams Rootkit [ Not found ]
[00:42:36]
[00:42:36] Checking for Duarawkz Rootkit...
[00:42:36] Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ]
[00:42:36] Checking for directory '/usr/bin/duarawkz' [ Not found ]
[00:42:36] Duarawkz Rootkit [ Not found ]
[00:42:36]
[00:42:36] Checking for Enye LKM...
[00:42:36] Checking for file '/etc/.enyelkmHIDE^IT.ko' [ Not found ]
[00:42:36] Checking for file '/etc/.enyelkmOCULTAR.ko' [ Not found ]
[00:42:36] Enye LKM [ Not found ]
[00:42:36]
[00:42:36] Checking for Flea Linux Rootkit...
[00:42:36] Checking for file '/etc/ld.so.hash' [ Not found ]
[00:42:36] Checking for file '/lib/security/.config/ssh/sshd_config' [ Not found ]
[00:42:36] Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[00:42:36] Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[00:42:36] Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[00:42:36] Checking for file '/usr/bin/ssh2d' [ Not found ]
[00:42:37] Checking for file '/usr/lib/ldlibns.so' [ Not found ]
[00:42:37] Checking for file '/usr/lib/ldlibps.so' [ Not found ]
[00:42:37] Checking for file '/usr/lib/ldlibpst.so' [ Not found ]
[00:42:37] Checking for file '/usr/lib/ldlibdu.so' [ Not found ]
[00:42:37] Checking for file '/usr/lib/ldlibct.so' [ Not found ]
[00:42:37] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[00:42:37] Checking for directory '/dev/..0' [ Not found ]
[00:42:37] Checking for directory '/dev/..0/backup' [ Not found ]
[00:42:37] Flea Linux Rootkit [ Not found ]
[00:42:37]
[00:42:37] Checking for Fu Rootkit...
[00:42:37] Checking for file '/sbin/xc' [ Not found ]
[00:42:37] Checking for file '/usr/include/ivtype.h' [ Not found ]
[00:42:37] Checking for file '/bin/.lib' [ Not found ]
[00:42:37] Fu Rootkit [ Not found ]
[00:42:37]
[00:42:37] Checking for Fuck`it Rootkit...
[00:42:37] Checking for file '/lib/libproc.so.2.0.7' [ Not found ]
[00:42:37] Checking for file '/dev/proc/.bash_profile' [ Not found ]
[00:42:37] Checking for file '/dev/proc/.bashrc' [ Not found ]
[00:42:37] Checking for file '/dev/proc/.cshrc' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/hax0r' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/hax0rshell' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/config/lports' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/config/rports' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/config/rkconf' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/config/password' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/config/progs' [ Not found ]
[00:42:37] Checking for file '/dev/proc/fuckit/system-bins/init' [ Not found ]
[00:42:37] Checking for file '/usr/lib/libcps.a' [ Not found ]
[00:42:38] Checking for file '/usr/lib/libtty.a' [ Not found ]
[00:42:38] Checking for directory '/dev/proc' [ Not found ]
[00:42:38] Checking for directory '/dev/proc/fuckit' [ Not found ]
[00:42:38] Checking for directory '/dev/proc/fuckit/system-bins' [ Not found ]
[00:42:38] Checking for directory '/dev/proc/toolz' [ Not found ]
[00:42:38] Fuck`it Rootkit [ Not found ]
[00:42:38]
[00:42:38] Checking for GasKit Rootkit...
[00:42:38] Checking for file '/dev/dev/gaskit/sshd/sshdd' [ Not found ]
[00:42:38] Checking for directory '/dev/dev' [ Not found ]
[00:42:38] Checking for directory '/dev/dev/gaskit' [ Not found ]
[00:42:38] Checking for directory '/dev/dev/gaskit/sshd' [ Not found ]
[00:42:38] GasKit Rootkit [ Not found ]
[00:42:38]
[00:42:38] Checking for Heroin LKM...
[00:42:38] Checking for kernel symbol 'heroin' [ Not found ]
[00:42:38] Heroin LKM [ Not found ]
[00:42:38]
[00:42:38] Checking for HjC Kit...
[00:42:38] Checking for directory '/dev/.hijackerz' [ Not found ]
[00:42:39] HjC Kit [ Not found ]
[00:42:39]
[00:42:39] Checking for ignoKit Rootkit...
[00:42:39] Checking for file '/lib/defs/p' [ Not found ]
[00:42:39] Checking for file '/lib/defs/q' [ Not found ]
[00:42:39] Checking for file '/lib/defs/r' [ Not found ]
[00:42:39] Checking for file '/lib/defs/s' [ Not found ]
[00:42:39] Checking for file '/lib/defs/t' [ Not found ]
[00:42:39] Checking for file '/usr/lib/defs/p' [ Not found ]
[00:42:39] Checking for file '/usr/lib/defs/q' [ Not found ]
[00:42:39] Checking for file '/usr/lib/defs/r' [ Not found ]
[00:42:39] Checking for file '/usr/lib/defs/s' [ Not found ]
[00:42:39] Checking for file '/usr/lib/defs/t' [ Not found ]
[00:42:39] Checking for file '/usr/lib/.libigno/pkunsec' [ Not found ]
[00:42:39] Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ]
[00:42:39] Checking for directory '/usr/lib/.libigno' [ Not found ]
[00:42:39] Checking for directory '/usr/lib/.libigno/.igno' [ Not found ]
[00:42:39] ignoKit Rootkit [ Not found ]
[00:42:39]
[00:42:39] Checking for IntoXonia-NG Rootkit...
[00:42:40] Checking for kernel symbol 'funces' [ Not found ]
[00:42:40] Checking for kernel symbol 'ixinit' [ Not found ]
[00:42:40] Checking for kernel symbol 'tricks' [ Not found ]
[00:42:40] Checking for kernel symbol 'kernel_unlink' [ Not found ]
[00:42:40] Checking for kernel symbol 'rootme' [ Not found ]
[00:42:40] Checking for kernel symbol 'hide_module' [ Not found ]
[00:42:40] Checking for kernel symbol 'find_sys_call_tbl' [ Not found ]
[00:42:40] IntoXonia-NG Rootkit [ Not found ]
[00:42:40]
[00:42:40] Checking for Irix Rootkit...
[00:42:40] Checking for directory '/dev/pts/01' [ Not found ]
[00:42:40] Checking for directory '/dev/pts/01/backup' [ Not found ]
[00:42:40] Checking for directory '/dev/pts/01/etc' [ Not found ]
[00:42:41] Checking for directory '/dev/pts/01/tmp' [ Not found ]
[00:42:41] Irix Rootkit [ Not found ]
[00:42:41]
[00:42:41] Checking for Jynx Rootkit...
[00:42:41] Checking for file '/xochikit/bc' [ Not found ]
[00:42:41] Checking for file '/xochikit/ld_poison.so' [ Not found ]
[00:42:41] Checking for file '/omgxochi/bc' [ Not found ]
[00:42:41] Checking for file '/omgxochi/ld_poison.so' [ Not found ]
[00:42:41] Checking for file '/var/local/^^/bc' [ Not found ]
[00:42:41] Checking for file '/var/local/^^/ld_poison.so' [ Not found ]
[00:42:41] Checking for directory '/xochikit' [ Not found ]
[00:42:41] Checking for directory '/omgxochi' [ Not found ]
[00:42:41] Checking for directory '/var/local/^^' [ Not found ]
[00:42:41] Jynx Rootkit [ Not found ]
[00:42:41]
[00:42:41] Checking for KBeast Rootkit...
[00:42:41] Checking for file '/usr/_h4x_/ipsecs-kbeast-v1.ko' [ Not found ]
[00:42:41] Checking for file '/usr/_h4x_/_h4x_bd' [ Not found ]
[00:42:41] Checking for file '/usr/_h4x_/acctlog' [ Not found ]
[00:42:41] Checking for directory '/usr/_h4x_' [ Not found ]
[00:42:42] Checking for kernel symbol 'h4x_delete_module' [ Not found ]
[00:42:42] Checking for kernel symbol 'h4x_getdents64' [ Not found ]
[00:42:42] Checking for kernel symbol 'h4x_kill' [ Not found ]
[00:42:43] Checking for kernel symbol 'h4x_open' [ Not found ]
[00:42:43] Checking for kernel symbol 'h4x_read' [ Not found ]
[00:42:43] Checking for kernel symbol 'h4x_rename' [ Not found ]
[00:42:43] Checking for kernel symbol 'h4x_rmdir' [ Not found ]
[00:42:44] Checking for kernel symbol 'h4x_tcp4_seq_show' [ Not found ]
[00:42:44] Checking for kernel symbol 'h4x_write' [ Not found ]
[00:42:44] KBeast Rootkit [ Not found ]
[00:42:44]
[00:42:44] Checking for Kitko Rootkit...
[00:42:45] Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ]
[00:42:45] Kitko Rootkit [ Not found ]
[00:42:45]
[00:42:45] Checking for Knark Rootkit...
[00:42:45] Checking for file '/proc/knark/pids' [ Not found ]
[00:42:45] Checking for directory '/proc/knark' [ Not found ]
[00:42:45] Knark Rootkit [ Not found ]
[00:42:45]
[00:42:45] Checking for ld-linuxv.so Rootkit...
[00:42:45] Checking for file '/lib/ld-linuxv.so.1' [ Not found ]
[00:42:45] Checking for directory '/var/opt/_so_cache' [ Not found ]
[00:42:45] Checking for directory '/var/opt/_so_cache/ld' [ Not found ]
[00:42:45] Checking for directory '/var/opt/_so_cache/lc' [ Not found ]
[00:42:45] ld-linuxv.so Rootkit [ Not found ]
[00:42:45]
[00:42:45] Checking for Li0n Worm...
[00:42:45] Checking for file '/bin/in.telnetd' [ Not found ]
[00:42:45] Checking for file '/bin/mjy' [ Not found ]
[00:42:45] Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ]
[00:42:45] Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ]
[00:42:45] Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ]
[00:42:45] Checking for file '/dev/.lib/lib/scan/1i0n.sh' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/hack.sh' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/bind' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/randb' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/scan.sh' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/pscan' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/star.sh' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/1i0n.sh' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/lib/netstat' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ]
[00:42:46] Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ]
[00:42:46] Li0n Worm [ Not found ]
[00:42:46]
[00:42:46] Checking for Lockit / LJK2 Rootkit...
[00:42:46] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ]
[00:42:47] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parse' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ]
[00:42:48] Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ]
[00:42:48] Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ]
[00:42:48] Lockit / LJK2 Rootkit [ Not found ]
[00:42:48]
[00:42:48] Checking for Mood-NT Rootkit...
[00:42:48] Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ]
[00:42:48] Checking for file '/_cthulhu/mood-nt.init' [ Not found ]
[00:42:48] Checking for file '/_cthulhu/mood-nt.conf' [ Not found ]
[00:42:48] Checking for file '/_cthulhu/mood-nt.sniff' [ Not found ]
[00:42:48] Checking for directory '/_cthulhu' [ Not found ]
[00:42:48] Mood-NT Rootkit [ Not found ]
[00:42:48]
[00:42:48] Checking for MRK Rootkit...
[00:42:48] Checking for file '/dev/ida/.inet/pid' [ Not found ]
[00:42:49] Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[00:42:49] Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[00:42:49] Checking for file '/dev/ida/.inet/tcp.log' [ Not found ]
[00:42:49] Checking for directory '/dev/ida/.inet' [ Not found ]
[00:42:49] Checking for directory '/var/spool/cron/.sh' [ Not found ]
[00:42:49] MRK Rootkit [ Not found ]
[00:42:49]
[00:42:49] Checking for Ni0 Rootkit...
[00:42:49] Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ]
[00:42:49] Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ]
[00:42:50] Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ]
[00:42:50] Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ]
[00:42:50] Checking for directory '/tmp/waza' [ Not found ]
[00:42:50] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[00:42:50] Checking for directory '/usr/sbin/es' [ Not found ]
[00:42:50] Ni0 Rootkit [ Not found ]
[00:42:50]
[00:42:50] Checking for Ohhara Rootkit...
[00:42:50] Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ]
[00:42:50] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[00:42:50] Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ]
[00:42:50] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ]
[00:42:50] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ]
[00:42:50] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ]
[00:42:51] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ]
[00:42:51] Ohhara Rootkit [ Not found ]
[00:42:51]
[00:42:51] Checking for Optic Kit (Tux) Worm...
[00:42:51] Checking for directory '/dev/tux' [ Not found ]
[00:42:51] Checking for directory '/usr/bin/xchk' [ Not found ]
[00:42:51] Checking for directory '/usr/bin/xsf' [ Not found ]
[00:42:52] Checking for directory '/usr/bin/ssh2d' [ Not found ]
[00:42:52] Optic Kit (Tux) Worm [ Not found ]
[00:42:52]
[00:42:52] Checking for Oz Rootkit...
[00:42:52] Checking for file '/dev/.oz/.nap/rkit/terror' [ Not found ]
[00:42:52] Checking for directory '/dev/.oz' [ Not found ]
[00:42:52] Oz Rootkit [ Not found ]
[00:42:52]
[
|
|
17.03.2016, 01:55
| #23 |
| | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBRCode:
ATTFilter 00:42:52] Checking for Phalanx Rootkit...
[00:42:52] Checking for file '/uNFuNF' [ Not found ]
[00:42:52] Checking for file '/etc/host.ph1' [ Not found ]
[00:42:52] Checking for file '/bin/host.ph1' [ Not found ]
[00:42:53] Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ]
[00:42:53] Checking for file '/usr/share/.home.ph1/cb' [ Not found ]
[00:42:53] Checking for file '/usr/share/.home.ph1/kebab' [ Not found ]
[00:42:53] Checking for directory '/usr/share/.home.ph1' [ Not found ]
[00:42:53] Checking for directory '/usr/share/.home.ph1/tty' [ Not found ]
[00:42:53] Phalanx Rootkit [ Not found ]
[00:42:53]
[00:42:53] Checking for Phalanx2 Rootkit...
[00:42:53] Checking for file '/etc/khubd.p2/.p2rc' [ Not found ]
[00:42:53] Checking for file '/etc/khubd.p2/.phalanx2' [ Not found ]
[00:42:53] Checking for file '/etc/khubd.p2/.sniff' [ Not found ]
[00:42:53] Checking for file '/etc/khubd.p2/sshgrab.py' [ Not found ]
[00:42:53] Checking for file '/etc/lolzz.p2/.p2rc' [ Not found ]
[00:42:53] Checking for file '/etc/lolzz.p2/.phalanx2' [ Not found ]
[00:42:53] Checking for file '/etc/lolzz.p2/.sniff' [ Not found ]
[00:42:54] Checking for file '/etc/lolzz.p2/sshgrab.py' [ Not found ]
[00:42:54] Checking for file '/etc/cron.d/zupzzplaceholder' [ Not found ]
[00:42:54] Checking for file '/usr/lib/zupzz.p2/.p-2.3d' [ Not found ]
[00:42:54] Checking for file '/usr/lib/zupzz.p2/.p2rc' [ Not found ]
[00:42:54] Checking for directory '/etc/khubd.p2' [ Not found ]
[00:42:55] Checking for directory '/etc/lolzz.p2' [ Not found ]
[00:42:55] Checking for directory '/usr/lib/zupzz.p2' [ Not found ]
[00:42:55] Phalanx2 Rootkit [ Not found ]
[00:42:55]
[00:42:55] Checking for Phalanx2 Rootkit (extended tests)...
[00:42:55] Checking for directory '/etc/khubd.p2' [ Not found ]
[00:42:55] Checking for directory '/etc/lolzz.p2' [ Not found ]
[00:42:55] Checking for directory '/usr/lib/zupzz.p2' [ Not found ]
[00:42:55] Phalanx2 Rootkit (extended tests) [ Not found ]
[00:42:55]
[00:42:55] Checking for Portacelo Rootkit...
[00:42:55] Checking for file '/var/lib/.../.ak' [ Not found ]
[00:42:55] Checking for file '/var/lib/.../.hk' [ Not found ]
[00:42:56] Checking for file '/var/lib/.../.rs' [ Not found ]
[00:42:56] Checking for file '/var/lib/.../.p' [ Not found ]
[00:42:56] Checking for file '/var/lib/.../getty' [ Not found ]
[00:42:56] Checking for file '/var/lib/.../lkt.o' [ Not found ]
[00:42:57] Checking for file '/var/lib/.../show' [ Not found ]
[00:42:57] Checking for file '/var/lib/.../nlkt.o' [ Not found ]
[00:42:57] Checking for file '/var/lib/.../ssshrc' [ Not found ]
[00:42:57] Checking for file '/var/lib/.../sssh_equiv' [ Not found ]
[00:42:57] Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ]
[00:42:57] Checking for file '/var/lib/.../sssh_pid' [ Not found ]
[00:42:57] Checking for file '~/.sssh/known_hosts' [ Not found ]
[00:42:58] Portacelo Rootkit [ Not found ]
[00:42:58]
[00:42:58] Checking for R3dstorm Toolkit...
[00:42:58] Checking for file '/var/log/tk02/see_all' [ Not found ]
[00:42:58] Checking for file '/var/log/tk02/.scris' [ Not found ]
[00:42:58] Checking for file '/bin/.../sshd/sbin/sshd1' [ Not found ]
[00:42:58] Checking for file '/bin/.../hate/sk' [ Not found ]
[00:42:59] Checking for file '/bin/.../see_all' [ Not found ]
[00:42:59] Checking for directory '/var/log/tk02' [ Not found ]
[00:42:59] Checking for directory '/var/log/tk02/old' [ Not found ]
[00:42:59] Checking for directory '/bin/...' [ Not found ]
[00:42:59] R3dstorm Toolkit [ Not found ]
[00:42:59]
[00:42:59] Checking for RH-Sharpe's Rootkit...
[00:42:59] Checking for file '/bin/lps' [ Not found ]
[00:42:59] Checking for file '/usr/bin/lpstree' [ Not found ]
[00:43:00] Checking for file '/usr/bin/ltop' [ Not found ]
[00:43:00] Checking for file '/usr/bin/lkillall' [ Not found ]
[00:43:00] Checking for file '/usr/bin/ldu' [ Not found ]
[00:43:00] Checking for file '/usr/bin/lnetstat' [ Not found ]
[00:43:00] Checking for file '/usr/bin/wp' [ Not found ]
[00:43:00] Checking for file '/usr/bin/shad' [ Not found ]
[00:43:00] Checking for file '/usr/bin/vadim' [ Not found ]
[00:43:00] Checking for file '/usr/bin/slice' [ Not found ]
[00:43:01] Checking for file '/usr/bin/cleaner' [ Not found ]
[00:43:01] Checking for file '/usr/include/rpcsvc/du' [ Not found ]
[00:43:01] RH-Sharpe's Rootkit [ Not found ]
[00:43:01]
[00:43:01] Checking for RSHA's Rootkit...
[00:43:01] Checking for file '/bin/kr4p' [ Not found ]
[00:43:01] Checking for file '/usr/bin/n3tstat' [ Not found ]
[00:43:02] Checking for file '/usr/bin/chsh2' [ Not found ]
[00:43:02] Checking for file '/usr/bin/slice2' [ Not found ]
[00:43:02] Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[00:43:02] Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[00:43:02] Checking for directory '/etc/rc.d/rsha' [ Not found ]
[00:43:02] Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[00:43:02] RSHA's Rootkit [ Not found ]
[00:43:02]
[00:43:02] Checking for Scalper Worm...
[00:43:03] Checking for file '/tmp/.a' [ Not found ]
[00:43:03] Checking for file '/tmp/.uua' [ Not found ]
[00:43:03] Scalper Worm [ Not found ]
[00:43:04]
[00:43:04] Checking for Sebek LKM...
[00:43:04] Checking for kernel symbol 'adore or sebek' [ Not found ]
[00:43:05] Sebek LKM [ Not found ]
[00:43:05]
[00:43:05] Checking for Shutdown Rootkit...
[00:43:05] Checking for file '/usr/man/man5/..<SP>/.dir/scannah/asus' [ Not found ]
[00:43:05] Checking for file '/usr/man/man5/..<SP>/.dir/see' [ Not found ]
[00:43:05] Checking for file '/usr/man/man5/..<SP>/.dir/nscd' [ Not found ]
[00:43:05] Checking for file '/usr/man/man5/..<SP>/.dir/alpd' [ Not found ]
[00:43:06] Checking for file '/etc/rc.d/rc.local<SP>' [ Not found ]
[00:43:06] Checking for directory '/usr/man/man5/..<SP>/.dir' [ Not found ]
[00:43:06] Checking for directory '/usr/man/man5/..<SP>/.dir/scannah' [ Not found ]
[00:43:06] Checking for directory '/etc/rc.d/rc0.d/..<SP>/.dir' [ Not found ]
[00:43:06] Shutdown Rootkit [ Not found ]
[00:43:07]
[00:43:07] Checking for SHV4 Rootkit...
[00:43:07] Checking for file '/etc/ld.so.hash' [ Not found ]
[00:43:07] Checking for file '/lib/libext-2.so.7' [ Not found ]
[00:43:07] Checking for file '/lib/lidps1.so' [ Not found ]
[00:43:07] Checking for file '/lib/libproc.a' [ Not found ]
[00:43:07] Checking for file '/lib/libproc.so.2.0.6' [ Not found ]
[00:43:07] Checking for file '/lib/ldd.so/tks' [ Not found ]
[00:43:08] Checking for file '/lib/ldd.so/tkp' [ Not found ]
[00:43:08] Checking for file '/lib/ldd.so/tksb' [ Not found ]
[00:43:08] Checking for file '/lib/security/.config/sshd' [ Not found ]
[00:43:08] Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[00:43:08] Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[00:43:08] Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[00:43:09] Checking for file '/usr/include/file.h' [ Not found ]
[00:43:09] Checking for file '/usr/include/hosts.h' [ Not found ]
[00:43:09] Checking for file '/usr/include/lidps1.so' [ Not found ]
[00:43:10] Checking for file '/usr/include/log.h' [ Not found ]
[00:43:10] Checking for file '/usr/include/proc.h' [ Not found ]
[00:43:10] Checking for file '/usr/sbin/xntps' [ Not found ]
[00:43:10] Checking for file '/dev/srd0' [ Not found ]
[00:43:10] Checking for directory '/lib/ldd.so' [ Not found ]
[00:43:10] Checking for directory '/lib/security/.config' [ Not found ]
[00:43:10] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[00:43:11] SHV4 Rootkit [ Not found ]
[00:43:11]
[00:43:11] Checking for SHV5 Rootkit...
[00:43:11] Checking for file '/etc/sh.conf' [ Not found ]
[00:43:12] Checking for file '/lib/libproc.a' [ Not found ]
[00:43:12] Checking for file '/lib/libproc.so.2.0.6' [ Not found ]
[00:43:12] Checking for file '/lib/lidps1.so' [ Not found ]
[00:43:12] Checking for file '/lib/libsh.so/bash' [ Not found ]
[00:43:12] Checking for file '/usr/include/file.h' [ Not found ]
[00:43:12] Checking for file '/usr/include/hosts.h' [ Not found ]
[00:43:13] Checking for file '/usr/include/log.h' [ Not found ]
[00:43:13] Checking for file '/usr/include/proc.h' [ Not found ]
[00:43:13] Checking for file '/lib/libsh.so/shdcf2' [ Not found ]
[00:43:13] Checking for file '/lib/libsh.so/shhk' [ Not found ]
[00:43:14] Checking for file '/lib/libsh.so/shhk.pub' [ Not found ]
[00:43:14] Checking for file '/lib/libsh.so/shrs' [ Not found ]
[00:43:14] Checking for file '/usr/lib/libsh/.bashrc' [ Not found ]
[00:43:14] Checking for file '/usr/lib/libsh/shsb' [ Not found ]
[00:43:14] Checking for file '/usr/lib/libsh/hide' [ Not found ]
[00:43:14] Checking for file '/usr/lib/libsh/.sniff/shsniff' [ Not found ]
[00:43:15] Checking for file '/usr/lib/libsh/.sniff/shp' [ Not found ]
[00:43:15] Checking for file '/dev/srd0' [ Not found ]
[00:43:15] Checking for directory '/lib/libsh.so' [ Not found ]
[00:43:15] Checking for directory '/usr/lib/libsh' [ Not found ]
[00:43:15] Checking for directory '/usr/lib/libsh/utilz' [ Not found ]
[00:43:15] Checking for directory '/usr/lib/libsh/.backup' [ Not found ]
[00:43:16] SHV5 Rootkit [ Not found ]
[00:43:16]
[00:43:16] Checking for Sin Rootkit...
[00:43:16] Checking for file '/dev/.haos/haos1/.f/Denyed' [ Not found ]
[00:43:16] Checking for file '/dev/ttyoa' [ Not found ]
[00:43:16] Checking for file '/dev/ttyof' [ Not found ]
[00:43:16] Checking for file '/dev/ttyop' [ Not found ]
[00:43:16] Checking for file '/dev/ttyos' [ Not found ]
[00:43:17] Checking for file '/usr/lib/.lib' [ Not found ]
[00:43:17] Checking for file '/usr/lib/sn/.X' [ Not found ]
[00:43:17] Checking for file '/usr/lib/sn/.sys' [ Not found ]
[00:43:17] Checking for file '/usr/lib/ld/.X' [ Not found ]
[00:43:17] Checking for file '/usr/man/man1/...' [ Not found ]
[00:43:17] Checking for file '/usr/man/man1/.../.m' [ Not found ]
[00:43:18] Checking for file '/usr/man/man1/.../.w' [ Not found ]
[00:43:18] Checking for directory '/usr/lib/sn' [ Not found ]
[00:43:18] Checking for directory '/usr/lib/man1/...' [ Not found ]
[00:43:18] Checking for directory '/dev/.haos' [ Not found ]
[00:43:18] Sin Rootkit [ Not found ]
[00:43:18]
[00:43:18] Checking for Slapper Worm...
[00:43:19] Checking for file '/tmp/.bugtraq' [ Not found ]
[00:43:19] Checking for file '/tmp/.uubugtraq' [ Not found ]
[00:43:19] Checking for file '/tmp/.bugtraq.c' [ Not found ]
[00:43:19] Checking for file '/tmp/httpd' [ Not found ]
[00:43:19] Checking for file '/tmp/.unlock' [ Not found ]
[00:43:20] Checking for file '/tmp/update' [ Not found ]
[00:43:20] Checking for file '/tmp/.cinik' [ Not found ]
[00:43:20] Checking for file '/tmp/.b' [ Not found ]
[00:43:20] Slapper Worm [ Not found ]
[00:43:20]
[00:43:20] Checking for Sneakin Rootkit...
[00:43:20] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ]
[00:43:21] Sneakin Rootkit [ Not found ]
[00:43:21]
[00:43:21] Checking for 'Spanish' Rootkit...
[00:43:21] Checking for file '/dev/ptyq' [ Not found ]
[00:43:21] Checking for file '/bin/ad' [ Not found ]
[00:43:21] Checking for file '/bin/ava' [ Not found ]
[00:43:21] Checking for file '/bin/server' [ Not found ]
[00:43:21] Checking for file '/usr/sbin/rescue' [ Not found ]
[00:43:21] Checking for file '/usr/share/.../chrps' [ Not found ]
[00:43:22] Checking for file '/usr/share/.../chrifconfig' [ Not found ]
[00:43:22] Checking for file '/usr/share/.../netstat' [ Not found ]
[00:43:22] Checking for file '/usr/share/.../linsniffer' [ Not found ]
[00:43:22] Checking for file '/usr/share/.../charbd' [ Not found ]
[00:43:22] Checking for file '/usr/share/.../charbd2' [ Not found ]
[00:43:23] Checking for file '/usr/share/.../charbd3' [ Not found ]
[00:43:23] Checking for file '/usr/share/.../charbd4' [ Not found ]
[00:43:23] Checking for file '/usr/man/tmp/update.tgz' [ Not found ]
[00:43:23] Checking for file '/var/lib/rpm/db.rpm' [ Not found ]
[00:43:23] Checking for file '/var/cache/man/.cat' [ Not found ]
[00:43:23] Checking for file '/var/spool/lpd/remote/.lpq' [ Not found ]
[00:43:23] Checking for directory '/usr/share/...' [ Not found ]
[00:43:23] 'Spanish' Rootkit [ Not found ]
[00:43:24]
[00:43:24] Checking for Suckit Rootkit...
[00:43:24] Checking for file '/sbin/initsk12' [ Not found ]
[00:43:24] Checking for file '/sbin/initxrk' [ Not found ]
[00:43:24] Checking for file '/usr/bin/null' [ Not found ]
[00:43:24] Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[00:43:25] Checking for file '/etc/rc.d/rc0.d/S23kmdac' [ Not found ]
[00:43:25] Checking for file '/etc/rc.d/rc1.d/S23kmdac' [ Not found ]
[00:43:25] Checking for file '/etc/rc.d/rc2.d/S23kmdac' [ Not found ]
[00:43:25] Checking for file '/etc/rc.d/rc3.d/S23kmdac' [ Not found ]
[00:43:25] Checking for file '/etc/rc.d/rc4.d/S23kmdac' [ Not found ]
[00:43:25] Checking for file '/etc/rc.d/rc5.d/S23kmdac' [ Not found ]
[00:43:26] Checking for file '/etc/rc.d/rc6.d/S23kmdac' [ Not found ]
[00:43:26] Checking for directory '/dev/sdhu0/tehdrakg' [ Not found ]
[00:43:26] Checking for directory '/etc/.MG' [ Not found ]
[00:43:26] Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[00:43:26] Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[00:43:26] Suckit Rootkit [ Not found ]
[00:43:26]
[00:43:26] Checking for Superkit Rootkit...
[00:43:26] Checking for file '/usr/man/.sman/sk/backsh' [ Not found ]
[00:43:27] Checking for file '/usr/man/.sman/sk/izbtrag' [ Not found ]
[00:43:27] Checking for file '/usr/man/.sman/sk/sksniff' [ Not found ]
[00:43:27] Checking for file '/var/www/cgi-bin/cgiback.cgi' [ Not found ]
[00:43:27] Checking for directory '/usr/man/.sman/sk' [ Not found ]
[00:43:27] Superkit Rootkit [ Not found ]
[00:43:28]
[00:43:28] Checking for TBD (Telnet BackDoor)...
[00:43:28] Checking for file '/usr/lib/.tbd' [ Not found ]
[00:43:28] TBD (Telnet BackDoor) [ Not found ]
[00:43:28]
[00:43:28] Checking for TeLeKiT Rootkit...
[00:43:29] Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[00:43:29] Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[00:43:29] Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[00:43:29] Checking for file '/usr/man/man3/.../cl' [ Not found ]
[00:43:29] Checking for file '/dev/ptyr' [ Not found ]
[00:43:30] Checking for file '/dev/ptyp' [ Not found ]
[00:43:30] Checking for file '/dev/ptyq' [ Not found ]
[00:43:30] Checking for file '/dev/hda06' [ Not found ]
[00:43:30] Checking for file '/usr/info/libc1.so' [ Not found ]
[00:43:31] Checking for directory '/usr/man/man3/...' [ Not found ]
[00:43:31] Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[00:43:31] Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[00:43:31] TeLeKiT Rootkit [ Not found ]
[00:43:32]
[00:43:32] Checking for T0rn Rootkit...
[00:43:32] Checking for file '/dev/.lib/lib/lib/t0rns' [ Not found ]
[00:43:32] Checking for file '/dev/.lib/lib/lib/du' [ Not found ]
[00:43:32] Checking for file '/dev/.lib/lib/lib/ls' [ Not found ]
[00:43:32] Checking for file '/dev/.lib/lib/lib/t0rnsb' [ Not found ]
[00:43:32] Checking for file '/dev/.lib/lib/lib/ps' [ Not found ]
[00:43:32] Checking for file '/dev/.lib/lib/lib/t0rnp' [ Not found ]
[00:43:32] Checking for file '/dev/.lib/lib/lib/find' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/ifconfig' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/pg' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/ssh.tgz' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/top' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/sz' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/login' [ Not found ]
[00:43:33] Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[00:43:34] Checking for file '/dev/.lib/lib/lib/1i0n.sh' [ Not found ]
[00:43:34] Checking for file '/dev/.lib/lib/lib/pstree' [ Not found ]
[00:43:34] Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[00:43:34] Checking for file '/dev/.lib/lib/lib/mjy' [ Not found ]
[00:43:34] Checking for file '/dev/.lib/lib/lib/sush' [ Not found ]
[00:43:35] Checking for file '/dev/.lib/lib/lib/tfn' [ Not found ]
[00:43:35] Checking for file '/dev/.lib/lib/lib/name' [ Not found ]
[00:43:35] Checking for file '/dev/.lib/lib/lib/getip.sh' [ Not found ]
[00:43:36] Checking for file '/usr/info/.torn/sh*' [ Not found ]
[00:43:36] Checking for file '/usr/src/.puta/.1addr' [ Not found ]
[00:43:36] Checking for file '/usr/src/.puta/.1file' [ Not found ]
[00:43:36] Checking for file '/usr/src/.puta/.1proc' [ Not found ]
[00:43:36] Checking for file '/usr/src/.puta/.1logz' [ Not found ]
[00:43:36] Checking for file '/usr/info/.t0rn' [ Not found ]
[00:43:37] Checking for directory '/dev/.lib' [ Not found ]
[00:43:37] Checking for directory '/dev/.lib/lib' [ Not found ]
[00:43:37] Checking for directory '/dev/.lib/lib/lib' [ Not found ]
[00:43:37] Checking for directory '/dev/.lib/lib/lib/dev' [ Not found ]
[00:43:38] Checking for directory '/dev/.lib/lib/scan' [ Not found ]
[00:43:38] Checking for directory '/usr/src/.puta' [ Not found ]
[00:43:38] Checking for directory '/usr/man/man1/man1' [ Not found ]
[00:43:38] Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[00:43:38] Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[00:43:38] Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[00:43:38] T0rn Rootkit [ Not found ]
[00:43:39]
[00:43:39] Checking for trNkit Rootkit...
[00:43:39] Checking for file '/usr/lib/libbins.la' [ Not found ]
[00:43:39] Checking for file '/usr/lib/libtcs.so' [ Not found ]
[00:43:39] Checking for file '/dev/.ttpy/ulogin.sh' [ Not found ]
[00:43:39] Checking for file '/dev/.ttpy/tcpshell.sh' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/bupdu' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/buloc' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/buloc1' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/buloc2' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/stat' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/backps' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/tree' [ Not found ]
[00:43:40] Checking for file '/dev/.ttpy/topk' [ Not found ]
[00:43:41] Checking for file '/dev/.ttpy/wold' [ Not found ]
[00:43:41] Checking for file '/dev/.ttpy/whoold' [ Not found ]
[00:43:41] Checking for file '/dev/.ttpy/backdoors' [ Not found ]
[00:43:41] trNkit Rootkit [ Not found ]
[00:43:41]
[00:43:41] Checking for Trojanit Kit...
[00:43:41] Checking for file '/bin/.ls' [ Not found ]
[00:43:41] Checking for file '/bin/.ps' [ Not found ]
[00:43:42] Checking for file '/bin/.netstat' [ Not found ]
[00:43:42] Checking for file '/usr/bin/.nop' [ Not found ]
[00:43:42] Checking for file '/usr/bin/.who' [ Not found ]
[00:43:42] Trojanit Kit [ Not found ]
[00:43:42]
[00:43:42] Checking for Tuxtendo Rootkit...
[00:43:42] Checking for file '/lib/libproc.so.2.0.7' [ Not found ]
[00:43:42] Checking for file '/usr/bin/xchk' [ Not found ]
[00:43:42] Checking for file '/usr/bin/xsf' [ Not found ]
[00:43:42] Checking for file '/dev/tux/suidsh' [ Not found ]
[00:43:42] Checking for file '/dev/tux/.addr' [ Not found ]
[00:43:42] Checking for file '/dev/tux/.cron' [ Not found ]
[00:43:43] Checking for file '/dev/tux/.file' [ Not found ]
[00:43:43] Checking for file '/dev/tux/.log' [ Not found ]
[00:43:43] Checking for file '/dev/tux/.proc' [ Not found ]
[00:43:43] Checking for file '/dev/tux/.iface' [ Not found ]
[00:43:43] Checking for file '/dev/tux/.pw' [ Not found ]
[00:43:44] Checking for file '/dev/tux/.df' [ Not found ]
[00:43:44] Checking for file '/dev/tux/.ssh' [ Not found ]
[00:43:44] Checking for file '/dev/tux/.tux' [ Not found ]
[00:43:44] Checking for file '/dev/tux/ssh2/sshd2_config' [ Not found ]
[00:43:45] Checking for file '/dev/tux/ssh2/hostkey' [ Not found ]
[00:43:45] Checking for file '/dev/tux/ssh2/hostkey.pub' [ Not found ]
[00:43:45] Checking for file '/dev/tux/ssh2/logo' [ Not found ]
[00:43:46] Checking for file '/dev/tux/ssh2/random_seed' [ Not found ]
[00:43:46] Checking for file '/dev/tux/backup/crontab' [ Not found ]
[00:43:46] Checking for file '/dev/tux/backup/df' [ Not found ]
[00:43:47] Checking for file '/dev/tux/backup/dir' [ Not found ]
[00:43:47] Checking for file '/dev/tux/backup/find' [ Not found ]
[00:43:47] Checking for file '/dev/tux/backup/ifconfig' [ Not found ]
[00:43:48] Checking for file '/dev/tux/backup/locate' [ Not found ]
[00:43:48] Checking for file '/dev/tux/backup/netstat' [ Not found ]
[00:43:48] Checking for file '/dev/tux/backup/ps' [ Not found ]
[00:43:48] Checking for file '/dev/tux/backup/pstree' [ Not found ]
[00:43:48] Checking for file '/dev/tux/backup/syslogd' [ Not found ]
[00:43:48] Checking for file '/dev/tux/backup/tcpd' [ Not found ]
[00:43:49] Checking for file '/dev/tux/backup/top' [ Not found ]
[00:43:49] Checking for file '/dev/tux/backup/updatedb' [ Not found ]
[00:43:49] Checking for file '/dev/tux/backup/vdir' [ Not found ]
[00:43:49] Checking for directory '/dev/tux' [ Not found ]
[00:43:49] Checking for directory '/dev/tux/ssh2' [ Not found ]
[00:43:50] Checking for directory '/dev/tux/backup' [ Not found ]
[00:43:50] Tuxtendo Rootkit [ Not found ]
[00:43:50]
[00:43:50] Checking for URK Rootkit...
[00:43:50] Checking for file '/dev/prom/sn.l' [ Not found ]
[00:43:50] Checking for file '/usr/lib/ldlibps.so' [ Not found ]
[00:43:51] Checking for file '/usr/lib/ldlibnet.so' [ Not found ]
[00:43:51] Checking for file '/dev/pts/01/uconf.inv' [ Not found ]
[00:43:51] Checking for file '/dev/pts/01/cleaner' [ Not found ]
[00:43:51] Checking for file '/dev/pts/01/bin/psniff' [ Not found ]
[00:43:51] Checking for file '/dev/pts/01/bin/du' [ Not found ]
[00:43:51] Checking for file '/dev/pts/01/bin/ls' [ Not found ]
[00:43:52] Checking for file '/dev/pts/01/bin/passwd' [ Not found ]
[00:43:52] Checking for file '/dev/pts/01/bin/ps' [ Not found ]
[00:43:52] Checking for file '/dev/pts/01/bin/psr' [ Not found ]
[00:43:52] Checking for file '/dev/pts/01/bin/su' [ Not found ]
[00:43:53] Checking for file '/dev/pts/01/bin/find' [ Not found ]
[00:43:53] Checking for file '/dev/pts/01/bin/netstat' [ Not found ]
[00:43:53] Checking for file '/dev/pts/01/bin/ping' [ Not found ]
[00:43:53] Checking for file '/dev/pts/01/bin/strings' [ Not found ]
[00:43:53] Checking for file '/dev/pts/01/bin/bash' [ Not found ]
[00:43:54] Checking for file '/usr/man/man1/xxxxxxbin/du' [ Not found ]
[00:43:54] Checking for file '/usr/man/man1/xxxxxxbin/ls' [ Not found ]
[00:43:54] Checking for file '/usr/man/man1/xxxxxxbin/passwd' [ Not found ]
[00:43:54] Checking for file '/usr/man/man1/xxxxxxbin/ps' [ Not found ]
[00:43:54] Checking for file '/usr/man/man1/xxxxxxbin/psr' [ Not found ]
[00:43:55] Checking for file '/usr/man/man1/xxxxxxbin/su' [ Not found ]
[00:43:55] Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[00:43:55] Checking for file '/usr/man/man1/xxxxxxbin/netstat' [ Not found ]
[00:43:55] Checking for file '/usr/man/man1/xxxxxxbin/ping' [ Not found ]
[00:43:56] Checking for file '/usr/man/man1/xxxxxxbin/strings' [ Not found ]
[00:43:56] Checking for file '/usr/man/man1/xxxxxxbin/bash' [ Not found ]
[00:43:56] Checking for file '/tmp/conf.inv' [ Not found ]
[00:43:56] Checking for directory '/dev/prom' [ Not found ]
[00:43:56] Checking for directory '/dev/pts/01' [ Not found ]
[00:43:56] Checking for directory '/dev/pts/01/bin' [ Not found ]
[00:43:57] Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[00:43:57] URK Rootkit [ Not found ]
[00:43:57]
[00:43:57] Checking for Vampire Rootkit...
[00:43:58] Checking for kernel symbol 'new_getdents' [ Not found ]
[00:43:58] Checking for kernel symbol 'old_getdents' [ Not found ]
[00:43:58] Checking for kernel symbol 'should_hide_file_name' [ Not found ]
[00:43:58] Checking for kernel symbol 'should_hide_task_name' [ Not found ]
[00:43:59] Vampire Rootkit [ Not found ]
[00:43:59]
[00:43:59] Checking for VcKit Rootkit...
[00:43:59] Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[00:43:59] Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[00:43:59] VcKit Rootkit [ Not found ]
[00:43:59]
[00:43:59] Checking for Volc Rootkit...
[00:43:59] Checking for file '/usr/bin/volc' [ Not found ]
[00:44:00] Checking for file '/usr/lib/volc/backdoor/divine' [ Not found ]
[00:44:00] Checking for file '/usr/lib/volc/linsniff' [ Not found ]
[00:44:00] Checking for file '/etc/rc.d/rc1.d/S25sysconf' [ Not found ]
[00:44:00] Checking for file '/etc/rc.d/rc2.d/S25sysconf' [ Not found ]
[00:44:00] Checking for file '/etc/rc.d/rc3.d/S25sysconf' [ Not found ]
[00:44:00] Checking for file '/etc/rc.d/rc4.d/S25sysconf' [ Not found ]
[00:44:00] Checking for file '/etc/rc.d/rc5.d/S25sysconf' [ Not found ]
[00:44:00] Checking for directory '/var/spool/.recent' [ Not found ]
[00:44:01] Checking for directory '/var/spool/.recent/.files' [ Not found ]
[00:44:01] Checking for directory '/usr/lib/volc' [ Not found ]
[00:44:01] Checking for directory '/usr/lib/volc/backup' [ Not found ]
[00:44:01] Volc Rootkit [ Not found ]
[00:44:01]
[00:44:01] Checking for Xzibit Rootkit...
[00:44:01] Checking for file '/dev/dsx' [ Not found ]
[00:44:02] Checking for file '/dev/caca' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/linsniffer' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/logclear' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/sense' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/sl2' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/sshdu' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/s' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[00:44:02] Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[00:44:03] Checking for file '/dev/ida/.inet/sl2new.c' [ Not found ]
[00:44:03] Checking for file '/dev/ida/.inet/tcp.log' [ Not found ]
[00:44:03] Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not found ]
[00:44:03] Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [ Not found ]
[00:44:03] Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [ Not found ]
[00:44:03] Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not found ]
[00:44:03] Checking for file '/www/cgi-bin/becys.cgi' [ Not found ]
[00:44:04] Checking for directory '/dev/ida/.inet' [ Not found ]
[00:44:04] Xzibit Rootkit [ Not found ]
[00:44:04]
[00:44:04] Checking for zaRwT.KiT Rootkit...
[00:44:04] Checking for file '/dev/rd/s/sendmeil' [ Not found ]
[00:44:04] Checking for file '/dev/ttyf' [ Not found ]
[00:44:04] Checking for file '/dev/ttyp' [ Not found ]
[00:44:05] Checking for file '/dev/ttyn' [ Not found ]
[00:44:05] Checking for file '/rk/tulz' [ Not found ]
[00:44:05] Checking for directory '/rk' [ Not found ]
[00:44:05] Checking for directory '/dev/rd/s' [ Not found ]
[00:44:05] zaRwT.KiT Rootkit [ Not found ]
[00:44:05]
[00:44:05] Checking for ZK Rootkit...
[00:44:05] Checking for file '/usr/share/.zk/zk' [ Not found ]
[00:44:06] Checking for file '/usr/X11R6/.zk/xfs' [ Not found ]
[00:44:06] Checking for file '/usr/X11R6/.zk/echo' [ Not found ]
[00:44:06] Checking for file '/etc/1ssue.net' [ Not found ]
[00:44:06] Checking for file '/etc/sysconfig/console/load.zk' [ Not found ]
[00:44:07] Checking for directory '/usr/share/.zk' [ Not found ]
[00:44:07] Checking for directory '/usr/X11R6/.zk' [ Not found ]
[00:44:07] ZK Rootkit [ Not found ]
[00:44:21]
[00:44:21] Info: Starting test name 'additional_rkts'
[00:44:21] Performing additional rootkit checks
[00:44:21]
[00:44:21] Performing Suckit Rookit additional checks
[00:44:21] Checking hard link count on '/sbin/init' [ OK ]
[00:44:21] Checking for hidden file extensions [ None found ]
[00:44:21] Running skdet command [ Skipped ]
[00:44:22] Info: Unable to find the 'skdet' command
[00:44:22] Suckit Rookit additional checks [ OK ]
[00:44:22]
[00:44:22] Info: Starting test name 'possible_rkt_files'
[00:44:22] Performing check of possible rootkit files and directories
[00:44:22] Checking for file '/dev/sdr0' [ Not found ]
[00:44:23] Checking for file '/dev/pisu' [ Not found ]
[00:44:23] Checking for file '/dev/xdta' [ Not found ]
[00:44:23] Checking for file '/dev/saux' [ Not found ]
[00:44:23] Checking for file '/dev/hdx' [ Not found ]
[00:44:24] Checking for file '/dev/hdx1' [ Not found ]
[00:44:24] Checking for file '/dev/hdx2' [ Not found ]
[00:44:24] Checking for file '/dev/ptyy' [ Not found ]
[00:44:24] Checking for file '/dev/ptyu' [ Not found ]
[00:44:24] Checking for file '/dev/ptyv' [ Not found ]
[00:44:25] Checking for file '/dev/hdbb' [ Not found ]
[00:44:25] Checking for file '/tmp/.syshackfile' [ Not found ]
[00:44:25] Checking for file '/tmp/.bash_history' [ Not found ]
[00:44:25] Checking for file '/usr/info/.clib' [ Not found ]
[00:44:26] Checking for file '/usr/sbin/tcp.log' [ Not found ]
[00:44:26] Checking for file '/usr/bin/take/pid' [ Not found ]
[00:44:26] Checking for file '/sbin/create' [ Not found ]
[00:44:26] Checking for file '/dev/ttypz' [ Not found ]
[00:44:26] Checking for file '/var/log/tcp.log' [ Not found ]
[00:44:26] Checking for file '/usr/include/audit.h' [ Not found ]
[00:44:26] Checking for file '/usr/bin/sourcemask' [ Not found ]
[00:44:26] Checking for file '/usr/bin/ras2xm' [ Not found ]
[00:44:26] Checking for file '/dev/xmx' [ Not found ]
[00:44:27] Checking for file '/usr/sbin/gpm.root' [ Not found ]
[00:44:27] Checking for file '/bin/vobiscum' [ Not found ]
[00:44:27] Checking for file '/bin/psr' [ Not found ]
[00:44:27] Checking for file '/dev/kdx' [ Not found ]
[00:44:28] Checking for file '/dev/dkx' [ Not found ]
[00:44:28] Checking for file '/usr/sbin/sshd3' [ Not found ]
[00:44:28] Checking for file '/usr/sbin/jcd' [ Not found ]
[00:44:28] Checking for file '/etc/rc.d/init.d/jcd' [ Not found ]
[00:44:28] Checking for file '/usr/sbin/atd2' [ Not found ]
[00:44:28] Checking for file '/home/httpd/cgi-bin/linux.cgi' [ Not found ]
[00:44:28] Checking for file '/home/httpd/cgi-bin/psid' [ Not found ]
[00:44:29] Checking for file '/home/httpd/cgi-bin/void.cgi' [ Not found ]
[00:44:29] Checking for file '/etc/rc.d/init.d/system' [ Not found ]
[00:44:29] Checking for file '/etc/rc.d/rc3.d/S93users' [ Not found ]
[00:44:29] Checking for file '/tmp/.ush' [ Not found ]
[00:44:30] Checking for file '/usr/lib/libhidefile.so' [ Not found ]
[00:44:30] Checking for file '/etc/cron.d/kmod' [ Not found ]
[00:44:30] Checking for file '/usr/lib/dmis/dmisd' [ Not found ]
[00:44:30] Checking for file '/lib/secure/libhij.so' [ Not found ]
[00:44:30] Checking for file '/usr/sbin/sshd3' [ Not found ]
[00:44:30] Checking for file '/etc/rc.d/init.d/crontab' [ Not found ]
[00:44:30] Checking for file '/etc/rc.d/init.d/jcd' [ Not found ]
[00:44:31] Checking for file '/usr/sbin/atd2' [ Not found ]
[00:44:31] Checking for file '/etc/rc.d/rc5.d/S93users' [ Not found ]
[00:44:31] Checking for file '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:44:31] Checking for file '/etc/init.d/xfs3' [ Not found ]
[00:44:32] Checking for file '/usr/sbin/t.txt' [ Not found ]
[00:44:32] Checking for file '/usr/sbin/change' [ Not found ]
[00:44:32] Checking for file '/usr/sbin/s' [ Not found ]
[00:44:32] Checking for file '/bin/f' [ Not found ]
[00:44:33] Checking for file '/bin/i' [ Not found ]
[00:44:33] Checking for file '/lib/libncom.so.4.0.1' [ Not found ]
[00:44:33] Checking for file '/sbin/zinit' [ Not found ]
[00:44:33] Checking for file '/tmp/pass_ssh.log' [ Not found ]
[00:44:34] Checking for file '/usr/include/gpm2.h' [ Not found ]
[00:44:34] Checking for file '/etc/ssh/.sshd_auth' [ Not found ]
[00:44:34] Checking for file '/usr/lib/.sshd.h' [ Not found ]
[00:44:34] Checking for file '/var/run/.defunct' [ Not found ]
[00:44:34] Checking for file '/etc/httpd/run/.defunct' [ Not found ]
[00:44:35] Checking for file '/usr/share/pci.r' [ Not found ]
[00:44:35] Checking for file '/etc/cron.daily/dnsquery' [ Not found ]
[00:44:35] Checking for file '/usr/lib/libutil1.2.1.2.so' [ Not found ]
[00:44:36] Checking for file '/bin/ceva' [ Not found ]
[00:44:36] Checking for file '/sbin/syslogd<SP>' [ Not found ]
[00:44:36] Checking for file '/usr/include/shup.h' [ Not found ]
[00:44:36] Checking for file '/etc/rpm/sshdOLD' [ Not found ]
[00:44:36] Checking for file '/etc/rpm/sshOLD' [ Not found ]
[00:44:36] Checking for file '/usr/share/passwd.h' [ Not found ]
[00:44:36] Checking for file '/lib/.xsyslog' [ Not found ]
[00:44:37] Checking for file '/etc/.xsyslog' [ Not found ]
[00:44:37] Checking for file '/lib/.ssyslog' [ Not found ]
[00:44:37] Checking for file '/tmp/.sendmail' [ Not found ]
[00:44:37] Checking for file '/usr/share/sshd.sync' [ Not found ]
[00:44:38] Checking for file '/bin/zcut' [ Not found ]
[00:44:38] Checking for file '/usr/bin/zmuie' [ Not found ]
[00:44:38] Checking for file '/lib/libkeyutils.so.1.9' [ Not found ]
[00:44:38] Checking for file '/lib64/libkeyutils.so.1.9' [ Not found ]
[00:44:38] Checking for file '/usr/lib/libkeyutils.so.1.9' [ Not found ]
[00:44:38] Checking for file '/usr/lib64/libkeyutils.so.1.9' [ Not found ]
[00:44:38] Checking for directory '/dev/ptyas' [ Not found ]
[00:44:39] Checking for directory '/usr/bin/take' [ Not found ]
[00:44:39] Checking for directory '/usr/src/.lib' [ Not found ]
[00:44:39] Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[00:44:39] Checking for directory '/lib/lblip.tk' [ Not found ]
[00:44:40] Checking for directory '/usr/sbin/...' [ Not found ]
[00:44:40] Checking for directory '/usr/share/.gun' [ Not found ]
[00:44:40] Checking for directory '/unde/vrei/tu/sa/te/ascunzi/in/server' [ Not found ]
[00:44:40] Checking for directory '/usr/man/man1/..<SP><SP>/.dir' [ Not found ]
[00:44:40] Checking for directory '/usr/X11R6/include/X11/...' [ Not found ]
[00:44:40] Checking for directory '/usr/X11R6/lib/X11/.fonts/misc/...' [ Not found ]
[00:44:40] Checking for directory '/tmp/.sys' [ Not found ]
[00:44:40] Checking for directory '/tmp/'' [ Not found ]
[00:44:41] Checking for directory '/tmp/.,' [ Not found ]
[00:44:41] Checking for directory '/tmp/,.,' [ Not found ]
[00:44:41] Checking for directory '/dev/shm/emilien' [ Not found ]
[00:44:41] Checking for directory '/var/tmp/.log' [ Not found ]
[00:44:41] Checking for directory '/tmp/zmeu/...<SP>' [ Not found ]
[00:44:42] Checking for directory '/var/log/ssh' [ Not found ]
[00:44:42] Checking for directory '/dev/ida' [ Not found ]
[00:44:42] Checking for directory '/var/lib/games/.src/ssk/shit' [ Not found ]
[00:44:42] Checking for directory '/usr/lib/libshtift' [ Not found ]
[00:44:42] Checking for directory '/usr/src/.poop' [ Not found ]
[00:44:42] Checking for directory '/dev/wd4' [ Not found ]
[00:44:43] Checking for directory '/var/run/.tmp' [ Not found ]
[00:44:43] Checking for directory '/usr/man/man1/lib/.lib' [ Not found ]
[00:44:43] Checking for directory '/dev/portd' [ Not found ]
[00:44:43] Checking for directory '/dev/...' [ Not found ]
[00:44:44] Checking for directory '/usr/share/man/mansps' [ Not found ]
[00:44:44] Checking for directory '/lib/.so' [ Not found ]
[00:44:44] Checking for directory '/lib/.sso' [ Not found ]
[00:44:44] Checking for directory '/usr/include/sslv3' [ Not found ]
[00:44:45] Checking for directory '/dev/shm/sshd' [ Not found ]
[00:44:45] Checking for directory '/usr/share/locale/mk/.dev/sk' [ Not found ]
[00:44:45] Checking for directory '/usr/share/locale/mk/.dev' [ Not found ]
[00:44:46] Checking for directory '/usr/include/netda.h' [ Not found ]
[00:44:46] Checking for directory '/usr/include/.ssh' [ Not found ]
[00:44:46] Checking for directory '/usr/share/locale/jp/.<SP>' [ Not found ]
[00:44:46] Checking for directory '/usr/share/.sqe' [ Not found ]
[00:44:46] Checking for possible rootkit files and directories [ None found ]
[00:44:46]
[00:44:46] Info: Starting test name 'possible_rkt_strings'
[00:44:46] Performing check for possible rootkit strings
[00:44:46] Info: Using system startup paths: /etc/rc.local /etc/init.d
[00:44:47] Checking for string 'phalanx' [ Not found ]
[00:44:47] Checking for string '/dev/proc/fuckit' [ Not found ]
[00:44:48] Checking for string 'FUCK' [ Not found ]
[00:44:48] Checking for string 'backdoor' [ Not found ]
[00:44:48] Checking for string '/usr/bin/rcpc' [ Not found ]
[00:44:49] Checking for string '/usr/sbin/login' [ Not found ]
[00:44:49] Checking for string '/dev/ptyxx/.proc' [ Not found ]
[00:44:49] Checking for string 'vt200' [ Not found ]
[00:44:49] Checking for string '/usr/bin/xstat' [ Not found ]
[00:44:49] Checking for string '/bin/envpc' [ Not found ]
[00:44:50] Checking for string 'L4m3r0x' [ Not found ]
[00:44:50] Checking for string '/lib/libext' [ Not found ]
[00:44:50] Checking for string '/usr/sbin/login' [ Not found ]
[00:44:50] Checking for string '/usr/lib/.tbd' [ Not found ]
[00:44:50] Checking for string 'sendmail' [ Not found ]
[00:44:51] Checking for string 'cocacola' [ Not found ]
[00:44:51] Checking for string 'joao' [ Not found ]
[00:44:51] Checking for string '/dev/ptyxx/.file' [ Not found ]
[00:44:51] Checking for string '/dev/ptyxx/.file' [ Not found ]
[00:44:52] Checking for string '/dev/sgk' [ Not found ]
[00:44:52] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[00:44:52] Checking for string '/usr/lib/.tbd' [ Not found ]
[00:44:52] Checking for string '/dev/proc/fuckit' [ Not found ]
[00:44:53] Checking for string '/lib/.sso' [ Not found ]
[00:44:53] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[00:44:53] Checking for string '/dev/caca' [ Not found ]
[00:44:53] Checking for string '/dev/ttyoa' [ Not found ]
[00:44:53] Checking for string '/usr/lib/ldlibns.so' [ Not found ]
[00:44:54] Checking for string '/dev/ptyxx/.addr' [ Not found ]
[00:44:55] Checking for string 'syg' [ Not found ]
[00:44:55] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[00:44:55] Checking for string '/dev/pts/01' [ Not found ]
[00:44:55] Checking for string 'tw33dl3' [ Not found ]
[00:44:55] Checking for string 'psniff' [ Not found ]
[00:44:56] Checking for string 'uconf.inv' [ Not found ]
[00:44:56] Checking for string 'lib/ldlibps.so' [ Not found ]
[00:44:56] Checking for string '/usr/lib/ldlibpst.so' [ Not found ]
[00:44:56] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:44:56] Checking for string '/dev/ptyxx/.proc' [ Not found ]
[00:44:57] Checking for string '/dev/ptyxx/.proc' [ Not found ]
[00:44:57] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:44:57] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:44:57] Checking for string '/bin/bash' [ Not found ]
[00:44:59] Checking for string '/dev/xdta' [ Not found ]
[00:44:59] Checking for string '/usr/lib/.tbd' [ Not found ]
[00:44:59] Checking for string '/dev/ptyxx/.proc' [ Not found ]
[00:45:02] Checking for string 'in.inetd' [ Not found ]
[00:45:04] Checking for string '#<HIDE_.*>' [ Not found ]
[00:45:07] Checking for string 'bin/xchk' [ Not found ]
[00:45:09] Checking for string 'bin/xsf' [ Not found ]
[00:45:12] Checking for string '/usr/bin/ssh2d' [ Not found ]
[00:45:14] Checking for string '/usr/sbin/xntps' [ Not found ]
[00:45:17] Checking for string 'ttyload' [ Not found ]
[00:45:19] Checking for string '/etc/rc.d/init.d/init' [ Not found ]
[00:45:22] Checking for string 'usr/bin/xfss' [ Not found ]
[00:45:25] Checking for string '/usr/sbin/rpc.netinet' [ Not found ]
[00:45:27] Checking for string '/usr/lib/.fx/cons.saver' [ Not found ]
[00:45:29] Checking for string '/usr/lib/.fx/xs' [ Not found ]
[00:45:30] Checking for string '/ssh2d' [ Not found ]
[00:45:31] Checking for string '/dev/kmod' [ Not found ]
[00:45:31] Checking for string '/crth.o' [ Not found ]
[00:45:32] Checking for string '/crtz.o' [ Not found ]
[00:45:33] Checking for string '/dev/dos' [ Not found ]
[00:45:33] Checking for string '/lpq' [ Not found ]
[00:45:34] Checking for string '/usr/sbin/rescue' [ Not found ]
[00:45:35] Checking for string '/usr/lib/lpstart' [ Not found ]
[00:45:36] Checking for string '/volc' [ Not found ]
[00:45:36] Checking for string 'sourcemask' [ Not found ]
[00:45:37] Checking for string '/bin/vobiscum' [ Not found ]
[00:45:38] Checking for string '/usr/sbin/in.telnet' [ Not found ]
[00:45:38] Checking for string '/usr/bin/hdparm?-t1?-X53?-p' [ Not found ]
[00:45:39] Checking for string '/lib/.xsyslog' [ Not found ]
[00:45:40] Checking for string '/etc/.xsyslog' [ Not found ]
[00:45:41] Checking for string '/lib/.ssyslog' [ Not found ]
[00:45:41] Checking for string '/tmp/.sendmail' [ Not found ]
[00:45:41] Checking for string '/lib/ldd.so/tkps' [ Not found ]
[00:45:41] Checking for string 't0rnkit' [ Not found ]
[00:45:42] Checking for string '/dev/proc/fuckit' [ Not found ]
[00:45:42] Checking for string 'backdoor.h' [ Not found ]
[00:45:42] Checking for string 'backdoor_active' [ Not found ]
[00:45:42] Checking for string 'magic_pass_active' [ Not found ]
[00:45:42] Checking for string '/usr/include/gpm2.h' [ Not found ]
[00:45:42] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:45:42] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:45:42] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:45:42] Checking for string '/usr/lib/ldlibct.so' [ Not found ]
[00:45:42] Checking for string '/usr/lib/ldlibdu.so' [ Not found ]
[00:45:42] Checking for string '/dev/ptyxx/.file' [ Not found ]
[00:45:42] Checking for string 'libproc.so.2.0.7' [ Not found ]
[00:45:42] Checking for string '/dev/ida/.inet' [ Not found ]
[00:45:42] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:42] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:42] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:42] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:43] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:43] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:43] Checking for string 'backconnect' [ Not found ]
[00:45:43] Checking for string 'magic?packet?received' [ Not found ]
[00:45:43] Checking for possible rootkit strings [ None found ]
[00:45:43]
[00:45:43] Info: Starting test name 'malware'
[00:45:43] Performing malware checks
[00:45:43]
[00:45:43] Info: Test 'deleted_files' disabled at users request.
[00:45:43]
[00:45:43] Info: Starting test name 'running_procs'
[00:45:47] Checking running processes for suspicious files [ None found ]
[00:45:48]
[00:45:48] Info: Test 'hidden_procs' disabled at users request.
[00:45:48]
[00:45:48] Info: Test 'suspscan' disabled at users request.
[00:45:48]
[00:45:48] Info: Starting test name 'other_malware'
[00:45:48] Performing check for login backdoors
[00:45:48] Checking for '/bin/.login' [ Not found ]
[00:45:48] Checking for '/sbin/.login' [ Not found ]
[00:45:48] Checking for login backdoors [ None found ]
[00:45:48]
[00:45:48] Performing check for suspicious directories
[00:45:48] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[00:45:49] Checking for directory '/dev/rd/cdb' [ Not found ]
[00:45:49] Checking for suspicious directories [ None found ]
[00:45:49]
[00:45:49] Checking for software intrusions [ Skipped ]
[00:45:49] Info: Check skipped - tripwire not installed
[00:45:49]
[00:45:49] Performing check for sniffer log files
[00:45:49] Checking for file '/usr/lib/libice.log' [ Not found ]
[00:45:49] Checking for file '/dev/prom/sn.l' [ Not found ]
[00:45:49] Checking for file '/dev/fd/.88/zxsniff.log' [ Not found ]
[00:45:49] Checking for sniffer log files [ None found ]
[00:45:49]
[00:45:49] Suspicious Shared Memory segments
[00:45:50] Suspicious Shared Memory segments [ None found ]
[00:45:50]
[00:45:50] Info: Starting test name 'trojans'
[00:45:50] Performing trojan specific checks
[00:45:50] Info: Using inetd configuration file '/etc/inetd.conf'
[00:45:50] Checking for enabled inetd services [ OK ]
[00:45:50]
[00:45:50] Performing check for enabled xinetd services
[00:45:50] Checking for enabled xinetd services [ Skipped ]
[00:45:51] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[00:45:51] Info: Apache backdoor check skipped: Apache modules and configuration directories not found.
[00:45:51]
[00:45:51] Info: Starting test name 'os_specific'
[00:45:51] Performing Linux specific checks
[00:45:51] Checking loaded kernel modules [ OK ]
[00:45:51] Info: Using modules pathname of '/lib/modules/4.2.0-34-generic'
[00:45:52] Checking kernel module names [ OK ]
[00:49:12]
[00:49:12] Info: Starting test name 'network'
[00:49:12] Checking the network...
[00:49:12]
[00:49:12] Performing checks on the network ports
[00:49:12] Info: Starting test name 'ports'
[00:49:12] Performing check for backdoor ports
[00:49:13] Checking for TCP port 1524 [ Not found ]
[00:49:14] Checking for TCP port 1984 [ Not found ]
[00:49:14] Checking for UDP port 2001 [ Not found ]
[00:49:14] Checking for TCP port 2006 [ Not found ]
[00:49:15] Checking for TCP port 2128 [ Not found ]
[00:49:15] Checking for TCP port 6666 [ Not found ]
[00:49:15] Checking for TCP port 6667 [ Not found ]
[00:49:16] Checking for TCP port 6668 [ Not found ]
[00:49:17] Checking for TCP port 6669 [ Not found ]
[00:49:18] Checking for TCP port 7000 [ Not found ]
[00:49:18] Checking for TCP port 13000 [ Not found ]
[00:49:18] Checking for TCP port 14856 [ Not found ]
[00:49:19] Checking for TCP port 25000 [ Not found ]
[00:49:20] Checking for TCP port 29812 [ Not found ]
[00:49:20] Checking for TCP port 31337 [ Not found ]
[00:49:21] Checking for TCP port 32982 [ Not found ]
[00:49:22] Checking for TCP port 33369 [ Not found ]
[00:49:23] Checking for TCP port 47107 [ Not found ]
[00:49:23] Checking for TCP port 47018 [ Not found ]
[00:49:24] Checking for TCP port 60922 [ Not found ]
[00:49:24] Checking for TCP port 62883 [ Not found ]
[00:49:25] Checking for TCP port 65535 [ Not found ]
[00:49:25] Checking for backdoor ports [ None found ]
[00:49:26]
[00:49:26] Info: Starting test name 'hidden_ports'
[00:49:26] Info: Found the 'unhide-tcp' command: /usr/sbin/unhide-tcp
[00:49:27] Checking for hidden ports [ None found ]
[00:49:28]
[00:49:28] Performing checks on the network interfaces
[00:49:28] Info: Starting test name 'promisc'
[00:49:28] Checking for promiscuous interfaces [ None found ]
[00:49:28]
[00:49:28] Info: Test 'packet_cap_apps' disabled at users request.
[00:49:28]
[00:49:28] Info: Starting test name 'local_host'
[00:49:29] Checking the local host...
[00:49:29]
[00:49:29] Info: Starting test name 'startup_files'
[00:49:29] Performing system boot checks
[00:49:29] Checking for local host name [ Found ]
[00:49:29]
[00:49:29] Info: Starting test name 'startup_malware'
[00:49:29] Checking for system startup files [ Found ]
[00:49:46] Checking system startup files for malware [ None found ]
[00:49:46]
[00:49:46] Info: Starting test name 'group_accounts'
[00:49:46] Performing group and account checks
[00:49:46] Checking for passwd file [ Found ]
[00:49:46] Info: Found password file: /etc/passwd
[00:49:47] Checking for root equivalent (UID 0) accounts [ None found ]
[00:49:47] Info: Found shadow file: /etc/shadow
[00:49:47] Checking for passwordless accounts [ None found ]
[00:49:47]
[00:49:47] Info: Starting test name 'passwd_changes'
[00:49:47] Checking for passwd file changes [ Warning ]
[00:49:47] Warning: User 'clamav' has been added to the passwd file.
[00:49:47] Warning: User 'c-icap' has been added to the passwd file.
[00:49:47]
[00:49:47] Info: Starting test name 'group_changes'
[00:49:47] Checking for group file changes [ Warning ]
[00:49:47] Warning: Group 'vlock' has been added to the group file.
[00:49:47] Warning: Group 'clamav' has been added to the group file.
[00:49:47] Warning: Group 'c-icap' has been added to the group file.
[00:49:47] Checking root account shell history files [ None found ]
[00:49:47]
[00:49:47] Info: Starting test name 'system_configs'
[00:49:47] Performing system configuration file checks
[00:49:47] Checking for an SSH configuration file [ Not found ]
[00:49:48] Checking for a running system logging daemon [ Found ]
[00:49:48] Info: A running 'rsyslog' daemon has been found.
[00:49:48] Info: A running 'systemd-journald' daemon has been found.
[00:49:48] Info: Found an rsyslog configuration file: /etc/rsyslog.conf
[00:49:48] Info: Found a systemd configuration file: /etc/systemd/journald.conf
[00:49:48] Checking for a system logging configuration file [ Found ]
[00:49:48] Checking if syslog remote logging is allowed [ Not allowed ]
[00:49:49]
[00:49:49] Info: Starting test name 'filesystem'
[00:49:49] Performing filesystem checks
[00:49:49] Info: SCAN_MODE_DEV set to 'THOROUGH'
[00:50:10] Checking /dev for suspicious file types [ Warning ]
[00:50:10] Warning: Suspicious file types found in /dev:
[00:50:10] /dev/shm/pulse-shm-1345573933: data
[00:50:11] /dev/shm/pulse-shm-218296524: data
[00:50:11] /dev/shm/pulse-shm-519599192: data
[00:50:11] /dev/shm/pulse-shm-927969031: data
[00:50:11] /dev/shm/pulse-shm-735769416: data
[00:50:11] /dev/shm/ecryptfs-ruut-Private: ASCII text
[00:50:11] /dev/shm/pulse-shm-3336728073: data
[00:50:12] /dev/shm/pulse-shm-2617881712: data
[00:50:12] Checking for hidden files and directories [ None found ]
[00:50:12] Checking for missing log files [ Skipped ]
[00:50:12] Checking for empty log files [ Skipped ]
[00:51:47]
[00:51:47] Info: Test 'apps' disabled at users request.
[00:51:47]
[00:51:47] System checks summary
[00:51:48] =====================
[00:51:48]
[00:51:48] File properties checks...
[00:51:48] Files checked: 148
[00:51:48] Suspect files: 10
[00:51:48]
[00:51:48] Rootkit checks...
[00:51:48] Rootkits checked : 365
[00:51:48] Possible rootkits: 0
[00:51:48]
[00:51:48] Applications checks...
[00:51:48] All checks skipped
[00:51:49]
[00:51:49] The system checks took: 10 minutes and 49 seconds
[00:51:49]
[00:51:49] Info: End date is Do 17. Mär 00:51:49 CET 2016
|
|
17.03.2016, 01:58
| #24 |
| | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR CHKROOTKIT -x, und hier sind ja alle Experten: Log nur ausschnittsweise, sonst bekomme ich wieder ärger, dass ich so viel Mist poste Code:
ATTFilter Diagnostic-Code: %s; %.800s
Last-Attempt-Date:
Will-Retry-Until:
Content-Type:
errbody: I/O error
()<>@,;:\.[]"
*** Return To Sender: msg="%s", depth=%d, e=%p, returnq=
554 5.3.0 returntosender: infinite recursion on %s
554 5.3.0 returntosender: cannot select queue for %s
multipart/report; report-type=delivery-status;
boundary="%s"
Postmaster notify: see transcript for details
Returned mail: see transcript for details
savemail, errormode = %c, id = %s, ExitStat = %d
e_from=
553 5.3.5 Cannot parse Postmaster!
554 5.3.0 savemail: bogus errormode x%x
554 5.3.5 savemail: unknown state %d
554 savemail: cannot save rejected email anywhere
relayed to non-DSN-aware mailer
successfully delivered to mailbox
successfully delivered to mailing list
relayed (to non-DSN-aware mailer)
expanded (to multi-recipient alias)
relayed (Deliver-By trace mode)
delayed (Deliver-By notify mode)
relayed (Deliver-By notify mode)
----- Original message follows -----
----- Message header follows -----
----- Original message lost -----
This is a MIME-encapsulated message
**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
The original message was received at %s
----- The following addresses had permanent fatal errors -----
----- The following addresses had transient non-fatal errors -----
----- The following addresses had successful delivery notifications -----
----- Transcript of session is unavailable -----
----- Transcript of session follows -----
Content-Type: message/delivery-status
Original-Recipient: %.100s;%.700s
returntosender: q_finalrcpt is NULL
----- Message body suppressed -----
----- No message was collected -----
AUTH: sasl_encode error=%d
sfsasl.c
AUTH: sasl_decode error=%d
sasl
read W BLOCK
read R BLOCK
generic SSL error
write X BLOCK
syscall error
STARTTLS: write error=timeout
STARTTLS: read error=timeout
SM_ASSERT(con != NULL) failed
@sasl_read failure: outbuf == NULL but outlen != 0
STARTTLS=%s, info: fds=%d/%d, err=%d
STARTTLS=%s, error: fd %d/%d too large
STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d
STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d
STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d
STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d
sm_resolve.c
dns_lookup(%s, %d, %s)
dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response too long
dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response longer than default size, resizing
dns_lookup(%s, %d, %s) --> %d
ERROR: DNS RDLENGTH=%d > data len=%d
ERROR: DNS TXT record size=%d <= text len=%d
501 5.5.2 Syntax error in parameters scanning "%s"
AUTH error: listmech=%d, num=%d
AUTH: available mech=%s, allowed mech=%s
501 5.5.2 SIZE requires a value
552 5.2.3 Message size exceeds maximum value
552 5.2.3 Message size invalid
501 5.5.2 BODY requires a value
501 5.5.4 Unknown BODY type %s
504 5.7.0 Sorry, ENVID not supported, we do not allow DSN
501 5.5.2 ENVID requires a value
501 5.5.4 Syntax error in ENVID parameter value
501 5.5.0 Duplicate ENVID parameter
504 5.7.0 Sorry, RET not supported, we do not allow DSN
501 5.5.2 RET requires a value
501 5.5.0 Duplicate RET parameter
501 5.5.2 Bad argument "%s" to RET
501 5.5.2 AUTH= requires a value
501 5.5.0 Duplicate AUTH parameter
501 5.5.4 Syntax error in AUTH parameter value
auth="%.100s" not trusted user="%.100s"
501 5.5.2 BY= requires a value
501 5.5.4 mode R requires BY time > 0
555 5.5.2 time %ld less than %ld
501 5.5.2 illegal by-mode '%c'
501 5.5.2 illegal by-trace '%c'
555 5.5.4 %s parameter unrecognized
504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN
501 5.5.2 NOTIFY requires a value
501 5.5.4 Bad argument "%s" to NOTIFY
504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN
501 5.5.2 ORCPT requires a value
501 5.5.0 Duplicate ORCPT parameter
501 5.5.4 Syntax error in ORCPT parameter value
%s: possible SMTP attack: command=%.40s, count=%u
502 5.3.0 Sendmail %s -- HELP not implemented
214-2.0.0 This is Sendmail version %s
504 5.3.0 HELP topic "%.10s" unknown
%s too old (require version %d)
fcntl(inchfd, F_GETFL) failed: %s
fcntl(outchfd, F_GETFL) failed: %s
set automode for I (%d)/O (%d) in SMTP server
srvfeatures: unknown feature %s
450 4.3.0 Please try again later.
ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled
AUTH error: sasl_server_new failed=%d
Milter: initialization failed, rejecting commands
Milter: initialization failed, temp failing commands
Milter: initialization failed, closing connection
SM_ASSERT(q != NULL || OpMode == MD_SMTP) failed
Milter: connect: host=%s, addr=%s, rejecting commands
Milter: connect: host=%s, addr=%s, temp failing commands
Milter: connect: host=%s, addr=%s, shutdown
rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds
421 4.4.1 %s Lost input channel from %s
lost input channel from %s to %s after %s
421 4.7.0 %s Command too long, possible attack %s
%s: SMTP violation, input too long: %lu
421 4.7.0 %s Rejecting open proxy %s
%s: probable open proxy: command=%.40s
unauthorized PIPELINING, sleeping, relay=%.100s
501 5.5.4 cannot decode AUTH parameter %s
AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d
454 4.5.4 Internal error: unable to encode64
AUTH encode64 error [%d for "%s"], relay=%.100s
AUTH continue: msg='%s' len=%u
535 5.7.0 authentication failed
AUTH failure (%s): %s (%d) %s, relay=%.100s
%s: %s: delaying %s: load average: %d
delaying=%s, load average=%d >= %d
421 4.7.0 %s Too many bad commands; closing connection
503 5.5.0 Already Authenticated
503 5.5.0 AUTH not permitted during a mail transaction
454 4.3.0 Please try again later
SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)
501 5.5.2 AUTH mechanism must be specified
504 5.3.3 AUTH mechanism %.32s not available
501 5.5.4 cannot BASE64 decode '%s'
AUTH decode64 error [%d for "%s"], relay=%.100s
454 4.5.4 Temporary authentication failure
AUTH encode64 error [%d for "%s"]
501 5.5.2 Syntax error (no parameters allowed)
454 4.3.3 TLS not available after start
503 5.5.0 TLS not permitted during a mail transaction
454 4.7.0 Please try again later
SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)
454 4.3.3 TLS not available: error generating SSL handle
454 4.3.3 TLS not available: error set fd
STARTTLS=server, error: accept failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d, relay=%.100s
503 5.7.0 Authentication required.
454 4.3.3 TLS not available: can't switch to encrypted layer
STARTTLS: can't switch to encrypted layer
501 %s requires domain address
invalid domain name (too long) from %s
invalid domain name (%s) from %.100s
CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d
Milter: helo=%s, reject=Command rejected
451 4.3.2 Please try again later
Milter: helo=%s, reject=421 4.7.0 %s closing connection
503 5.0.0 Polite people say HELO first
503 5.5.0 Sender already specified
530 5.7.0 Authentication required
SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)
552 5.2.3 Message size exceeds fixed maximum message size (%ld)
Milter: %s=%s, reject=421, errormode=4
Milter: %s=%s, reject=550 5.7.1 Command rejected
421 4.7.0 %s Too many bad recipients; closing connection
%s: Possible SMTP RCPT flood, shutting down connection.
%s: Possible SMTP RCPT flood, throttling.
503 5.0.0 Need MAIL before RCPT
503 5.0.0 Need RCPT (recipient)
Milter: cmd=data, reject=550 5.7.1 Command rejected
Milter: cmd=data, reject=421 4.7.0 %s closing connection
Milter: data, reject=554 5.7.1 Command rejected
Milter: data, reject=421 4.7.0 %s closing connection
250 2.0.0 %s Message accepted for delivery
abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d
550 5.7.1 Please try again later
SMTP %s command (%.100s) from %s tempfailed (due to previous checks)
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
502 5.7.0 Sorry, we do not allow this operation
503 5.0.0 I demand that you introduce yourself first
SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)
250 2.0.0 Queuing for queue group %s started
250 2.0.0 Queuing for node %s started
221 2.0.0 %s closing connection
QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d
%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s
500 5.5.1 Command unrecognized: "%s"
502 5.5.1 Command not implemented: "%s"
500 5.5.0 smtp: unknown code %d
@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $
AUTH warning: no mechanisms
size
srvrsmtp.c
8bitmime
envid
trust_auth
auth="%.100s" trusted
501 5.5.2 BY=%s out of range
501 5.5.2 BY= missing ';'
orcpt
%s: got arg %s="%s"
501 5.5.4 Too many parameters
=<>")
#vers
214-2.0.0 %s
214 2.0.0 End of HELP info
pleased to meet you
accepting invalid domain name
(will queue)
VRFY
check_vrfy
check_expn
smtp() heap group #%d
server %s startup
srv_features
temp
greet_pause
%s not accepting messages
%s %%.*s ESMTP%%s
%s-%%.*s ESMTP%%s
server cmd read
server %s cmd read
AUTH
501 5.0.0 AUTH aborted
235 2.0.0 OK Authenticated
AUTH auth_ssf: %u
503 5.3.3 SASL TLS failed
334 %s
<<< %s
<-- %s
%s %s: %.80s
550 5.0.0 %s
503 5.3.3 AUTH not available
503 5.5.0 TLS not available
220 2.0.0 Ready to start TLS
tls_client
server EHLO
server HELO
HELO/EHLO
501 Invalid domain name
[].-_#:
Milter: helo=%s, reject=%s
421-
250 %s Hello %s, %s
250-%s Hello %s, %s
250 ENHANCEDSTATUSCODES
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-EXPN
250-VERB
250-SIZE %ld
250-SIZE
250-DSN
250-ETRN
250-AUTH %s
250-STARTTLS
250-DELIVERBY %ld
250 HELP
250-DELIVERBY
server MAIL
%s didn't use HELO protocol
{nbadrcpts}
{mail_mailer}
{mail_host}
{mail_addr}
%s owned process doing -bs
{mail_from}
check_mail
421 4.3.0 closing connection
Milter: %s=%s, reject=%s
Milter: %s=%s, discard
250 2.1.0 Sender ok
{rcpt_mailer}
{rcpt_host}
{rcpt_addr}
server RCPT
452 4.5.3 Too many recipients
501 5.0.0 Missing recipient
check_rcpt
550 5.1.1 Addressee unknown
250 2.1.5 Recipient ok%s
server DATA
503 5.0.0 Need MAIL command
check_data
Milter: cmd=data, reject=%s
Milter: cmd=data, discard
check_eom
Milter: data, reject=%s
Milter: data, discard
Milter accept: message
451 4.0.0 Test failure
250 2.0.0 Reset state
%s: %s [rejected]
501 5.5.2 Argument required
554 5.5.2 Nothing to %s
2.1.5
%s <%s@%s>
%s <%s>
500 5.5.2 Parameter required
check_etrn
%s: ETRN %s
459 4.5.4 Queue %s unknown
500 5.5.0 ETRN out of memory
NOOP
250 2.0.0 OK
aborted by sender
502 5.7.0 Verbose unavailable
250 2.0.0 Verbose mode
Bogus
"%s" command from %s (%.100s)
Sending "%s" to Milter
Unimpl
POST
USER
leak_smtp
noop
ehlo
saml
soml
showq
STAB: %s %d
(hfunc=%d)
type %d val %lx %lx %lx %lx
entered
stab: unknown symbol type %d
size of stab entry: %d
stab.c
stabapply: trying %d/%s
$%s%s
stab: total=%d (%d)
stab: type[%2d]=%2d (%d)
poststats: %s: %s
SSL_connect
SSL_accept
undefined
STARTTLS: %s:%s
STARTTLS: SSL3 alert %s:%s:%s
STARTTLS: %s:failed in %s
STARTTLS: %s:error in %s
Server
Client
STARTTLS: %s%s missing
x509
UNKNOWN
tls.c
BadCertificateUnknown
cn_subject
BadCertificateTooLong
BadCertificateContainsNUL
cn_issuer
{cert_md5}
STARTTLS=%s: %lu:%s:%s:%d:%s
STARTTLS=%s, init=%d
SM_ASSERT(ctx != NULL) failed
STARTTLS: info_callback where=0x%x, ret=%d
STARTTLS=server, tmp_rsa_key: RSA_generate_key failed!
STARTTLS=server, tmp_rsa_key: new temp RSA key
STARTTLS=%s: file %s unsafe: %s
STARTTLS: internal error: tls_verify_cb: ssl == NULL
STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s
STARTTLS=%s, get_verify: %ld get_peer: 0x%lx
STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN
STARTTLS=%s, relay=%.100s, field=%s, status=CN too long
STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL
SM_ASSERT((n * 3) + 2 < sizeof(md5h)) failed
STARTTLS=%s, relay=%.100s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s/%.6s
STARTTLS=%s, cert-subject=%.256s, cert-issuer=%.256s, verifymsg=%s
STARTTLS=%s, error: illegal value '%s' for DHParam
STARTTLS=%s, error: SSL_CTX_new(SSLv23_%s_method()) failed
STARTTLS=%s, error: PEM_read_bio_X509_CRL(%s)=failed
STARTTLS=%s, error: BIO_new=failed
STARTTLS=%s, error: RSA_generate_key failed
STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed
STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed
STARTTLS=%s, error: SSL_CTX_check_private_key failed(%s): %d
STARTTLS=%s, error: SSL_CTX_check_private_key 2 failed: %d
STARTTLS=%s, error: cannot read DH parameters(%s): %s
STARTTLS=%s, error: BIO_new_file(%s) failed
inittls: Generating %d bit DH parameters
inittls: Using precomputed 512 bit DH parameters
STARTTLS=%s, error: cannot read or set DH parameters(%s): %s
STARTTLS=%s, Diffie-Hellman init, key=%d bit (%c)
STARTTLS=%s, error: load verify locs %s, %s failed: %d
STARTTLS=%s, error: SSL_CTX_set_cipher_list(%s) failed, list ignored
STARTTLS=%s, inittls: ctx == NULL
STARTTLS=%s, SSL_shutdown failed: %d
STARTTLS=%s, SSL_shutdown not done
0123456789ABCDEF
Maximum number of UDB entries exceeded
udbmatch: no match on %s (%d) via db
udbexpand: trying %s (%d) via db
udbexpand: no match on %s (%d)
udb.c
db_open(%s): %s
db_open(%s): %s
_udbx_init: db_open(%s)
Unknown UDB spec %s
REMOTE: addr %s, timeo %d
FETCH: file %s
FORWARD: host %s
HESIOD
UNKNOWN
_udbx_init: db->close(%s)
udbmatch(%s, %s)
udbmatch ==> %s
:maildrop
:default:mailname
udbexpand(%s)
udbexpand: match %.*s: %.*s
expanded to %s
expand %.100s => %s
udbexpand: QS_EXPANDED
:mailsender
udb_map_lookup(%s, %s)
_udbx_close: db->close(%s)
usersmtp.c
AUTH username '%s'
AUTH authid '%s'
8BIT-OK
authinfo
getauth %s=%s
enhancedstatuscodes
pipelining
deliverby
AUTH flags=%lx, mechs=%s
<No Realms>
<No Realm>
>>> %s
smtpmessage: NULL mci_out
smtpquit:1
client QUIT
STARTTLS dialogue
AUTH dialogue
reply
reply:1
reply:2
%s...
reply(%.100s) during %s
... while talking to %s:
050 %s
5.1.3
lmtp
LOGIN
DIGEST-MD5
AUTH %s =
encode64 for AUTH failed
AUTH %s %s
AUTH FAIL=%s (%d)
HDRS
FULL
smtpmailfrom: CurHost=%s
SIZE=%ld
BODY=%s
%s does not support 8BITMIME
ENVID=%s
RET=%s
AUTH=%s
BY=%ld;%c%s
MAIL From:<%s>%s
MAIL From:<@%s%c%s>%s
client MAIL
NOTIFY=
ORCPT=%s
RCPT To:<%s>%s
client RCPT
client RSET
client LHLO
client EHLO
client HELO
smtpinit
client greeting
LHLO %s
EHLO %s
HELO %s
553 5.3.5 system config error
client DATA 354
%05d >>> .
>>> .
client DATA status
client probe
user id
authentication id
password
realm
mechlist
error: safesasl(%s) failed: %s
AUTH=client, relay=%.64s [%.16s], authinfo %sfailed
AUTH=client, error: can't open %s: %s
AUTH=client, error: can't read %s from %s
str_union: stringlen1=%d, stringlen2=%d, sum=%d, status=overflow
AUTH=client, realm=%s, available realms=%s
AUTH=client, realm=%s not in list=%s
smtpquit: mailer%s%s exited with exit value %d
421 4.4.1 Connection reset by %s
451 4.4.1 reply: read error from %s
%.100s: SMTP RCPT protocol error: %s
%.100s: SMTP DATA-3 protocol error: %s
AUTH=client, available mechanisms do not fulfill requirements
%.100s: SMTP MAIL protocol error: %s
451 4.4.0 smtpinit: state CLOSED (was %d)
553 5.3.5 %s config error: mail loops back to me (MX problem?)
%.100s: SMTP DATA-1 protocol error: %s
%.100s: SMTP DATA-2 protocol error: %s
451 4.4.1 timeout writing message to %s
util.c
SM_REQUIRE(sz >= 0) failed
SM_ASSERT(l + 1 > l) failed
unable to write pid to %s: %s
started as: %s
{deliveryMode}
%s<null>%s
=~&?
%s$%c
%sM-
%o
%#x
%08lx=
%05d >>>
unlink %s
%s: unlink-fail %d
SM_REQUIRE(np != NULL) failed
SM_REQUIRE(n > 0) failed
tTyY
SM_REQUIRE(siz > 0) failed
%05d <<< [TIMEOUT]
%05d <<< [EOF]
%05d <<< %s
%3d:
CANNOT STAT (%s)
CLOSED
fl=0x%x,
mode=%o:
SOCK
%s/%d
CHR:
BLK:
FIFO:
DIR:
LNK:
size=%llu
%s: changed fds:
%s: cannot fork
%s: cannot dup2 for stdout
%s: cannot dup2 for stderr
%s: lockfp does not have a fd
prog_open: cannot chroot(%s)
prog_open: cannot chdir(/)
prog_open: setgid(%ld) failed
prog_open: setuid(%ld) failed
/tmp
%s: cannot exec
[UNKNOWN]
!cleanstrcpy: length == 0
!#$%&'*+-./^_`{|}~
control socket
proc_list_probe: lost pid %d
proc_list_probe
(unknown)
%s%d %s%s
ANSI
unable to write pid to %s: file in use by another process
SM_REQUIRE(buf != NULL) failed
timeout waiting for input from %.100s during %s
dev=%d/%d, ino=%llu, nlink=%d, u/gid=%d/%d,
checkfdopen(%d): %s not open as expected!
%s: cannot create pipe for stdout
Warning: prog_open: program %s unsafe: %s
POSSIBLE ATTACK from %.100s: newline in string "%s"
proc_list_probe: found %d children, expected %d
SM_ASSERT(ProcListSize < INT_MAX - PROC_LIST_SEG) failed
SM_ASSERT(CurChildren < INT_MAX) failed
@(#)$Debug: ANSI - enable reverse video in debug output $
World
Group
[dir %s]
[dir %s] mode %lo
FATAL
WARNING
[dir %s] %s
....
....
....
/usr/include/./X11/bitmaps/boxes
/usr/include/./X11/bitmaps/mailemptymsk
/usr/include/./X11/bitmaps/xsnow
/usr/include/./X11/bitmaps/FlipHoriz
/usr/include/./X11/bitmaps/star
/usr/include/./X11/bitmaps/flipped_gray
/usr/include/./X11/bitmaps/escherknot
/usr/include/./X11/bitmaps/flagup
/usr/include/./X11/bitmaps/terminal
/usr/include/./X11/bitmaps/Excl
/usr/include/./X11/bitmaps/vlines3
/usr/include/./X11/bitmaps/menu12
/usr/include/./X11/bitmaps/dimple1
/usr/include/./X11/bitmaps/dot
/usr/include/./X11/bitmaps/menu8
/usr/include/./X11/bitmaps/dimple3
/usr/include/./X11/bitmaps/mailempty
/usr/include/./X11/bitmaps/xlogo64
/usr/include/./X11/bitmaps/mensetmanus
/usr/include/./X11/bitmaps/letters
/usr/include/./X11/bitmaps/Dashes
/usr/include/./X11/bitmaps/keyboard16
/usr/include/./X11/bitmaps/hlines3
/usr/include/./X11/bitmaps/starMask
/usr/include/./X11/bitmaps/menu6
/usr/include/./X11/bitmaps/tie_fighter
/usr/include/./X11/bitmaps/right_ptr
/usr/include/./X11/bitmaps/RotateLeft
/usr/include/./X11/bitmaps/xlogo32
/usr/include/./X11/bitmaps/mailfullmsk
/usr/include/./X11/bitmaps/2x2
/usr/include/./X11/bitmaps/Left
/usr/include/./X11/bitmaps/box6
/usr/include/./X11/bitmaps/grid4
/usr/include/./X11/bitmaps/hlines2
/usr/include/./X11/bitmaps/gray
/usr/include/./X11/bitmaps/weird_size
/usr/include/./X11/bitmaps/mailfull
/usr/include/./X11/bitmaps/Fold
/usr/include/./X11/bitmaps/menu16
/usr/include/./X11/bitmaps/root_weave
/usr/include/./X11/bitmaps/sipb
/usr/include/./X11/bitmaps/black
/usr/include/./X11/bitmaps/ldblarrow
/usr/include/./X11/bitmaps/grid8
/usr/include/./X11/bitmaps/black6
/usr/include/./X11/bitmaps/left_ptrmsk
/usr/include/./X11/bitmaps/vlines2
/usr/include/./X11/bitmaps/gray3
/usr/include/./X11/bitmaps/wide_weave
/usr/include/./X11/bitmaps/right_ptrmsk
/usr/include/./X11/bitmaps/xlogo11
/usr/include/./X11/bitmaps/Stipple
/usr/include/./X11/bitmaps/opendot
/usr/include/./X11/bitmaps/FlipVert
/usr/include/./X11/bitmaps/rdblarrow
/usr/include/./X11/bitmaps/icon
/usr/include/./X11/bitmaps/noletters
/usr/include/./X11/bitmaps/dropbar7
/usr/include/./X11/bitmaps/grid16
/usr/include/./X11/bitmaps/gray1
/usr/include/./X11/bitmaps/cntr_ptrmsk
/usr/include/./X11/bitmaps/grid2
/usr/include/./X11/bitmaps/1x1
/usr/include/./X11/bitmaps/left_ptr
/usr/include/./X11/bitmaps/menu10
/usr/include/./X11/bitmaps/Right
/usr/include/./X11/bitmaps/wingdogs
/usr/include/./X11/bitmaps/woman
/usr/include/./X11/bitmaps/dropbar8
/usr/include/./X11/bitmaps/stipple
/usr/include/./X11/bitmaps/xlogo16
/usr/include/./X11/bitmaps/opendotMask
/usr/include/./X11/bitmaps/light_gray
/usr/include/./X11/bitmaps/Up
/usr/include/./X11/bitmaps/calculator
/usr/include/./X11/bitmaps/scales
/usr/include/./X11/bitmaps/target
/usr/include/./X11/bitmaps/RotateRight
/usr/include/./X11/bitmaps/cross_weave
/usr/include/./tommath.h
/usr/include/./memory.h
/usr/include/./pwd.h
/usr/include/./shadow.h
/usr/include/./elf.h
/usr/include/./netpacket
/usr/include/./netpacket/packet.h
/usr/include/./wchar.h
/usr/include/./ustat.h
/usr/include/./geany
/usr/include/./geany/scintilla
/usr/include/./geany/scintilla/ScintillaWidget.h
/usr/include/./geany/scintilla/SciLexer.h
/usr/include/./geany/scintilla/Scintilla.iface
/usr/include/./geany/scintilla/Scintilla.h
/usr/include/./geany/navqueue.h
/usr/include/./geany/stash.h
/usr/include/./geany/app.h
/usr/include/./geany/symbols.h
/usr/include/./geany/plugindata.h
/usr/include/./geany/encodings.h
/usr/include/./geany/main.h
/usr/include/./geany/pluginutils.h
/usr/include/./geany/project.h
/usr/include/./geany/build.h
/usr/include/./geany/ui_utils.h
/usr/include/./geany/editor.h
/usr/include/./geany/geanyfunctions.h
/usr/include/./geany/document.h
/usr/include/./geany/highlighting.h
/usr/include/./geany/geany.h
/usr/include/./geany/keybindings.h
/usr/include/./geany/dialogs.h
/usr/include/./geany/gtkcompat.h
/usr/include/./geany/utils.h
/usr/include/./geany/support.h
/usr/include/./geany/prefs.h
/usr/include/./geany/geanyplugin.h
/usr/include/./geany/sciwrappers.h
/usr/include/./geany/spawn.h
/usr/include/./geany/templates.h
/usr/include/./geany/search.h
/usr/include/./geany/filetypes.h
/usr/include/./geany/msgwindow.h
/usr/include/./geany/toolbar.h
/usr/include/./geany/tagmanager
/usr/include/./geany/tagmanager/tm_source_file.h
/usr/include/./geany/tagmanager/tm_workspace.h
/usr/include/./geany/tagmanager/tm_tag.h
/usr/include/./geany/tagmanager/tm_tagmanager.h
/usr/include/./netdb.h
/usr/include/./ctype.h
/usr/include/./glob.h
/usr/include/./turbojpeg.h
/usr/include/./envz.h
/usr/include/./features.h
/usr/include/./stropts.h
/usr/include/./ne_nemesisI_int.h
/usr/include/./scsi
/usr/include/./scsi/scsi_ioctl.h
/usr/include/./scsi/scsi.h
/usr/include/./scsi/cxlflash_ioctl.h
/usr/include/./scsi/scsi_netlink_fc.h
/usr/include/./scsi/scsi_netlink.h
/usr/include/./scsi/scsi_bsg_fc.h
/usr/include/./scsi/fc
/usr/include/./scsi/fc/fc_ns.h
/usr/include/./scsi/fc/fc_fs.h
/usr/include/./scsi/fc/fc_els.h
/usr/include/./scsi/fc/fc_gs.h
/usr/include/./scsi/sg.h
/usr/include/./spawn.h
/usr/include/./ftw.h
/usr/include/./monetary.h
/usr/include/./byteswap.h
/usr/include/./obstack.h
/usr/include/./regex.h
/usr/include/./termios.h
/usr/include/./hdf5
/usr/include/./hdf5/serial
/usr/include/./hdf5/serial/H5Cpublic.h
/usr/include/./hdf5/serial/h5f.mod
/usr/include/./hdf5/serial/H5Epubgen.h
/usr/include/./hdf5/serial/h5e.mod
/usr/include/./hdf5/serial/H5Ipublic.h
/usr/include/./hdf5/serial/h5_dble_interface.mod
/usr/include/./hdf5/serial/h5i.mod
/usr/include/./hdf5/serial/H5overflow.h
/usr/include/./hdf5/serial/H5File.h
/usr/include/./hdf5/serial/H5Epublic.h
/usr/include/./hdf5/serial/H5PacketTable.h
/usr/include/./hdf5/serial/h5e_provisional.mod
/usr/include/./hdf5/serial/h5lt.mod
/usr/include/./hdf5/serial/hdf5_hl.h
/usr/include/./hdf5/serial/H5FDstdio.h
/usr/include/./hdf5/serial/h5l.mod
/usr/include/./hdf5/serial/H5FDcore.h
/usr/include/./hdf5/serial/H5StrType.h
/usr/include/./hdf5/serial/H5DxferProp.h
/usr/include/./hdf5/serial/H5Library.h
/usr/include/./hdf5/serial/H5FDmpi.h
/usr/include/./hdf5/serial/h5d.mod
/usr/include/./hdf5/serial/H5f90i_gen.h
/usr/include/./hdf5/serial/h5o.mod
/usr/include/./hdf5/serial/H5Zpublic.h
/usr/include/./hdf5/serial/h5f_provisional.mod
/usr/include/./hdf5/serial/h5l_provisional.mod
/usr/include/./hdf5/serial/H5Dpublic.h
/usr/include/./hdf5/serial/H5IdComponent.h
/usr/include/./hdf5/serial/H5Group.h
/usr/include/./hdf5/serial/h5fortran_types.mod
/usr/include/./hdf5/serial/H5FcreatProp.h
/usr/include/./hdf5/serial/H5EnumType.h
/usr/include/./hdf5/serial/H5IMpublic.h
/usr/include/./hdf5/serial/H5PTpublic.h
/usr/include/./hdf5/serial/H5Attribute.h
/usr/include/./hdf5/serial/H5Object.h
/usr/include/./hdf5/serial/H5DataSpace.h
/usr/include/./hdf5/serial/H5Cpp.h
/usr/include/./hdf5/serial/H5pubconf.h
/usr/include/./hdf5/serial/H5Lpublic.h
/usr/include/./hdf5/serial/H5FDdirect.h
/usr/include/./hdf5/serial/H5ACpublic.h
/usr/include/./hdf5/serial/H5PropList.h
/usr/include/./hdf5/serial/h5p_provisional.mod
/usr/include/./hdf5/serial/h5d_provisional.mod
/usr/include/./hdf5/serial/h5t.mod
/usr/include/./hdf5/serial/H5public.h
/usr/include/./hdf5/serial/H5CompType.h
/usr/include/./hdf5/serial/H5AtomType.h
/usr/include/./hdf5/serial/h5o_provisional.mod
/usr/include/./hdf5/serial/H5Fpublic.h
/usr/include/./hdf5/serial/H5MMpublic.h
/usr/include/./hdf5/serial/hdf5.h
/usr/include/./hdf5/serial/H5FDmulti.h
/usr/include/./hdf5/serial/H5FaccProp.h
/usr/include/./hdf5/serial/H5DOpublic.h
/usr/include/./hdf5/serial/H5Opublic.h
/usr/include/./hdf5/serial/h5im.mod
/usr/include/./hdf5/serial/H5PLextern.h
/usr/include/./hdf5/serial/H5api_adpt.h
/usr/include/./hdf5/serial/H5Apublic.h
/usr/include/./hdf5/serial/H5CommonFG.h
/usr/include/./hdf5/serial/H5IntType.h
/usr/include/./hdf5/serial/H5FDfamily.h
/usr/include/./hdf5/serial/H5Rpublic.h
/usr/include/./hdf5/serial/hdf5.mod
/usr/include/./hdf5/serial/H5FDsec2.h
/usr/include/./hdf5/serial/H5PLpublic.h
/usr/include/./hdf5/serial/H5DataType.h
/usr/include/./hdf5/serial/H5PredType.h
/usr/include/./hdf5/serial/h5z.mod
/usr/include/./hdf5/serial/H5FDlog.h
/usr/include/./hdf5/serial/h5global.mod
/usr/include/./hdf5/serial/h5r_provisional.mod
/usr/include/./hdf5/serial/H5ArrayType.h
/usr/include/./hdf5/serial/H5VarLenType.h
/usr/include/./hdf5/serial/H5TBpublic.h
/usr/include/./hdf5/serial/H5CppDoc.h
/usr/include/./hdf5/serial/H5Gpublic.h
/usr/include/./hdf5/serial/H5Location.h
/usr/include/./hdf5/serial/h5lib.mod
/usr/include/./hdf5/serial/H5FloatType.h
/usr/include/./hdf5/serial/H5FDmpio.h
/usr/include/./hdf5/serial/h5lib_provisional.mod
/usr/include/./hdf5/serial/H5Ppublic.h
/usr/include/./hdf5/serial/H5DSpublic.h
/usr/include/./hdf5/serial/H5version.h
/usr/include/./hdf5/serial/H5LTpublic.h
/usr/include/./hdf5/serial/H5Classes.h
/usr/include/./hdf5/serial/h5tb.mod
/usr/include/./hdf5/serial/H5Tpublic.h
/usr/include/./hdf5/serial/h5t_provisional.mod
/usr/include/./hdf5/serial/H5DataSet.h
/usr/include/./hdf5/serial/h5a_provisional.mod
/usr/include/./hdf5/serial/h5ds.mod
/usr/include/./hdf5/serial/h5s.mod
/usr/include/./hdf5/serial/H5DcreatProp.h
/usr/include/./hdf5/serial/h5p.mod
/usr/include/./hdf5/serial/h5g.mod
/usr/include/./hdf5/serial/H5Spublic.h
/usr/include/./hdf5/serial/H5AbstractDs.h
/usr/include/./hdf5/serial/H5f90i.h
/usr/include/./hdf5/serial/H5Exception.h
/usr/include/./hdf5/serial/h5r.mod
/usr/include/./hdf5/serial/h5a.mod
/usr/include/./hdf5/serial/H5FDpublic.h
/usr/include/./hdf5/serial/H5Include.h
/usr/include/./limits.h
/usr/include/./grp.h
/usr/include/./signal.h
/usr/include/./sudo_plugin.h
/usr/include/./mqueue.h
/usr/include/./pthread.h
/usr/include/./wordexp.h
/usr/include/./nl_types.h
/usr/include/./termio.h
/usr/include/./complex.h
/usr/include/./reglib
/usr/include/./reglib/reglib.h
/usr/include/./reglib/nl80211.h
/usr/include/./reglib/regdb.h
/usr/include/./netcdf_meta.h
/usr/include/./inttypes.h
/usr/include/./assuan.h
/usr/include/./link.h
/usr/include/./xlocale.h
/usr/include/./search.h
/usr/include/./exodusII.h
/usr/include/./strings.h
/usr/include/./nss.h
/usr/include/./iconv.h
/usr/include/./wctype.h
/usr/include/./gnu-versions.h
/usr/include/./tgmath.h
/usr/include/./gnumake.h
/usr/include/./netax25
/usr/include/./netax25/ax25.h
/usr/include/./sched.h
/usr/include/./setjmp.h
/usr/include/./x86_64-linux-gnu
/usr/include/./x86_64-linux-gnu/bits
/usr/include/./x86_64-linux-gnu/bits/select2.h
/usr/include/./x86_64-linux-gnu/bits/dirent.h
/usr/include/./x86_64-linux-gnu/bits/sigset.h
/usr/include/./x86_64-linux-gnu/bits/msq.h
/usr/include/./x86_64-linux-gnu/bits/statfs.h
/usr/include/./x86_64-linux-gnu/bits/libc-lock.h
/usr/include/./x86_64-linux-gnu/bits/string.h
/usr/include/./x86_64-linux-gnu/bits/uio.h
/usr/include/./x86_64-linux-gnu/bits/waitstatus.h
/usr/include/./x86_64-linux-gnu/bits/statvfs.h
/usr/include/./x86_64-linux-gnu/bits/timex.h
/usr/include/./x86_64-linux-gnu/bits/ioctls.h
/usr/include/./x86_64-linux-gnu/bits/syslog.h
/usr/include/./x86_64-linux-gnu/bits/xopen_lim.h
/usr/include/./x86_64-linux-gnu/bits/poll.h
/usr/include/./x86_64-linux-gnu/bits/confname.h
/usr/include/./x86_64-linux-gnu/bits/fenv.h
/usr/include/./x86_64-linux-gnu/bits/auxv.h
/usr/include/./x86_64-linux-gnu/bits/stdlib-bsearch.h
/usr/include/./x86_64-linux-gnu/bits/sockaddr.h
/usr/include/./x86_64-linux-gnu/bits/select.h
/usr/include/./x86_64-linux-gnu/bits/wordsize.h
/usr/include/./x86_64-linux-gnu/bits/error.h
/usr/include/./x86_64-linux-gnu/bits/huge_val.h
/usr/include/./x86_64-linux-gnu/bits/wchar2.h
/usr/include/./x86_64-linux-gnu/bits/sys_errlist.h
/usr/include/./x86_64-linux-gnu/bits/syslog-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/socket2.h
/usr/include/./x86_64-linux-gnu/bits/in.h
/usr/include/./x86_64-linux-gnu/bits/mathinline.h
/usr/include/./x86_64-linux-gnu/bits/dlfcn.h
/usr/include/./x86_64-linux-gnu/bits/eventfd.h
/usr/include/./x86_64-linux-gnu/bits/stdio-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/math-finite.h
/usr/include/./x86_64-linux-gnu/bits/mman.h
/usr/include/./x86_64-linux-gnu/bits/huge_valf.h
/usr/include/./x86_64-linux-gnu/bits/mathdef.h
/usr/include/./x86_64-linux-gnu/bits/endian.h
/usr/include/./x86_64-linux-gnu/bits/param.h
/usr/include/./x86_64-linux-gnu/bits/semaphore.h
/usr/include/./x86_64-linux-gnu/bits/resource.h
/usr/include/./x86_64-linux-gnu/bits/byteswap-16.h
/usr/include/./x86_64-linux-gnu/bits/locale.h
/usr/include/./x86_64-linux-gnu/bits/signalfd.h
/usr/include/./x86_64-linux-gnu/bits/fenvinline.h
/usr/include/./x86_64-linux-gnu/bits/monetary-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/shm.h
/usr/include/./x86_64-linux-gnu/bits/siginfo.h
/usr/include/./x86_64-linux-gnu/bits/syscall.h
/usr/include/./x86_64-linux-gnu/bits/a.out.h
/usr/include/./x86_64-linux-gnu/bits/stdio-lock.h
/usr/include/./x86_64-linux-gnu/bits/inotify.h
/usr/include/./x86_64-linux-gnu/bits/utsname.h
/usr/include/./x86_64-linux-gnu/bits/posix1_lim.h
/usr/include/./x86_64-linux-gnu/bits/xtitypes.h
/usr/include/./x86_64-linux-gnu/bits/string3.h
/usr/include/./x86_64-linux-gnu/bits/stdio.h
/usr/include/./x86_64-linux-gnu/bits/socket_type.h
/usr/include/./x86_64-linux-gnu/bits/fcntl.h
/usr/include/./x86_64-linux-gnu/bits/mqueue2.h
/usr/include/./x86_64-linux-gnu/bits/sigaction.h
/usr/include/./x86_64-linux-gnu/bits/pthreadtypes.h
/usr/include/./x86_64-linux-gnu/bits/time.h
/usr/include/./x86_64-linux-gnu/bits/stdlib.h
/usr/include/./x86_64-linux-gnu/bits/syslog-path.h
/usr/include/./x86_64-linux-gnu/bits/environments.h
/usr/include/./x86_64-linux-gnu/bits/timerfd.h
/usr/include/./x86_64-linux-gnu/bits/waitflags.h
/usr/include/./x86_64-linux-gnu/bits/sigstack.h
/usr/include/./x86_64-linux-gnu/bits/mman-linux.h
/usr/include/./x86_64-linux-gnu/bits/string2.h
/usr/include/./x86_64-linux-gnu/bits/utmp.h
/usr/include/./x86_64-linux-gnu/bits/errno.h
/usr/include/./x86_64-linux-gnu/bits/wchar-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/poll2.h
/usr/include/./x86_64-linux-gnu/bits/sigcontext.h
/usr/include/./x86_64-linux-gnu/bits/cmathcalls.h
/usr/include/./x86_64-linux-gnu/bits/posix_opt.h
/usr/include/./x86_64-linux-gnu/bits/hwcap.h
/usr/include/./x86_64-linux-gnu/bits/elfclass.h
/usr/include/./x86_64-linux-gnu/bits/unistd.h
/usr/include/./x86_64-linux-gnu/bits/libio-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/wchar.h
/usr/include/./x86_64-linux-gnu/bits/ustat.h
/usr/include/./x86_64-linux-gnu/bits/netdb.h
/usr/include/./x86_64-linux-gnu/bits/ipc.h
/usr/include/./x86_64-linux-gnu/bits/stdlib-float.h
/usr/include/./x86_64-linux-gnu/bits/ioctl-types.h
/usr/include/./x86_64-linux-gnu/bits/ipctypes.h
/usr/include/./x86_64-linux-gnu/bits/stropts.h
/usr/include/./x86_64-linux-gnu/bits/posix2_lim.h
/usr/include/./x86_64-linux-gnu/bits/byteswap.h
/usr/include/./x86_64-linux-gnu/bits/termios.h
/usr/include/./x86_64-linux-gnu/bits/sigthread.h
/usr/include/./x86_64-linux-gnu/bits/sem.h
/usr/include/./x86_64-linux-gnu/bits/mqueue.h
/usr/include/./x86_64-linux-gnu/bits/sysctl.h
/usr/include/./x86_64-linux-gnu/bits/inf.h
/usr/include/./x86_64-linux-gnu/bits/huge_vall.h
/usr/include/./x86_64-linux-gnu/bits/local_lim.h
/usr/include/./x86_64-linux-gnu/bits/stdio2.h
/usr/include/./x86_64-linux-gnu/bits/stdio_lim.h
/usr/include/./x86_64-linux-gnu/bits/initspin.h
/usr/include/./x86_64-linux-gnu/bits/link.h
/usr/include/./x86_64-linux-gnu/bits/nan.h
/usr/include/./x86_64-linux-gnu/bits/epoll.h
/usr/include/./x86_64-linux-gnu/bits/types.h
/usr/include/./x86_64-linux-gnu/bits/socket.h
/usr/include/./x86_64-linux-gnu/bits/fcntl2.h
/usr/include/./x86_64-linux-gnu/bits/stat.h
/usr/include/./x86_64-linux-gnu/bits/printf-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/typesizes.h
/usr/include/./x86_64-linux-gnu/bits/stab.def
/usr/include/./x86_64-linux-gnu/bits/signum.h
/usr/include/./x86_64-linux-gnu/bits/sched.h
/usr/include/./x86_64-linux-gnu/bits/mathcalls.h
/usr/include/./x86_64-linux-gnu/bits/setjmp.h
/usr/include/./x86_64-linux-gnu/bits/fcntl-linux.h
/usr/include/./x86_64-linux-gnu/bits/setjmp2.h
/usr/include/./x86_64-linux-gnu/bits/utmpx.h
/usr/include/./x86_64-linux-gnu/bits/stdlib-ldbl.h
/usr/include/./x86_64-linux-gnu/openssl
/usr/include/./x86_64-linux-gnu/openssl/opensslconf.h
/usr/include/./x86_64-linux-gnu/gnu
/usr/include/./x86_64-linux-gnu/gnu/lib-names-64.h
/usr/include/./x86_64-linux-gnu/gnu/lib-names.h
/usr/include/./x86_64-linux-gnu/gnu/libc-version.h
/usr/include/./x86_64-linux-gnu/gnu/stubs-64.h
/usr/include/./x86_64-linux-gnu/gnu/stubs.h
/usr/include/./x86_64-linux-gnu/zconf.h
/usr/include/./x86_64-linux-gnu/a.out.h
/usr/include/./x86_64-linux-gnu/sys
/usr/include/./x86_64-linux-gnu/sys/statfs.h
/usr/include/./x86_64-linux-gnu/sys/raw.h
/usr/include/./x86_64-linux-gnu/sys/sendfile.h
/usr/include/./x86_64-linux-gnu/sys/uio.h
/usr/include/./x86_64-linux-gnu/sys/timeb.h
/usr/include/./x86_64-linux-gnu/sys/ucontext.h
/usr/include/./x86_64-linux-gnu/sys/statvfs.h
/usr/include/./x86_64-linux-gnu/sys/timex.h
/usr/include/./x86_64-linux-gnu/sys/swap.h
/usr/include/./x86_64-linux-gnu/sys/syslog.h
/usr/include/./x86_64-linux-gnu/sys/io.h
/usr/include/./x86_64-linux-gnu/sys/poll.h
/usr/include/./x86_64-linux-gnu/sys/auxv.h
/usr/include/./x86_64-linux-gnu/sys/klog.h
/usr/include/./x86_64-linux-gnu/sys/select.h
/usr/include/./x86_64-linux-gnu/sys/ioctl.h
/usr/include/./x86_64-linux-gnu/sys/file.h
/usr/include/./x86_64-linux-gnu/sys/bitypes.h
/usr/include/./x86_64-linux-gnu/sys/soundcard.h
/usr/include/./x86_64-linux-gnu/sys/msg.h
/usr/include/./x86_64-linux-gnu/sys/mount.h
/usr/include/./x86_64-linux-gnu/sys/ttychars.h
/usr/include/./x86_64-linux-gnu/sys/wait.h
/usr/include/./x86_64-linux-gnu/sys/mtio.h
/usr/include/./x86_64-linux-gnu/sys/sysmacros.h
/usr/include/./x86_64-linux-gnu/sys/sysinfo.h
/usr/include/./x86_64-linux-gnu/sys/ultrasound.h
/usr/include/./x86_64-linux-gnu/sys/eventfd.h
/usr/include/./x86_64-linux-gnu/sys/mman.h
/usr/include/./x86_64-linux-gnu/sys/queue.h
/usr/include/./x86_64-linux-gnu/sys/param.h
/usr/include/./x86_64-linux-gnu/sys/kd.h
/usr/include/./x86_64-linux-gnu/sys/resource.h
/usr/include/./x86_64-linux-gnu/sys/signalfd.h
/usr/include/./x86_64-linux-gnu/sys/profil.h
/usr/include/./x86_64-linux-gnu/sys/procfs.h
/usr/include/./x86_64-linux-gnu/sys/vlimit.h
/usr/include/./x86_64-linux-gnu/sys/acct.h
/usr/include/./x86_64-linux-gnu/sys/cdefs.h
/usr/include/./x86_64-linux-gnu/sys/ptrace.h
/usr/include/./x86_64-linux-gnu/sys/shm.h
/usr/include/./x86_64-linux-gnu/sys/vt.h
/usr/include/./x86_64-linux-gnu/sys/syscall.h
/usr/include/./x86_64-linux-gnu/sys/prctl.h
/usr/include/./x86_64-linux-gnu/sys/xattr.h
/usr/include/./x86_64-linux-gnu/sys/inotify.h
/usr/include/./x86_64-linux-gnu/sys/utsname.h
/usr/include/./x86_64-linux-gnu/sys/fcntl.h
/usr/include/./x86_64-linux-gnu/sys/un.h
/usr/include/./x86_64-linux-gnu/sys/time.h
/usr/include/./x86_64-linux-gnu/sys/perm.h
/usr/include/./x86_64-linux-gnu/sys/timerfd.h
/usr/include/./x86_64-linux-gnu/sys/user.h
/usr/include/./x86_64-linux-gnu/sys/pci.h
/usr/include/./x86_64-linux-gnu/sys/errno.h
/usr/include/./x86_64-linux-gnu/sys/gmon_out.h
/usr/include/./x86_64-linux-gnu/sys/unistd.h
/usr/include/./x86_64-linux-gnu/sys/elf.h
/usr/include/./x86_64-linux-gnu/sys/reboot.h
/usr/include/./x86_64-linux-gnu/sys/ttydefaults.h
/usr/include/./x86_64-linux-gnu/sys/ustat.h
/usr/include/./x86_64-linux-gnu/sys/vfs.h
/usr/include/./x86_64-linux-gnu/sys/ipc.h
/usr/include/./x86_64-linux-gnu/sys/times.h
/usr/include/./x86_64-linux-gnu/sys/quota.h
/usr/include/./x86_64-linux-gnu/sys/debugreg.h
/usr/include/./x86_64-linux-gnu/sys/stropts.h
/usr/include/./x86_64-linux-gnu/sys/personality.h
/usr/include/./x86_64-linux-gnu/sys/termios.h
/usr/include/./x86_64-linux-gnu/sys/vm86.h
/usr/include/./x86_64-linux-gnu/sys/fanotify.h
/usr/include/./x86_64-linux-gnu/sys/signal.h
/usr/include/./x86_64-linux-gnu/sys/sem.h
/usr/include/./x86_64-linux-gnu/sys/gmon.h
/usr/include/./x86_64-linux-gnu/sys/sysctl.h
/usr/include/./x86_64-linux-gnu/sys/socketvar.h
/usr/include/./x86_64-linux-gnu/sys/epoll.h
/usr/include/./x86_64-linux-gnu/sys/types.h
/usr/include/./x86_64-linux-gnu/sys/kdaemon.h
/usr/include/./x86_64-linux-gnu/sys/socket.h
/usr/include/./x86_64-linux-gnu/sys/stat.h
/usr/include/./x86_64-linux-gnu/sys/reg.h
/usr/include/./x86_64-linux-gnu/sys/vtimes.h
/usr/include/./x86_64-linux-gnu/sys/dir.h
/usr/include/./x86_64-linux-gnu/sys/fsuid.h
/usr/include/./x86_64-linux-gnu/jconfig.h
/usr/include/./x86_64-linux-gnu/c++
/usr/include/./x86_64-linux-gnu/c++/5.2.1
/usr/include/./x86_64-linux-gnu/c++/5
/usr/include/./x86_64-linux-gnu/c++/5/bits
/usr/include/./x86_64-linux-gnu/c++/5/bits/stdtr1c++.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/cxxabi_tweaks.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++locale.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++config.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/ctype_inline.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/messages_members.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr-default.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/time_members.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr-single.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/stdc++.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/ctype_base.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/basic_file.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr-posix.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++io.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/atomic_word.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++allocator.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/opt_random.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/os_defines.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/error_constants.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/extc++.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/cpu_defines.h
/usr/include/./x86_64-linux-gnu/c++/5/ext
/usr/include/./x86_64-linux-gnu/c++/5/ext/opt_random.h
/usr/include/./x86_64-linux-gnu/fpu_control.h
/usr/include/./x86_64-linux-gnu/asm
/usr/include/./x86_64-linux-gnu/asm/kvm_para.h
/usr/include/./x86_64-linux-gnu/asm/hyperv.h
/usr/include/./x86_64-linux-gnu/asm/bitsperlong.h
/usr/include/./x86_64-linux-gnu/asm/statfs.h
/usr/include/./x86_64-linux-gnu/asm/hw_breakpoint.h
/usr/include/./x86_64-linux-gnu/asm/kvm_perf.h
/usr/include/./x86_64-linux-gnu/asm/ucontext.h
/usr/include/./x86_64-linux-gnu/asm/ioctls.h
/usr/include/./x86_64-linux-gnu/asm/poll.h
/usr/include/./x86_64-linux-gnu/asm/processor-flags.h
/usr/include/./x86_64-linux-gnu/asm/byteorder.h
/usr/include/./x86_64-linux-gnu/asm/sockios.h
/usr/include/./x86_64-linux-gnu/asm/kvm.h
/usr/include/./x86_64-linux-gnu/asm/ioctl.h
/usr/include/./x86_64-linux-gnu/asm/sembuf.h
/usr/include/./x86_64-linux-gnu/asm/posix_types_x32.h
/usr/include/./x86_64-linux-gnu/asm/e820.h
/usr/include/./x86_64-linux-gnu/asm/mman.h
/usr/include/./x86_64-linux-gnu/asm/msr.h
/usr/include/./x86_64-linux-gnu/asm/termbits.h
/usr/include/./x86_64-linux-gnu/asm/param.h
/usr/include/./x86_64-linux-gnu/asm/resource.h
/usr/include/./x86_64-linux-gnu/asm/ipcbuf.h
/usr/include/./x86_64-linux-gnu/asm/ist.h
/usr/include/./x86_64-linux-gnu/asm/boot.h
/usr/include/./x86_64-linux-gnu/asm/ptrace.h
/usr/include/./x86_64-linux-gnu/asm/siginfo.h
/usr/include/./x86_64-linux-gnu/asm/mce.h
/usr/include/./x86_64-linux-gnu/asm/a.out.h
/usr/include/./x86_64-linux-gnu/asm/prctl.h
/usr/include/./x86_64-linux-gnu/asm/svm.h
/usr/include/./x86_64-linux-gnu/asm/fcntl.h
/usr/include/./x86_64-linux-gnu/asm/posix_types.h
/usr/include/./x86_64-linux-gnu/asm/ptrace-abi.h
/usr/include/./x86_64-linux-gnu/asm/vmx.h
/usr/include/./x86_64-linux-gnu/asm/posix_types_32.h
/usr/include/./x86_64-linux-gnu/asm/errno.h
/usr/include/./x86_64-linux-gnu/asm/sigcontext.h
/usr/include/./x86_64-linux-gnu/asm/msr-index.h
/usr/include/./x86_64-linux-gnu/asm/swab.h
/usr/include/./x86_64-linux-gnu/asm/unistd_64.h
/usr/include/./x86_64-linux-gnu/asm/unistd.h
/usr/include/./x86_64-linux-gnu/asm/mtrr.h
/usr/include/./x86_64-linux-gnu/asm/posix_types_64.h
/usr/include/./x86_64-linux-gnu/asm/setup.h
/usr/include/./x86_64-linux-gnu/asm/msgbuf.h
/usr/include/./x86_64-linux-gnu/asm/unistd_32.h
/usr/include/./x86_64-linux-gnu/asm/auxvec.h
/usr/include/./x86_64-linux-gnu/asm/bootparam.h
/usr/include/./x86_64-linux-gnu/asm/debugreg.h
/usr/include/./x86_64-linux-gnu/asm/shmbuf.h
/usr/include/./x86_64-linux-gnu/asm/termios.h
/usr/include/./x86_64-linux-gnu/asm/vm86.h
/usr/include/./x86_64-linux-gnu/asm/signal.h
/usr/include/./x86_64-linux-gnu/asm/perf_regs.h
/usr/include/./x86_64-linux-gnu/asm/vsyscall.h
/usr/include/./x86_64-linux-gnu/asm/types.h
/usr/include/./x86_64-linux-gnu/asm/socket.h
/usr/include/./x86_64-linux-gnu/asm/stat.h
/usr/include/./x86_64-linux-gnu/asm/unistd_x32.h
/usr/include/./x86_64-linux-gnu/asm/ldt.h
/usr/include/./x86_64-linux-gnu/asm/sigcontext32.h
/usr/include/./x86_64-linux-gnu/ieee754.h
/usr/include/./tld.h
/usr/include/./netipx
/usr/include/./netipx/ipx.h
/usr/include/./_G_config.h
/usr/include/./bzlib.h
/usr/include/./prelude-lml
/usr/include/./prelude-lml/prelude-lml.h
/usr/include/./dlg_keys.h
/usr/include/./jmorecfg.h
/usr/include/./utmpx.h
.
./check_wtmpx
./chkproc
./chklastlog
./chkwtmp
./chkdirs
./chkutmp
./ifpromisc
./strings-static
###
### Output of: /bin/ls -l /usr/lib/tcl5.3
###
/bin/ls: cannot access /usr/lib/tcl5.3: No such file or directory
###
### Output of: /bin/ls -l //usr/local/sbin/rootedoor
###
/bin/ls: cannot access //usr/local/sbin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //usr/local/bin/rootedoor
###
/bin/ls: cannot access //usr/local/bin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //usr/sbin/rootedoor
###
/bin/ls: cannot access //usr/sbin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //usr/bin/rootedoor
###
/bin/ls: cannot access //usr/bin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //sbin/rootedoor
###
/bin/ls: cannot access //sbin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //bin/rootedoor
###
/bin/ls: cannot access //bin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l /etc/.enyeOCULTAR.ko
###
/bin/ls: cannot access /etc/.enyeOCULTAR.ko: No such file or directory
###
### Output of: /usr/bin/ssh -G 2>&1 | grep -e illegal -e unknow
###
###
### Output of: /usr/bin/find //tmp //var/tmp -name vuln.txt -o -name ssh-scan -o -name pscan2
###
###
### Output of: /usr/bin/find //home/ruut -maxdepth 1 -name .*history -size 0
###
###
### Output of: /usr/bin/find //home/ruut -maxdepth 1 -name .*history \( -links 2 -o -type l \)
###
###
### Output of: /bin/egrep ^asp /etc/inetd.conf
###
###
### Output of: /usr/bin/strings -a asp
###
/usr/bin/strings: 'asp': No such file
###
### Output of: /bin/netstat -an
###
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 1 0 192.168.178.20:57132 91.189.94.25:80 CLOSE_WAIT
tcp6 0 0 :::3142 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
udp 0 0 0.0.0.0:36708 0.0.0.0:*
udp 0 0 127.0.1.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:60434 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 :::44591 :::*
udp6 0 0 :::33616 :::*
udp6 0 0 :::5353 :::*
raw 0 0 0.0.0.0:255 0.0.0.0:* 7
raw6 0 0 :::58 :::* 7
raw6 0 0 :::255 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 18995 /run/user/1000/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 18996 /run/user/1000/systemd/private
unix 2 [ ACC ] SEQPACKET LISTENING 10485 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19025 /run/user/1000/keyring/control
unix 2 [ ACC ] STREAM LISTENING 17184 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 3178285 /tmp/aptdaemon-hKA7W_/debconf.socket
unix 2 [ ACC ] STREAM LISTENING 19264 /run/user/1000/keyring/pkcs11
unix 2 [ ACC ] STREAM LISTENING 14057 /sys/fs/cgroup/cgmanager/sock
unix 2 [ ACC ] STREAM LISTENING 19266 /run/user/1000/keyring/ssh
unix 2 [ ACC ] STREAM LISTENING 20155 /run/user/1000/pulse/native
unix 2 [ ACC ] STREAM LISTENING 19183 /tmp/gpg-LYCBI3/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 155592 /var/run/fail2ban/fail2ban.sock
unix 2 [ ACC ] STREAM LISTENING 20058 /tmp/.ICE-unix/1803
unix 2 [ ACC ] STREAM LISTENING 20057 @/tmp/.ICE-unix/1803
unix 2 [ ACC ] STREAM LISTENING 17183 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 1382143 /tmp/.vbox-ruut-ipc/ipcd
unix 2 [ ACC ] STREAM LISTENING 263089 /var/run/clamav/clamav-milter.ctl
unix 2 [ ACC ] STREAM LISTENING 31302 @/tmp/dbus-spzT7OkGtL
unix 2 [ ACC ] STREAM LISTENING 262853 /run/clamav/clamd.ctl
unix 2 [ ACC ] STREAM LISTENING 19806 @/tmp/dbus-hdL1ikuldS
unix 2 [ ACC ] STREAM LISTENING 563003 @ruut-com.canonical.Unity.Scope.files.T54566403189377
unix 2 [ ACC ] STREAM LISTENING 19318 @/tmp/dbus-HWsxYgltc7
unix 2 [ ACC ] STREAM LISTENING 13654 /run/acpid.socket
unix 2 [ ] DGRAM 10470 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 10471 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 10482 /run/systemd/journal/stdout
unix 7 [ ] DGRAM 10483 /run/systemd/journal/socket
unix 2 [ ACC ] STREAM LISTENING 13655 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 13657 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 10484 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 13659 /var/run/dbus/system_bus_socket
unix 22 [ ] DGRAM 10486 /run/systemd/journal/dev-log
unix 2 [ ACC ] STREAM LISTENING 10490 /run/systemd/fsck.progress
unix 2 [ ACC ] STREAM LISTENING 10491 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 19769 @/com/ubuntu/upstart-session/1000/1616
unix 2 [ ] DGRAM 9891 /run/systemd/journal/syslog
unix 2 [ ACC ] STREAM LISTENING 220957 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 599726 @ruut-com.canonical.Unity.Master.Scope.applications.T54564518794383
unix 2 [ ACC ] STREAM LISTENING 599767 @ruut-com.canonical.Unity.Scope.scopes.T54564604745408
unix 2 [ ACC ] STREAM LISTENING 16510 /var/run/NetworkManager/private
unix 2 [ ACC ] STREAM LISTENING 16868 /var/run/NetworkManager/private-dhcp
unix 2 [ ACC ] STREAM LISTENING 599733 @ruut-com.canonical.Unity.Master.Scope.files.T54564521425825
unix 2 [ ACC ] STREAM LISTENING 19867 @/tmp/dbus-HrCqHDIX
unix 2 [ ACC ] STREAM LISTENING 599764 @ruut-com.canonical.Unity.Scope.applications.T54564593521530
unix 2 [ ACC ] STREAM LISTENING 469064 @ruut-com.canonical.Unity.Scope.applications.T54240662904203
unix 2 [ ACC ] STREAM LISTENING 4030452 @ruut-com.canonical.Unity.Master.Scope.music.T62797063523039
unix 2 [ ACC ] STREAM LISTENING 469065 @ruut-com.canonical.Unity.Scope.scopes.T54240773952
unix 2 [ ACC ] STREAM LISTENING 20437 /var/run/sendmail/mta/smcontrol
unix 3 [ ] DGRAM 1370266
unix 3 [ ] STREAM CONNECTED 221419
unix 3 [ ] STREAM CONNECTED 220953 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 146313 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 119855
unix 3 [ ] STREAM CONNECTED 21518 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20458
unix 3 [ ] STREAM CONNECTED 19943
unix 3 [ ] STREAM CONNECTED 21356
unix 3 [ ] STREAM CONNECTED 20934 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM 10936
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 22915
unix 3 [ ] STREAM CONNECTED 16449
unix 3 [ ] STREAM CONNECTED 21938
unix 3 [ ] STREAM CONNECTED 20290 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20563 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21085 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20860
unix 3 [ ] STREAM CONNECTED 18424
unix 3 [ ] STREAM CONNECTED 15328
unix 3 [ ] STREAM CONNECTED 20152 @/tmp/.X11-unix/X0
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] DGRAM 340522
unix 3 [ ] STREAM CONNECTED 22682
unix 3 [ ] STREAM CONNECTED 18421 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20352 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 14006 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 108703 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 22876
unix 3 [ ] STREAM CONNECTED 20283
unix 3 [ ] STREAM CONNECTED 20258
unix 3 [ ] STREAM CONNECTED 20252 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 19847 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 155044
unix 3 [ ] STREAM CONNECTED 119848 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22997 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21530
unix 3 [ ] STREAM CONNECTED 20276
unix 3 [ ] STREAM CONNECTED 19293 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 15061
unix 3 [ ] STREAM CONNECTED 599742 @ruut-com.canonical.Unity.Master.Scope.applications.T54564518794383
unix 3 [ ] STREAM CONNECTED 108487 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 1772183 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 19336
unix 3 [ ] STREAM CONNECTED 19160
unix 3 [ ] STREAM CONNECTED 2410483 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 164059
unix 3 [ ] STREAM CONNECTED 22787 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 21625 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21506 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 1787512
unix 3 [ ] STREAM CONNECTED 23005 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21342
unix 3 [ ] STREAM CONNECTED 20686
unix 3 [ ] STREAM CONNECTED 19871 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21413
unix 3 [ ] STREAM CONNECTED 17597 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 108701 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20643 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19973
unix 3 [ ] STREAM CONNECTED 15329 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 5243642
unix 3 [ ] STREAM CONNECTED 18425 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21152
unix 3 [ ] STREAM CONNECTED 600429 @ruut-com.canonical.Unity.Scope.files.T54566403189377
unix 3 [ ] STREAM CONNECTED 119861 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 1382144
unix 3 [ ] STREAM CONNECTED 232063 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 19434
unix 3 [ ] STREAM CONNECTED 2699145
unix 3 [ ] STREAM CONNECTED 22879
unix 3 [ ] STREAM CONNECTED 20249 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19451 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 19849
unix 3 [ ] STREAM CONNECTED 4030453
unix 3 [ ] STREAM CONNECTED 145157
unix 3 [ ] STREAM CONNECTED 108696
unix 3 [ ] STREAM CONNECTED 21812
unix 3 [ ] STREAM CONNECTED 20466
unix 3 [ ] STREAM CONNECTED 19454 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19288 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] DGRAM 13509
unix 3 [ ] STREAM CONNECTED 2719462
unix 3 [ ] STREAM CONNECTED 308681 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20672 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 17496 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21922 @/dbus-vfs-daemon/socket-cjFpCW8G
unix 3 [ ] STREAM CONNECTED 2719463 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 1786729 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 1370184
unix 3 [ ] STREAM CONNECTED 464362
unix 3 [ ] STREAM CONNECTED 119864 @/tmp/dbus-hdL1ikuldS
unix 2 [ ] DGRAM 20327
unix 3 [ ] STREAM CONNECTED 20022
unix 3 [ ] STREAM CONNECTED 15463 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20825 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 32380
unix 3 [ ] STREAM CONNECTED 16511
unix 3 [ ] STREAM CONNECTED 19374
unix 3 [ ] STREAM CONNECTED 21075
unix 3 [ ] STREAM CONNECTED 220946 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20629
unix 2 [ ] DGRAM 16185
unix 3 [ ] STREAM CONNECTED 21932 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21664 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 32392
unix 3 [ ] STREAM CONNECTED 119042
unix 3 [ ] STREAM CONNECTED 19980
unix 3 [ ] STREAM CONNECTED 19976
unix 3 [ ] STREAM CONNECTED 220968
unix 3 [ ] STREAM CONNECTED 20330 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 119046
unix 3 [ ] STREAM CONNECTED 19634 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 14748 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 1383759 /tmp/.vbox-ruut-ipc/ipcd
unix 3 [ ] STREAM CONNECTED 17561
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 232684
unix 3 [ ] STREAM CONNECTED 108485 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21362 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20669 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 1782160
unix 3 [ ] STREAM CONNECTED 2410482
unix 3 [ ] STREAM CONNECTED 1370204 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 221414
unix 3 [ ] STREAM CONNECTED 21789 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 21637 @/tmp/dbus-hdL1ikuldS
unix 2 [ ] DGRAM 14028
unix 3 [ ] STREAM CONNECTED 31118 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 20930
unix 3 [ ] STREAM CONNECTED 22031
unix 3 [ ] STREAM CONNECTED 16850
unix 3 [ ] STREAM CONNECTED 411414
unix 3 [ ] STREAM CONNECTED 21461
unix 3 [ ] STREAM CONNECTED 20443
unix 3 [ ] STREAM CONNECTED 21931
unix 3 [ ] STREAM CONNECTED 21148 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 15327
unix 3 [ ] STREAM CONNECTED 22874 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19368 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 146277 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 31303
unix 3 [ ] STREAM CONNECTED 20987 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 21473 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20271
unix 3 [ ] STREAM CONNECTED 19325
unix 3 [ ] STREAM CONNECTED 232683 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 22857
unix 3 [ ] STREAM CONNECTED 20264 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20145 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 19969
unix 3 [ ] STREAM CONNECTED 19161 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 19627
unix 3 [ ] STREAM CONNECTED 23056 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20640
unix 3 [ ] STREAM CONNECTED 19165
unix 3 [ ] STREAM CONNECTED 21183 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 20611 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 13151
unix 3 [ ] STREAM CONNECTED 232673
unix 3 [ ] STREAM CONNECTED 20861 @/tmp/.ICE-unix/1803
unix 3 [ ] DGRAM 340521
unix 3 [ ] STREAM CONNECTED 19547 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 1370265
unix 3 [ ] STREAM CONNECTED 221409 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 146279
unix 3 [ ] STREAM CONNECTED 21442
unix 3 [ ] STREAM CONNECTED 19331 @/tmp/.X11-unix/X0
unix 3 [ ] DGRAM 11317
unix 3 [ ] STREAM CONNECTED 464361
unix 3 [ ] STREAM CONNECTED 21357
unix 3 [ ] STREAM CONNECTED 20792 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 1795239
unix 3 [ ] STREAM CONNECTED 308700
unix 3 [ ] STREAM CONNECTED 232681
unix 3 [ ] STREAM CONNECTED 119037
unix 3 [ ] STREAM CONNECTED 21806 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20160 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19846
unix 3 [ ] STREAM CONNECTED 599817
unix 3 [ ] STREAM CONNECTED 19350 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19195 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21522
unix 3 [ ] STREAM CONNECTED 20534 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19292
unix 3 [ ] STREAM CONNECTED 10064 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20990 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 23034
unix 3 [ ] STREAM CONNECTED 22654
unix 3 [ ] STREAM CONNECTED 20342 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21082
unix 3 [ ] STREAM CONNECTED 16155 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20642
unix 3 [ ] STREAM CONNECTED 19125
unix 3 [ ] STREAM CONNECTED 14012
unix 3 [ ] STREAM CONNECTED 20931 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 1779708
unix 3 [ ] STREAM CONNECTED 108499
unix 3 [ ] STREAM CONNECTED 21482 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20133
unix 3 [ ] STREAM CONNECTED 1390216 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 220983
unix 3 [ ] STREAM CONNECTED 146311 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 21760
unix 3 [ ] STREAM CONNECTED 21468
unix 3 [ ] STREAM CONNECTED 1787520
unix 3 [ ] STREAM CONNECTED 119049
unix 3 [ ] STREAM CONNECTED 15314
unix 3 [ ] STREAM CONNECTED 21354
unix 3 [ ] STREAM CONNECTED 20310 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 10929
unix 3 [ ] STREAM CONNECTED 562986 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20454 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 17495
unix 3 [ ] STREAM CONNECTED 21810 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21248 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20581 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 20156
unix 3 [ ] STREAM CONNECTED 562996
unix 3 [ ] STREAM CONNECTED 599741
unix 3 [ ] STREAM CONNECTED 21467
unix 3 [ ] STREAM CONNECTED 119856 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21459 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19435 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 19287
unix 3 [ ] STREAM CONNECTED 108493
unix 3 [ ] STREAM CONNECTED 599852 @ruut-com.canonical.Unity.Scope.scopes.T54564604745408
unix 3 [ ] STREAM CONNECTED 19987
unix 3 [ ] STREAM CONNECTED 16210
unix 3 [ ] STREAM CONNECTED 18426
unix 3 [ ] STREAM CONNECTED 232058 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20826
unix 2 [ ] DGRAM 18989
unix 3 [ ] STREAM CONNECTED 15591 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20646
unix 3 [ ] STREAM CONNECTED 20005 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21076 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 20610
unix 2 [ ] DGRAM 16830
unix 3 [ ] STREAM CONNECTED 463482 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 119052 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20673
unix 2 [ ] STREAM CONNECTED 4921556
unix 3 [ ] STREAM CONNECTED 23019
unix 3 [ ] STREAM CONNECTED 1370180 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 221422 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 119050
unix 3 [ ] STREAM CONNECTED 21534 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21395
unix 2 [ ] DGRAM 16448
unix 3 [ ] STREAM CONNECTED 119851 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20272 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19977 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 148344 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20957
unix 3 [ ] STREAM CONNECTED 22861
unix 3 [ ] STREAM CONNECTED 20261
unix 3 [ ] STREAM CONNECTED 20518
unix 3 [ ] STREAM CONNECTED 19240 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19622
unix 3 [ ] STREAM CONNECTED 1382146 /tmp/.vbox-ruut-ipc/ipcd
unix 3 [ ] STREAM CONNECTED 562988 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19168 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 108699
unix 2 [ ] DGRAM 5001493
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 22713
unix 3 [ ] STREAM CONNECTED 19990 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 108495
unix 3 [ ] STREAM CONNECTED 20885
unix 3 [ ] STREAM CONNECTED 19948 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20447
unix 3 [ ] STREAM CONNECTED 463555
unix 3 [ ] STREAM CONNECTED 20831
unix 3 [ ] STREAM CONNECTED 20153
unix 2 [ ] DGRAM 308694
unix 3 [ ] STREAM CONNECTED 21434 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20618 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 411444 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19369
unix 3 [ ] STREAM CONNECTED 469134 @ruut-com.canonical.Unity.Scope.scopes.T54240773952
unix 3 [ ] STREAM CONNECTED 308701 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20460 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19263
unix 3 [ ] STREAM CONNECTED 14300 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32394 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM 17907
unix 3 [ ] STREAM CONNECTED 1772386
unix 3 [ ] STREAM CONNECTED 1772186 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 146312
unix 3 [ ] STREAM CONNECTED 21788
unix 3 [ ] STREAM CONNECTED 21503 @/tmp/dbus-hdL1ikuldS
unix 2 [ ] DGRAM 20311
unix 3 [ ] STREAM CONNECTED 599738
unix 3 [ ] STREAM CONNECTED 145151
unix 3 [ ] STREAM CONNECTED 20986
unix 3 [ ] STREAM CONNECTED 20306
unix 3 [ ] STREAM CONNECTED 21910
unix 3 [ ] STREAM CONNECTED 21630 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 20269 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19324
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 1379806 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 599818
unix 3 [ ] STREAM CONNECTED 21177 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15333 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 119040
unix 3 [ ] STREAM CONNECTED 22858 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 20265
unix 3 [ ] STREAM CONNECTED 20561
unix 3 [ ] STREAM CONNECTED 19842 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 221407
unix 3 [ ] STREAM CONNECTED 21147
unix 3 [ ] STREAM CONNECTED 1199814
unix 3 [ ] STREAM CONNECTED 21667 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 20004
unix 3 [ ] STREAM CONNECTED 22655 @/dbus-vfs-daemon/socket-ZpqNbMpe
unix 3 [ ] STREAM CONNECTED 20577
unix 3 [ ] STREAM CONNECTED 102124
unix 3 [ ] STREAM CONNECTED 13994 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 108702
unix 3 [ ] STREAM CONNECTED 19237
unix 3 [ ] STREAM CONNECTED 469133
unix 3 [ ] STREAM CONNECTED 22810
unix 3 [ ] STREAM CONNECTED 20571 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 1379805
unix 3 [ ] STREAM CONNECTED 599841
unix 3 [ ] STREAM CONNECTED 20074 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 17488 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 119041
unix 3 [ ] STREAM CONNECTED 20469
unix 3 [ ] STREAM CONNECTED 20149
unix 3 [ ] STREAM CONNECTED 19347 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 19220
unix 3 [ ] STREAM CONNECTED 21011 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 1370305
unix 3 [ ] STREAM CONNECTED 22788 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 21476
unix 3 [ ] STREAM CONNECTED 19385 @/tmp/dbus-hdL1ikuldS
unix 2 [ ] DGRAM 16441
unix 3 [ ] STREAM CONNECTED 1786731 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 21360
unix 3 [ ] STREAM CONNECTED 20935
unix 3 [ ] STREAM CONNECTED 23004
unix 3 [ ] STREAM CONNECTED 15330 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21505 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20288 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 18846
unix 3 [ ] STREAM CONNECTED 21247
unix 3 [ ] STREAM CONNECTED 20614 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 32393
unix 3 [ ] STREAM CONNECTED 20832 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 21111
unix 3 [ ] STREAM CONNECTED 14961
unix 3 [ ] STREAM CONNECTED 600428
unix 3 [ ] STREAM CONNECTED 19365 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 16135
unix 3 [ ] STREAM CONNECTED 232062
unix 3 [ ] STREAM CONNECTED 15760
unix 3 [ ] STREAM CONNECTED 2719769 @/dbus-vfs-daemon/socket-QyhR3LsN
unix 3 [ ] STREAM CONNECTED 119047 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20791
unix 3 [ ] STREAM CONNECTED 20633 /run/user/1000/pulse/native
unix 3 [ ] STREAM CONNECTED 19971
unix 3 [ ] STREAM CONNECTED 19518 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21020
unix 3 [ ] STREAM CONNECTED 20030
unix 3 [ ] STREAM CONNECTED 23206
unix 3 [ ] STREAM CONNECTED 20142
unix 3 [ ] STREAM CONNECTED 19946 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 23207 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 19167
unix 2 [ ] STREAM CONNECTED 5001490
unix 3 [ ] STREAM CONNECTED 1772387
unix 3 [ ] STREAM CONNECTED 1777643 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 22714 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 1787586 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 232682 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 18778 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 464513
unix 3 [ ] STREAM CONNECTED 308708 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20299 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21083 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 20647 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 17265
unix 3 [ ] STREAM CONNECTED 21804
unix 3 [ ] STREAM CONNECTED 20444 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 19338
unix 3 [ ] STREAM CONNECTED 22081
unix 3 [ ] STREAM CONNECTED 20886 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19394 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 16839 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 21662 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19373 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 21151
unix 3 [ ] STREAM CONNECTED 15012
unix 3 [ ] STREAM CONNECTED 22995 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21529
unix 3 [ ] STREAM CONNECTED 20132
unix 3 [ ] STREAM CONNECTED 19335
unix 3 [ ] STREAM CONNECTED 4030454 @ruut-com.canonical.Unity.Master.Scope.music.T62797063523039
unix 3 [ ] STREAM CONNECTED 1370179
unix 3 [ ] STREAM CONNECTED 308696
unix 3 [ ] STREAM CONNECTED 21101 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 22859
unix 3 [ ] STREAM CONNECTED 20262 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20566 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20519 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 1370267 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 599842 @ruut-com.canonical.Unity.Scope.applications.T54564593521530
unix 3 [ ] STREAM CONNECTED 462089
unix 3 [ ] STREAM CONNECTED 15754
unix 3 [ ] STREAM CONNECTED 14082
unix 3 [ ] STREAM CONNECTED 1383756
unix 3 [ ] STREAM CONNECTED 21436
unix 3 [ ] STREAM CONNECTED 14299
unix 3 [ ] STREAM CONNECTED 10934 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 108695
unix 3 [ ] STREAM CONNECTED 13833
unix 3 [ ] STREAM CONNECTED 1370203
unix 3 [ ] STREAM CONNECTED 220972
unix 3 [ ] STREAM CONNECTED 119867 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21796 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21627 @/dbus-vfs-daemon/socket-CYxQsFiz
unix 3 [ ] STREAM CONNECTED 20391
unix 3 [ ] STREAM CONNECTED 1772215 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 22650
unix 3 [ ] STREAM CONNECTED 463480 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 232065 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20864 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 21396 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19114
unix 3 [ ] STREAM CONNECTED 22872 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19382
unix 3 [ ] STREAM CONNECTED 31116 @/tmp/dbus-HWsxYgltc7
unix 2 [ ] DGRAM 21078
unix 3 [ ] STREAM CONNECTED 411413
unix 3 [ ] STREAM CONNECTED 22029
unix 3 [ ] STREAM CONNECTED 232676
unix 3 [ ] STREAM CONNECTED 23035 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22674
unix 3 [ ] STREAM CONNECTED 147343
unix 3 [ ] STREAM CONNECTED 20989
unix 3 [ ] STREAM CONNECTED 21904 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21523 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20560 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] DGRAM 13508
unix 3 [ ] STREAM CONNECTED 17588 /run/acpid.socket
unix 3 [ ] STREAM CONNECTED 14144 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22877
unix 3 [ ] STREAM CONNECTED 20612 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20157
unix 3 [ ] STREAM CONNECTED 20562 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19812
unix 3 [ ] DGRAM 13510
unix 2 [ ] DGRAM 3461558
unix 3 [ ] STREAM CONNECTED 108500
unix 3 [ ] STREAM CONNECTED 19970 @/tmp/.X11-unix/X0
unix 2 [ ] DGRAM 15324
unix 3 [ ] STREAM CONNECTED 21384 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20392
unix 3 [ ] STREAM CONNECTED 19261
unix 3 [ ] STREAM CONNECTED 15430 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 1370227
unix 3 [ ] STREAM CONNECTED 22619
unix 3 [ ] STREAM CONNECTED 20307 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 22652
unix 3 [ ] STREAM CONNECTED 19117 @/com/ubuntu/upstart-session/1000/1616
unix 3 [ ] STREAM CONNECTED 20827 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 13479 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 411446 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20446 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19370 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 22811 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 20248
unix 3 [ ] STREAM CONNECTED 19450
unix 3 [ ] STREAM CONNECTED 19770
unix 3 [ ] STREAM CONNECTED 19194
unix 3 [ ] STREAM CONNECTED 17487
unix 3 [ ] STREAM CONNECTED 119854 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21460 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20624 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19291
unix 3 [ ] STREAM CONNECTED 9996
unix 3 [ ] STREAM CONNECTED 562997 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 599743 @ruut-com.canonical.Unity.Master.Scope.files.T54564521425825
unix 3 [ ] STREAM CONNECTED 21010
unix 3 [ ] STREAM CONNECTED 19989
unix 3 [ ] STREAM CONNECTED 14901 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32101
unix 3 [ ] STREAM CONNECTED 19945
unix 3 [ ] STREAM CONNECTED 20462 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20639
unix 3 [ ] STREAM CONNECTED 19515 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21508 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21100
unix 3 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 3 [ ] STREAM CONNECTED 31117
unix 3 [ ] STREAM CONNECTED 20863
unix 3 [ ] STREAM CONNECTED 21638 @/dbus-vfs-daemon/socket-LgBY86qL
unix 3 [ ] STREAM CONNECTED 18921
unix 2 [ ] DGRAM 16509
unix 3 [ ] STREAM CONNECTED 1772187
unix 3 [ ] STREAM CONNECTED 220976 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 220969 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 146310
unix 3 [ ] STREAM CONNECTED 21761
unix 3 [ ] STREAM CONNECTED 21527 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20448 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 16442
unix 3 [ ] STREAM CONNECTED 462090 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 21361
unix 3 [ ] STREAM CONNECTED 20933
unix 3 [ ] STREAM CONNECTED 14010 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 119038 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21829 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 20573
unix 3 [ ] STREAM CONNECTED 232064
unix 3 [ ] STREAM CONNECTED 21343 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 15755 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21811 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21443 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20936 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19346 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19517
unix 3 [ ] STREAM CONNECTED 22617
unix 3 [ ] STREAM CONNECTED 21021 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21813 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21629
unix 3 [ ] STREAM CONNECTED 20076
unix 3 [ ] STREAM CONNECTED 15528 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21112 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19974 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 599851
unix 3 [ ] STREAM CONNECTED 18420
unix 3 [ ] STREAM CONNECTED 19243
unix 3 [ ] STREAM CONNECTED 108700 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 21084
unix 3 [ ] STREAM CONNECTED 20617
unix 2 [ ] DGRAM 16964
unix 3 [ ] STREAM CONNECTED 21444
unix 3 [ ] STREAM CONNECTED 19339 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 31294 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 20151
unix 3 [ ] STREAM CONNECTED 232674 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 22082 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 1782161 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19330 @/tmp/dbus-HWsxYgltc7
unix 3 [ ] STREAM CONNECTED 1772185
unix 3 [ ] STREAM CONNECTED 165008 /run/user/1000/pulse/native
unix 3 [ ] STREAM CONNECTED 146280 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 32391
unix 3 [ ] STREAM CONNECTED 21668
unix 3 [ ] STREAM CONNECTED 21470
unix 3 [ ] STREAM CONNECTED 119868
unix 3 [ ] STREAM CONNECTED 15072
unix 3 [ ] STREAM CONNECTED 340576
unix 3 [ ] STREAM CONNECTED 21355
unix 3 [ ] STREAM CONNECTED 21179 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 21909
unix 3 [ ] STREAM CONNECTED 21479 @/tmp/.X11-unix/X0
unix 3 [ ] DGRAM 11316
unix 2 [ ] DGRAM 20961
unix 3 [ ] STREAM CONNECTED 21797 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20263
unix 3 [ ] STREAM CONNECTED 20551
unix 3 [ ] STREAM CONNECTED 19128 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 14743
unix 2 [ ] STREAM CONNECTING 0 /run/clamav/clamd.ctl
unix 2 [ ] DGRAM 17580
unix 3 [ ] STREAM CONNECTED 23030 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 16154
unix 3 [ ] STREAM CONNECTED 23037
unix 3 [ ] STREAM CONNECTED 22675
unix 3 [ ] STREAM CONNECTED 102125 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 14900
unix 3 [ ] STREAM CONNECTED 469078 @ruut-com.canonical.Unity.Scope.applications.T54240662904203
unix 3 [ ] STREAM CONNECTED 220980 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 20824
unix 3 [ ] STREAM CONNECTED 32397 @/tmp/dbus-spzT7OkGtL
unix 3 [ ] STREAM CONNECTED 16474
unix 3 [ ] STREAM CONNECTED 20279 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19383 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19166 @/com/ubuntu/upstart-session/1000/1616
unix 3 [ ] STREAM CONNECTED 21182
unix 3 [ ] STREAM CONNECTED 20613
unix 3 [ ] STREAM CONNECTED 340513
unix 3 [ ] STREAM CONNECTED 21392
unix 3 [ ] STREAM CONNECTED 20671
unix 3 [ ] STREAM CONNECTED 1787521 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 14904 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 1378151 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 220952
unix 3 [ ] STREAM CONNECTED 119051
unix 3 [ ] STREAM CONNECTED 21795
unix 3 [ ] STREAM CONNECTED 21502
unix 3 [ ] STREAM CONNECTED 21393 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 20159 /run/user/1000/pulse/native
unix 3 [ ] STREAM CONNECTED 1777508
unix 3 [ ] STREAM CONNECTED 19222 @/com/ubuntu/upstart-session/1000/1616
unix 3 [ ] STREAM CONNECTED 21023
unix 3 [ ] STREAM CONNECTED 21903
unix 3 [ ] STREAM CONNECTED 21525
unix 3 [ ] STREAM CONNECTED 19452 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 13504
unix 3 [ ] STREAM CONNECTED 1384586
unix 3 [ ] STREAM CONNECTED 154108 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15761 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 14143
unix 3 [ ] STREAM CONNECTED 21798 @/dbus-vfs-daemon/socket-qd3Q6D8q
unix 3 [ ] STREAM CONNECTED 20268
unix 3 [ ] STREAM CONNECTED 20570
unix 3 [ ] STREAM CONNECTED 19082 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 13511
unix 3 [ ] STREAM CONNECTED 16957 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 308695
unix 3 [ ] STREAM CONNECTED 221420
unix 3 [ ] STREAM CONNECTED 108494 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 21660 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19988
unix 3 [ ] STREAM CONNECTED 19124
unix 3 [ ] STREAM CONNECTED 16512 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21024 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19172
unix 3 [ ] STREAM CONNECTED 22030 @/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 22032 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 20445
unix 2 [ ] DGRAM 4921560
unix 3 [ ] STREAM CONNECTED 15332 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 21383
unix 3 [ ] STREAM CONNECTED 20668
unix 3 [ ] STREAM CONNECTED 19872 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 15409
unix 3 [ ] STREAM CONNECTED 19850 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 19813 @/com/ubuntu/upstart-session/1000/1616
unix 3 [ ] STREAM CONNECTED 1370228 @/tmp/dbus-HrCqHDIX
unix 3 [ ] STREAM CONNECTED 464514 @/tmp/dbus-hdL1ikuldS
unix 3 [ ] STREAM CONNECTED 220973 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 145156
unix 3 [ ] STREAM CONNECTED 21803
unix 3 [ ] STREAM CONNECTED 21501
unix 2 [ ] STREAM CONNECTED 20308
###
### Output of: ./chkproc -v -v -p 3
###
CWD 703: /
EXE 703: /lib/systemd/systemd-timesyncd
CWD 859: /
EXE 859: /usr/sbin/rsyslogd
CWD 860: /
EXE 860: /usr/sbin/rsyslogd
CWD 861: /
EXE 861: /usr/sbin/rsyslogd
CWD 862: /
EXE 862: /usr/lib/accountsservice/accounts-daemon
CWD 870: /
EXE 870: /usr/lib/accountsservice/accounts-daemon
CWD 892: /
EXE 892: /usr/sbin/ModemManager
CWD 894: /
EXE 894: /usr/sbin/ModemManager
CWD 900: /
EXE 900: /usr/lib/policykit-1/polkitd
CWD 902: /
EXE 902: /usr/lib/policykit-1/polkitd
CWD 903: /
EXE 903: /usr/sbin/thermald
CWD 908: /
EXE 908: /usr/sbin/NetworkManager
CWD 936: /
EXE 936: /usr/sbin/NetworkManager
CWD 1284: /
EXE 1284: /usr/sbin/lightdm
CWD 1286: /
EXE 1286: /usr/sbin/lightdm
CWD 1299: /
EXE 1299: /usr/bin/Xorg
CWD 1477: /
EXE 1477: /usr/lib/upower/upowerd
CWD 1478: /
EXE 1478: /usr/lib/upower/upowerd
CWD 1498: /
EXE 1498: /usr/lib/colord/colord
CWD 1500: /
EXE 1500: /usr/lib/colord/colord
CWD 1508: /
EXE 1508: /usr/sbin/lightdm
CWD 1509: /
EXE 1509: /usr/sbin/lightdm
CWD 1610: /
EXE 1610: /usr/bin/gnome-keyring-daemon
CWD 1742: /
EXE 1742: /usr/bin/gnome-keyring-daemon
CWD 1743: /
EXE 1743: /usr/bin/gnome-keyring-daemon
CWD 1744: /
EXE 1744: /usr/bin/gnome-keyring-daemon
CWD 1766: /home/ruut
EXE 1766: /usr/bin/ibus-daemon
CWD 1767: /home/ruut
EXE 1767: /usr/bin/ibus-daemon
CWD 1770: /
EXE 1770: /usr/lib/gvfs/gvfsd
CWD 1771: /
EXE 1771: /usr/lib/gvfs/gvfsd
CWD 1777: /
EXE 1777: /usr/lib/gvfs/gvfsd-fuse
CWD 1778: /
EXE 1778: /usr/lib/gvfs/gvfsd-fuse
CWD 1779: /
EXE 1779: /usr/lib/gvfs/gvfsd-fuse
CWD 1780: /
EXE 1780: /usr/lib/gvfs/gvfsd-fuse
CWD 1781: /
EXE 1781: /usr/lib/gvfs/gvfsd-fuse
CWD 1805: /home/ruut
EXE 1805: /usr/lib/ibus/ibus-dconf
CWD 1806: /home/ruut
EXE 1806: /usr/lib/ibus/ibus-dconf
CWD 1807: /home/ruut
EXE 1807: /usr/lib/at-spi2-core/at-spi-bus-launcher
CWD 1808: /home/ruut
EXE 1808: /usr/lib/at-spi2-core/at-spi-bus-launcher
CWD 1810: /home/ruut
EXE 1810: /usr/lib/at-spi2-core/at-spi-bus-launcher
CWD 1820: /home/ruut
EXE 1820: /usr/lib/at-spi2-core/at-spi2-registryd
CWD 1821: /home/ruut
EXE 1821: /usr/lib/at-spi2-core/at-spi2-registryd
CWD 1827: /home/ruut
EXE 1827: /usr/lib/unity/unity-panel-service
CWD 1828: /home/ruut
EXE 1828: /usr/lib/unity-settings-daemon/unity-settings-daemon
CWD 1829: /home/ruut
EXE 1829: /usr/lib/unity-settings-daemon/unity-settings-daemon
CWD 1830: /home/ruut
EXE 1830: /usr/lib/ibus/ibus-ui-gtk3
CWD 1831: /home/ruut
EXE 1831: /usr/lib/unity/unity-panel-service
CWD 1832: /home/ruut
EXE 1832: /usr/lib/unity/unity-panel-service
CWD 1835: /home/ruut
EXE 1835: /usr/lib/unity-settings-daemon/unity-settings-daemon
CWD 1836: /home/ruut
EXE 1836: /usr/lib/ibus/ibus-ui-gtk3
CWD 1837: /home/ruut
EXE 1837: /usr/lib/ibus/ibus-ui-gtk3
CWD 1842: /home/ruut
EXE 1842: /usr/bin/gnome-session
CWD 1843: /home/ruut
EXE 1843: /usr/bin/gnome-session
CWD 1845: /home/ruut
EXE 1845: /usr/bin/gnome-session
CWD 1848: /home/ruut
EXE 1848: /usr/lib/ibus/ibus-dconf
CWD 1858: /home/ruut
EXE 1858: /usr/lib/ibus/ibus-engine-simple
CWD 1859: /home/ruut
EXE 1859: /usr/lib/ibus/ibus-engine-simple
CWD 1874: /
EXE 1874: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
CWD 1875: /
EXE 1875: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
CWD 1876: /
EXE 1876: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
CWD 1878: /
EXE 1878: /usr/bin/pulseaudio
CWD 1885: /
EXE 1885: /usr/lib/dconf/dconf-service
CWD 1886: /
EXE 1886: /usr/lib/dconf/dconf-service
CWD 1887: /home/ruut
EXE 1887: /usr/bin/compiz
CWD 1896: /home/ruut
EXE 1896: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD 1898: /home/ruut
EXE 1898: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
CWD 1899: /home/ruut
EXE 1899: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
CWD 1903: /home/ruut
EXE 1903: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD 1904: /home/ruut
EXE 1904: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD 1905: /home/ruut
EXE 1905: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD 1916: /home/ruut
EXE 1916: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
CWD 1917: /home/ruut
EXE 1917: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD 1918: /home/ruut
EXE 1918: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
CWD 1920: /home/ruut
EXE 1920: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
CWD 1921: /home/ruut
EXE 1921: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD 1922: /home/ruut
EXE 1922: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD 1924: /home/ruut
EXE 1924: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD 1925: /home/ruut
EXE 1925: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD 1926: /home/ruut
EXE 1926: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD 1927: /home/ruut
EXE 1927: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
CWD 1933: /home/ruut
EXE 1933: /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
CWD 1937: /home/ruut
EXE 1937: /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
CWD 1944: /home/ruut
EXE 1944: /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
CWD 1945: /home/ruut
EXE 1945: /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
CWD 1946: /home/ruut
EXE 1946: /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
CWD 1953: /
EXE 1953: /usr/lib/evolution/evolution-source-registry
CWD 1954: /
EXE 1954: /usr/lib/evolution/evolution-source-registry
CWD 1955: /
EXE 1955: /usr/lib/evolution/evolution-source-registry
CWD 1967: /home/ruut
EXE 1967: /usr/lib/ibus/ibus-x11
CWD 1968: /home/ruut
EXE 1968: /usr/lib/ibus/ibus-x11
CWD 1969: /home/ruut
EXE 1969: /usr/lib/ibus/ibus-x11
CWD 1972: /home/ruut
EXE 1972: /usr/lib/x86_64-linux-gnu/hud/hud-service
CWD 1973: /home/ruut
EXE 1973: /usr/lib/x86_64-linux-gnu/hud/hud-service
CWD 1974: /home/ruut
EXE 1974: /usr/lib/x86_64-linux-gnu/hud/hud-service
CWD 1984: /home/ruut
EXE 1984: /usr/bin/compiz
CWD 1985: /home/ruut
EXE 1985: /usr/bin/compiz
CWD 1989: /home/ruut
EXE 1989: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
CWD 1990: /home/ruut
EXE 1990: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
CWD 1991: /home/ruut
EXE 1991: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
CWD 1995: /home/ruut
EXE 1995: /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
CWD 1996: /home/ruut
EXE 1996: /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
CWD 1997: /home/ruut
EXE 1997: /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
CWD 2002: /home/ruut
EXE 2002: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD 2011: /home/ruut
EXE 2011: /usr/bin/nm-applet
CWD 2012: /home/ruut
EXE 2012: /usr/bin/nm-applet
CWD 2013: /home/ruut
EXE 2013: /usr/bin/nm-applet
CWD 2037: /
EXE 2037: /usr/lib/evolution/evolution-calendar-factory
CWD 2059: /
EXE 2059: /usr/lib/gvfs/gvfs-udisks2-volume-monitor
CWD 2060: /
EXE 2060: /usr/lib/gvfs/gvfs-udisks2-volume-monitor
CWD 2068: /
EXE 2068: /usr/lib/udisks2/udisksd
CWD 2070: /
EXE 2070: /usr/lib/udisks2/udisksd
CWD 2071: /
EXE 2071: /usr/lib/udisks2/udisksd
CWD 2079: /
EXE 2079: /usr/lib/udisks2/udisksd
CWD 2083: /home/ruut
EXE 2083: /usr/bin/nautilus
CWD 2084: /home/ruut
EXE 2084: /usr/bin/nautilus
CWD 2085: /
EXE 2085: /usr/lib/evolution/evolution-calendar-factory
CWD 2086: /
EXE 2086: /usr/lib/evolution/evolution-calendar-factory
CWD 2087: /
EXE 2087: /usr/lib/evolution/evolution-calendar-factory
CWD 2095: /
EXE 2095: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2096: /
EXE 2096: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2097: /
EXE 2097: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2098: /
EXE 2098: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2101: /
EXE 2101: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2102: /
EXE 2102: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2107: /
EXE 2107: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2108: /
EXE 2108: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2109: /
EXE 2109: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2110: /
EXE 2110: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD 2117: /
EXE 2117: /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
CWD 2119: /
EXE 2119: /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
CWD 2123: /
EXE 2123: /usr/lib/evolution/evolution-addressbook-factory
CWD 2126: /
EXE 2126: /usr/lib/gvfs/gvfs-afc-volume-monitor
CWD 2127: /
EXE 2127: /usr/lib/gvfs/gvfs-afc-volume-monitor
CWD 2129: /
EXE 2129: /usr/lib/gvfs/gvfs-afc-volume-monitor
CWD 2132: /
EXE 2132: /usr/lib/gvfs/gvfs-mtp-volume-monitor
CWD 2134: /
EXE 2134: /usr/lib/gvfs/gvfs-mtp-volume-monitor
CWD 2135: /home/ruut
EXE 2135: /usr/bin/nautilus
CWD 2141: /
EXE 2141: /usr/lib/evolution/evolution-addressbook-factory
CWD 2142: /
EXE 2142: /usr/lib/evolution/evolution-addressbook-factory
CWD 2143: /
EXE 2143: /usr/lib/evolution/evolution-addressbook-factory
CWD 2147: /
EXE 2147: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD 2149: /
EXE 2149: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD 2150: /
EXE 2150: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD 2151: /
EXE 2151: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD 2176: /
EXE 2176: /usr/lib/gvfs/gvfsd-trash
CWD 2177: /
EXE 2177: /usr/lib/gvfs/gvfsd-trash
CWD 2183: /
EXE 2183: /usr/lib/gvfs/gvfsd-burn
CWD 2184: /
EXE 2184: /usr/lib/gvfs/gvfsd-burn
CWD 2198: /
EXE 2198: /usr/lib/gvfs/gvfsd-metadata
CWD 2199: /
EXE 2199: /usr/lib/gvfs/gvfsd-metadata
CWD 2206: /home/ruut
EXE 2206: /usr/bin/telepathy-indicator
CWD 2207: /home/ruut
EXE 2207: /usr/bin/telepathy-indicator
CWD 2208: /home/ruut
EXE 2208: /usr/bin/telepathy-indicator
CWD 2212: /
EXE 2212: /usr/lib/telepathy/mission-control-5
CWD 2213: /
EXE 2213: /usr/lib/telepathy/mission-control-5
CWD 2215: /
EXE 2215: /usr/lib/telepathy/mission-control-5
CWD 2229: /home/ruut
EXE 2229: /usr/bin/zeitgeist-datahub
CWD 2230: /home/ruut
EXE 2230: /usr/bin/zeitgeist-datahub
CWD 2231: /home/ruut
EXE 2231: /usr/bin/zeitgeist-datahub
CWD 2235: /
EXE 2235: /usr/bin/zeitgeist-daemon
CWD 2236: /
EXE 2236: /usr/bin/zeitgeist-daemon
CWD 2252: /home/ruut
EXE 2252: /usr/bin/zeitgeist-datahub
CWD 2258: /
EXE 2258: /usr/lib/x86_64-linux-gnu/zeitgeist-fts
CWD 2259: /
EXE 2259: /usr/lib/x86_64-linux-gnu/zeitgeist-fts
CWD 2295: /home/ruut
EXE 2295: /usr/bin/update-notifier
CWD 2296: /home/ruut
EXE 2296: /usr/bin/update-notifier
CWD 2297: /home/ruut
EXE 2297: /usr/bin/update-notifier
CWD 2402: /etc/gufw/app_profiles
EXE 2402: /usr/bin/python2.7
CWD 2403: /etc/gufw/app_profiles
EXE 2403: /usr/bin/python2.7
CWD 2431: /etc/gufw/app_profiles
EXE 2431: /usr/bin/python2.7
CWD 2432: /etc/gufw/app_profiles
EXE 2432: /usr/bin/python2.7
CWD 2433: /etc/gufw/app_profiles
EXE 2433: /usr/bin/python2.7
CWD 2439: /etc/gufw/app_profiles
EXE 2439: /usr/bin/python2.7
CWD 2440: /etc/gufw/app_profiles
EXE 2440: /usr/bin/python2.7
CWD 2527: /home/ruut
EXE 2527: /usr/bin/compiz
CWD 2528: /home/ruut
EXE 2528: /usr/bin/compiz
CWD 4506: /root
EXE 4506: /usr/bin/ettercap
CWD 4519: /root
EXE 4519: /usr/bin/ettercap
CWD 4520: /root
EXE 4520: /usr/bin/ettercap
CWD 4521: /root
EXE 4521: /usr/bin/ettercap
CWD 4563: /root
EXE 4563: /usr/bin/ettercap
CWD 4963: /home/ruut
EXE 4963: /usr/lib/gnome-terminal/gnome-terminal-server
CWD 4964: /home/ruut
EXE 4964: /usr/lib/gnome-terminal/gnome-terminal-server
CWD 4965: /home/ruut
EXE 4965: /usr/lib/gnome-terminal/gnome-terminal-server
CWD 12817: /
EXE 12817: /usr/lib/geoclue/geoclue-master
CWD 12818: /
EXE 12818: /usr/lib/geoclue/geoclue-master
CWD 12819: /
EXE 12819: /usr/lib/geoclue/geoclue-master
CWD 12822: /
EXE 12822: /usr/lib/x86_64-linux-gnu/ubuntu-geoip-provider
CWD 12823: /
EXE 12823: /usr/lib/x86_64-linux-gnu/ubuntu-geoip-provider
CWD 12824: /
EXE 12824: /usr/lib/x86_64-linux-gnu/ubuntu-geoip-provider
CWD 14767: /home/ruut
EXE 14767: /usr/lib/firefox/firefox
CWD 14768: /home/ruut
EXE 14768: /usr/lib/firefox/firefox
CWD 14769: /home/ruut
EXE 14769: /usr/lib/firefox/firefox
CWD 14770: /home/ruut
EXE 14770: /usr/lib/firefox/firefox
CWD 14771: /home/ruut
EXE 14771: /usr/lib/firefox/firefox
CWD 14772: /home/ruut
EXE 14772: /usr/lib/firefox/firefox
CWD 14773: /home/ruut
EXE 14773: /usr/lib/firefox/firefox
CWD 14776: /home/ruut
EXE 14776: /usr/lib/firefox/firefox
CWD 14777: /home/ruut
EXE 14777: /usr/lib/firefox/firefox
CWD 14778: /home/ruut
EXE 14778: /usr/lib/firefox/firefox
CWD 14779: /home/ruut
EXE 14779: /usr/lib/firefox/firefox
CWD 14780: /home/ruut
EXE 14780: /usr/lib/firefox/firefox
CWD 14781: /home/ruut
EXE 14781: /usr/lib/firefox/firefox
CWD 14782: /home/ruut
EXE 14782: /usr/lib/firefox/firefox
CWD 14783: /home/ruut
EXE 14783: /usr/lib/firefox/firefox
CWD 14787: /home/ruut
EXE 14787: /usr/lib/firefox/firefox
CWD 14788: /home/ruut
EXE 14788: /usr/lib/firefox/firefox
CWD 14791: /home/ruut
EXE 14791: /usr/lib/firefox/firefox
CWD 14792: /home/ruut
EXE 14792: /usr/lib/firefox/firefox
CWD 15770: /home/ruut
EXE 15770: /usr/lib/firefox/firefox
CWD 15773: /home/ruut
EXE 15773: /usr/lib/firefox/firefox
CWD 15774: /home/ruut
EXE 15774: /usr/lib/firefox/firefox
CWD 15775: /home/ruut
EXE 15775: /usr/lib/firefox/firefox
CWD 15778: /home/ruut
EXE 15778: /usr/lib/firefox/firefox
CWD 15779: /home/ruut
EXE 15779: /usr/lib/firefox/firefox
CWD 15782: /home/ruut
EXE 15782: /usr/lib/firefox/firefox
CWD 15783: /home/ruut
EXE 15783: /usr/lib/firefox/firefox
CWD 15784: /home/ruut
EXE 15784: /usr/lib/firefox/firefox
CWD 15785: /home/ruut
EXE 15785: /usr/lib/firefox/firefox
CWD 15786: /home/ruut
EXE 15786: /usr/lib/firefox/firefox
CWD 15787: /home/ruut
EXE 15787: /usr/lib/firefox/firefox
CWD 15788: /home/ruut
EXE 15788: /usr/lib/firefox/firefox
CWD 15807: /home/ruut
EXE 15807: /usr/lib/firefox/firefox
CWD 15829: /home/ruut
EXE 15829: /usr/lib/firefox/firefox
CWD 15832: /home/ruut
EXE 15832: /usr/lib/firefox/firefox
CWD 15834: /home/ruut
EXE 15834: /usr/lib/firefox/firefox
CWD 15835: /home/ruut
EXE 15835: /usr/lib/firefox/firefox
CWD 15836: /home/ruut
EXE 15836: /usr/lib/firefox/firefox
CWD 15837: /home/ruut
EXE 15837: /usr/lib/firefox/firefox
CWD 15838: /home/ruut
EXE 15838: /usr/lib/firefox/firefox
CWD 15841: /home/ruut
EXE 15841: /usr/lib/firefox/firefox
CWD 15864: /home/ruut
EXE 15864: /usr/lib/firefox/firefox
CWD 19105: /
EXE 19105: /usr/lib/x86_64-linux-gnu/notify-osd
CWD 19106: /
EXE 19106: /usr/lib/x86_64-linux-gnu/notify-osd
CWD 19107: /
EXE 19107: /usr/lib/x86_64-linux-gnu/notify-osd
CWD 20244: /home/ruut
EXE 20244: /usr/bin/compiz
CWD 20414: /
EXE 20414: /usr/bin/python3.4
CWD 20415: /
EXE 20415: /usr/bin/python3.4
CWD 20420: /home/ruut
EXE 20420: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD 20421: /home/ruut
EXE 20421: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD 20645: /home/ruut
EXE 20645: /usr/lib/firefox/firefox
PID 21226(/proc/21226): not in readdir output
PID 21226: not in ps output
CWD 21226: /home/ruut
EXE 21226: /bin/dash
PID 21227(/proc/21227): not in readdir output
PID 21227: not in ps output
CWD 21227: /home/ruut
EXE 21227: /bin/dash
PID 21228(/proc/21228): not in readdir output
PID 21228: not in ps output
CWD 21228: /home/ruut
EXE 21228: /bin/dash
CWD 21379: /root
EXE 21379: /usr/bin/ettercap
CWD 23091: /home/ruut
EXE 23091: /usr/lib/firefox/firefox
CWD 26116: /
EXE 26116: /usr/sbin/clamav-milter
CWD 26118: /
EXE 26118: /usr/sbin/clamav-milter
CWD 26119: /
EXE 26119: /usr/sbin/clamav-milter
CWD 26120: /
EXE 26120: /usr/sbin/clamav-milter
CWD 26121: /
EXE 26121: /usr/sbin/clamav-milter
CWD 26248: /proc
EXE 26248: /usr/lib/rtkit/rtkit-daemon
CWD 26249: /proc
EXE 26249: /usr/lib/rtkit/rtkit-daemon
CWD 26302: /
EXE 26302: /usr/lib/x86_64-linux-gnu/unity-scope-home/unity-scope-home
CWD 26304: /
EXE 26304: /usr/lib/x86_64-linux-gnu/unity-scope-home/unity-scope-home
CWD 26305: /
EXE 26305: /usr/lib/x86_64-linux-gnu/unity-scope-home/unity-scope-home
CWD 26315: /
EXE 26315: /usr/bin/unity-scope-loader
CWD 26316: /
EXE 26316: /usr/bin/unity-scope-loader
CWD 26317: /
EXE 26317: /usr/bin/unity-scope-loader
CWD 26444: /
EXE 26444: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26445: /
EXE 26445: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26446: /
EXE 26446: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26448: /
EXE 26448: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26449: /
EXE 26449: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26835: /home/ruut
EXE 26835: /usr/lib/virtualbox/VirtualBox
CWD 26836: /home/ruut
EXE 26836: /usr/lib/virtualbox/VirtualBox
CWD 26837: /home/ruut
EXE 26837: /usr/lib/virtualbox/VirtualBox
CWD 26844: /home/ruut
EXE 26844: /usr/lib/virtualbox/VirtualBox
CWD 26845: /home/ruut
EXE 26845: /usr/lib/virtualbox/VirtualBox
CWD 26849: /home/ruut
EXE 26849: /usr/lib/virtualbox/VBoxSVC
CWD 26850: /home/ruut
EXE 26850: /usr/lib/virtualbox/VBoxSVC
CWD 26851: /home/ruut
EXE 26851: /usr/lib/virtualbox/VBoxSVC
CWD 26852: /home/ruut
EXE 26852: /usr/lib/virtualbox/VBoxSVC
CWD 26853: /home/ruut
EXE 26853: /usr/lib/virtualbox/VBoxSVC
CWD 26854: /home/ruut
EXE 26854: /usr/lib/virtualbox/VBoxSVC
CWD 26855: /home/ruut
EXE 26855: /usr/lib/virtualbox/VBoxSVC
CWD 26856: /home/ruut
EXE 26856: /usr/lib/virtualbox/VBoxSVC
CWD 26857: /home/ruut
EXE 26857: /usr/lib/virtualbox/VBoxSVC
CWD 26858: /home/ruut
EXE 26858: /usr/lib/virtualbox/VirtualBox
CWD 26864: /home/ruut
EXE 26864: /usr/lib/virtualbox/VBoxSVC
CWD 26865: /home/ruut
EXE 26865: /usr/lib/virtualbox/VBoxSVC
CWD 27039: /home/ruut
EXE 27039: /usr/bin/python2.7
CWD 27040: /home/ruut
EXE 27040: /usr/bin/python2.7
CWD 27041: /home/ruut
EXE 27041: /usr/bin/python2.7
CWD 27053: /
EXE 27053: /usr/bin/python3.4
CWD 27071: /home/ruut
EXE 27071: /usr/bin/python2.7
CWD 27072: /home/ruut
EXE 27072: /usr/bin/python2.7
CWD 27234: /home/ruut
EXE 27234: /usr/bin/python2.7
CWD 27235: /home/ruut
EXE 27235: /usr/bin/python2.7
CWD 32037: /
EXE 32037: /usr/lib/gvfs/gvfsd-http
CWD 32038: /
EXE 32038: /usr/lib/gvfs/gvfsd-http
CWD 32078: /
EXE 32078: /usr/lib/gvfs/gvfsd-http
You have 3 process hidden for readdir command
You have 3 process hidden for ps command
not found
###
### Output of: ./ifpromisc
###
lo: not promisc and no packet sniffer sockets
enp3s0: PACKET SNIFFER(/sbin/dhclient[1007], /usr/bin/ettercap[4481])
not infected
###
### Output of: ./chkwtmp -f /var/log/wtmp
###
not infected
not infected
###
### Output of: ./chklastlog -f /var/log/wtmp -l /var/log/lastlog
###
user ruut deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1291 tty7 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
not infected
|
|
17.03.2016, 02:23
| #25 | |
| | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR auth.log...Auszug Code:
ATTFilter Mar 17 00:11:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:11:36 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:11024:404799 (system bus name :1.118, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:11:49 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service ntp stop
Mar 17 00:11:49 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:11:49 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:11081:406152 (system bus name :1.119 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:11:49 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:11:49 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:11081:406152 (system bus name :1.119, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:11:56 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service list
Mar 17 00:11:56 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:11:56 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:12:02 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service
Mar 17 00:12:02 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:12:02 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:12:10 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service --status all
Mar 17 00:12:10 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:12:10 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:12:35 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service --status-all
Mar 17 00:12:35 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:12:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:13:11 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups stop
Mar 17 00:13:11 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12006:414351 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12006:414351 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:11993:414343 (system bus name :1.121 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:13:11 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:11993:414343 (system bus name :1.121, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:13:17 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:13:17 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:13:17 ruut-HP-280-G1-MT pkexec[12058]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:13:44 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service dns-clean reload
Mar 17 00:13:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:13:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:01 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups-browsed
Mar 17 00:14:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:14:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:19 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups-browsed
Mar 17 00:14:19 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:14:19 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:27 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups-browsed stop
Mar 17 00:14:27 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:14:27 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12234:421984 (system bus name :1.127 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:14:27 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:27 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12234:421984 (system bus name :1.127, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:15:00 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service bluetooth
Mar 17 00:15:00 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:15:00 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:15:13 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service bluetooth stop
Mar 17 00:15:13 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:15:13 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12368:426585 (system bus name :1.128 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:15:13 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:15:13 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12368:426585 (system bus name :1.128, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:15:51 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service checkroot-bootclean.sh stop
Mar 17 00:15:51 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:15:51 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12476:430320 (system bus name :1.129 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:15:51 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:15:51 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12476:430320 (system bus name :1.129, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:16:07 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service checkroot-bootclean.sh reload
Mar 17 00:16:07 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:16:07 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:16:36 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service pure-ftpd stop
Mar 17 00:16:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:16:36 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12610:434838 (system bus name :1.130 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:16:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:16:36 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12610:434838 (system bus name :1.130, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:17:01 ruut-HP-280-G1-MT CRON[13971]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 00:17:01 ruut-HP-280-G1-MT CRON[13971]: pam_unix(cron:session): session closed for user root
Mar 17 00:19:04 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:15601:449644 (system bus name :1.134 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:19:04 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:15601:449644 (system bus name :1.134, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:19:42 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:20:01 ruut-HP-280-G1-MT CRON[17850]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 00:20:01 ruut-HP-280-G1-MT CRON[17850]: pam_unix(cron:session): session closed for user smmsp
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17911:456818 (system bus name :1.142 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17911:456818 (system bus name :1.142, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17934:456843 (system bus name :1.143 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17934:456843 (system bus name :1.143, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17954:456857 (system bus name :1.144 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17954:456857 (system bus name :1.144, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17971:456910 (system bus name :1.145 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:17 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17971:456910 (system bus name :1.145, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:47 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18838:459917 (system bus name :1.146 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:47 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18838:459917 (system bus name :1.146, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18878:460452 (system bus name :1.147 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18878:460452 (system bus name :1.147, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18922:460481 (system bus name :1.148 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18922:460481 (system bus name :1.148, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18945:460498 (system bus name :1.149 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18945:460498 (system bus name :1.149, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:54 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18967:460648 (system bus name :1.151 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:54 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18967:460648 (system bus name :1.151, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:22:17 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:22:17 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:22:17 ruut-HP-280-G1-MT pkexec[19187]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:22:46 ruut-HP-280-G1-MT polkit-agent-helper-1[19263]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 00:22:46 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:19257:471471 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:ruut)
Mar 17 00:22:46 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:22:46 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:22:46 ruut-HP-280-G1-MT pkexec[19259]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/sbin/synaptic]
Mar 17 00:23:45 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install sqlite3+
Mar 17 00:23:45 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:23:45 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:23:55 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install sqlite3
Mar 17 00:23:55 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:23:55 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:24:04 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install sqlite3
Mar 17 00:24:04 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:24:16 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:24:57 ruut-HP-280-G1-MT polkit-agent-helper-1[20066]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 00:24:57 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:20060:484555 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:ruut)
Mar 17 00:24:57 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:24:57 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:24:57 ruut-HP-280-G1-MT pkexec[20062]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/sbin/synaptic]
Mar 17 00:25:01 ruut-HP-280-G1-MT CRON[20097]: pam_unix(cron:session): session opened for user daemon by (uid=0)
Mar 17 00:25:01 ruut-HP-280-G1-MT CRON[20097]: pam_unix(cron:session): session closed for user daemon
Mar 17 00:25:17 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:25:17 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:25:17 ruut-HP-280-G1-MT pkexec[20140]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:33:28 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:24973:536068 (system bus name :1.166 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:28 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:24973:536068 (system bus name :1.166, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:31 ruut-HP-280-G1-MT groupadd[25120]: group added to /etc/group: name=clamav, GID=135
Mar 17 00:33:32 ruut-HP-280-G1-MT groupadd[25120]: group added to /etc/gshadow: name=clamav
Mar 17 00:33:32 ruut-HP-280-G1-MT groupadd[25120]: new group: name=clamav, GID=135
Mar 17 00:33:32 ruut-HP-280-G1-MT useradd[25126]: new user: name=clamav, UID=125, GID=135, home=/var/lib/clamav, shell=/bin/false
Mar 17 00:33:32 ruut-HP-280-G1-MT chage[25133]: changed password expiry for clamav
Mar 17 00:33:32 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25142:536506 (system bus name :1.167 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:32 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25142:536506 (system bus name :1.167, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:35 ruut-HP-280-G1-MT useradd[25303]: new user: name=c-icap, UID=126, GID=65534, home=/var/run/c-icap, shell=/bin/false
Mar 17 00:33:36 ruut-HP-280-G1-MT usermod[25308]: change user 'c-icap' password
Mar 17 00:33:36 ruut-HP-280-G1-MT chage[25315]: changed password expiry for c-icap
Mar 17 00:33:36 ruut-HP-280-G1-MT groupadd[25319]: group added to /etc/group: name=c-icap, GID=136
Mar 17 00:33:36 ruut-HP-280-G1-MT groupadd[25319]: group added to /etc/gshadow: name=c-icap
Mar 17 00:33:36 ruut-HP-280-G1-MT groupadd[25319]: new group: name=c-icap, GID=136
Mar 17 00:33:36 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25326:536900 (system bus name :1.168 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:36 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25326:536900 (system bus name :1.168, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:36 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25363:536913 (system bus name :1.169 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:37 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25363:536913 (system bus name :1.169, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:37 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25386:536926 (system bus name :1.170 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:37 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25386:536926 (system bus name :1.170, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:47 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:26170:537929 (system bus name :1.171 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:47 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:26170:537929 (system bus name :1.171, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:34:55 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:34:55 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:34:55 ruut-HP-280-G1-MT pkexec[26396]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:36:16 ruut-HP-280-G1-MT userhelper[26601]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost= user=ruut
Mar 17 00:36:39 ruut-HP-280-G1-MT userhelper[26647]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost= user=ruut
Mar 17 00:36:56 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/passwd root
Mar 17 00:36:56 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:36:56 ruut-HP-280-G1-MT passwd[26690]: pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: pam_unix(passwd:chauthtok): password changed for root
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: gkr-pam: couldn't update the login keyring password: no old password was entered
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: pam_ecryptfs: Passphrase file wrapped
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do
Mar 17 00:37:11 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:37:26 ruut-HP-280-G1-MT userhelper[26726]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost= user=ruut
Mar 17 00:39:48 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/chkrootkit
Mar 17 00:39:48 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:40:01 ruut-HP-280-G1-MT CRON[27754]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 00:40:02 ruut-HP-280-G1-MT CRON[27754]: pam_unix(cron:session): session closed for user smmsp
Mar 17 00:40:08 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:40:52 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/13 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/rkhunter -c
Mar 17 00:40:52 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:40:58 ruut-HP-280-G1-MT Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Mar 17 00:44:43 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/bin/bash
Mar 17 00:44:43 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:45:01 ruut-HP-280-G1-MT CRON[24645]: pam_unix(cron:session): session opened for user clamav by (uid=0)
Mar 17 00:45:29 ruut-HP-280-G1-MT polkit-agent-helper-1[28616]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 00:45:29 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain TEMPORARY authorization for action org.debian.apt.install-file for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 00:46:00 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:7551:611224 (system bus name :1.188 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:46:00 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:7551:611224 (system bus name :1.188, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:46:01 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:7572:611323 (system bus name :1.189 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:46:01 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:7572:611323 (system bus name :1.189, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:46:09 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:7612:612197 (system bus name :1.190 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:46:10 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:7612:612197 (system bus name :1.190, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:48:22 ruut-HP-280-G1-MT CRON[24645]: pam_unix(cron:session): session closed for user clamav
Mar 17 00:50:06 ruut-HP-280-G1-MT sudo: root : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/geany /var/mail/root
Mar 17 00:50:06 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:51:49 ruut-HP-280-G1-MT Rootkit Hunter: Scanning took 10 minutes and 49 seconds
Mar 17 00:51:49 ruut-HP-280-G1-MT Rootkit Hunter: Please inspect this machine, because it may be infected.
Mar 17 00:51:49 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:52:24 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/13 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/tiger
Mar 17 00:52:24 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:52:44 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/18 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/chkrootkit -x
Mar 17 00:52:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:55:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:55:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:55:33 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:56:13 ruut-HP-280-G1-MT sudo: pam_unix(sudo:auth): authentication failure; logname=ruut uid=1000 euid=0 tty=/dev/pts/12 ruser=ruut rhost= user=ruut
Mar 17 00:58:32 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 01:00:01 ruut-HP-280-G1-MT CRON[17376]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 01:00:01 ruut-HP-280-G1-MT CRON[17377]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 01:00:01 ruut-HP-280-G1-MT CRON[17377]: pam_unix(cron:session): session closed for user smmsp
Mar 17 01:00:03 ruut-HP-280-G1-MT CRON[17376]: pam_unix(cron:session): session closed for user root
Mar 17 01:01:32 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 01:01:32 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 01:01:32 ruut-HP-280-G1-MT pkexec[17590]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 01:02:31 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install openssh-client
Mar 17 01:02:31 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:02:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 01:06:30 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/tcpdump -Annvvs 1500 -i any udp and dst port 53
Mar 17 01:06:30 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:11:47 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.debian.apt.install-file for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 01:17:01 ruut-HP-280-G1-MT CRON[18784]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 01:17:01 ruut-HP-280-G1-MT CRON[18784]: pam_unix(cron:session): session closed for user root
Mar 17 01:17:45 ruut-HP-280-G1-MT polkit-agent-helper-1[18836]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 01:17:46 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 01:18:42 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/19 ; PWD=/home/ruut ; USER=root ; COMMAND=/bin/bash
Mar 17 01:18:42 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:20:01 ruut-HP-280-G1-MT CRON[19181]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 01:20:02 ruut-HP-280-G1-MT CRON[19181]: pam_unix(cron:session): session closed for user smmsp
Mar 17 01:22:26 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 01:22:26 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 01:22:26 ruut-HP-280-G1-MT pkexec[19423]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 01:25:02 ruut-HP-280-G1-MT CRON[19634]: pam_unix(cron:session): session opened for user daemon by (uid=0)
Mar 17 01:25:03 ruut-HP-280-G1-MT CRON[19634]: pam_unix(cron:session): session closed for user daemon
Mar 17 01:35:52 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/21 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/chkrootkit
Mar 17 01:35:52 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:36:12 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 01:40:01 ruut-HP-280-G1-MT CRON[22824]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 01:40:02 ruut-HP-280-G1-MT CRON[22824]: pam_unix(cron:session): session closed for user smmsp
Mar 17 01:41:59 ruut-HP-280-G1-MT polkit-agent-helper-1[22953]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost= user=ruut
Mar 17 01:42:04 ruut-HP-280-G1-MT polkit-agent-helper-1[22975]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 01:42:04 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 01:45:01 ruut-HP-280-G1-MT CRON[26066]: pam_unix(cron:session): session opened for user clamav by (uid=0)
Mar 17 01:47:57 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/21 ; PWD=/home/ruut ; USER=root ; COMMAND=/bin/bash
Mar 17 01:47:57 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:49:48 ruut-HP-280-G1-MT CRON[26066]: pam_unix(cron:session): session closed for user clamav
Mar 17 01:52:42 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 01:52:42 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 01:52:42 ruut-HP-280-G1-MT pkexec[26825]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 02:00:01 ruut-HP-280-G1-MT CRON[27331]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 02:00:01 ruut-HP-280-G1-MT CRON[27332]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 02:00:01 ruut-HP-280-G1-MT CRON[27332]: pam_unix(cron:session): session closed for user smmsp
Mar 17 02:00:03 ruut-HP-280-G1-MT CRON[27331]: pam_unix(cron:session): session closed for user root
Mar 17 02:08:15 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 02:08:43 ruut-HP-280-G1-MT sudo: ruut : TTY=pts/13 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/nautilus
Mar 17 02:08:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Code:
ATTFilter ruut@ruut-HP-280-G1-MT:~$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"
System infected
ruut@ruut-HP-280-G1-MT:~$ 2>&1 | grep -e illegal -e unknown > /dev/null
Zitat:
|
|
17.03.2016, 03:41
| #26 | |
| /// Mac Expert | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Du schmeisst hier mit Listen um dich Zitat:
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
|
17.03.2016, 09:52
| #27 |
| | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Da der "Virus" scheinbar  im BIOS sitzt, könnte man doch einfach das komplette Mainboard austauschen. |
|
17.03.2016, 09:54
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBRZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.03.2016, 09:59
| #29 |
| | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Oder gleich den User....  |
|
17.03.2016, 11:29
| #30 | |
| Gesperrt | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBRZitat:
|
 |
| Themen zu Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR |
| required |
Linear-Darstellung
