Trojaner-Board
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Mac OSX & Linux (https://www.trojaner-board.de/alles-rund-um-mac-osx-linux/)
-   -   Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR (https://www.trojaner-board.de/176707-linux-bootkit-nemesis-bios-firmware-malware-vbr.html)

KernelpanicX 15.03.2016 23:17
Der junge Padawan scheint wirklich etwas verwirrt zu sein. Vielleicht muß der Kopf nur einfach mal wieder richtig frei gemacht werden. Für mich reicht dann so etwas:

Taylors Fine White Port oder
Delaforce Special White Port :daumenhoc:
:alc:

Fragerin 16.03.2016 08:15
Aber man kann doch als Normalmensch mit kaum einem Eintrag aus dmesg wirklich was anfangen. Der TO hat aber nicht das halbe Log unterstrichen, sondern einige ausgewählte Einträge. Da muss er doch irgendwelche Kriterien dafür haben.
Hmmm... evtl. Vergleich mit einem älteren Ubuntu, auf dem systemd noch nicht am Start war?

cosinus 16.03.2016 09:12
Ähm ja, und? :wtf:
Die allermeisten Einträge zeigt auch mein dmesg. Da wird halt jeder sch... drin protokolliert:

Code:
cosinus@ubuntu:~$ dmesg |grep Calg
[    0.000000] Calgary: detecting Calgary via BIOS EBDA area
[    0.000000] Calgary: Unable to locate Rio Grande table in EBDA - bailing!
cosinus@ubuntu:~$ dmesg |grep parav
[    0.000000] Booting paravirtualized kernel on bare hardware
cosinus@ubuntu:~$ dmesg |grep Fak
[    0.000000] Faking a node at [mem 0x0000000000000000-0x000000041effffff]
cosinus@ubuntu:~$ dmesg |grep checksum
[    0.000000] ACPI: Early table checksum verification disabled
[    0.865195] r8169 0000:03:00.0 eth0: jumbo features [frames: 9200 bytes, tx checksumming: ko]
cosinus@ubuntu:~$ dmesg |grep -i "acpi error"
[    1.203714] ACPI Error: [DSSP] Namespace lookup failure, AE_NOT_FOUND (20150619/psargs-359)
[    1.204096] ACPI Error: Method parse/execution failed [\_SB_.PCI0.SAT0.SPT4._GTF] (Node ffff88040e0d1460), AE_NOT_FOUND (20150619/psparse-536)
[    1.213999] ACPI Error: [DSSP] Namespace lookup failure, AE_NOT_FOUND (20150619/psargs-359)
[    1.214369] ACPI Error: Method parse/execution failed [\_SB_.PCI0.SAT0.SPT4._GTF] (Node ffff88040e0d1460), AE_NOT_FOUND (20150619/psparse-536)
Hm, hab ich jetzt auch ein rootkit drin und wusste davon die ganze Zeit bisher nix davon? :dummguck: iceweasel, Hilfe! :D

Fragerin 16.03.2016 09:27
Vielleicht ist dein "Bootkit" auch systemd und andere neuere Entwicklungen bei Linux :-)

Ich meine ja bloß, wenn er uns erklärt, wie er darauf kommt, hätten wir eine Basis, ihm zu erklären, was da wirklich los ist.

Dante12 16.03.2016 11:36
Für mich sieht das so aus als ob alles wild durcheinander zusammengesucht wurde :D

Um mal das Log von Cosinus auf die schnelle zu analysieren:

Zitat:
Calgary: detecting Calgary via BIOS EBDA area
Das Modul wird geladen obwohl auf den Rechner keine entsprechende Hardware verbaut ist. Daher die Fehlermeldung. Hier auch der Bug Report vor einiger Zeit.

Zitat:
Booting paravirtualized kernel on bare hardware
Das ist ein Kernel der für die Virtualisierung augelegt ist jedoch auf echter Hardware läuft.

Zudem ist das Netzwerk von @cosinus auf Jumbo-Frames ausgelegt.

Zitat:
ACPI Error: Method parse/execution failed
Für gewöhnlich hat dieser Fehler keine direkte auswirkung könnte aber mit dem Power Management Probleme bekommen. Sofern da nichts beim Arbeiten auffällig ist (Abstürze, Hänger etc.) kann das ignoriert werden.
Andernfalls sollte man im Bios mal nach ACPI=Legacy schauen.

Also alles Rootkits die für das System entwickelt wurden :D

cosinus 16.03.2016 23:29
Das richtige fiese rootkit hast du übersehen, sieht man auf Mac OS X nicht, weil mit Linux Geheimtinte hier gepostet :rofl:

Code:
cosinus@ubuntu:~$ dmesg |grep Fak
[    0.000000] Faking a node at [mem 0x0000000000000000-0x000000041effffff]

dennissteins 17.03.2016 01:54
Will euch nicht weiter nerven mit meinen Einbildungen und meiner Unwissenheit, aber drei Logs habe ich noch....Nach /Während Clientenzugriff:

Code:

ruut@ruut-HP-280-G1-MT:~$ sudo chkrootkit
[sudo] password for ruut:
ROOTDIR is `/'
Checking `amd'...                                          not found
Checking `basename'...                                      not infected
Checking `biff'...                                          not found
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                      not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                      not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                        not infected
Checking `env'...                                          not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                      not found
Checking `gpm'...                                          not found
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                        not infected
Checking `inetdconf'...                                    not infected
Checking `identd'...                                        not found
Checking `init'...                                          not infected
Checking `killall'...                                      not infected
Checking `ldsopreload'...                                  not infected
Checking `login'...                                        not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not found
Checking `netstat'...                                      not infected
Checking `named'...                                        not found
Checking `passwd'...                                        not infected
Checking `pidof'...                                        not infected
Checking `pop2'...                                          not found
Checking `pop3'...                                          not found
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                      not found
Checking `rlogind'...                                      not found
Checking `rshd'...                                          not found
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not found
Checking `syslogd'...                                      not tested
Checking `tar'...                                          not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                      not infected
Checking `top'...                                          not infected
Checking `telnetd'...                                      not found
Checking `timed'...                                        not found
Checking `traceroute'...                                    not found
Checking `vdir'...                                          not infected
Checking `w'...                                            not infected
Checking `write'...                                        not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...        nothing found
Searching for rootkit t0rn's default files...              nothing found
Searching for t0rn's v8 defaults...                        nothing found
Searching for rootkit Lion's default files...              nothing found
Searching for rootkit RSHA's default files...              nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: 
/usr/lib/debug/.build-id /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/noentry/.htaccess /lib/modules/4.2.0-34-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
/usr/lib/debug/.build-id /lib/modules/4.2.0-34-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                            nothing found
Searching for Adore Worm...                                nothing found
Searching for ShitC Worm...                                nothing found
Searching for Omega Worm...                                nothing found
Searching for Sadmind/IIS Worm...                          nothing found
Searching for MonKit...                                    nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                  nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                    nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                          nothing found
Searching for Suckit rootkit...                            nothing found
Searching for Volc rootkit...                              nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...  nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...      nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...      nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                  nothing found
Searching for ESRK rootkit default files...                nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...              nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...          nothing found
Checking `asp'...                                          not infected
Checking `bindshell'...                                    not infected
Checking `lkm'...                                          chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'...                                      not found
Checking `sniffer'...                                      lo: not promisc and no packet sniffer sockets
enp3s0: PACKET SNIFFER(/sbin/dhclient[1007], /usr/bin/ettercap[4481])
Checking `w55808'...                                        not infected
Checking `wted'...                                          chkwtmp: nothing deleted
Checking `scalper'...                                      not infected
Checking `slapper'...                                      not infected
Checking `z2'...                                            user ruut deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root        1291 tty7  /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
ruut@ruut-HP-280-G1-MT:~$
Code:
[00:40:56] Running Rootkit Hunter version 1.4.2 on ruut-HP-280-G1-MT
[00:40:56]
[00:40:56] Info: Start date is Do 17. Mär 00:40:56 CET 2016
[00:40:56]
[00:40:56] Checking configuration file and command-line options...
[00:40:56] Info: Detected operating system is 'Linux'
[00:40:56] Info: Found O/S name: Ubuntu 15.10
[00:40:56] Info: Command line is /usr/bin/rkhunter -c
[00:40:56] Info: Environment shell is /bin/bash; rkhunter is using dash
[00:40:56] Info: Using configuration file '/etc/rkhunter.conf'
[00:40:56] Info: Installation directory is '/usr'
[00:40:56] Info: Using language 'en'
[00:40:56] Info: Using '/var/lib/rkhunter/db' as the database directory
[00:40:56] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[00:40:56] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin' as the command directories
[00:40:56] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[00:40:56] Info: No mail-on-warning address configured
[00:40:56] Info: X will be automatically detected
[00:40:56] Info: Using second color set
[00:40:56] Info: Found the 'basename' command: /usr/bin/basename
[00:40:57] Info: Found the 'diff' command: /usr/bin/diff
[00:40:57] Info: Found the 'dirname' command: /usr/bin/dirname
[00:40:57] Info: Found the 'file' command: /usr/bin/file
[00:40:57] Info: Found the 'find' command: /usr/bin/find
[00:40:57] Info: Found the 'ifconfig' command: /sbin/ifconfig
[00:40:57] Info: Found the 'ip' command: /sbin/ip
[00:40:57] Info: Found the 'ipcs' command: /usr/bin/ipcs
[00:40:57] Info: Found the 'ldd' command: /usr/bin/ldd
[00:40:57] Info: Found the 'lsattr' command: /usr/bin/lsattr
[00:40:57] Info: Found the 'lsmod' command: /sbin/lsmod
[00:40:57] Info: Found the 'lsof' command: /usr/bin/lsof
[00:40:57] Info: Found the 'mktemp' command: /bin/mktemp
[00:40:57] Info: Found the 'netstat' command: /bin/netstat
[00:40:57] Info: Found the 'perl' command: /usr/bin/perl
[00:40:57] Info: Found the 'pgrep' command: /usr/bin/pgrep
[00:40:57] Info: Found the 'ps' command: /bin/ps
[00:40:57] Info: Found the 'pwd' command: /bin/pwd
[00:40:57] Info: Found the 'readlink' command: /bin/readlink
[00:40:57] Info: Found the 'stat' command: /usr/bin/stat
[00:40:57] Info: Found the 'strings' command: /usr/bin/strings
[00:40:57] Info: System is not using prelinking
[00:40:57] Info: Using the '/usr/bin/sha256sum' command for the file hash checks
[00:40:57] Info: Stored hash values used hash function '/usr/bin/sha256sum'
[00:40:57] Info: Stored hash values did not use a package manager
[00:40:57] Info: The hash function field index is set to 1
[00:40:57] Info: No package manager specified: using hash function '/usr/bin/sha256sum'
[00:40:57] Info: Previous file attributes were stored
[00:40:57] Info: Enabled tests are: all
[00:40:57] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps apps
[00:40:58] Info: Found ksym file '/proc/kallsyms'
[00:40:58] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.
[00:40:58] Info: Using 'date' to process epoch second times
[00:40:58]
[00:40:58] Checking if the O/S has changed since last time...
[00:40:58] Info: Nothing seems to have changed.
[00:40:58] Info: Locking is not being used
[00:40:58]
[00:40:58] Starting system checks...
[00:40:58]
[00:40:58] Info: Starting test name 'system_commands'
[00:40:58] Checking system commands...
[00:40:58]
[00:40:58] Info: Starting test name 'strings'
[00:40:58] Performing 'strings' command checks
[00:40:58]  Scanning for string /usr/sbin/ntpsx            [ OK ]
[00:40:58]  Scanning for string /usr/sbin/.../bkit-ava      [ OK ]
[00:40:58]  Scanning for string /usr/sbin/.../bkit-d        [ OK ]
[00:40:58]  Scanning for string /usr/sbin/.../bkit-shd      [ OK ]
[00:40:58]  Scanning for string /usr/sbin/.../bkit-f        [ OK ]
[00:40:59]  Scanning for string /usr/include/.../proc.h    [ OK ]
[00:40:59]  Scanning for string /usr/include/.../.bash_history [ OK ]
[00:40:59]  Scanning for string /usr/include/.../bkit-get  [ OK ]
[00:40:59]  Scanning for string /usr/include/.../bkit-dl    [ OK ]
[00:40:59]  Scanning for string /usr/include/.../bkit-screen [ OK ]
[00:40:59]  Scanning for string /usr/include/.../bkit-sleep [ OK ]
[00:40:59]  Scanning for string /usr/lib/.../bkit-adore.o  [ OK ]
[00:40:59]  Scanning for string /usr/lib/.../ls            [ OK ]
[00:40:59]  Scanning for string /usr/lib/.../netstat        [ OK ]
[00:40:59]  Scanning for string /usr/lib/.../lsof          [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../bkit-ssh/bkit-mots [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../uconf.inv      [ OK ]
[00:41:00]  Scanning for string /usr/lib/.../psr            [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../find          [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../pstree        [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../slocate        [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../du            [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../top            [ OK ]
[00:41:01]  Scanning for string /usr/sbin/...              [ OK ]
[00:41:01]  Scanning for string /usr/include/...            [ OK ]
[00:41:01]  Scanning for string /usr/include/.../.tmp      [ OK ]
[00:41:01]  Scanning for string /usr/lib/...                [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../.ssh          [ OK ]
[00:41:01]  Scanning for string /usr/lib/.../bkit-ssh      [ OK ]
[00:41:02]  Scanning for string /usr/lib/.bkit-            [ OK ]
[00:41:02]  Scanning for string /tmp/.bkp                  [ OK ]
[00:41:02]  Scanning for string /tmp/.cinik                [ OK ]
[00:41:02]  Scanning for string /tmp/.font-unix/.cinik      [ OK ]
[00:41:02]  Scanning for string /lib/.sso                  [ OK ]
[00:41:02]  Scanning for string /lib/.so                    [ OK ]
[00:41:02]  Scanning for string /var/run/...dica/clean      [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/dxr        [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/read      [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/write      [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/lf        [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/xl        [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/xdr        [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/psg        [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/secure    [ OK ]
[00:41:03]  Scanning for string /var/run/...dica/rdx        [ OK ]
[00:41:04]  Scanning for string /var/run/...dica/va        [ OK ]
[00:41:04]  Scanning for string /var/run/...dica/cl.sh      [ OK ]
[00:41:04]  Scanning for string /var/run/...dica/last.log  [ OK ]
[00:41:04]  Scanning for string /usr/bin/.etc              [ OK ]
[00:41:04]  Scanning for string /etc/sshd_config            [ OK ]
[00:41:04]  Scanning for string /etc/ssh_host_key          [ OK ]
[00:41:04]  Scanning for string /etc/ssh_random_seed        [ OK ]
[00:41:04]  Scanning for string /dev/ptyp                  [ OK ]
[00:41:05]  Scanning for string /dev/ptyq                  [ OK ]
[00:41:05]  Scanning for string /dev/ptyr                  [ OK ]
[00:41:05]  Scanning for string /dev/ptys                  [ OK ]
[00:41:05]  Scanning for string /dev/ptyt                  [ OK ]
[00:41:05]  Scanning for string /dev/fd/.88/freshb-bsd      [ OK ]
[00:41:06]  Scanning for string /dev/fd/.88/fresht          [ OK ]
[00:41:06]  Scanning for string /dev/fd/.88/zxsniff        [ OK ]
[00:41:06]  Scanning for string /dev/fd/.88/zxsniff.log    [ OK ]
[00:41:06]  Scanning for string /dev/fd/.99/.ttyf00        [ OK ]
[00:41:06]  Scanning for string /dev/fd/.99/.ttyp00        [ OK ]
[00:41:06]  Scanning for string /dev/fd/.99/.ttyq00        [ OK ]
[00:41:06]  Scanning for string /dev/fd/.99/.ttys00        [ OK ]
[00:41:06]  Scanning for string /dev/fd/.99/.pwsx00        [ OK ]
[00:41:06]  Scanning for string /etc/.acid                  [ OK ]
[00:41:06]  Scanning for string /usr/lib/.fx/sched_host.2  [ OK ]
[00:41:07]  Scanning for string /usr/lib/.fx/random_d.2    [ OK ]
[00:41:07]  Scanning for string /usr/lib/.fx/set_pid.2      [ OK ]
[00:41:07]  Scanning for string /usr/lib/.fx/setrgrp.2      [ OK ]
[00:41:07]  Scanning for string /usr/lib/.fx/TOHIDE        [ OK ]
[00:41:07]  Scanning for string /usr/lib/.fx/cons.saver    [ OK ]
[00:41:07]  Scanning for string /usr/lib/.fx/adore/ava/ava  [ OK ]
[00:41:08]  Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[00:41:08]  Scanning for string /bin/sysback                [ OK ]
[00:41:08]  Scanning for string /usr/local/bin/sysback      [ OK ]
[00:41:08]  Scanning for string /usr/lib/.tbd              [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/t0rns    [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/du        [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/ls        [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/t0rnsb    [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/ps        [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/t0rnp    [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/find      [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/ifconfig  [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/pg        [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/ssh.tgz  [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/top      [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/sz        [ OK ]
[00:41:08]  Scanning for string /dev/.lib/lib/lib/login    [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/1i0n.sh  [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/pstree    [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/mjy      [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/sush      [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/tfn      [ OK ]
[00:41:09]  Scanning for string /dev/.lib/lib/lib/name      [ OK ]
[00:41:10]  Scanning for string /dev/.lib/lib/lib/getip.sh  [ OK ]
[00:41:10]  Scanning for string /usr/info/.torn/sh*        [ OK ]
[00:41:10]  Scanning for string /usr/src/.puta/.1addr      [ OK ]
[00:41:10]  Scanning for string /usr/src/.puta/.1file      [ OK ]
[00:41:10]  Scanning for string /usr/src/.puta/.1proc      [ OK ]
[00:41:10]  Scanning for string /usr/src/.puta/.1logz      [ OK ]
[00:41:11]  Scanning for string /usr/info/.t0rn            [ OK ]
[00:41:11]  Scanning for string /dev/.lib                  [ OK ]
[00:41:11]  Scanning for string /dev/.lib/lib              [ OK ]
[00:41:11]  Scanning for string /dev/.lib/lib/lib          [ OK ]
[00:41:11]  Scanning for string /dev/.lib/lib/lib/dev      [ OK ]
[00:41:11]  Scanning for string /dev/.lib/lib/scan          [ OK ]
[00:41:11]  Scanning for string /usr/src/.puta              [ OK ]
[00:41:11]  Scanning for string /usr/man/man1/man1          [ OK ]
[00:41:12]  Scanning for string /usr/man/man1/man1/lib      [ OK ]
[00:41:12]  Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[00:41:12]  Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[00:41:12]
[00:41:12] Info: Starting test name 'shared_libs'
[00:41:12] Performing 'shared libraries' checks
[00:41:12]  Checking for preloading variables              [ None found ]
[00:41:12]  Checking for preloaded libraries                [ None found ]
[00:41:12]
[00:41:12] Info: Starting test name 'shared_libs_path'
[00:41:12]  Checking LD_LIBRARY_PATH variable              [ Not found ]
[00:41:13]
[00:41:13] Info: Starting test name 'properties'
[00:41:13] Performing file properties checks
[00:41:13]  Checking for prerequisites                      [ OK ]
[00:41:20]  /usr/sbin/adduser                              [ OK ]
[00:41:20] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[00:41:20]  /usr/sbin/chroot                                [ OK ]
[00:41:20]  /usr/sbin/cron                                  [ OK ]
[00:41:21]  /usr/sbin/groupadd                              [ OK ]
[00:41:21]  /usr/sbin/groupdel                              [ OK ]
[00:41:22]  /usr/sbin/groupmod                              [ OK ]
[00:41:22]  /usr/sbin/grpck                                [ OK ]
[00:41:22]  /usr/sbin/inetd                                [ OK ]
[00:41:23]  /usr/sbin/nologin                              [ OK ]
[00:41:24]  /usr/sbin/pwck                                  [ OK ]
[00:41:24]  /usr/sbin/rsyslogd                              [ OK ]
[00:41:25]  /usr/sbin/tcpd                                  [ OK ]
[00:41:25]  /usr/sbin/useradd                              [ OK ]
[00:41:25]  /usr/sbin/userdel                              [ OK ]
[00:41:26]  /usr/sbin/usermod                              [ OK ]
[00:41:26]  /usr/sbin/vipw                                  [ OK ]
[00:41:26]  /usr/sbin/unhide-linux                          [ OK ]
[00:41:27]  /usr/sbin/unhide-posix                          [ OK ]
[00:41:27]  /usr/sbin/unhide-tcp                            [ OK ]
[00:41:28]  /usr/bin/awk                                    [ OK ]
[00:41:28]  /usr/bin/basename                              [ OK ]
[00:41:28]  /usr/bin/chattr                                [ OK ]
[00:41:28]  /usr/bin/curl                                  [ Warning ]
[00:41:28] Warning: The file properties have changed:
[00:41:28]          File: /usr/bin/curl
[00:41:28]          Current hash: be7fc9358c59203365c697aa690c199e3b82a4f434f0fc17645adef2943a3999
[00:41:28]          Stored hash : fdac692288d2bbecdad5ceb047a661a9991dd04c4788e788443ffac2fe0f9c96
[00:41:28]          Current inode: 12719688    Stored inode: 12714172
[00:41:28]          Current file modification time: 1453828450 (26-Jan-2016 18:14:10)
[00:41:28]          Stored file modification time : 1439252085 (11-Aug-2015 02:14:45)
[00:41:28]  /usr/bin/cut                                    [ OK ]
[00:41:29]  /usr/bin/diff                                  [ OK ]
[00:41:29]  /usr/bin/dirname                                [ OK ]
[00:41:29]  /usr/bin/dpkg                                  [ Warning ]
[00:41:29] Warning: The file properties have changed:
[00:41:29]          File: /usr/bin/dpkg
[00:41:29]          Current hash: 75869329a6e4836540f6668faa742b7924d0dbabe124251184e538e3b360fffa
[00:41:29]          Stored hash : a9d36f0882382ebee82e3ba9aa2c155e6e306ce086987d60c47f40ee302c6eb2
[00:41:29]          Current inode: 12714064    Stored inode: 12714222
[00:41:29]          Current file modification time: 1448544353 (26-Nov-2015 14:25:53)
[00:41:29]          Stored file modification time : 1445122210 (18-Okt-2015 00:50:10)
[00:41:29]  /usr/bin/dpkg-query                            [ Warning ]
[00:41:29] Warning: The file properties have changed:
[00:41:30]          File: /usr/bin/dpkg-query
[00:41:30]          Current hash: 4b52d7f69c86b7ef392e6207edfa44f11fed9b3487114ecaa7dedb8255cf31cd
[00:41:30]          Stored hash : bf117ff011b6cf1eb2469611f61b8cdb7fae4a0d61c7538cf080dc7ac3048934
[00:41:30]          Current inode: 12714165    Stored inode: 12714238
[00:41:30]          Current file modification time: 1448544353 (26-Nov-2015 14:25:53)
[00:41:30]          Stored file modification time : 1445122210 (18-Okt-2015 00:50:10)
[00:41:30]  /usr/bin/du                                    [ OK ]
[00:41:30]  /usr/bin/env                                    [ OK ]
[00:41:30]  /usr/bin/file                                  [ OK ]
[00:41:30]  /usr/bin/find                                  [ OK ]
[00:41:31]  /usr/bin/GET                                    [ OK ]
[00:41:31]  /usr/bin/groups                                [ OK ]
[00:41:31]  /usr/bin/head                                  [ OK ]
[00:41:31]  /usr/bin/id                                    [ OK ]
[00:41:31]  /usr/bin/killall                                [ OK ]
[00:41:32]  /usr/bin/last                                  [ OK ]
[00:41:32]  /usr/bin/lastlog                                [ OK ]
[00:41:32]  /usr/bin/ldd                                    [ Warning ]
[00:41:32] Warning: The file properties have changed:
[00:41:32]          File: /usr/bin/ldd
[00:41:32]          Current hash: 7b253d20dcc8c0d57e1e15bdae100f57e1a3a80e6e5c7b5940f695a2dba5c622
[00:41:32]          Stored hash : 1700e8168588e8036760cb1cb039f955d569bec1d63d579542d6f0ecfa08ac99
[00:41:32]          Current inode: 12716834    Stored inode: 12714663
[00:41:32]          Current size: 5422    Stored size: 5420
[00:41:32]          Current file modification time: 1455650074 (16-Feb-2016 20:14:34)
[00:41:32]          Stored file modification time : 1427353185 (26-Mär-2015 07:59:45)
[00:41:32] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[00:41:32]  /usr/bin/less                                  [ OK ]
[00:41:33]  /usr/bin/locate                                [ OK ]
[00:41:33]  /usr/bin/logger                                [ OK ]
[00:41:33]  /usr/bin/lsattr                                [ OK ]
[00:41:33]  /usr/bin/lsof                                  [ OK ]
[00:41:34]  /usr/bin/mail                                  [ OK ]
[00:41:34]  /usr/bin/md5sum                                [ OK ]
[00:41:34]  /usr/bin/mlocate                                [ OK ]
[00:41:35]  /usr/bin/newgrp                                [ OK ]
[00:41:35]  /usr/bin/passwd                                [ OK ]
[00:41:35]  /usr/bin/perl                                  [ Warning ]
[00:41:35] Warning: The file properties have changed:
[00:41:35]          File: /usr/bin/perl
[00:41:35]          Current hash: c980066b572f250b51f59ccdd75b8321a8e164523e9edfa6ea876d45d832e91c
[00:41:35]          Stored hash : 35825ede4da1106b1cf0fc63191c86b9cd14a446c7fc5ae0f53779025719f460
[00:41:35]          Current inode: 12714158    Stored inode: 12714913
[00:41:35]          Current size: 1742800    Stored size: 1739120
[00:41:35]          Current file modification time: 1456852740 (01-Mär-2016 18:19:00)
[00:41:35]          Stored file modification time : 1431625758 (14-Mai-2015 19:49:18)
[00:41:35]  /usr/bin/pgrep                                  [ OK ]
[00:41:35]  /usr/bin/pkill                                  [ OK ]
[00:41:36]  /usr/bin/pstree                                [ OK ]
[00:41:36]  /usr/bin/rkhunter                              [ OK ]
[00:41:36]  /usr/bin/runcon                                [ OK ]
[00:41:36]  /usr/bin/sha1sum                                [ OK ]
[00:41:37]  /usr/bin/sha224sum                              [ OK ]
[00:41:37]  /usr/bin/sha256sum                              [ OK ]
[00:41:37]  /usr/bin/sha384sum                              [ OK ]
[00:41:37]  /usr/bin/sha512sum                              [ OK ]
[00:41:37]  /usr/bin/size                                  [ Warning ]
[00:41:37] Warning: The file properties have changed:
[00:41:37]          File: /usr/bin/size
[00:41:38]          Current hash: fd068f1b22fd74204858cff7f3b3e3a493a1971c0c70802582ae39362f7ff705
[00:41:38]          Stored hash : d0286b512b60fd985b59f34b279f4189cff5c5e507c97fc9fd8ec0b6083dc4ca
[00:41:38]          Current inode: 12720013    Stored inode: 12715174
[00:41:38]          Current file modification time: 1445450142 (21-Okt-2015 19:55:42)
[00:41:38]          Stored file modification time : 1444464508 (10-Okt-2015 10:08:28)
[00:41:38]  /usr/bin/sort                                  [ OK ]
[00:41:38]  /usr/bin/ssh                                    [ Warning ]
[00:41:38] Warning: The file properties have changed:
[00:41:38]          File: /usr/bin/ssh
[00:41:38]          Current hash: 2b5d0118c7b5401b8466683564662e0799752952b8f537b18fae638a491c45af
[00:41:38]          Stored hash : 885edd8fe917c30cfbe4b07b46b4bc22f27994d6a584efec8ae8eeeb3d2c7eda
[00:41:38]          Current inode: 12715389    Stored inode: 12715199
[00:41:38]          Current file modification time: 1452703368 (13-Jan-2016 17:42:48)
[00:41:38]          Stored file modification time : 1441964023 (11-Sep-2015 11:33:43)
[00:41:38]  /usr/bin/stat                                  [ OK ]
[00:41:38]  /usr/bin/strace                                [ OK ]
[00:41:39]  /usr/bin/strings                                [ Warning ]
[00:41:39] Warning: The file properties have changed:
[00:41:39]          File: /usr/bin/strings
[00:41:39]          Current hash: d021a5d313adc2edbb7e5baaa8b75a6db8b888ede9a784679642b0e060719e02
[00:41:39]          Stored hash : a99840c71c5e98f8be825bdb3af40f51682cff1b7e3283fd9007fc7a4e567d5f
[00:41:39]          Current inode: 12720015    Stored inode: 12715212
[00:41:39]          Current file modification time: 1445450142 (21-Okt-2015 19:55:42)
[00:41:39]          Stored file modification time : 1444464508 (10-Okt-2015 10:08:28)
[00:41:39]  /usr/bin/sudo                                  [ OK ]
[00:41:39]  /usr/bin/tail                                  [ OK ]
[00:41:40]  /usr/bin/telnet                                [ OK ]
[00:41:40]  /usr/bin/test                                  [ OK ]
[00:41:40]  /usr/bin/top                                    [ OK ]
[00:41:40]  /usr/bin/touch                                  [ OK ]
[00:41:41]  /usr/bin/tr                                    [ OK ]
[00:41:41]  /usr/bin/uniq                                  [ OK ]
[00:41:41]  /usr/bin/users                                  [ OK ]
[00:41:41]  /usr/bin/vmstat                                [ OK ]
[00:41:41]  /usr/bin/w                                      [ OK ]
[00:41:41]  /usr/bin/watch                                  [ OK ]
[00:41:42]  /usr/bin/wc                                    [ OK ]
[00:41:42]  /usr/bin/wget                                  [ OK ]
[00:41:42]  /usr/bin/whatis                                [ OK ]
[00:41:42]  /usr/bin/whereis                                [ OK ]
[00:41:42]  /usr/bin/which                                  [ OK ]
[00:41:43]  /usr/bin/who                                    [ OK ]
[00:41:43]  /usr/bin/whoami                                [ OK ]
[00:41:43]  /usr/bin/unhide                                [ OK ]
[00:41:43]  /usr/bin/mawk                                  [ OK ]
[00:41:44]  /usr/bin/lwp-request                            [ OK ]
[00:41:44]  /usr/bin/bsd-mailx                              [ OK ]
[00:41:44]  /usr/bin/telnet.netkit                          [ OK ]
[00:41:44]  /usr/bin/w.procps                              [ OK ]
[00:41:45]  /sbin/depmod                                    [ OK ]
[00:41:46]  /sbin/fsck                                      [ OK ]
[00:41:47]  /sbin/ifconfig                                  [ OK ]
[00:41:47]  /sbin/ifdown                                    [ Warning ]
[00:41:47] Warning: The file properties have changed:
[00:41:47]          File: /sbin/ifdown
[00:41:47]          Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2
[00:41:47]          Stored hash : 6484df5d9545ec0f788ea36b0c8e24b787f58f0fcc9a414e2e40692c55e05d4c
[00:41:47]          Current inode: 23855359    Stored inode: 23855172
[00:41:47]          Current file modification time: 1456422700 (25-Feb-2016 18:51:40)
[00:41:47]          Stored file modification time : 1458114793 (16-Mär-2016 08:53:13)
[00:41:47]  /sbin/ifup                                      [ Warning ]
[00:41:48] Warning: The file properties have changed:
[00:41:48]          File: /sbin/ifup
[00:41:48]          Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2
[00:41:48]          Stored hash : 6484df5d9545ec0f788ea36b0c8e24b787f58f0fcc9a414e2e40692c55e05d4c
[00:41:48]          Current inode: 23855162    Stored inode: 23855174
[00:41:48]          Current size: 63184    Stored size: 59440
[00:41:48]          Current file modification time: 1456422701 (25-Feb-2016 18:51:41)
[00:41:48]          Stored file modification time : 1436504199 (10-Jul-2015 06:56:39)
[00:41:48]  /sbin/init                                      [ OK ]
[00:41:48]  /sbin/insmod                                    [ OK ]
[00:41:48]  /sbin/ip                                        [ OK ]
[00:41:49]  /sbin/lsmod                                    [ OK ]
[00:41:50]  /sbin/modinfo                                  [ OK ]
[00:41:51]  /sbin/modprobe                                  [ OK ]
[00:41:52]  /sbin/rmmod                                    [ OK ]
[00:41:52]  /sbin/route                                    [ OK ]
[00:41:53]  /sbin/runlevel                                  [ OK ]
[00:41:55]  /sbin/sulogin                                  [ OK ]
[00:41:55]  /sbin/sysctl                                    [ OK ]
[00:41:57]  /bin/bash                                      [ OK ]
[00:41:57]  /bin/cat                                        [ OK ]
[00:41:58]  /bin/chmod                                      [ OK ]
[00:41:58]  /bin/chown                                      [ OK ]
[00:41:58]  /bin/cp                                        [ OK ]
[00:41:58]  /bin/date                                      [ OK ]
[00:41:59]  /bin/df                                        [ OK ]
[00:41:59]  /bin/dmesg                                      [ OK ]
[00:41:59]  /bin/echo                                      [ OK ]
[00:41:59]  /bin/ed                                        [ OK ]
[00:42:00]  /bin/egrep                                      [ OK ]
[00:42:00] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[00:42:00]  /bin/fgrep                                      [ OK ]
[00:42:00] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[00:42:00]  /bin/fuser                                      [ OK ]
[00:42:00]  /bin/grep                                      [ OK ]
[00:42:01]  /bin/ip                                        [ OK ]
[00:42:01]  /bin/kill                                      [ OK ]
[00:42:01]  /bin/less                                      [ OK ]
[00:42:02]  /bin/login                                      [ OK ]
[00:42:02]  /bin/ls                                        [ OK ]
[00:42:02]  /bin/lsmod                                      [ OK ]
[00:42:02]  /bin/mktemp                                    [ OK ]
[00:42:03]  /bin/more                                      [ OK ]
[00:42:03]  /bin/mount                                      [ OK ]
[00:42:03]  /bin/mv                                        [ OK ]
[00:42:04]  /bin/netstat                                    [ OK ]
[00:42:04]  /bin/ping                                      [ OK ]
[00:42:04]  /bin/ps                                        [ OK ]
[00:42:04]  /bin/pwd                                        [ OK ]
[00:42:05]  /bin/readlink                                  [ OK ]
[00:42:05]  /bin/sed                                        [ OK ]
[00:42:05]  /bin/sh                                        [ OK ]
[00:42:06]  /bin/su                                        [ OK ]
[00:42:06]  /bin/touch                                      [ OK ]
[00:42:07]  /bin/uname                                      [ OK ]
[00:42:07]  /bin/which                                      [ OK ]
[00:42:07] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[00:42:07]  /bin/kmod                                      [ OK ]
[00:42:08]  /bin/systemd                                    [ OK ]
[00:42:08]  /bin/systemctl                                  [ OK ]
[00:42:08]  /bin/dash                                      [ OK ]
[00:42:13]  /lib/systemd/systemd                            [ OK ]
[00:42:23]
[00:42:23] Info: Starting test name 'rootkits'
[00:42:23] Checking for rootkits...
[00:42:23]
[00:42:23] Info: Starting test name 'known_rkts'
[00:42:23] Performing check of known rootkit files and directories
[00:42:23]
[00:42:23] Checking for 55808 Trojan - Variant A...
[00:42:23]  Checking for file '/tmp/.../r'                  [ Not found ]
[00:42:23]  Checking for file '/tmp/.../a'                  [ Not found ]
[00:42:23] 55808 Trojan - Variant A                          [ Not found ]
[00:42:24]
[00:42:24] Checking for ADM Worm...
[00:42:24]  Checking for string 'w0rm'                      [ Not found ]
[00:42:24] ADM Worm                                          [ Not found ]
[00:42:24]
[00:42:24] Checking for AjaKit Rootkit...
[00:42:24]  Checking for file '/dev/tux/.addr'              [ Not found ]
[00:42:24]  Checking for file '/dev/tux/.proc'              [ Not found ]
[00:42:24]  Checking for file '/dev/tux/.file'              [ Not found ]
[00:42:24]  Checking for file '/lib/.libgh-gh/cleaner'      [ Not found ]
[00:42:24]  Checking for file '/lib/.libgh-gh/Patch/patch'  [ Not found ]
[00:42:24]  Checking for file '/lib/.libgh-gh/sb0k'        [ Not found ]
[00:42:24]  Checking for directory '/dev/tux'              [ Not found ]
[00:42:24]  Checking for directory '/lib/.libgh-gh'        [ Not found ]
[00:42:24] AjaKit Rootkit                                    [ Not found ]
[00:42:25]
[00:42:25] Checking for Adore Rootkit...
[00:42:25]  Checking for file '/usr/secure'                [ Not found ]
[00:42:25]  Checking for file '/usr/doc/sys/qrt'            [ Not found ]
[00:42:25]  Checking for file '/usr/doc/sys/run'            [ Not found ]
[00:42:25]  Checking for file '/usr/doc/sys/crond'          [ Not found ]
[00:42:25]  Checking for file '/usr/sbin/kfd'              [ Not found ]
[00:42:25]  Checking for file '/usr/doc/kern/var'          [ Not found ]
[00:42:25]  Checking for file '/usr/doc/kern/string.o'      [ Not found ]
[00:42:25]  Checking for file '/usr/doc/kern/ava'          [ Not found ]
[00:42:25]  Checking for file '/usr/doc/kern/adore.o'      [ Not found ]
[00:42:25]  Checking for file '/var/log/ssh/old'            [ Not found ]
[00:42:25]  Checking for directory '/lib/security/.config/ssh' [ Not found ]
[00:42:25]  Checking for directory '/usr/doc/kern'          [ Not found ]
[00:42:25]  Checking for directory '/usr/doc/backup'        [ Not found ]
[00:42:25]  Checking for directory '/usr/doc/backup/txt'    [ Not found ]
[00:42:25]  Checking for directory '/lib/backup'            [ Not found ]
[00:42:26]  Checking for directory '/lib/backup/txt'        [ Not found ]
[00:42:26]  Checking for directory '/usr/doc/work'          [ Not found ]
[00:42:26]  Checking for directory '/usr/doc/sys'          [ Not found ]
[00:42:26]  Checking for directory '/var/log/ssh'          [ Not found ]
[00:42:26]  Checking for directory '/usr/doc/.spool'        [ Not found ]
[00:42:26]  Checking for directory '/usr/lib/kterm'        [ Not found ]
[00:42:26] Adore Rootkit                                    [ Not found ]
[00:42:26]
[00:42:26] Checking for aPa Kit...
[00:42:26]  Checking for file '/usr/share/.aPa'            [ Not found ]
[00:42:26] aPa Kit                                          [ Not found ]
[00:42:26]
[00:42:26] Checking for Apache Worm...
[00:42:26]  Checking for file '/bin/.log'                  [ Not found ]
[00:42:26] Apache Worm                                      [ Not found ]
[00:42:26]
[00:42:26] Checking for Ambient (ark) Rootkit...
[00:42:26]  Checking for file '/usr/lib/.ark?'              [ Not found ]
[00:42:27]  Checking for file '/dev/ptyxx/.log'            [ Not found ]
[00:42:27]  Checking for file '/dev/ptyxx/.file'            [ Not found ]
[00:42:27]  Checking for file '/dev/ptyxx/.proc'            [ Not found ]
[00:42:27]  Checking for file '/dev/ptyxx/.addr'            [ Not found ]
[00:42:27]  Checking for directory '/dev/ptyxx'            [ Not found ]
[00:42:27] Ambient (ark) Rootkit                            [ Not found ]
[00:42:27]
[00:42:27] Checking for Balaur Rootkit...
[00:42:27]  Checking for file '/usr/lib/liblog.o'          [ Not found ]
[00:42:27]  Checking for directory '/usr/lib/.kinetic'      [ Not found ]
[00:42:27]  Checking for directory '/usr/lib/.egcs'        [ Not found ]
[00:42:27]  Checking for directory '/usr/lib/.wormie'      [ Not found ]
[00:42:27] Balaur Rootkit                                    [ Not found ]
[00:42:27]
[00:42:27] Checking for BeastKit Rootkit...
[00:42:27]  Checking for file '/usr/sbin/arobia'            [ Not found ]
[00:42:27]  Checking for file '/usr/sbin/idrun'            [ Not found ]
[00:42:27]  Checking for file '/usr/lib/elm/arobia/elm'    [ Not found ]
[00:42:27]  Checking for file '/usr/lib/elm/arobia/elm/hk'  [ Not found ]
[00:42:28]  Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[00:42:28]  Checking for file '/usr/lib/elm/arobia/elm/sc'  [ Not found ]
[00:42:28]  Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[00:42:28]  Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[00:42:28]  Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[00:42:28]  Checking for directory '/lib/ldd.so/bktools'    [ Not found ]
[00:42:28] BeastKit Rootkit                                  [ Not found ]
[00:42:28]
[00:42:28] Checking for beX2 Rootkit...
[00:42:28]  Checking for file '/usr/info/termcap.info-5.gz' [ Not found ]
[00:42:28]  Checking for file '/usr/bin/sshd2'              [ Not found ]
[00:42:28]  Checking for directory '/usr/include/bex'      [ Not found ]
[00:42:28] beX2 Rootkit                                      [ Not found ]
[00:42:28]
[00:42:28] Checking for BOBKit Rootkit...
[00:42:28]  Checking for file '/usr/sbin/ntpsx'            [ Not found ]
[00:42:28]  Checking for file '/usr/sbin/.../bkit-ava'      [ Not found ]
[00:42:28]  Checking for file '/usr/sbin/.../bkit-d'        [ Not found ]
[00:42:28]  Checking for file '/usr/sbin/.../bkit-shd'      [ Not found ]
[00:42:28]  Checking for file '/usr/sbin/.../bkit-f'        [ Not found ]
[00:42:28]  Checking for file '/usr/include/.../proc.h'    [ Not found ]
[00:42:28]  Checking for file '/usr/include/.../.bash_history' [ Not found ]
[00:42:28]  Checking for file '/usr/include/.../bkit-get'  [ Not found ]
[00:42:28]  Checking for file '/usr/include/.../bkit-dl'    [ Not found ]
[00:42:28]  Checking for file '/usr/include/.../bkit-screen' [ Not found ]
[00:42:28]  Checking for file '/usr/include/.../bkit-sleep' [ Not found ]
[00:42:28]  Checking for file '/usr/lib/.../bkit-adore.o'  [ Not found ]
[00:42:28]  Checking for file '/usr/lib/.../ls'            [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../netstat'        [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../lsof'          [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../bkit-ssh/bkit-mots' [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../uconf.inv'      [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../psr'            [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../find'          [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../pstree'        [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../slocate'        [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../du'            [ Not found ]
[00:42:29]  Checking for file '/usr/lib/.../top'            [ Not found ]
[00:42:29]  Checking for directory '/usr/sbin/...'          [ Not found ]
[00:42:29]  Checking for directory '/usr/include/...'      [ Not found ]
[00:42:29]  Checking for directory '/usr/include/.../.tmp'  [ Not found ]
[00:42:29]  Checking for directory '/usr/lib/...'          [ Not found ]
[00:42:29]  Checking for directory '/usr/lib/.../.ssh'      [ Not found ]
[00:42:29]  Checking for directory '/usr/lib/.../bkit-ssh'  [ Not found ]
[00:42:29]  Checking for directory '/usr/lib/.bkit-'        [ Not found ]
[00:42:29]  Checking for directory '/tmp/.bkp'              [ Not found ]
[00:42:29] BOBKit Rootkit                                    [ Not found ]
[00:42:30]
[00:42:30] Checking for cb Rootkit...
[00:42:30]  Checking for file '/dev/srd0'                  [ Not found ]
[00:42:30]  Checking for file '/lib/libproc.so.2.0.6'      [ Not found ]
[00:42:30]  Checking for file '/dev/mounnt'                [ Not found ]
[00:42:30]  Checking for file '/etc/rc.d/init.d/init'      [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/cl'    [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/.x.tgz' [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/statdx' [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/wted'  [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/write' [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/scan'  [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/sc'    [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/sl2'  [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/wroot' [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/wscan' [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/wu'    [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/v'    [ Not found ]
[00:42:30]  Checking for file '/usr/bin/.zeen/..<SP>/read'  [ Not found ]
[00:42:30]  Checking for file '/usr/lib/sshrc'              [ Not found ]
[00:42:30]  Checking for file '/usr/lib/ssh_host_key'      [ Not found ]
[00:42:30]  Checking for file '/usr/lib/ssh_host_key.pub'  [ Not found ]
[00:42:30]  Checking for file '/usr/lib/ssh_random_seed'    [ Not found ]
[00:42:31]  Checking for file '/usr/lib/sshd_config'        [ Not found ]
[00:42:31]  Checking for file '/usr/lib/shosts.equiv'      [ Not found ]
[00:42:31]  Checking for file '/usr/lib/ssh_known_hosts'    [ Not found ]
[00:42:31]  Checking for file '/u/zappa/.ssh/pid'          [ Not found ]
[00:42:31]  Checking for file '/usr/bin/.system/..<SP>/tcp.log' [ Not found ]
[00:42:31]  Checking for file '/usr/bin/.zeen/..<SP>/curatare/attrib' [ Not found ]
[00:42:31]  Checking for file '/usr/bin/.zeen/..<SP>/curatare/chattr' [ Not found ]
[00:42:31]  Checking for file '/usr/bin/.zeen/..<SP>/curatare/ps' [ Not found ]
[00:42:31]  Checking for file '/usr/bin/.zeen/..<SP>/curatare/pstree' [ Not found ]
[00:42:31]  Checking for file '/usr/bin/.system/..<SP>/.x/xC.o' [ Not found ]
[00:42:31]  Checking for directory '/usr/bin/.zeen'        [ Not found ]
[00:42:31]  Checking for directory '/usr/bin/.zeen/..<SP>/curatare' [ Not found ]
[00:42:31]  Checking for directory '/usr/bin/.zeen/..<SP>/scan' [ Not found ]
[00:42:31]  Checking for directory '/usr/bin/.system/..<SP>' [ Not found ]
[00:42:31] cb Rootkit                                        [ Not found ]
[00:42:31]
[00:42:31] Checking for CiNIK Worm (Slapper.B variant)...
[00:42:31]  Checking for file '/tmp/.cinik'                [ Not found ]
[00:42:31]  Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[00:42:31] CiNIK Worm (Slapper.B variant)                    [ Not found ]
[00:42:31]
[00:42:31] Checking for Danny-Boy's Abuse Kit...
[00:42:31]  Checking for file '/dev/mdev'                  [ Not found ]
[00:42:32]  Checking for file '/usr/lib/libX.a'            [ Not found ]
[00:42:32] Danny-Boy's Abuse Kit                            [ Not found ]
[00:42:32]
[00:42:32] Checking for Devil RootKit...
[00:42:32]  Checking for file '/var/lib/games/.src'        [ Not found ]
[00:42:32]  Checking for file '/dev/dsx'                    [ Not found ]
[00:42:32]  Checking for file '/dev/caca'                  [ Not found ]
[00:42:32]  Checking for file '/dev/pro'                    [ Not found ]
[00:42:32]  Checking for file '/bin/bye'                    [ Not found ]
[00:42:32]  Checking for file '/bin/homedir'                [ Not found ]
[00:42:32]  Checking for file '/usr/bin/xfss'              [ Not found ]
[00:42:32]  Checking for file '/usr/sbin/tzava'            [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/holber' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/sense' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/clear' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/tzava' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/citeste' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/killrk' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/searchlog' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/gaoaza' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/cleaner' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/shk' [ Not found ]
[00:42:32]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/srs' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/utile.tgz' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/webpage' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/getpsy' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/getbnc' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/getemech' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/localroot.sh' [ Not found ]
[00:42:33]  Checking for file '/usr/doc/tar/.../.dracusor/stuff/old/sense' [ Not found ]
[00:42:33]  Checking for directory '/usr/doc/tar/.../.dracusor' [ Not found ]
[00:42:33] Devil RootKit                                    [ Not found ]
[00:42:33]
[00:42:33] Checking for Dica-Kit Rootkit...
[00:42:33]  Checking for file '/lib/.sso'                  [ Not found ]
[00:42:33]  Checking for file '/lib/.so'                    [ Not found ]
[00:42:33]  Checking for file '/var/run/...dica/clean'      [ Not found ]
[00:42:33]  Checking for file '/var/run/...dica/dxr'        [ Not found ]
[00:42:33]  Checking for file '/var/run/...dica/read'      [ Not found ]
[00:42:33]  Checking for file '/var/run/...dica/write'      [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/lf'        [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/xl'        [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/xdr'        [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/psg'        [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/secure'    [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/rdx'        [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/va'        [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/cl.sh'      [ Not found ]
[00:42:34]  Checking for file '/var/run/...dica/last.log'  [ Not found ]
[00:42:34]  Checking for file '/usr/bin/.etc'              [ Not found ]
[00:42:34]  Checking for file '/etc/sshd_config'            [ Not found ]
[00:42:34]  Checking for file '/etc/ssh_host_key'          [ Not found ]
[00:42:34]  Checking for file '/etc/ssh_random_seed'        [ Not found ]
[00:42:34]  Checking for directory '/var/run/...dica'      [ Not found ]
[00:42:34]  Checking for directory '/var/run/...dica/mh'    [ Not found ]
[00:42:34]  Checking for directory '/var/run/...dica/scan'  [ Not found ]
[00:42:34] Dica-Kit Rootkit                                  [ Not found ]
[00:42:34]
[00:42:34] Checking for Dreams Rootkit...
[00:42:34]  Checking for file '/dev/ttyoa'                  [ Not found ]
[00:42:34]  Checking for file '/dev/ttyof'                  [ Not found ]
[00:42:34]  Checking for file '/dev/ttyop'                  [ Not found ]
[00:42:35]  Checking for file '/usr/bin/sense'              [ Not found ]
[00:42:35]  Checking for file '/usr/bin/sl2'                [ Not found ]
[00:42:35]  Checking for file '/usr/bin/logclear'          [ Not found ]
[00:42:35]  Checking for file '/usr/bin/(swapd)'            [ Not found ]
[00:42:35]  Checking for file '/usr/bin/initrd'            [ Not found ]
[00:42:35]  Checking for file '/usr/bin/crontabs'          [ Not found ]
[00:42:35]  Checking for file '/usr/bin/snfs'              [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libsss'            [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libsnf.log'        [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libshtift/top'      [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libshtift/ps'      [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libshtift/netstat'  [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libshtift/ls'      [ Not found ]
[00:42:35]  Checking for file '/usr/lib/libshtift/ifconfig' [ Not found ]
[00:42:35]  Checking for file '/usr/include/linseed.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/linpid.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/linkey.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/linconf.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/iceseed.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/icepid.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/icekey.h'      [ Not found ]
[00:42:35]  Checking for file '/usr/include/iceconf.h'      [ Not found ]
[00:42:35]  Checking for directory '/dev/ida/.hpd'          [ Not found ]
[00:42:36]  Checking for directory '/usr/lib/libshtift'    [ Not found ]
[00:42:36] Dreams Rootkit                                    [ Not found ]
[00:42:36]
[00:42:36] Checking for Duarawkz Rootkit...
[00:42:36]  Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ]
[00:42:36]  Checking for directory '/usr/bin/duarawkz'      [ Not found ]
[00:42:36] Duarawkz Rootkit                                  [ Not found ]
[00:42:36]
[00:42:36] Checking for Enye LKM...
[00:42:36]  Checking for file '/etc/.enyelkmHIDE^IT.ko'    [ Not found ]
[00:42:36]  Checking for file '/etc/.enyelkmOCULTAR.ko'    [ Not found ]
[00:42:36] Enye LKM                                          [ Not found ]
[00:42:36]
[00:42:36] Checking for Flea Linux Rootkit...
[00:42:36]  Checking for file '/etc/ld.so.hash'            [ Not found ]
[00:42:36]  Checking for file '/lib/security/.config/ssh/sshd_config' [ Not found ]
[00:42:36]  Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[00:42:36]  Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[00:42:36]  Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[00:42:36]  Checking for file '/usr/bin/ssh2d'              [ Not found ]
[00:42:37]  Checking for file '/usr/lib/ldlibns.so'        [ Not found ]
[00:42:37]  Checking for file '/usr/lib/ldlibps.so'        [ Not found ]
[00:42:37]  Checking for file '/usr/lib/ldlibpst.so'        [ Not found ]
[00:42:37]  Checking for file '/usr/lib/ldlibdu.so'        [ Not found ]
[00:42:37]  Checking for file '/usr/lib/ldlibct.so'        [ Not found ]
[00:42:37]  Checking for directory '/lib/security/.config/ssh' [ Not found ]
[00:42:37]  Checking for directory '/dev/..0'              [ Not found ]
[00:42:37]  Checking for directory '/dev/..0/backup'        [ Not found ]
[00:42:37] Flea Linux Rootkit                                [ Not found ]
[00:42:37]
[00:42:37] Checking for Fu Rootkit...
[00:42:37]  Checking for file '/sbin/xc'                    [ Not found ]
[00:42:37]  Checking for file '/usr/include/ivtype.h'      [ Not found ]
[00:42:37]  Checking for file '/bin/.lib'                  [ Not found ]
[00:42:37] Fu Rootkit                                        [ Not found ]
[00:42:37]
[00:42:37] Checking for Fuck`it Rootkit...
[00:42:37]  Checking for file '/lib/libproc.so.2.0.7'      [ Not found ]
[00:42:37]  Checking for file '/dev/proc/.bash_profile'    [ Not found ]
[00:42:37]  Checking for file '/dev/proc/.bashrc'          [ Not found ]
[00:42:37]  Checking for file '/dev/proc/.cshrc'            [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/hax0r'      [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/hax0rshell' [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/config/lports' [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/config/rports' [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/config/rkconf' [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/config/password' [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/config/progs' [ Not found ]
[00:42:37]  Checking for file '/dev/proc/fuckit/system-bins/init' [ Not found ]
[00:42:37]  Checking for file '/usr/lib/libcps.a'          [ Not found ]
[00:42:38]  Checking for file '/usr/lib/libtty.a'          [ Not found ]
[00:42:38]  Checking for directory '/dev/proc'              [ Not found ]
[00:42:38]  Checking for directory '/dev/proc/fuckit'      [ Not found ]
[00:42:38]  Checking for directory '/dev/proc/fuckit/system-bins' [ Not found ]
[00:42:38]  Checking for directory '/dev/proc/toolz'        [ Not found ]
[00:42:38] Fuck`it Rootkit                                  [ Not found ]
[00:42:38]
[00:42:38] Checking for GasKit Rootkit...
[00:42:38]  Checking for file '/dev/dev/gaskit/sshd/sshdd'  [ Not found ]
[00:42:38]  Checking for directory '/dev/dev'              [ Not found ]
[00:42:38]  Checking for directory '/dev/dev/gaskit'        [ Not found ]
[00:42:38]  Checking for directory '/dev/dev/gaskit/sshd'  [ Not found ]
[00:42:38] GasKit Rootkit                                    [ Not found ]
[00:42:38]
[00:42:38] Checking for Heroin LKM...
[00:42:38]  Checking for kernel symbol 'heroin'            [ Not found ]
[00:42:38] Heroin LKM                                        [ Not found ]
[00:42:38]
[00:42:38] Checking for HjC Kit...
[00:42:38]  Checking for directory '/dev/.hijackerz'        [ Not found ]
[00:42:39] HjC Kit                                          [ Not found ]
[00:42:39]
[00:42:39] Checking for ignoKit Rootkit...
[00:42:39]  Checking for file '/lib/defs/p'                [ Not found ]
[00:42:39]  Checking for file '/lib/defs/q'                [ Not found ]
[00:42:39]  Checking for file '/lib/defs/r'                [ Not found ]
[00:42:39]  Checking for file '/lib/defs/s'                [ Not found ]
[00:42:39]  Checking for file '/lib/defs/t'                [ Not found ]
[00:42:39]  Checking for file '/usr/lib/defs/p'            [ Not found ]
[00:42:39]  Checking for file '/usr/lib/defs/q'            [ Not found ]
[00:42:39]  Checking for file '/usr/lib/defs/r'            [ Not found ]
[00:42:39]  Checking for file '/usr/lib/defs/s'            [ Not found ]
[00:42:39]  Checking for file '/usr/lib/defs/t'            [ Not found ]
[00:42:39]  Checking for file '/usr/lib/.libigno/pkunsec'  [ Not found ]
[00:42:39]  Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ]
[00:42:39]  Checking for directory '/usr/lib/.libigno'      [ Not found ]
[00:42:39]  Checking for directory '/usr/lib/.libigno/.igno' [ Not found ]
[00:42:39] ignoKit Rootkit                                  [ Not found ]
[00:42:39]
[00:42:39] Checking for IntoXonia-NG Rootkit...
[00:42:40]  Checking for kernel symbol 'funces'            [ Not found ]
[00:42:40]  Checking for kernel symbol 'ixinit'            [ Not found ]
[00:42:40]  Checking for kernel symbol 'tricks'            [ Not found ]
[00:42:40]  Checking for kernel symbol 'kernel_unlink'      [ Not found ]
[00:42:40]  Checking for kernel symbol 'rootme'            [ Not found ]
[00:42:40]  Checking for kernel symbol 'hide_module'        [ Not found ]
[00:42:40]  Checking for kernel symbol 'find_sys_call_tbl'  [ Not found ]
[00:42:40] IntoXonia-NG Rootkit                              [ Not found ]
[00:42:40]
[00:42:40] Checking for Irix Rootkit...
[00:42:40]  Checking for directory '/dev/pts/01'            [ Not found ]
[00:42:40]  Checking for directory '/dev/pts/01/backup'    [ Not found ]
[00:42:40]  Checking for directory '/dev/pts/01/etc'        [ Not found ]
[00:42:41]  Checking for directory '/dev/pts/01/tmp'        [ Not found ]
[00:42:41] Irix Rootkit                                      [ Not found ]
[00:42:41]
[00:42:41] Checking for Jynx Rootkit...
[00:42:41]  Checking for file '/xochikit/bc'                [ Not found ]
[00:42:41]  Checking for file '/xochikit/ld_poison.so'      [ Not found ]
[00:42:41]  Checking for file '/omgxochi/bc'                [ Not found ]
[00:42:41]  Checking for file '/omgxochi/ld_poison.so'      [ Not found ]
[00:42:41]  Checking for file '/var/local/^^/bc'            [ Not found ]
[00:42:41]  Checking for file '/var/local/^^/ld_poison.so'  [ Not found ]
[00:42:41]  Checking for directory '/xochikit'              [ Not found ]
[00:42:41]  Checking for directory '/omgxochi'              [ Not found ]
[00:42:41]  Checking for directory '/var/local/^^'          [ Not found ]
[00:42:41] Jynx Rootkit                                      [ Not found ]
[00:42:41]
[00:42:41] Checking for KBeast Rootkit...
[00:42:41]  Checking for file '/usr/_h4x_/ipsecs-kbeast-v1.ko' [ Not found ]
[00:42:41]  Checking for file '/usr/_h4x_/_h4x_bd'          [ Not found ]
[00:42:41]  Checking for file '/usr/_h4x_/acctlog'          [ Not found ]
[00:42:41]  Checking for directory '/usr/_h4x_'            [ Not found ]
[00:42:42]  Checking for kernel symbol 'h4x_delete_module'  [ Not found ]
[00:42:42]  Checking for kernel symbol 'h4x_getdents64'    [ Not found ]
[00:42:42]  Checking for kernel symbol 'h4x_kill'          [ Not found ]
[00:42:43]  Checking for kernel symbol 'h4x_open'          [ Not found ]
[00:42:43]  Checking for kernel symbol 'h4x_read'          [ Not found ]
[00:42:43]  Checking for kernel symbol 'h4x_rename'        [ Not found ]
[00:42:43]  Checking for kernel symbol 'h4x_rmdir'          [ Not found ]
[00:42:44]  Checking for kernel symbol 'h4x_tcp4_seq_show'  [ Not found ]
[00:42:44]  Checking for kernel symbol 'h4x_write'          [ Not found ]
[00:42:44] KBeast Rootkit                                    [ Not found ]
[00:42:44]
[00:42:44] Checking for Kitko Rootkit...
[00:42:45]  Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ]
[00:42:45] Kitko Rootkit                                    [ Not found ]
[00:42:45]
[00:42:45] Checking for Knark Rootkit...
[00:42:45]  Checking for file '/proc/knark/pids'            [ Not found ]
[00:42:45]  Checking for directory '/proc/knark'            [ Not found ]
[00:42:45] Knark Rootkit                                    [ Not found ]
[00:42:45]
[00:42:45] Checking for ld-linuxv.so Rootkit...
[00:42:45]  Checking for file '/lib/ld-linuxv.so.1'        [ Not found ]
[00:42:45]  Checking for directory '/var/opt/_so_cache'    [ Not found ]
[00:42:45]  Checking for directory '/var/opt/_so_cache/ld'  [ Not found ]
[00:42:45]  Checking for directory '/var/opt/_so_cache/lc'  [ Not found ]
[00:42:45] ld-linuxv.so Rootkit                              [ Not found ]
[00:42:45]
[00:42:45] Checking for Li0n Worm...
[00:42:45]  Checking for file '/bin/in.telnetd'            [ Not found ]
[00:42:45]  Checking for file '/bin/mjy'                    [ Not found ]
[00:42:45]  Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ]
[00:42:45]  Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ]
[00:42:45]  Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ]
[00:42:45]  Checking for file '/dev/.lib/lib/scan/1i0n.sh'  [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/hack.sh'  [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/bind'    [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/randb'    [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/scan.sh'  [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/pscan'    [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/star.sh'  [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/1i0n.sh'      [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/lib/netstat'  [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ]
[00:42:46]  Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ]
[00:42:46] Li0n Worm                                        [ Not found ]
[00:42:46]
[00:42:46] Checking for Lockit / LJK2 Rootkit...
[00:42:46]  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ]
[00:42:47]  Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parse' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ]
[00:42:48]  Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ]
[00:42:48]  Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ]
[00:42:48] Lockit / LJK2 Rootkit                            [ Not found ]
[00:42:48]
[00:42:48] Checking for Mood-NT Rootkit...
[00:42:48]  Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ]
[00:42:48]  Checking for file '/_cthulhu/mood-nt.init'      [ Not found ]
[00:42:48]  Checking for file '/_cthulhu/mood-nt.conf'      [ Not found ]
[00:42:48]  Checking for file '/_cthulhu/mood-nt.sniff'    [ Not found ]
[00:42:48]  Checking for directory '/_cthulhu'              [ Not found ]
[00:42:48] Mood-NT Rootkit                                  [ Not found ]
[00:42:48]
[00:42:48] Checking for MRK Rootkit...
[00:42:48]  Checking for file '/dev/ida/.inet/pid'          [ Not found ]
[00:42:49]  Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[00:42:49]  Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[00:42:49]  Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[00:42:49]  Checking for directory '/dev/ida/.inet'        [ Not found ]
[00:42:49]  Checking for directory '/var/spool/cron/.sh'    [ Not found ]
[00:42:49] MRK Rootkit                                      [ Not found ]
[00:42:49]
[00:42:49] Checking for Ni0 Rootkit...
[00:42:49]  Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ]
[00:42:49]  Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ]
[00:42:50]  Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ]
[00:42:50]  Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ]
[00:42:50]  Checking for directory '/tmp/waza'              [ Not found ]
[00:42:50]  Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[00:42:50]  Checking for directory '/usr/sbin/es'          [ Not found ]
[00:42:50] Ni0 Rootkit                                      [ Not found ]
[00:42:50]
[00:42:50] Checking for Ohhara Rootkit...
[00:42:50]  Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ]
[00:42:50]  Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[00:42:50]  Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ]
[00:42:50]  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ]
[00:42:50]  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ]
[00:42:50]  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ]
[00:42:51]  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ]
[00:42:51] Ohhara Rootkit                                    [ Not found ]
[00:42:51]
[00:42:51] Checking for Optic Kit (Tux) Worm...
[00:42:51]  Checking for directory '/dev/tux'              [ Not found ]
[00:42:51]  Checking for directory '/usr/bin/xchk'          [ Not found ]
[00:42:51]  Checking for directory '/usr/bin/xsf'          [ Not found ]
[00:42:52]  Checking for directory '/usr/bin/ssh2d'        [ Not found ]
[00:42:52] Optic Kit (Tux) Worm                              [ Not found ]
[00:42:52]
[00:42:52] Checking for Oz Rootkit...
[00:42:52]  Checking for file '/dev/.oz/.nap/rkit/terror'  [ Not found ]
[00:42:52]  Checking for directory '/dev/.oz'              [ Not found ]
[00:42:52] Oz Rootkit                                        [ Not found ]
[00:42:52]
[

dennissteins 17.03.2016 01:55
Code:
00:42:52] Checking for Phalanx Rootkit...
[00:42:52]  Checking for file '/uNFuNF'                    [ Not found ]
[00:42:52]  Checking for file '/etc/host.ph1'              [ Not found ]
[00:42:52]  Checking for file '/bin/host.ph1'              [ Not found ]
[00:42:53]  Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ]
[00:42:53]  Checking for file '/usr/share/.home.ph1/cb'    [ Not found ]
[00:42:53]  Checking for file '/usr/share/.home.ph1/kebab'  [ Not found ]
[00:42:53]  Checking for directory '/usr/share/.home.ph1'  [ Not found ]
[00:42:53]  Checking for directory '/usr/share/.home.ph1/tty' [ Not found ]
[00:42:53] Phalanx Rootkit                                  [ Not found ]
[00:42:53]
[00:42:53] Checking for Phalanx2 Rootkit...
[00:42:53]  Checking for file '/etc/khubd.p2/.p2rc'        [ Not found ]
[00:42:53]  Checking for file '/etc/khubd.p2/.phalanx2'    [ Not found ]
[00:42:53]  Checking for file '/etc/khubd.p2/.sniff'        [ Not found ]
[00:42:53]  Checking for file '/etc/khubd.p2/sshgrab.py'    [ Not found ]
[00:42:53]  Checking for file '/etc/lolzz.p2/.p2rc'        [ Not found ]
[00:42:53]  Checking for file '/etc/lolzz.p2/.phalanx2'    [ Not found ]
[00:42:53]  Checking for file '/etc/lolzz.p2/.sniff'        [ Not found ]
[00:42:54]  Checking for file '/etc/lolzz.p2/sshgrab.py'    [ Not found ]
[00:42:54]  Checking for file '/etc/cron.d/zupzzplaceholder' [ Not found ]
[00:42:54]  Checking for file '/usr/lib/zupzz.p2/.p-2.3d'  [ Not found ]
[00:42:54]  Checking for file '/usr/lib/zupzz.p2/.p2rc'    [ Not found ]
[00:42:54]  Checking for directory '/etc/khubd.p2'          [ Not found ]
[00:42:55]  Checking for directory '/etc/lolzz.p2'          [ Not found ]
[00:42:55]  Checking for directory '/usr/lib/zupzz.p2'      [ Not found ]
[00:42:55] Phalanx2 Rootkit                                  [ Not found ]
[00:42:55]
[00:42:55] Checking for Phalanx2 Rootkit (extended tests)...
[00:42:55]  Checking for directory '/etc/khubd.p2'          [ Not found ]
[00:42:55]  Checking for directory '/etc/lolzz.p2'          [ Not found ]
[00:42:55]  Checking for directory '/usr/lib/zupzz.p2'      [ Not found ]
[00:42:55] Phalanx2 Rootkit (extended tests)                [ Not found ]
[00:42:55]
[00:42:55] Checking for Portacelo Rootkit...
[00:42:55]  Checking for file '/var/lib/.../.ak'            [ Not found ]
[00:42:55]  Checking for file '/var/lib/.../.hk'            [ Not found ]
[00:42:56]  Checking for file '/var/lib/.../.rs'            [ Not found ]
[00:42:56]  Checking for file '/var/lib/.../.p'            [ Not found ]
[00:42:56]  Checking for file '/var/lib/.../getty'          [ Not found ]
[00:42:56]  Checking for file '/var/lib/.../lkt.o'          [ Not found ]
[00:42:57]  Checking for file '/var/lib/.../show'          [ Not found ]
[00:42:57]  Checking for file '/var/lib/.../nlkt.o'        [ Not found ]
[00:42:57]  Checking for file '/var/lib/.../ssshrc'        [ Not found ]
[00:42:57]  Checking for file '/var/lib/.../sssh_equiv'    [ Not found ]
[00:42:57]  Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ]
[00:42:57]  Checking for file '/var/lib/.../sssh_pid'      [ Not found ]
[00:42:57]  Checking for file '~/.sssh/known_hosts'        [ Not found ]
[00:42:58] Portacelo Rootkit                                [ Not found ]
[00:42:58]
[00:42:58] Checking for R3dstorm Toolkit...
[00:42:58]  Checking for file '/var/log/tk02/see_all'      [ Not found ]
[00:42:58]  Checking for file '/var/log/tk02/.scris'        [ Not found ]
[00:42:58]  Checking for file '/bin/.../sshd/sbin/sshd1'    [ Not found ]
[00:42:58]  Checking for file '/bin/.../hate/sk'            [ Not found ]
[00:42:59]  Checking for file '/bin/.../see_all'            [ Not found ]
[00:42:59]  Checking for directory '/var/log/tk02'          [ Not found ]
[00:42:59]  Checking for directory '/var/log/tk02/old'      [ Not found ]
[00:42:59]  Checking for directory '/bin/...'              [ Not found ]
[00:42:59] R3dstorm Toolkit                                  [ Not found ]
[00:42:59]
[00:42:59] Checking for RH-Sharpe's Rootkit...
[00:42:59]  Checking for file '/bin/lps'                    [ Not found ]
[00:42:59]  Checking for file '/usr/bin/lpstree'            [ Not found ]
[00:43:00]  Checking for file '/usr/bin/ltop'              [ Not found ]
[00:43:00]  Checking for file '/usr/bin/lkillall'          [ Not found ]
[00:43:00]  Checking for file '/usr/bin/ldu'                [ Not found ]
[00:43:00]  Checking for file '/usr/bin/lnetstat'          [ Not found ]
[00:43:00]  Checking for file '/usr/bin/wp'                [ Not found ]
[00:43:00]  Checking for file '/usr/bin/shad'              [ Not found ]
[00:43:00]  Checking for file '/usr/bin/vadim'              [ Not found ]
[00:43:00]  Checking for file '/usr/bin/slice'              [ Not found ]
[00:43:01]  Checking for file '/usr/bin/cleaner'            [ Not found ]
[00:43:01]  Checking for file '/usr/include/rpcsvc/du'      [ Not found ]
[00:43:01] RH-Sharpe's Rootkit                              [ Not found ]
[00:43:01]
[00:43:01] Checking for RSHA's Rootkit...
[00:43:01]  Checking for file '/bin/kr4p'                  [ Not found ]
[00:43:01]  Checking for file '/usr/bin/n3tstat'            [ Not found ]
[00:43:02]  Checking for file '/usr/bin/chsh2'              [ Not found ]
[00:43:02]  Checking for file '/usr/bin/slice2'            [ Not found ]
[00:43:02]  Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[00:43:02]  Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[00:43:02]  Checking for directory '/etc/rc.d/rsha'        [ Not found ]
[00:43:02]  Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[00:43:02] RSHA's Rootkit                                    [ Not found ]
[00:43:02]
[00:43:02] Checking for Scalper Worm...
[00:43:03]  Checking for file '/tmp/.a'                    [ Not found ]
[00:43:03]  Checking for file '/tmp/.uua'                  [ Not found ]
[00:43:03] Scalper Worm                                      [ Not found ]
[00:43:04]
[00:43:04] Checking for Sebek LKM...
[00:43:04]  Checking for kernel symbol 'adore or sebek'    [ Not found ]
[00:43:05] Sebek LKM                                        [ Not found ]
[00:43:05]
[00:43:05] Checking for Shutdown Rootkit...
[00:43:05]  Checking for file '/usr/man/man5/..<SP>/.dir/scannah/asus' [ Not found ]
[00:43:05]  Checking for file '/usr/man/man5/..<SP>/.dir/see' [ Not found ]
[00:43:05]  Checking for file '/usr/man/man5/..<SP>/.dir/nscd' [ Not found ]
[00:43:05]  Checking for file '/usr/man/man5/..<SP>/.dir/alpd' [ Not found ]
[00:43:06]  Checking for file '/etc/rc.d/rc.local<SP>'      [ Not found ]
[00:43:06]  Checking for directory '/usr/man/man5/..<SP>/.dir' [ Not found ]
[00:43:06]  Checking for directory '/usr/man/man5/..<SP>/.dir/scannah' [ Not found ]
[00:43:06]  Checking for directory '/etc/rc.d/rc0.d/..<SP>/.dir' [ Not found ]
[00:43:06] Shutdown Rootkit                                  [ Not found ]
[00:43:07]
[00:43:07] Checking for SHV4 Rootkit...
[00:43:07]  Checking for file '/etc/ld.so.hash'            [ Not found ]
[00:43:07]  Checking for file '/lib/libext-2.so.7'          [ Not found ]
[00:43:07]  Checking for file '/lib/lidps1.so'              [ Not found ]
[00:43:07]  Checking for file '/lib/libproc.a'              [ Not found ]
[00:43:07]  Checking for file '/lib/libproc.so.2.0.6'      [ Not found ]
[00:43:07]  Checking for file '/lib/ldd.so/tks'            [ Not found ]
[00:43:08]  Checking for file '/lib/ldd.so/tkp'            [ Not found ]
[00:43:08]  Checking for file '/lib/ldd.so/tksb'            [ Not found ]
[00:43:08]  Checking for file '/lib/security/.config/sshd'  [ Not found ]
[00:43:08]  Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[00:43:08]  Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[00:43:08]  Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[00:43:09]  Checking for file '/usr/include/file.h'        [ Not found ]
[00:43:09]  Checking for file '/usr/include/hosts.h'        [ Not found ]
[00:43:09]  Checking for file '/usr/include/lidps1.so'      [ Not found ]
[00:43:10]  Checking for file '/usr/include/log.h'          [ Not found ]
[00:43:10]  Checking for file '/usr/include/proc.h'        [ Not found ]
[00:43:10]  Checking for file '/usr/sbin/xntps'            [ Not found ]
[00:43:10]  Checking for file '/dev/srd0'                  [ Not found ]
[00:43:10]  Checking for directory '/lib/ldd.so'            [ Not found ]
[00:43:10]  Checking for directory '/lib/security/.config'  [ Not found ]
[00:43:10]  Checking for directory '/lib/security/.config/ssh' [ Not found ]
[00:43:11] SHV4 Rootkit                                      [ Not found ]
[00:43:11]
[00:43:11] Checking for SHV5 Rootkit...
[00:43:11]  Checking for file '/etc/sh.conf'                [ Not found ]
[00:43:12]  Checking for file '/lib/libproc.a'              [ Not found ]
[00:43:12]  Checking for file '/lib/libproc.so.2.0.6'      [ Not found ]
[00:43:12]  Checking for file '/lib/lidps1.so'              [ Not found ]
[00:43:12]  Checking for file '/lib/libsh.so/bash'          [ Not found ]
[00:43:12]  Checking for file '/usr/include/file.h'        [ Not found ]
[00:43:12]  Checking for file '/usr/include/hosts.h'        [ Not found ]
[00:43:13]  Checking for file '/usr/include/log.h'          [ Not found ]
[00:43:13]  Checking for file '/usr/include/proc.h'        [ Not found ]
[00:43:13]  Checking for file '/lib/libsh.so/shdcf2'        [ Not found ]
[00:43:13]  Checking for file '/lib/libsh.so/shhk'          [ Not found ]
[00:43:14]  Checking for file '/lib/libsh.so/shhk.pub'      [ Not found ]
[00:43:14]  Checking for file '/lib/libsh.so/shrs'          [ Not found ]
[00:43:14]  Checking for file '/usr/lib/libsh/.bashrc'      [ Not found ]
[00:43:14]  Checking for file '/usr/lib/libsh/shsb'        [ Not found ]
[00:43:14]  Checking for file '/usr/lib/libsh/hide'        [ Not found ]
[00:43:14]  Checking for file '/usr/lib/libsh/.sniff/shsniff' [ Not found ]
[00:43:15]  Checking for file '/usr/lib/libsh/.sniff/shp'  [ Not found ]
[00:43:15]  Checking for file '/dev/srd0'                  [ Not found ]
[00:43:15]  Checking for directory '/lib/libsh.so'          [ Not found ]
[00:43:15]  Checking for directory '/usr/lib/libsh'        [ Not found ]
[00:43:15]  Checking for directory '/usr/lib/libsh/utilz'  [ Not found ]
[00:43:15]  Checking for directory '/usr/lib/libsh/.backup' [ Not found ]
[00:43:16] SHV5 Rootkit                                      [ Not found ]
[00:43:16]
[00:43:16] Checking for Sin Rootkit...
[00:43:16]  Checking for file '/dev/.haos/haos1/.f/Denyed'  [ Not found ]
[00:43:16]  Checking for file '/dev/ttyoa'                  [ Not found ]
[00:43:16]  Checking for file '/dev/ttyof'                  [ Not found ]
[00:43:16]  Checking for file '/dev/ttyop'                  [ Not found ]
[00:43:16]  Checking for file '/dev/ttyos'                  [ Not found ]
[00:43:17]  Checking for file '/usr/lib/.lib'              [ Not found ]
[00:43:17]  Checking for file '/usr/lib/sn/.X'              [ Not found ]
[00:43:17]  Checking for file '/usr/lib/sn/.sys'            [ Not found ]
[00:43:17]  Checking for file '/usr/lib/ld/.X'              [ Not found ]
[00:43:17]  Checking for file '/usr/man/man1/...'          [ Not found ]
[00:43:17]  Checking for file '/usr/man/man1/.../.m'        [ Not found ]
[00:43:18]  Checking for file '/usr/man/man1/.../.w'        [ Not found ]
[00:43:18]  Checking for directory '/usr/lib/sn'            [ Not found ]
[00:43:18]  Checking for directory '/usr/lib/man1/...'      [ Not found ]
[00:43:18]  Checking for directory '/dev/.haos'            [ Not found ]
[00:43:18] Sin Rootkit                                      [ Not found ]
[00:43:18]
[00:43:18] Checking for Slapper Worm...
[00:43:19]  Checking for file '/tmp/.bugtraq'              [ Not found ]
[00:43:19]  Checking for file '/tmp/.uubugtraq'            [ Not found ]
[00:43:19]  Checking for file '/tmp/.bugtraq.c'            [ Not found ]
[00:43:19]  Checking for file '/tmp/httpd'                  [ Not found ]
[00:43:19]  Checking for file '/tmp/.unlock'                [ Not found ]
[00:43:20]  Checking for file '/tmp/update'                [ Not found ]
[00:43:20]  Checking for file '/tmp/.cinik'                [ Not found ]
[00:43:20]  Checking for file '/tmp/.b'                    [ Not found ]
[00:43:20] Slapper Worm                                      [ Not found ]
[00:43:20]
[00:43:20] Checking for Sneakin Rootkit...
[00:43:20]  Checking for directory '/tmp/.X11-unix/.../rk'  [ Not found ]
[00:43:21] Sneakin Rootkit                                  [ Not found ]
[00:43:21]
[00:43:21] Checking for 'Spanish' Rootkit...
[00:43:21]  Checking for file '/dev/ptyq'                  [ Not found ]
[00:43:21]  Checking for file '/bin/ad'                    [ Not found ]
[00:43:21]  Checking for file '/bin/ava'                    [ Not found ]
[00:43:21]  Checking for file '/bin/server'                [ Not found ]
[00:43:21]  Checking for file '/usr/sbin/rescue'            [ Not found ]
[00:43:21]  Checking for file '/usr/share/.../chrps'        [ Not found ]
[00:43:22]  Checking for file '/usr/share/.../chrifconfig'  [ Not found ]
[00:43:22]  Checking for file '/usr/share/.../netstat'      [ Not found ]
[00:43:22]  Checking for file '/usr/share/.../linsniffer'  [ Not found ]
[00:43:22]  Checking for file '/usr/share/.../charbd'      [ Not found ]
[00:43:22]  Checking for file '/usr/share/.../charbd2'      [ Not found ]
[00:43:23]  Checking for file '/usr/share/.../charbd3'      [ Not found ]
[00:43:23]  Checking for file '/usr/share/.../charbd4'      [ Not found ]
[00:43:23]  Checking for file '/usr/man/tmp/update.tgz'    [ Not found ]
[00:43:23]  Checking for file '/var/lib/rpm/db.rpm'        [ Not found ]
[00:43:23]  Checking for file '/var/cache/man/.cat'        [ Not found ]
[00:43:23]  Checking for file '/var/spool/lpd/remote/.lpq'  [ Not found ]
[00:43:23]  Checking for directory '/usr/share/...'        [ Not found ]
[00:43:23] 'Spanish' Rootkit                                [ Not found ]
[00:43:24]
[00:43:24] Checking for Suckit Rootkit...
[00:43:24]  Checking for file '/sbin/initsk12'              [ Not found ]
[00:43:24]  Checking for file '/sbin/initxrk'              [ Not found ]
[00:43:24]  Checking for file '/usr/bin/null'              [ Not found ]
[00:43:24]  Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[00:43:25]  Checking for file '/etc/rc.d/rc0.d/S23kmdac'    [ Not found ]
[00:43:25]  Checking for file '/etc/rc.d/rc1.d/S23kmdac'    [ Not found ]
[00:43:25]  Checking for file '/etc/rc.d/rc2.d/S23kmdac'    [ Not found ]
[00:43:25]  Checking for file '/etc/rc.d/rc3.d/S23kmdac'    [ Not found ]
[00:43:25]  Checking for file '/etc/rc.d/rc4.d/S23kmdac'    [ Not found ]
[00:43:25]  Checking for file '/etc/rc.d/rc5.d/S23kmdac'    [ Not found ]
[00:43:26]  Checking for file '/etc/rc.d/rc6.d/S23kmdac'    [ Not found ]
[00:43:26]  Checking for directory '/dev/sdhu0/tehdrakg'    [ Not found ]
[00:43:26]  Checking for directory '/etc/.MG'              [ Not found ]
[00:43:26]  Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[00:43:26]  Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[00:43:26] Suckit Rootkit                                    [ Not found ]
[00:43:26]
[00:43:26] Checking for Superkit Rootkit...
[00:43:26]  Checking for file '/usr/man/.sman/sk/backsh'    [ Not found ]
[00:43:27]  Checking for file '/usr/man/.sman/sk/izbtrag'  [ Not found ]
[00:43:27]  Checking for file '/usr/man/.sman/sk/sksniff'  [ Not found ]
[00:43:27]  Checking for file '/var/www/cgi-bin/cgiback.cgi' [ Not found ]
[00:43:27]  Checking for directory '/usr/man/.sman/sk'      [ Not found ]
[00:43:27] Superkit Rootkit                                  [ Not found ]
[00:43:28]
[00:43:28] Checking for TBD (Telnet BackDoor)...
[00:43:28]  Checking for file '/usr/lib/.tbd'              [ Not found ]
[00:43:28] TBD (Telnet BackDoor)                            [ Not found ]
[00:43:28]
[00:43:28] Checking for TeLeKiT Rootkit...
[00:43:29]  Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[00:43:29]  Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[00:43:29]  Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[00:43:29]  Checking for file '/usr/man/man3/.../cl'        [ Not found ]
[00:43:29]  Checking for file '/dev/ptyr'                  [ Not found ]
[00:43:30]  Checking for file '/dev/ptyp'                  [ Not found ]
[00:43:30]  Checking for file '/dev/ptyq'                  [ Not found ]
[00:43:30]  Checking for file '/dev/hda06'                  [ Not found ]
[00:43:30]  Checking for file '/usr/info/libc1.so'          [ Not found ]
[00:43:31]  Checking for directory '/usr/man/man3/...'      [ Not found ]
[00:43:31]  Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[00:43:31]  Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[00:43:31] TeLeKiT Rootkit                                  [ Not found ]
[00:43:32]
[00:43:32] Checking for T0rn Rootkit...
[00:43:32]  Checking for file '/dev/.lib/lib/lib/t0rns'    [ Not found ]
[00:43:32]  Checking for file '/dev/.lib/lib/lib/du'        [ Not found ]
[00:43:32]  Checking for file '/dev/.lib/lib/lib/ls'        [ Not found ]
[00:43:32]  Checking for file '/dev/.lib/lib/lib/t0rnsb'    [ Not found ]
[00:43:32]  Checking for file '/dev/.lib/lib/lib/ps'        [ Not found ]
[00:43:32]  Checking for file '/dev/.lib/lib/lib/t0rnp'    [ Not found ]
[00:43:32]  Checking for file '/dev/.lib/lib/lib/find'      [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/ifconfig'  [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/pg'        [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/ssh.tgz'  [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/top'      [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/sz'        [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/login'    [ Not found ]
[00:43:33]  Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[00:43:34]  Checking for file '/dev/.lib/lib/lib/1i0n.sh'  [ Not found ]
[00:43:34]  Checking for file '/dev/.lib/lib/lib/pstree'    [ Not found ]
[00:43:34]  Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[00:43:34]  Checking for file '/dev/.lib/lib/lib/mjy'      [ Not found ]
[00:43:34]  Checking for file '/dev/.lib/lib/lib/sush'      [ Not found ]
[00:43:35]  Checking for file '/dev/.lib/lib/lib/tfn'      [ Not found ]
[00:43:35]  Checking for file '/dev/.lib/lib/lib/name'      [ Not found ]
[00:43:35]  Checking for file '/dev/.lib/lib/lib/getip.sh'  [ Not found ]
[00:43:36]  Checking for file '/usr/info/.torn/sh*'        [ Not found ]
[00:43:36]  Checking for file '/usr/src/.puta/.1addr'      [ Not found ]
[00:43:36]  Checking for file '/usr/src/.puta/.1file'      [ Not found ]
[00:43:36]  Checking for file '/usr/src/.puta/.1proc'      [ Not found ]
[00:43:36]  Checking for file '/usr/src/.puta/.1logz'      [ Not found ]
[00:43:36]  Checking for file '/usr/info/.t0rn'            [ Not found ]
[00:43:37]  Checking for directory '/dev/.lib'              [ Not found ]
[00:43:37]  Checking for directory '/dev/.lib/lib'          [ Not found ]
[00:43:37]  Checking for directory '/dev/.lib/lib/lib'      [ Not found ]
[00:43:37]  Checking for directory '/dev/.lib/lib/lib/dev'  [ Not found ]
[00:43:38]  Checking for directory '/dev/.lib/lib/scan'    [ Not found ]
[00:43:38]  Checking for directory '/usr/src/.puta'        [ Not found ]
[00:43:38]  Checking for directory '/usr/man/man1/man1'    [ Not found ]
[00:43:38]  Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[00:43:38]  Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[00:43:38]  Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[00:43:38] T0rn Rootkit                                      [ Not found ]
[00:43:39]
[00:43:39] Checking for trNkit Rootkit...
[00:43:39]  Checking for file '/usr/lib/libbins.la'        [ Not found ]
[00:43:39]  Checking for file '/usr/lib/libtcs.so'          [ Not found ]
[00:43:39]  Checking for file '/dev/.ttpy/ulogin.sh'        [ Not found ]
[00:43:39]  Checking for file '/dev/.ttpy/tcpshell.sh'      [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/bupdu'            [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/buloc'            [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/buloc1'          [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/buloc2'          [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/stat'            [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/backps'          [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/tree'            [ Not found ]
[00:43:40]  Checking for file '/dev/.ttpy/topk'            [ Not found ]
[00:43:41]  Checking for file '/dev/.ttpy/wold'            [ Not found ]
[00:43:41]  Checking for file '/dev/.ttpy/whoold'          [ Not found ]
[00:43:41]  Checking for file '/dev/.ttpy/backdoors'        [ Not found ]
[00:43:41] trNkit Rootkit                                    [ Not found ]
[00:43:41]
[00:43:41] Checking for Trojanit Kit...
[00:43:41]  Checking for file '/bin/.ls'                    [ Not found ]
[00:43:41]  Checking for file '/bin/.ps'                    [ Not found ]
[00:43:42]  Checking for file '/bin/.netstat'              [ Not found ]
[00:43:42]  Checking for file '/usr/bin/.nop'              [ Not found ]
[00:43:42]  Checking for file '/usr/bin/.who'              [ Not found ]
[00:43:42] Trojanit Kit                                      [ Not found ]
[00:43:42]
[00:43:42] Checking for Tuxtendo Rootkit...
[00:43:42]  Checking for file '/lib/libproc.so.2.0.7'      [ Not found ]
[00:43:42]  Checking for file '/usr/bin/xchk'              [ Not found ]
[00:43:42]  Checking for file '/usr/bin/xsf'                [ Not found ]
[00:43:42]  Checking for file '/dev/tux/suidsh'            [ Not found ]
[00:43:42]  Checking for file '/dev/tux/.addr'              [ Not found ]
[00:43:42]  Checking for file '/dev/tux/.cron'              [ Not found ]
[00:43:43]  Checking for file '/dev/tux/.file'              [ Not found ]
[00:43:43]  Checking for file '/dev/tux/.log'              [ Not found ]
[00:43:43]  Checking for file '/dev/tux/.proc'              [ Not found ]
[00:43:43]  Checking for file '/dev/tux/.iface'            [ Not found ]
[00:43:43]  Checking for file '/dev/tux/.pw'                [ Not found ]
[00:43:44]  Checking for file '/dev/tux/.df'                [ Not found ]
[00:43:44]  Checking for file '/dev/tux/.ssh'              [ Not found ]
[00:43:44]  Checking for file '/dev/tux/.tux'              [ Not found ]
[00:43:44]  Checking for file '/dev/tux/ssh2/sshd2_config'  [ Not found ]
[00:43:45]  Checking for file '/dev/tux/ssh2/hostkey'      [ Not found ]
[00:43:45]  Checking for file '/dev/tux/ssh2/hostkey.pub'  [ Not found ]
[00:43:45]  Checking for file '/dev/tux/ssh2/logo'          [ Not found ]
[00:43:46]  Checking for file '/dev/tux/ssh2/random_seed'  [ Not found ]
[00:43:46]  Checking for file '/dev/tux/backup/crontab'    [ Not found ]
[00:43:46]  Checking for file '/dev/tux/backup/df'          [ Not found ]
[00:43:47]  Checking for file '/dev/tux/backup/dir'        [ Not found ]
[00:43:47]  Checking for file '/dev/tux/backup/find'        [ Not found ]
[00:43:47]  Checking for file '/dev/tux/backup/ifconfig'    [ Not found ]
[00:43:48]  Checking for file '/dev/tux/backup/locate'      [ Not found ]
[00:43:48]  Checking for file '/dev/tux/backup/netstat'    [ Not found ]
[00:43:48]  Checking for file '/dev/tux/backup/ps'          [ Not found ]
[00:43:48]  Checking for file '/dev/tux/backup/pstree'      [ Not found ]
[00:43:48]  Checking for file '/dev/tux/backup/syslogd'    [ Not found ]
[00:43:48]  Checking for file '/dev/tux/backup/tcpd'        [ Not found ]
[00:43:49]  Checking for file '/dev/tux/backup/top'        [ Not found ]
[00:43:49]  Checking for file '/dev/tux/backup/updatedb'    [ Not found ]
[00:43:49]  Checking for file '/dev/tux/backup/vdir'        [ Not found ]
[00:43:49]  Checking for directory '/dev/tux'              [ Not found ]
[00:43:49]  Checking for directory '/dev/tux/ssh2'          [ Not found ]
[00:43:50]  Checking for directory '/dev/tux/backup'        [ Not found ]
[00:43:50] Tuxtendo Rootkit                                  [ Not found ]
[00:43:50]
[00:43:50] Checking for URK Rootkit...
[00:43:50]  Checking for file '/dev/prom/sn.l'              [ Not found ]
[00:43:50]  Checking for file '/usr/lib/ldlibps.so'        [ Not found ]
[00:43:51]  Checking for file '/usr/lib/ldlibnet.so'        [ Not found ]
[00:43:51]  Checking for file '/dev/pts/01/uconf.inv'      [ Not found ]
[00:43:51]  Checking for file '/dev/pts/01/cleaner'        [ Not found ]
[00:43:51]  Checking for file '/dev/pts/01/bin/psniff'      [ Not found ]
[00:43:51]  Checking for file '/dev/pts/01/bin/du'          [ Not found ]
[00:43:51]  Checking for file '/dev/pts/01/bin/ls'          [ Not found ]
[00:43:52]  Checking for file '/dev/pts/01/bin/passwd'      [ Not found ]
[00:43:52]  Checking for file '/dev/pts/01/bin/ps'          [ Not found ]
[00:43:52]  Checking for file '/dev/pts/01/bin/psr'        [ Not found ]
[00:43:52]  Checking for file '/dev/pts/01/bin/su'          [ Not found ]
[00:43:53]  Checking for file '/dev/pts/01/bin/find'        [ Not found ]
[00:43:53]  Checking for file '/dev/pts/01/bin/netstat'    [ Not found ]
[00:43:53]  Checking for file '/dev/pts/01/bin/ping'        [ Not found ]
[00:43:53]  Checking for file '/dev/pts/01/bin/strings'    [ Not found ]
[00:43:53]  Checking for file '/dev/pts/01/bin/bash'        [ Not found ]
[00:43:54]  Checking for file '/usr/man/man1/xxxxxxbin/du'  [ Not found ]
[00:43:54]  Checking for file '/usr/man/man1/xxxxxxbin/ls'  [ Not found ]
[00:43:54]  Checking for file '/usr/man/man1/xxxxxxbin/passwd' [ Not found ]
[00:43:54]  Checking for file '/usr/man/man1/xxxxxxbin/ps'  [ Not found ]
[00:43:54]  Checking for file '/usr/man/man1/xxxxxxbin/psr' [ Not found ]
[00:43:55]  Checking for file '/usr/man/man1/xxxxxxbin/su'  [ Not found ]
[00:43:55]  Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[00:43:55]  Checking for file '/usr/man/man1/xxxxxxbin/netstat' [ Not found ]
[00:43:55]  Checking for file '/usr/man/man1/xxxxxxbin/ping' [ Not found ]
[00:43:56]  Checking for file '/usr/man/man1/xxxxxxbin/strings' [ Not found ]
[00:43:56]  Checking for file '/usr/man/man1/xxxxxxbin/bash' [ Not found ]
[00:43:56]  Checking for file '/tmp/conf.inv'              [ Not found ]
[00:43:56]  Checking for directory '/dev/prom'              [ Not found ]
[00:43:56]  Checking for directory '/dev/pts/01'            [ Not found ]
[00:43:56]  Checking for directory '/dev/pts/01/bin'        [ Not found ]
[00:43:57]  Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[00:43:57] URK Rootkit                                      [ Not found ]
[00:43:57]
[00:43:57] Checking for Vampire Rootkit...
[00:43:58]  Checking for kernel symbol 'new_getdents'      [ Not found ]
[00:43:58]  Checking for kernel symbol 'old_getdents'      [ Not found ]
[00:43:58]  Checking for kernel symbol 'should_hide_file_name' [ Not found ]
[00:43:58]  Checking for kernel symbol 'should_hide_task_name' [ Not found ]
[00:43:59] Vampire Rootkit                                  [ Not found ]
[00:43:59]
[00:43:59] Checking for VcKit Rootkit...
[00:43:59]  Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[00:43:59]  Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[00:43:59] VcKit Rootkit                                    [ Not found ]
[00:43:59]
[00:43:59] Checking for Volc Rootkit...
[00:43:59]  Checking for file '/usr/bin/volc'              [ Not found ]
[00:44:00]  Checking for file '/usr/lib/volc/backdoor/divine' [ Not found ]
[00:44:00]  Checking for file '/usr/lib/volc/linsniff'      [ Not found ]
[00:44:00]  Checking for file '/etc/rc.d/rc1.d/S25sysconf'  [ Not found ]
[00:44:00]  Checking for file '/etc/rc.d/rc2.d/S25sysconf'  [ Not found ]
[00:44:00]  Checking for file '/etc/rc.d/rc3.d/S25sysconf'  [ Not found ]
[00:44:00]  Checking for file '/etc/rc.d/rc4.d/S25sysconf'  [ Not found ]
[00:44:00]  Checking for file '/etc/rc.d/rc5.d/S25sysconf'  [ Not found ]
[00:44:00]  Checking for directory '/var/spool/.recent'    [ Not found ]
[00:44:01]  Checking for directory '/var/spool/.recent/.files' [ Not found ]
[00:44:01]  Checking for directory '/usr/lib/volc'          [ Not found ]
[00:44:01]  Checking for directory '/usr/lib/volc/backup'  [ Not found ]
[00:44:01] Volc Rootkit                                      [ Not found ]
[00:44:01]
[00:44:01] Checking for Xzibit Rootkit...
[00:44:01]  Checking for file '/dev/dsx'                    [ Not found ]
[00:44:02]  Checking for file '/dev/caca'                  [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/linsniffer'  [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/logclear'    [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/sense'        [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/sl2'          [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/sshdu'        [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/s'            [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[00:44:02]  Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[00:44:03]  Checking for file '/dev/ida/.inet/sl2new.c'    [ Not found ]
[00:44:03]  Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[00:44:03]  Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not found ]
[00:44:03]  Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [ Not found ]
[00:44:03]  Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [ Not found ]
[00:44:03]  Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not found ]
[00:44:03]  Checking for file '/www/cgi-bin/becys.cgi'      [ Not found ]
[00:44:04]  Checking for directory '/dev/ida/.inet'        [ Not found ]
[00:44:04] Xzibit Rootkit                                    [ Not found ]
[00:44:04]
[00:44:04] Checking for zaRwT.KiT Rootkit...
[00:44:04]  Checking for file '/dev/rd/s/sendmeil'          [ Not found ]
[00:44:04]  Checking for file '/dev/ttyf'                  [ Not found ]
[00:44:04]  Checking for file '/dev/ttyp'                  [ Not found ]
[00:44:05]  Checking for file '/dev/ttyn'                  [ Not found ]
[00:44:05]  Checking for file '/rk/tulz'                    [ Not found ]
[00:44:05]  Checking for directory '/rk'                    [ Not found ]
[00:44:05]  Checking for directory '/dev/rd/s'              [ Not found ]
[00:44:05] zaRwT.KiT Rootkit                                [ Not found ]
[00:44:05]
[00:44:05] Checking for ZK Rootkit...
[00:44:05]  Checking for file '/usr/share/.zk/zk'          [ Not found ]
[00:44:06]  Checking for file '/usr/X11R6/.zk/xfs'          [ Not found ]
[00:44:06]  Checking for file '/usr/X11R6/.zk/echo'        [ Not found ]
[00:44:06]  Checking for file '/etc/1ssue.net'              [ Not found ]
[00:44:06]  Checking for file '/etc/sysconfig/console/load.zk' [ Not found ]
[00:44:07]  Checking for directory '/usr/share/.zk'        [ Not found ]
[00:44:07]  Checking for directory '/usr/X11R6/.zk'        [ Not found ]
[00:44:07] ZK Rootkit                                        [ Not found ]
[00:44:21]
[00:44:21] Info: Starting test name 'additional_rkts'
[00:44:21] Performing additional rootkit checks
[00:44:21]
[00:44:21]  Performing Suckit Rookit additional checks
[00:44:21]    Checking hard link count on '/sbin/init'      [ OK ]
[00:44:21]    Checking for hidden file extensions          [ None found ]
[00:44:21]    Running skdet command                        [ Skipped ]
[00:44:22] Info: Unable to find the 'skdet' command
[00:44:22]  Suckit Rookit additional checks                [ OK ]
[00:44:22]
[00:44:22] Info: Starting test name 'possible_rkt_files'
[00:44:22]  Performing check of possible rootkit files and directories
[00:44:22]    Checking for file '/dev/sdr0'                [ Not found ]
[00:44:23]    Checking for file '/dev/pisu'                [ Not found ]
[00:44:23]    Checking for file '/dev/xdta'                [ Not found ]
[00:44:23]    Checking for file '/dev/saux'                [ Not found ]
[00:44:23]    Checking for file '/dev/hdx'                  [ Not found ]
[00:44:24]    Checking for file '/dev/hdx1'                [ Not found ]
[00:44:24]    Checking for file '/dev/hdx2'                [ Not found ]
[00:44:24]    Checking for file '/dev/ptyy'                [ Not found ]
[00:44:24]    Checking for file '/dev/ptyu'                [ Not found ]
[00:44:24]    Checking for file '/dev/ptyv'                [ Not found ]
[00:44:25]    Checking for file '/dev/hdbb'                [ Not found ]
[00:44:25]    Checking for file '/tmp/.syshackfile'        [ Not found ]
[00:44:25]    Checking for file '/tmp/.bash_history'        [ Not found ]
[00:44:25]    Checking for file '/usr/info/.clib'          [ Not found ]
[00:44:26]    Checking for file '/usr/sbin/tcp.log'        [ Not found ]
[00:44:26]    Checking for file '/usr/bin/take/pid'        [ Not found ]
[00:44:26]    Checking for file '/sbin/create'              [ Not found ]
[00:44:26]    Checking for file '/dev/ttypz'                [ Not found ]
[00:44:26]    Checking for file '/var/log/tcp.log'          [ Not found ]
[00:44:26]    Checking for file '/usr/include/audit.h'      [ Not found ]
[00:44:26]    Checking for file '/usr/bin/sourcemask'      [ Not found ]
[00:44:26]    Checking for file '/usr/bin/ras2xm'          [ Not found ]
[00:44:26]    Checking for file '/dev/xmx'                  [ Not found ]
[00:44:27]    Checking for file '/usr/sbin/gpm.root'        [ Not found ]
[00:44:27]    Checking for file '/bin/vobiscum'            [ Not found ]
[00:44:27]    Checking for file '/bin/psr'                  [ Not found ]
[00:44:27]    Checking for file '/dev/kdx'                  [ Not found ]
[00:44:28]    Checking for file '/dev/dkx'                  [ Not found ]
[00:44:28]    Checking for file '/usr/sbin/sshd3'          [ Not found ]
[00:44:28]    Checking for file '/usr/sbin/jcd'            [ Not found ]
[00:44:28]    Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[00:44:28]    Checking for file '/usr/sbin/atd2'            [ Not found ]
[00:44:28]    Checking for file '/home/httpd/cgi-bin/linux.cgi' [ Not found ]
[00:44:28]    Checking for file '/home/httpd/cgi-bin/psid'  [ Not found ]
[00:44:29]    Checking for file '/home/httpd/cgi-bin/void.cgi' [ Not found ]
[00:44:29]    Checking for file '/etc/rc.d/init.d/system'  [ Not found ]
[00:44:29]    Checking for file '/etc/rc.d/rc3.d/S93users'  [ Not found ]
[00:44:29]    Checking for file '/tmp/.ush'                [ Not found ]
[00:44:30]    Checking for file '/usr/lib/libhidefile.so'  [ Not found ]
[00:44:30]    Checking for file '/etc/cron.d/kmod'          [ Not found ]
[00:44:30]    Checking for file '/usr/lib/dmis/dmisd'      [ Not found ]
[00:44:30]    Checking for file '/lib/secure/libhij.so'    [ Not found ]
[00:44:30]    Checking for file '/usr/sbin/sshd3'          [ Not found ]
[00:44:30]    Checking for file '/etc/rc.d/init.d/crontab'  [ Not found ]
[00:44:30]    Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[00:44:31]    Checking for file '/usr/sbin/atd2'            [ Not found ]
[00:44:31]    Checking for file '/etc/rc.d/rc5.d/S93users'  [ Not found ]
[00:44:31]    Checking for file '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:44:31]    Checking for file '/etc/init.d/xfs3'          [ Not found ]
[00:44:32]    Checking for file '/usr/sbin/t.txt'          [ Not found ]
[00:44:32]    Checking for file '/usr/sbin/change'          [ Not found ]
[00:44:32]    Checking for file '/usr/sbin/s'              [ Not found ]
[00:44:32]    Checking for file '/bin/f'                    [ Not found ]
[00:44:33]    Checking for file '/bin/i'                    [ Not found ]
[00:44:33]    Checking for file '/lib/libncom.so.4.0.1'    [ Not found ]
[00:44:33]    Checking for file '/sbin/zinit'              [ Not found ]
[00:44:33]    Checking for file '/tmp/pass_ssh.log'        [ Not found ]
[00:44:34]    Checking for file '/usr/include/gpm2.h'      [ Not found ]
[00:44:34]    Checking for file '/etc/ssh/.sshd_auth'      [ Not found ]
[00:44:34]    Checking for file '/usr/lib/.sshd.h'          [ Not found ]
[00:44:34]    Checking for file '/var/run/.defunct'        [ Not found ]
[00:44:34]    Checking for file '/etc/httpd/run/.defunct'  [ Not found ]
[00:44:35]    Checking for file '/usr/share/pci.r'          [ Not found ]
[00:44:35]    Checking for file '/etc/cron.daily/dnsquery'  [ Not found ]
[00:44:35]    Checking for file '/usr/lib/libutil1.2.1.2.so' [ Not found ]
[00:44:36]    Checking for file '/bin/ceva'                [ Not found ]
[00:44:36]    Checking for file '/sbin/syslogd<SP>'        [ Not found ]
[00:44:36]    Checking for file '/usr/include/shup.h'      [ Not found ]
[00:44:36]    Checking for file '/etc/rpm/sshdOLD'          [ Not found ]
[00:44:36]    Checking for file '/etc/rpm/sshOLD'          [ Not found ]
[00:44:36]    Checking for file '/usr/share/passwd.h'      [ Not found ]
[00:44:36]    Checking for file '/lib/.xsyslog'            [ Not found ]
[00:44:37]    Checking for file '/etc/.xsyslog'            [ Not found ]
[00:44:37]    Checking for file '/lib/.ssyslog'            [ Not found ]
[00:44:37]    Checking for file '/tmp/.sendmail'            [ Not found ]
[00:44:37]    Checking for file '/usr/share/sshd.sync'      [ Not found ]
[00:44:38]    Checking for file '/bin/zcut'                [ Not found ]
[00:44:38]    Checking for file '/usr/bin/zmuie'            [ Not found ]
[00:44:38]    Checking for file '/lib/libkeyutils.so.1.9'  [ Not found ]
[00:44:38]    Checking for file '/lib64/libkeyutils.so.1.9' [ Not found ]
[00:44:38]    Checking for file '/usr/lib/libkeyutils.so.1.9' [ Not found ]
[00:44:38]    Checking for file '/usr/lib64/libkeyutils.so.1.9' [ Not found ]
[00:44:38]    Checking for directory '/dev/ptyas'          [ Not found ]
[00:44:39]    Checking for directory '/usr/bin/take'        [ Not found ]
[00:44:39]    Checking for directory '/usr/src/.lib'        [ Not found ]
[00:44:39]    Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[00:44:39]    Checking for directory '/lib/lblip.tk'        [ Not found ]
[00:44:40]    Checking for directory '/usr/sbin/...'        [ Not found ]
[00:44:40]    Checking for directory '/usr/share/.gun'      [ Not found ]
[00:44:40]    Checking for directory '/unde/vrei/tu/sa/te/ascunzi/in/server' [ Not found ]
[00:44:40]    Checking for directory '/usr/man/man1/..<SP><SP>/.dir' [ Not found ]
[00:44:40]    Checking for directory '/usr/X11R6/include/X11/...' [ Not found ]
[00:44:40]    Checking for directory '/usr/X11R6/lib/X11/.fonts/misc/...' [ Not found ]
[00:44:40]    Checking for directory '/tmp/.sys'            [ Not found ]
[00:44:40]    Checking for directory '/tmp/''              [ Not found ]
[00:44:41]    Checking for directory '/tmp/.,'              [ Not found ]
[00:44:41]    Checking for directory '/tmp/,.,'            [ Not found ]
[00:44:41]    Checking for directory '/dev/shm/emilien'    [ Not found ]
[00:44:41]    Checking for directory '/var/tmp/.log'        [ Not found ]
[00:44:41]    Checking for directory '/tmp/zmeu/...<SP>'    [ Not found ]
[00:44:42]    Checking for directory '/var/log/ssh'        [ Not found ]
[00:44:42]    Checking for directory '/dev/ida'            [ Not found ]
[00:44:42]    Checking for directory '/var/lib/games/.src/ssk/shit' [ Not found ]
[00:44:42]    Checking for directory '/usr/lib/libshtift'  [ Not found ]
[00:44:42]    Checking for directory '/usr/src/.poop'      [ Not found ]
[00:44:42]    Checking for directory '/dev/wd4'            [ Not found ]
[00:44:43]    Checking for directory '/var/run/.tmp'        [ Not found ]
[00:44:43]    Checking for directory '/usr/man/man1/lib/.lib' [ Not found ]
[00:44:43]    Checking for directory '/dev/portd'          [ Not found ]
[00:44:43]    Checking for directory '/dev/...'            [ Not found ]
[00:44:44]    Checking for directory '/usr/share/man/mansps' [ Not found ]
[00:44:44]    Checking for directory '/lib/.so'            [ Not found ]
[00:44:44]    Checking for directory '/lib/.sso'            [ Not found ]
[00:44:44]    Checking for directory '/usr/include/sslv3'  [ Not found ]
[00:44:45]    Checking for directory '/dev/shm/sshd'        [ Not found ]
[00:44:45]    Checking for directory '/usr/share/locale/mk/.dev/sk' [ Not found ]
[00:44:45]    Checking for directory '/usr/share/locale/mk/.dev' [ Not found ]
[00:44:46]    Checking for directory '/usr/include/netda.h' [ Not found ]
[00:44:46]    Checking for directory '/usr/include/.ssh'    [ Not found ]
[00:44:46]    Checking for directory '/usr/share/locale/jp/.<SP>' [ Not found ]
[00:44:46]    Checking for directory '/usr/share/.sqe'      [ Not found ]
[00:44:46]  Checking for possible rootkit files and directories [ None found ]
[00:44:46]
[00:44:46] Info: Starting test name 'possible_rkt_strings'
[00:44:46]  Performing check for possible rootkit strings
[00:44:46] Info: Using system startup paths: /etc/rc.local /etc/init.d
[00:44:47]    Checking for string 'phalanx'                [ Not found ]
[00:44:47]    Checking for string '/dev/proc/fuckit'        [ Not found ]
[00:44:48]    Checking for string 'FUCK'                    [ Not found ]
[00:44:48]    Checking for string 'backdoor'                [ Not found ]
[00:44:48]    Checking for string '/usr/bin/rcpc'          [ Not found ]
[00:44:49]    Checking for string '/usr/sbin/login'        [ Not found ]
[00:44:49]    Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[00:44:49]    Checking for string 'vt200'                  [ Not found ]
[00:44:49]    Checking for string '/usr/bin/xstat'          [ Not found ]
[00:44:49]    Checking for string '/bin/envpc'              [ Not found ]
[00:44:50]    Checking for string 'L4m3r0x'                [ Not found ]
[00:44:50]    Checking for string '/lib/libext'            [ Not found ]
[00:44:50]    Checking for string '/usr/sbin/login'        [ Not found ]
[00:44:50]    Checking for string '/usr/lib/.tbd'          [ Not found ]
[00:44:50]    Checking for string 'sendmail'                [ Not found ]
[00:44:51]    Checking for string 'cocacola'                [ Not found ]
[00:44:51]    Checking for string 'joao'                    [ Not found ]
[00:44:51]    Checking for string '/dev/ptyxx/.file'        [ Not found ]
[00:44:51]    Checking for string '/dev/ptyxx/.file'        [ Not found ]
[00:44:52]    Checking for string '/dev/sgk'                [ Not found ]
[00:44:52]    Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[00:44:52]    Checking for string '/usr/lib/.tbd'          [ Not found ]
[00:44:52]    Checking for string '/dev/proc/fuckit'        [ Not found ]
[00:44:53]    Checking for string '/lib/.sso'              [ Not found ]
[00:44:53]    Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[00:44:53]    Checking for string '/dev/caca'              [ Not found ]
[00:44:53]    Checking for string '/dev/ttyoa'              [ Not found ]
[00:44:53]    Checking for string '/usr/lib/ldlibns.so'    [ Not found ]
[00:44:54]    Checking for string '/dev/ptyxx/.addr'        [ Not found ]
[00:44:55]    Checking for string 'syg'                    [ Not found ]
[00:44:55]    Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[00:44:55]    Checking for string '/dev/pts/01'            [ Not found ]
[00:44:55]    Checking for string 'tw33dl3'                [ Not found ]
[00:44:55]    Checking for string 'psniff'                  [ Not found ]
[00:44:56]    Checking for string 'uconf.inv'              [ Not found ]
[00:44:56]    Checking for string 'lib/ldlibps.so'          [ Not found ]
[00:44:56]    Checking for string '/usr/lib/ldlibpst.so'    [ Not found ]
[00:44:56]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:44:56]    Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[00:44:57]    Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[00:44:57]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:44:57]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:44:57]    Checking for string '/bin/bash'              [ Not found ]
[00:44:59]    Checking for string '/dev/xdta'              [ Not found ]
[00:44:59]    Checking for string '/usr/lib/.tbd'          [ Not found ]
[00:44:59]    Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[00:45:02]    Checking for string 'in.inetd'                [ Not found ]
[00:45:04]    Checking for string '#<HIDE_.*>'              [ Not found ]
[00:45:07]    Checking for string 'bin/xchk'                [ Not found ]
[00:45:09]    Checking for string 'bin/xsf'                [ Not found ]
[00:45:12]    Checking for string '/usr/bin/ssh2d'          [ Not found ]
[00:45:14]    Checking for string '/usr/sbin/xntps'        [ Not found ]
[00:45:17]    Checking for string 'ttyload'                [ Not found ]
[00:45:19]    Checking for string '/etc/rc.d/init.d/init'  [ Not found ]
[00:45:22]    Checking for string 'usr/bin/xfss'            [ Not found ]
[00:45:25]    Checking for string '/usr/sbin/rpc.netinet'  [ Not found ]
[00:45:27]    Checking for string '/usr/lib/.fx/cons.saver' [ Not found ]
[00:45:29]    Checking for string '/usr/lib/.fx/xs'        [ Not found ]
[00:45:30]    Checking for string '/ssh2d'                  [ Not found ]
[00:45:31]    Checking for string '/dev/kmod'              [ Not found ]
[00:45:31]    Checking for string '/crth.o'                [ Not found ]
[00:45:32]    Checking for string '/crtz.o'                [ Not found ]
[00:45:33]    Checking for string '/dev/dos'                [ Not found ]
[00:45:33]    Checking for string '/lpq'                    [ Not found ]
[00:45:34]    Checking for string '/usr/sbin/rescue'        [ Not found ]
[00:45:35]    Checking for string '/usr/lib/lpstart'        [ Not found ]
[00:45:36]    Checking for string '/volc'                  [ Not found ]
[00:45:36]    Checking for string 'sourcemask'              [ Not found ]
[00:45:37]    Checking for string '/bin/vobiscum'          [ Not found ]
[00:45:38]    Checking for string '/usr/sbin/in.telnet'    [ Not found ]
[00:45:38]    Checking for string '/usr/bin/hdparm?-t1?-X53?-p' [ Not found ]
[00:45:39]    Checking for string '/lib/.xsyslog'          [ Not found ]
[00:45:40]    Checking for string '/etc/.xsyslog'          [ Not found ]
[00:45:41]    Checking for string '/lib/.ssyslog'          [ Not found ]
[00:45:41]    Checking for string '/tmp/.sendmail'          [ Not found ]
[00:45:41]    Checking for string '/lib/ldd.so/tkps'        [ Not found ]
[00:45:41]    Checking for string 't0rnkit'                [ Not found ]
[00:45:42]    Checking for string '/dev/proc/fuckit'        [ Not found ]
[00:45:42]    Checking for string 'backdoor.h'              [ Not found ]
[00:45:42]    Checking for string 'backdoor_active'        [ Not found ]
[00:45:42]    Checking for string 'magic_pass_active'      [ Not found ]
[00:45:42]    Checking for string '/usr/include/gpm2.h'    [ Not found ]
[00:45:42]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:45:42]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:45:42]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:45:42]    Checking for string '/usr/lib/ldlibct.so'    [ Not found ]
[00:45:42]    Checking for string '/usr/lib/ldlibdu.so'    [ Not found ]
[00:45:42]    Checking for string '/dev/ptyxx/.file'        [ Not found ]
[00:45:42]    Checking for string 'libproc.so.2.0.7'        [ Not found ]
[00:45:42]    Checking for string '/dev/ida/.inet'          [ Not found ]
[00:45:42]    Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:42]    Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:42]    Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:42]    Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:43]    Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:43]    Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[00:45:43]    Checking for string 'backconnect'            [ Not found ]
[00:45:43]    Checking for string 'magic?packet?received'  [ Not found ]
[00:45:43]  Checking for possible rootkit strings          [ None found ]
[00:45:43]
[00:45:43] Info: Starting test name 'malware'
[00:45:43] Performing malware checks
[00:45:43]
[00:45:43] Info: Test 'deleted_files' disabled at users request.
[00:45:43]
[00:45:43] Info: Starting test name 'running_procs'
[00:45:47]  Checking running processes for suspicious files [ None found ]
[00:45:48]
[00:45:48] Info: Test 'hidden_procs' disabled at users request.
[00:45:48]
[00:45:48] Info: Test 'suspscan' disabled at users request.
[00:45:48]
[00:45:48] Info: Starting test name 'other_malware'
[00:45:48]  Performing check for login backdoors
[00:45:48]    Checking for '/bin/.login'                    [ Not found ]
[00:45:48]    Checking for '/sbin/.login'                  [ Not found ]
[00:45:48]  Checking for login backdoors                    [ None found ]
[00:45:48]
[00:45:48]  Performing check for suspicious directories
[00:45:48]    Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[00:45:49]    Checking for directory '/dev/rd/cdb'          [ Not found ]
[00:45:49]  Checking for suspicious directories            [ None found ]
[00:45:49]
[00:45:49]  Checking for software intrusions                [ Skipped ]
[00:45:49] Info: Check skipped - tripwire not installed
[00:45:49]
[00:45:49]  Performing check for sniffer log files
[00:45:49]    Checking for file '/usr/lib/libice.log'      [ Not found ]
[00:45:49]    Checking for file '/dev/prom/sn.l'            [ Not found ]
[00:45:49]    Checking for file '/dev/fd/.88/zxsniff.log'  [ Not found ]
[00:45:49]  Checking for sniffer log files                  [ None found ]
[00:45:49]
[00:45:49] Suspicious Shared Memory segments
[00:45:50]  Suspicious Shared Memory segments              [ None found ]
[00:45:50]
[00:45:50] Info: Starting test name 'trojans'
[00:45:50] Performing trojan specific checks
[00:45:50] Info: Using inetd configuration file '/etc/inetd.conf'
[00:45:50]  Checking for enabled inetd services            [ OK ]
[00:45:50]
[00:45:50]  Performing check for enabled xinetd services
[00:45:50]  Checking for enabled xinetd services            [ Skipped ]
[00:45:51] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[00:45:51] Info: Apache backdoor check skipped: Apache modules and configuration directories not found.
[00:45:51]
[00:45:51] Info: Starting test name 'os_specific'
[00:45:51] Performing Linux specific checks
[00:45:51]  Checking loaded kernel modules                  [ OK ]
[00:45:51] Info: Using modules pathname of '/lib/modules/4.2.0-34-generic'
[00:45:52]  Checking kernel module names                    [ OK ]
[00:49:12]
[00:49:12] Info: Starting test name 'network'
[00:49:12] Checking the network...
[00:49:12]
[00:49:12] Performing checks on the network ports
[00:49:12] Info: Starting test name 'ports'
[00:49:12]  Performing check for backdoor ports
[00:49:13]    Checking for TCP port 1524                    [ Not found ]
[00:49:14]    Checking for TCP port 1984                    [ Not found ]
[00:49:14]    Checking for UDP port 2001                    [ Not found ]
[00:49:14]    Checking for TCP port 2006                    [ Not found ]
[00:49:15]    Checking for TCP port 2128                    [ Not found ]
[00:49:15]    Checking for TCP port 6666                    [ Not found ]
[00:49:15]    Checking for TCP port 6667                    [ Not found ]
[00:49:16]    Checking for TCP port 6668                    [ Not found ]
[00:49:17]    Checking for TCP port 6669                    [ Not found ]
[00:49:18]    Checking for TCP port 7000                    [ Not found ]
[00:49:18]    Checking for TCP port 13000                  [ Not found ]
[00:49:18]    Checking for TCP port 14856                  [ Not found ]
[00:49:19]    Checking for TCP port 25000                  [ Not found ]
[00:49:20]    Checking for TCP port 29812                  [ Not found ]
[00:49:20]    Checking for TCP port 31337                  [ Not found ]
[00:49:21]    Checking for TCP port 32982                  [ Not found ]
[00:49:22]    Checking for TCP port 33369                  [ Not found ]
[00:49:23]    Checking for TCP port 47107                  [ Not found ]
[00:49:23]    Checking for TCP port 47018                  [ Not found ]
[00:49:24]    Checking for TCP port 60922                  [ Not found ]
[00:49:24]    Checking for TCP port 62883                  [ Not found ]
[00:49:25]    Checking for TCP port 65535                  [ Not found ]
[00:49:25]  Checking for backdoor ports                    [ None found ]
[00:49:26]
[00:49:26] Info: Starting test name 'hidden_ports'
[00:49:26] Info: Found the 'unhide-tcp' command: /usr/sbin/unhide-tcp
[00:49:27]  Checking for hidden ports                      [ None found ]
[00:49:28]
[00:49:28] Performing checks on the network interfaces
[00:49:28] Info: Starting test name 'promisc'
[00:49:28]  Checking for promiscuous interfaces            [ None found ]
[00:49:28]
[00:49:28] Info: Test 'packet_cap_apps' disabled at users request.
[00:49:28]
[00:49:28] Info: Starting test name 'local_host'
[00:49:29] Checking the local host...
[00:49:29]
[00:49:29] Info: Starting test name 'startup_files'
[00:49:29] Performing system boot checks
[00:49:29]  Checking for local host name                    [ Found ]
[00:49:29]
[00:49:29] Info: Starting test name 'startup_malware'
[00:49:29]  Checking for system startup files              [ Found ]
[00:49:46]  Checking system startup files for malware      [ None found ]
[00:49:46]
[00:49:46] Info: Starting test name 'group_accounts'
[00:49:46] Performing group and account checks
[00:49:46]  Checking for passwd file                        [ Found ]
[00:49:46] Info: Found password file: /etc/passwd
[00:49:47]  Checking for root equivalent (UID 0) accounts  [ None found ]
[00:49:47] Info: Found shadow file: /etc/shadow
[00:49:47]  Checking for passwordless accounts              [ None found ]
[00:49:47]
[00:49:47] Info: Starting test name 'passwd_changes'
[00:49:47]  Checking for passwd file changes                [ Warning ]
[00:49:47] Warning: User 'clamav' has been added to the passwd file.
[00:49:47] Warning: User 'c-icap' has been added to the passwd file.
[00:49:47]
[00:49:47] Info: Starting test name 'group_changes'
[00:49:47]  Checking for group file changes                [ Warning ]
[00:49:47] Warning: Group 'vlock' has been added to the group file.
[00:49:47] Warning: Group 'clamav' has been added to the group file.
[00:49:47] Warning: Group 'c-icap' has been added to the group file.
[00:49:47]  Checking root account shell history files      [ None found ]
[00:49:47]
[00:49:47] Info: Starting test name 'system_configs'
[00:49:47] Performing system configuration file checks
[00:49:47]  Checking for an SSH configuration file          [ Not found ]
[00:49:48]  Checking for a running system logging daemon    [ Found ]
[00:49:48] Info: A running 'rsyslog' daemon has been found.
[00:49:48] Info: A running 'systemd-journald' daemon has been found.
[00:49:48] Info: Found an rsyslog configuration file: /etc/rsyslog.conf
[00:49:48] Info: Found a systemd configuration file: /etc/systemd/journald.conf
[00:49:48]  Checking for a system logging configuration file [ Found ]
[00:49:48]  Checking if syslog remote logging is allowed    [ Not allowed ]
[00:49:49]
[00:49:49] Info: Starting test name 'filesystem'
[00:49:49] Performing filesystem checks
[00:49:49] Info: SCAN_MODE_DEV set to 'THOROUGH'
[00:50:10]  Checking /dev for suspicious file types        [ Warning ]
[00:50:10] Warning: Suspicious file types found in /dev:
[00:50:10]          /dev/shm/pulse-shm-1345573933: data
[00:50:11]          /dev/shm/pulse-shm-218296524: data
[00:50:11]          /dev/shm/pulse-shm-519599192: data
[00:50:11]          /dev/shm/pulse-shm-927969031: data
[00:50:11]          /dev/shm/pulse-shm-735769416: data
[00:50:11]          /dev/shm/ecryptfs-ruut-Private: ASCII text
[00:50:11]          /dev/shm/pulse-shm-3336728073: data
[00:50:12]          /dev/shm/pulse-shm-2617881712: data
[00:50:12]  Checking for hidden files and directories      [ None found ]
[00:50:12]  Checking for missing log files                  [ Skipped ]
[00:50:12]  Checking for empty log files                    [ Skipped ]
[00:51:47]
[00:51:47] Info: Test 'apps' disabled at users request.
[00:51:47]
[00:51:47] System checks summary
[00:51:48] =====================
[00:51:48]
[00:51:48] File properties checks...
[00:51:48] Files checked: 148
[00:51:48] Suspect files: 10
[00:51:48]
[00:51:48] Rootkit checks...
[00:51:48] Rootkits checked : 365
[00:51:48] Possible rootkits: 0
[00:51:48]
[00:51:48] Applications checks...
[00:51:48] All checks skipped
[00:51:49]
[00:51:49] The system checks took: 10 minutes and 49 seconds
[00:51:49]
[00:51:49] Info: End date is Do 17. Mär 00:51:49 CET 2016

dennissteins 17.03.2016 01:58
CHKROOTKIT -x, und hier sind ja alle Experten:
Log nur ausschnittsweise, sonst bekomme ich wieder ärger, dass ich so viel Mist poste
Code:
Diagnostic-Code: %s; %.800s
Last-Attempt-Date:
Will-Retry-Until:
Content-Type:
errbody: I/O error
()<>@,;:\.[]"
*** Return To Sender: msg="%s", depth=%d, e=%p, returnq=
554 5.3.0 returntosender: infinite recursion on %s
554 5.3.0 returntosender: cannot select queue for %s
multipart/report; report-type=delivery-status;
        boundary="%s"
Postmaster notify: see transcript for details
Returned mail: see transcript for details
savemail, errormode = %c, id = %s, ExitStat = %d
  e_from=
553 5.3.5 Cannot parse Postmaster!
554 5.3.0 savemail: bogus errormode x%x
554 5.3.5 savemail: unknown state %d
554 savemail: cannot save rejected email anywhere
relayed to non-DSN-aware mailer
successfully delivered to mailbox
successfully delivered to mailing list
relayed (to non-DSN-aware mailer)
expanded (to multi-recipient alias)
relayed (Deliver-By trace mode)
delayed (Deliver-By notify mode)
relayed (Deliver-By notify mode)
  ----- Original message follows -----
  ----- Message header follows -----
  ----- Original message lost -----
This is a MIME-encapsulated message
    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
The original message was received at %s
  ----- The following addresses had permanent fatal errors -----
  ----- The following addresses had transient non-fatal errors -----
  ----- The following addresses had successful delivery notifications -----
  ----- Transcript of session is unavailable -----
  ----- Transcript of session follows -----
Content-Type: message/delivery-status
Original-Recipient: %.100s;%.700s
returntosender: q_finalrcpt is NULL
  ----- Message body suppressed -----
  ----- No message was collected -----
AUTH: sasl_encode error=%d
sfsasl.c
AUTH: sasl_decode error=%d
sasl
read W BLOCK
read R BLOCK
generic SSL error
write X BLOCK
syscall error
STARTTLS: write error=timeout
STARTTLS: read error=timeout
SM_ASSERT(con != NULL) failed
@sasl_read failure: outbuf == NULL but outlen != 0
STARTTLS=%s, info: fds=%d/%d, err=%d
STARTTLS=%s, error: fd %d/%d too large
STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d
STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d
STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d
STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d
sm_resolve.c
dns_lookup(%s, %d, %s)
dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response too long
dns_lookup: domain=%s, length=%d, default_size=%d, max=%d, status=response longer than default size, resizing
dns_lookup(%s, %d, %s) --> %d
ERROR: DNS RDLENGTH=%d > data len=%d
ERROR: DNS TXT record size=%d <= text len=%d
501 5.5.2 Syntax error in parameters scanning "%s"
AUTH error: listmech=%d, num=%d
AUTH: available mech=%s, allowed mech=%s
501 5.5.2 SIZE requires a value
552 5.2.3 Message size exceeds maximum value
552 5.2.3 Message size invalid
501 5.5.2 BODY requires a value
501 5.5.4 Unknown BODY type %s
504 5.7.0 Sorry, ENVID not supported, we do not allow DSN
501 5.5.2 ENVID requires a value
501 5.5.4 Syntax error in ENVID parameter value
501 5.5.0 Duplicate ENVID parameter
504 5.7.0 Sorry, RET not supported, we do not allow DSN
501 5.5.2 RET requires a value
501 5.5.0 Duplicate RET parameter
501 5.5.2 Bad argument "%s" to RET
501 5.5.2 AUTH= requires a value
501 5.5.0 Duplicate AUTH parameter
501 5.5.4 Syntax error in AUTH parameter value
auth="%.100s" not trusted user="%.100s"
501 5.5.2 BY= requires a value
501 5.5.4 mode R requires BY time > 0
555 5.5.2 time %ld less than %ld
501 5.5.2 illegal by-mode '%c'
501 5.5.2 illegal by-trace '%c'
555 5.5.4 %s parameter unrecognized
504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN
501 5.5.2 NOTIFY requires a value
501 5.5.4 Bad argument "%s"  to NOTIFY
504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN
501 5.5.2 ORCPT requires a value
501 5.5.0 Duplicate ORCPT parameter
501 5.5.4 Syntax error in ORCPT parameter value
%s: possible SMTP attack: command=%.40s, count=%u
502 5.3.0 Sendmail %s -- HELP not implemented
214-2.0.0 This is Sendmail version %s
504 5.3.0 HELP topic "%.10s" unknown
%s too old (require version %d)
fcntl(inchfd, F_GETFL) failed: %s
fcntl(outchfd, F_GETFL) failed: %s
set automode for I (%d)/O (%d) in SMTP server
srvfeatures: unknown feature %s
450 4.3.0 Please try again later.
ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled
AUTH error: sasl_server_new failed=%d
Milter: initialization failed, rejecting commands
Milter: initialization failed, temp failing commands
Milter: initialization failed, closing connection
SM_ASSERT(q != NULL || OpMode == MD_SMTP) failed
Milter: connect: host=%s, addr=%s, rejecting commands
Milter: connect: host=%s, addr=%s, temp failing commands
Milter: connect: host=%s, addr=%s, shutdown
rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds
421 4.4.1 %s Lost input channel from %s
lost input channel from %s to %s after %s
421 4.7.0 %s Command too long, possible attack %s
%s: SMTP violation, input too long: %lu
421 4.7.0 %s Rejecting open proxy %s
%s: probable open proxy: command=%.40s
unauthorized PIPELINING, sleeping, relay=%.100s
501 5.5.4 cannot decode AUTH parameter %s
AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d
454 4.5.4 Internal error: unable to encode64
AUTH encode64 error [%d for "%s"], relay=%.100s
AUTH continue: msg='%s' len=%u
535 5.7.0 authentication failed
AUTH failure (%s): %s (%d) %s, relay=%.100s
%s: %s: delaying %s: load average: %d
delaying=%s, load average=%d >= %d
421 4.7.0 %s Too many bad commands; closing connection
503 5.5.0 Already Authenticated
503 5.5.0 AUTH not permitted during a mail transaction
454 4.3.0 Please try again later
SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)
501 5.5.2 AUTH mechanism must be specified
504 5.3.3 AUTH mechanism %.32s not available
501 5.5.4 cannot BASE64 decode '%s'
AUTH decode64 error [%d for "%s"], relay=%.100s
454 4.5.4 Temporary authentication failure
AUTH encode64 error [%d for "%s"]
501 5.5.2 Syntax error (no parameters allowed)
454 4.3.3 TLS not available after start
503 5.5.0 TLS not permitted during a mail transaction
454 4.7.0 Please try again later
SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)
454 4.3.3 TLS not available: error generating SSL handle
454 4.3.3 TLS not available: error set fd
STARTTLS=server, error: accept failed=%d, reason=%s, SSL_error=%d, errno=%d, retry=%d, relay=%.100s
503 5.7.0 Authentication required.
454 4.3.3 TLS not available: can't switch to encrypted layer
STARTTLS: can't switch to encrypted layer
501 %s requires domain address
invalid domain name (too long) from %s
invalid domain name (%s) from %.100s
CLEAR_STATE: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d
Milter: helo=%s, reject=Command rejected
451 4.3.2 Please try again later
Milter: helo=%s, reject=421 4.7.0 %s closing connection
503 5.0.0 Polite people say HELO first
503 5.5.0 Sender already specified
530 5.7.0 Authentication required
SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)
552 5.2.3 Message size exceeds fixed maximum message size (%ld)
Milter: %s=%s, reject=421, errormode=4
Milter: %s=%s, reject=550 5.7.1 Command rejected
421 4.7.0 %s Too many bad recipients; closing connection
%s: Possible SMTP RCPT flood, shutting down connection.
%s: Possible SMTP RCPT flood, throttling.
503 5.0.0 Need MAIL before RCPT
503 5.0.0 Need RCPT (recipient)
Milter: cmd=data, reject=550 5.7.1 Command rejected
Milter: cmd=data, reject=421 4.7.0 %s closing connection
Milter: data, reject=554 5.7.1 Command rejected
Milter: data, reject=421 4.7.0 %s closing connection
250 2.0.0 %s Message accepted for delivery
abortmessage: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d
550 5.7.1 Please try again later
SMTP %s command (%.100s) from %s tempfailed (due to previous checks)
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
502 5.7.0 Sorry, we do not allow this operation
503 5.0.0 I demand that you introduce yourself first
SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)
250 2.0.0 Queuing for queue group %s started
250 2.0.0 Queuing for node %s started
221 2.0.0 %s closing connection
QUIT: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d
%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s
500 5.5.1 Command unrecognized: "%s"
502 5.5.1 Command not implemented: "%s"
500 5.5.0 smtp: unknown code %d
@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $
AUTH warning: no mechanisms
size
srvrsmtp.c
8bitmime
envid
trust_auth
auth="%.100s" trusted
501 5.5.2 BY=%s out of range
501 5.5.2 BY= missing ';'
orcpt
%s: got arg %s="%s"
501 5.5.4 Too many parameters
=<>")
#vers       
214-2.0.0 %s
214 2.0.0 End of HELP info
pleased to meet you
accepting invalid domain name
 (will queue)
VRFY
check_vrfy
check_expn
smtp() heap group #%d
server %s startup
srv_features
temp
greet_pause
%s not accepting messages
%s %%.*s ESMTP%%s
%s-%%.*s ESMTP%%s
server cmd read
server %s cmd read
AUTH
501 5.0.0 AUTH aborted
235 2.0.0 OK Authenticated
AUTH auth_ssf: %u
503 5.3.3 SASL TLS failed
334 %s
<<< %s
<-- %s
%s %s: %.80s
550 5.0.0 %s
503 5.3.3 AUTH not available
503 5.5.0 TLS not available
220 2.0.0 Ready to start TLS
tls_client
server EHLO
server HELO
HELO/EHLO
501 Invalid domain name
[].-_#:
Milter: helo=%s, reject=%s
421-
250 %s Hello %s, %s
250-%s Hello %s, %s
250 ENHANCEDSTATUSCODES
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-EXPN
250-VERB
250-SIZE %ld
250-SIZE
250-DSN
250-ETRN
250-AUTH %s
250-STARTTLS
250-DELIVERBY %ld
250 HELP
250-DELIVERBY
server MAIL
%s didn't use HELO protocol
{nbadrcpts}
{mail_mailer}
{mail_host}
{mail_addr}
%s owned process doing -bs
{mail_from}
check_mail
421 4.3.0 closing connection
Milter: %s=%s, reject=%s
Milter: %s=%s, discard
250 2.1.0 Sender ok
{rcpt_mailer}
{rcpt_host}
{rcpt_addr}
server RCPT
452 4.5.3 Too many recipients
501 5.0.0 Missing recipient
check_rcpt
550 5.1.1 Addressee unknown
250 2.1.5 Recipient ok%s
server DATA
503 5.0.0 Need MAIL command
check_data
Milter: cmd=data, reject=%s
Milter: cmd=data, discard
check_eom
Milter: data, reject=%s
Milter: data, discard
Milter accept: message
451 4.0.0 Test failure
250 2.0.0 Reset state
%s: %s [rejected]
501 5.5.2 Argument required
554 5.5.2 Nothing to %s
2.1.5
%s <%s@%s>
%s <%s>
500 5.5.2 Parameter required
check_etrn
%s: ETRN %s
459 4.5.4 Queue %s unknown
500 5.5.0 ETRN out of memory
NOOP
250 2.0.0 OK
aborted by sender
502 5.7.0 Verbose unavailable
250 2.0.0 Verbose mode
Bogus
"%s" command from %s (%.100s)
Sending "%s" to Milter
Unimpl
POST
USER
leak_smtp
noop
ehlo
saml
soml
showq
STAB: %s %d
(hfunc=%d)
type %d val %lx %lx %lx %lx
entered
stab: unknown symbol type %d
size of stab entry: %d
stab.c
stabapply: trying %d/%s
$%s%s
stab: total=%d (%d)
stab: type[%2d]=%2d (%d)
poststats: %s: %s
SSL_connect
SSL_accept
undefined
STARTTLS: %s:%s
STARTTLS: SSL3 alert %s:%s:%s
STARTTLS: %s:failed in %s
STARTTLS: %s:error in %s
Server
Client
STARTTLS: %s%s missing
x509
UNKNOWN
tls.c
BadCertificateUnknown
cn_subject
BadCertificateTooLong
BadCertificateContainsNUL
cn_issuer
{cert_md5}
STARTTLS=%s: %lu:%s:%s:%d:%s
STARTTLS=%s, init=%d
SM_ASSERT(ctx != NULL) failed
STARTTLS: info_callback where=0x%x, ret=%d
STARTTLS=server, tmp_rsa_key: RSA_generate_key failed!
STARTTLS=server, tmp_rsa_key: new temp RSA key
STARTTLS=%s: file %s unsafe: %s
STARTTLS: internal error: tls_verify_cb: ssl == NULL
STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s
STARTTLS=%s, get_verify: %ld get_peer: 0x%lx
STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN
STARTTLS=%s, relay=%.100s, field=%s, status=CN too long
STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL
SM_ASSERT((n * 3) + 2 < sizeof(md5h)) failed
STARTTLS=%s, relay=%.100s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s/%.6s
STARTTLS=%s, cert-subject=%.256s, cert-issuer=%.256s, verifymsg=%s
STARTTLS=%s, error: illegal value '%s' for DHParam
STARTTLS=%s, error: SSL_CTX_new(SSLv23_%s_method()) failed
STARTTLS=%s, error: PEM_read_bio_X509_CRL(%s)=failed
STARTTLS=%s, error: BIO_new=failed
STARTTLS=%s, error: RSA_generate_key failed
STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed
STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed
STARTTLS=%s, error: SSL_CTX_check_private_key failed(%s): %d
STARTTLS=%s, error: SSL_CTX_check_private_key 2 failed: %d
STARTTLS=%s, error: cannot read DH parameters(%s): %s
STARTTLS=%s, error: BIO_new_file(%s) failed
inittls: Generating %d bit DH parameters
inittls: Using precomputed 512 bit DH parameters
STARTTLS=%s, error: cannot read or set DH parameters(%s): %s
STARTTLS=%s, Diffie-Hellman init, key=%d bit (%c)
STARTTLS=%s, error: load verify locs %s, %s failed: %d
STARTTLS=%s, error: SSL_CTX_set_cipher_list(%s) failed, list ignored
STARTTLS=%s, inittls: ctx == NULL
STARTTLS=%s, SSL_shutdown failed: %d
STARTTLS=%s, SSL_shutdown not done
0123456789ABCDEF
Maximum number of UDB entries exceeded
udbmatch: no match on %s (%d) via db
udbexpand: trying %s (%d) via db
udbexpand: no match on %s (%d)
udb.c
db_open(%s): %s
db_open(%s): %s
_udbx_init: db_open(%s)
Unknown UDB spec %s
REMOTE: addr %s, timeo %d
FETCH: file %s
FORWARD: host %s
HESIOD
UNKNOWN
_udbx_init: db->close(%s)
udbmatch(%s, %s)
udbmatch ==> %s
:maildrop
:default:mailname
udbexpand(%s)
udbexpand: match %.*s: %.*s
expanded to %s
expand %.100s => %s
udbexpand: QS_EXPANDED
:mailsender
udb_map_lookup(%s, %s)
_udbx_close: db->close(%s)
usersmtp.c
AUTH username '%s'
AUTH authid '%s'
8BIT-OK
authinfo
getauth %s=%s
enhancedstatuscodes
pipelining
deliverby
AUTH flags=%lx, mechs=%s
<No Realms>
<No Realm>
>>> %s
smtpmessage: NULL mci_out
smtpquit:1
client QUIT
STARTTLS dialogue
AUTH dialogue
reply
reply:1
reply:2
%s...
reply(%.100s) during %s
... while talking to %s:
050 %s
5.1.3
lmtp
LOGIN
DIGEST-MD5
AUTH %s =
encode64 for AUTH failed
AUTH %s %s
AUTH FAIL=%s (%d)
HDRS
FULL
smtpmailfrom: CurHost=%s
 SIZE=%ld
 BODY=%s
%s does not support 8BITMIME
 ENVID=%s
 RET=%s
 AUTH=%s
 BY=%ld;%c%s
MAIL From:<%s>%s
MAIL From:<@%s%c%s>%s
client MAIL
 NOTIFY=
 ORCPT=%s
RCPT To:<%s>%s
client RCPT
client RSET
client LHLO
client EHLO
client HELO
smtpinit
client greeting
LHLO %s
EHLO %s
HELO %s
553 5.3.5 system config error
client DATA 354
%05d >>> .
>>> .
client DATA status
client probe
user id
authentication id
password
realm
mechlist
error: safesasl(%s) failed: %s
AUTH=client, relay=%.64s [%.16s], authinfo %sfailed
AUTH=client, error: can't open %s: %s
AUTH=client, error: can't read %s from %s
str_union: stringlen1=%d, stringlen2=%d, sum=%d, status=overflow
AUTH=client, realm=%s, available realms=%s
AUTH=client, realm=%s not in list=%s
smtpquit: mailer%s%s exited with exit value %d
421 4.4.1 Connection reset by %s
451 4.4.1 reply: read error from %s
%.100s: SMTP RCPT protocol error: %s
%.100s: SMTP DATA-3 protocol error: %s
AUTH=client, available mechanisms do not fulfill requirements
%.100s: SMTP MAIL protocol error: %s
451 4.4.0 smtpinit: state CLOSED (was %d)
553 5.3.5 %s config error: mail loops back to me (MX problem?)
%.100s: SMTP DATA-1 protocol error: %s
%.100s: SMTP DATA-2 protocol error: %s
451 4.4.1 timeout writing message to %s
util.c
SM_REQUIRE(sz >= 0) failed
SM_ASSERT(l + 1 > l) failed
unable to write pid to %s: %s
started as: %s
{deliveryMode}
%s<null>%s
=~&?
%s$%c
%sM-
 %o
 %#x
        %08lx=
%05d >>> 
unlink %s
%s: unlink-fail %d
SM_REQUIRE(np != NULL) failed
SM_REQUIRE(n > 0) failed
tTyY
SM_REQUIRE(siz > 0) failed
%05d <<< [TIMEOUT]
%05d <<< [EOF]
%05d <<< %s
%3d:
CANNOT STAT (%s)
CLOSED
fl=0x%x,
mode=%o:
SOCK
%s/%d
CHR:
BLK:
FIFO:
DIR:
LNK:
size=%llu
%s: changed fds:
%s: cannot fork
%s: cannot dup2 for stdout
%s: cannot dup2 for stderr
%s: lockfp does not have a fd
prog_open: cannot chroot(%s)
prog_open: cannot chdir(/)
prog_open: setgid(%ld) failed
prog_open: setuid(%ld) failed
/tmp
%s: cannot exec
[UNKNOWN]
!cleanstrcpy: length == 0
!#$%&'*+-./^_`{|}~
control socket
proc_list_probe: lost pid %d
proc_list_probe
(unknown)
%s%d %s%s
ANSI
unable to write pid to %s: file in use by another process
SM_REQUIRE(buf != NULL) failed
timeout waiting for input from %.100s during %s
dev=%d/%d, ino=%llu, nlink=%d, u/gid=%d/%d,
checkfdopen(%d): %s not open as expected!
%s: cannot create pipe for stdout
Warning: prog_open: program %s unsafe: %s
POSSIBLE ATTACK from %.100s: newline in string "%s"
proc_list_probe: found %d children, expected %d
SM_ASSERT(ProcListSize < INT_MAX - PROC_LIST_SEG) failed
SM_ASSERT(CurChildren < INT_MAX) failed
@(#)$Debug: ANSI - enable reverse video in debug output $
World
Group
        [dir %s]
        [dir %s] mode %lo
FATAL
WARNING
        [dir %s] %s

....
....
....
/usr/include/./X11/bitmaps/boxes
/usr/include/./X11/bitmaps/mailemptymsk
/usr/include/./X11/bitmaps/xsnow
/usr/include/./X11/bitmaps/FlipHoriz
/usr/include/./X11/bitmaps/star
/usr/include/./X11/bitmaps/flipped_gray
/usr/include/./X11/bitmaps/escherknot
/usr/include/./X11/bitmaps/flagup
/usr/include/./X11/bitmaps/terminal
/usr/include/./X11/bitmaps/Excl
/usr/include/./X11/bitmaps/vlines3
/usr/include/./X11/bitmaps/menu12
/usr/include/./X11/bitmaps/dimple1
/usr/include/./X11/bitmaps/dot
/usr/include/./X11/bitmaps/menu8
/usr/include/./X11/bitmaps/dimple3
/usr/include/./X11/bitmaps/mailempty
/usr/include/./X11/bitmaps/xlogo64
/usr/include/./X11/bitmaps/mensetmanus
/usr/include/./X11/bitmaps/letters
/usr/include/./X11/bitmaps/Dashes
/usr/include/./X11/bitmaps/keyboard16
/usr/include/./X11/bitmaps/hlines3
/usr/include/./X11/bitmaps/starMask
/usr/include/./X11/bitmaps/menu6
/usr/include/./X11/bitmaps/tie_fighter
/usr/include/./X11/bitmaps/right_ptr
/usr/include/./X11/bitmaps/RotateLeft
/usr/include/./X11/bitmaps/xlogo32
/usr/include/./X11/bitmaps/mailfullmsk
/usr/include/./X11/bitmaps/2x2
/usr/include/./X11/bitmaps/Left
/usr/include/./X11/bitmaps/box6
/usr/include/./X11/bitmaps/grid4
/usr/include/./X11/bitmaps/hlines2
/usr/include/./X11/bitmaps/gray
/usr/include/./X11/bitmaps/weird_size
/usr/include/./X11/bitmaps/mailfull
/usr/include/./X11/bitmaps/Fold
/usr/include/./X11/bitmaps/menu16
/usr/include/./X11/bitmaps/root_weave
/usr/include/./X11/bitmaps/sipb
/usr/include/./X11/bitmaps/black
/usr/include/./X11/bitmaps/ldblarrow
/usr/include/./X11/bitmaps/grid8
/usr/include/./X11/bitmaps/black6
/usr/include/./X11/bitmaps/left_ptrmsk
/usr/include/./X11/bitmaps/vlines2
/usr/include/./X11/bitmaps/gray3
/usr/include/./X11/bitmaps/wide_weave
/usr/include/./X11/bitmaps/right_ptrmsk
/usr/include/./X11/bitmaps/xlogo11
/usr/include/./X11/bitmaps/Stipple
/usr/include/./X11/bitmaps/opendot
/usr/include/./X11/bitmaps/FlipVert
/usr/include/./X11/bitmaps/rdblarrow
/usr/include/./X11/bitmaps/icon
/usr/include/./X11/bitmaps/noletters
/usr/include/./X11/bitmaps/dropbar7
/usr/include/./X11/bitmaps/grid16
/usr/include/./X11/bitmaps/gray1
/usr/include/./X11/bitmaps/cntr_ptrmsk
/usr/include/./X11/bitmaps/grid2
/usr/include/./X11/bitmaps/1x1
/usr/include/./X11/bitmaps/left_ptr
/usr/include/./X11/bitmaps/menu10
/usr/include/./X11/bitmaps/Right
/usr/include/./X11/bitmaps/wingdogs
/usr/include/./X11/bitmaps/woman
/usr/include/./X11/bitmaps/dropbar8
/usr/include/./X11/bitmaps/stipple
/usr/include/./X11/bitmaps/xlogo16
/usr/include/./X11/bitmaps/opendotMask
/usr/include/./X11/bitmaps/light_gray
/usr/include/./X11/bitmaps/Up
/usr/include/./X11/bitmaps/calculator
/usr/include/./X11/bitmaps/scales
/usr/include/./X11/bitmaps/target
/usr/include/./X11/bitmaps/RotateRight
/usr/include/./X11/bitmaps/cross_weave
/usr/include/./tommath.h
/usr/include/./memory.h
/usr/include/./pwd.h
/usr/include/./shadow.h
/usr/include/./elf.h
/usr/include/./netpacket
/usr/include/./netpacket/packet.h
/usr/include/./wchar.h
/usr/include/./ustat.h
/usr/include/./geany
/usr/include/./geany/scintilla
/usr/include/./geany/scintilla/ScintillaWidget.h
/usr/include/./geany/scintilla/SciLexer.h
/usr/include/./geany/scintilla/Scintilla.iface
/usr/include/./geany/scintilla/Scintilla.h
/usr/include/./geany/navqueue.h
/usr/include/./geany/stash.h
/usr/include/./geany/app.h
/usr/include/./geany/symbols.h
/usr/include/./geany/plugindata.h
/usr/include/./geany/encodings.h
/usr/include/./geany/main.h
/usr/include/./geany/pluginutils.h
/usr/include/./geany/project.h
/usr/include/./geany/build.h
/usr/include/./geany/ui_utils.h
/usr/include/./geany/editor.h
/usr/include/./geany/geanyfunctions.h
/usr/include/./geany/document.h
/usr/include/./geany/highlighting.h
/usr/include/./geany/geany.h
/usr/include/./geany/keybindings.h
/usr/include/./geany/dialogs.h
/usr/include/./geany/gtkcompat.h
/usr/include/./geany/utils.h
/usr/include/./geany/support.h
/usr/include/./geany/prefs.h
/usr/include/./geany/geanyplugin.h
/usr/include/./geany/sciwrappers.h
/usr/include/./geany/spawn.h
/usr/include/./geany/templates.h
/usr/include/./geany/search.h
/usr/include/./geany/filetypes.h
/usr/include/./geany/msgwindow.h
/usr/include/./geany/toolbar.h
/usr/include/./geany/tagmanager
/usr/include/./geany/tagmanager/tm_source_file.h
/usr/include/./geany/tagmanager/tm_workspace.h
/usr/include/./geany/tagmanager/tm_tag.h
/usr/include/./geany/tagmanager/tm_tagmanager.h
/usr/include/./netdb.h
/usr/include/./ctype.h
/usr/include/./glob.h
/usr/include/./turbojpeg.h
/usr/include/./envz.h
/usr/include/./features.h
/usr/include/./stropts.h
/usr/include/./ne_nemesisI_int.h
/usr/include/./scsi
/usr/include/./scsi/scsi_ioctl.h
/usr/include/./scsi/scsi.h
/usr/include/./scsi/cxlflash_ioctl.h
/usr/include/./scsi/scsi_netlink_fc.h
/usr/include/./scsi/scsi_netlink.h
/usr/include/./scsi/scsi_bsg_fc.h
/usr/include/./scsi/fc
/usr/include/./scsi/fc/fc_ns.h
/usr/include/./scsi/fc/fc_fs.h
/usr/include/./scsi/fc/fc_els.h
/usr/include/./scsi/fc/fc_gs.h
/usr/include/./scsi/sg.h
/usr/include/./spawn.h
/usr/include/./ftw.h
/usr/include/./monetary.h
/usr/include/./byteswap.h
/usr/include/./obstack.h
/usr/include/./regex.h
/usr/include/./termios.h
/usr/include/./hdf5
/usr/include/./hdf5/serial
/usr/include/./hdf5/serial/H5Cpublic.h
/usr/include/./hdf5/serial/h5f.mod
/usr/include/./hdf5/serial/H5Epubgen.h
/usr/include/./hdf5/serial/h5e.mod
/usr/include/./hdf5/serial/H5Ipublic.h
/usr/include/./hdf5/serial/h5_dble_interface.mod
/usr/include/./hdf5/serial/h5i.mod
/usr/include/./hdf5/serial/H5overflow.h
/usr/include/./hdf5/serial/H5File.h
/usr/include/./hdf5/serial/H5Epublic.h
/usr/include/./hdf5/serial/H5PacketTable.h
/usr/include/./hdf5/serial/h5e_provisional.mod
/usr/include/./hdf5/serial/h5lt.mod
/usr/include/./hdf5/serial/hdf5_hl.h
/usr/include/./hdf5/serial/H5FDstdio.h
/usr/include/./hdf5/serial/h5l.mod
/usr/include/./hdf5/serial/H5FDcore.h
/usr/include/./hdf5/serial/H5StrType.h
/usr/include/./hdf5/serial/H5DxferProp.h
/usr/include/./hdf5/serial/H5Library.h
/usr/include/./hdf5/serial/H5FDmpi.h
/usr/include/./hdf5/serial/h5d.mod
/usr/include/./hdf5/serial/H5f90i_gen.h
/usr/include/./hdf5/serial/h5o.mod
/usr/include/./hdf5/serial/H5Zpublic.h
/usr/include/./hdf5/serial/h5f_provisional.mod
/usr/include/./hdf5/serial/h5l_provisional.mod
/usr/include/./hdf5/serial/H5Dpublic.h
/usr/include/./hdf5/serial/H5IdComponent.h
/usr/include/./hdf5/serial/H5Group.h
/usr/include/./hdf5/serial/h5fortran_types.mod
/usr/include/./hdf5/serial/H5FcreatProp.h
/usr/include/./hdf5/serial/H5EnumType.h
/usr/include/./hdf5/serial/H5IMpublic.h
/usr/include/./hdf5/serial/H5PTpublic.h
/usr/include/./hdf5/serial/H5Attribute.h
/usr/include/./hdf5/serial/H5Object.h
/usr/include/./hdf5/serial/H5DataSpace.h
/usr/include/./hdf5/serial/H5Cpp.h
/usr/include/./hdf5/serial/H5pubconf.h
/usr/include/./hdf5/serial/H5Lpublic.h
/usr/include/./hdf5/serial/H5FDdirect.h
/usr/include/./hdf5/serial/H5ACpublic.h
/usr/include/./hdf5/serial/H5PropList.h
/usr/include/./hdf5/serial/h5p_provisional.mod
/usr/include/./hdf5/serial/h5d_provisional.mod
/usr/include/./hdf5/serial/h5t.mod
/usr/include/./hdf5/serial/H5public.h
/usr/include/./hdf5/serial/H5CompType.h
/usr/include/./hdf5/serial/H5AtomType.h
/usr/include/./hdf5/serial/h5o_provisional.mod
/usr/include/./hdf5/serial/H5Fpublic.h
/usr/include/./hdf5/serial/H5MMpublic.h
/usr/include/./hdf5/serial/hdf5.h
/usr/include/./hdf5/serial/H5FDmulti.h
/usr/include/./hdf5/serial/H5FaccProp.h
/usr/include/./hdf5/serial/H5DOpublic.h
/usr/include/./hdf5/serial/H5Opublic.h
/usr/include/./hdf5/serial/h5im.mod
/usr/include/./hdf5/serial/H5PLextern.h
/usr/include/./hdf5/serial/H5api_adpt.h
/usr/include/./hdf5/serial/H5Apublic.h
/usr/include/./hdf5/serial/H5CommonFG.h
/usr/include/./hdf5/serial/H5IntType.h
/usr/include/./hdf5/serial/H5FDfamily.h
/usr/include/./hdf5/serial/H5Rpublic.h
/usr/include/./hdf5/serial/hdf5.mod
/usr/include/./hdf5/serial/H5FDsec2.h
/usr/include/./hdf5/serial/H5PLpublic.h
/usr/include/./hdf5/serial/H5DataType.h
/usr/include/./hdf5/serial/H5PredType.h
/usr/include/./hdf5/serial/h5z.mod
/usr/include/./hdf5/serial/H5FDlog.h
/usr/include/./hdf5/serial/h5global.mod
/usr/include/./hdf5/serial/h5r_provisional.mod
/usr/include/./hdf5/serial/H5ArrayType.h
/usr/include/./hdf5/serial/H5VarLenType.h
/usr/include/./hdf5/serial/H5TBpublic.h
/usr/include/./hdf5/serial/H5CppDoc.h
/usr/include/./hdf5/serial/H5Gpublic.h
/usr/include/./hdf5/serial/H5Location.h
/usr/include/./hdf5/serial/h5lib.mod
/usr/include/./hdf5/serial/H5FloatType.h
/usr/include/./hdf5/serial/H5FDmpio.h
/usr/include/./hdf5/serial/h5lib_provisional.mod
/usr/include/./hdf5/serial/H5Ppublic.h
/usr/include/./hdf5/serial/H5DSpublic.h
/usr/include/./hdf5/serial/H5version.h
/usr/include/./hdf5/serial/H5LTpublic.h
/usr/include/./hdf5/serial/H5Classes.h
/usr/include/./hdf5/serial/h5tb.mod
/usr/include/./hdf5/serial/H5Tpublic.h
/usr/include/./hdf5/serial/h5t_provisional.mod
/usr/include/./hdf5/serial/H5DataSet.h
/usr/include/./hdf5/serial/h5a_provisional.mod
/usr/include/./hdf5/serial/h5ds.mod
/usr/include/./hdf5/serial/h5s.mod
/usr/include/./hdf5/serial/H5DcreatProp.h
/usr/include/./hdf5/serial/h5p.mod
/usr/include/./hdf5/serial/h5g.mod
/usr/include/./hdf5/serial/H5Spublic.h
/usr/include/./hdf5/serial/H5AbstractDs.h
/usr/include/./hdf5/serial/H5f90i.h
/usr/include/./hdf5/serial/H5Exception.h
/usr/include/./hdf5/serial/h5r.mod
/usr/include/./hdf5/serial/h5a.mod
/usr/include/./hdf5/serial/H5FDpublic.h
/usr/include/./hdf5/serial/H5Include.h
/usr/include/./limits.h
/usr/include/./grp.h
/usr/include/./signal.h
/usr/include/./sudo_plugin.h
/usr/include/./mqueue.h
/usr/include/./pthread.h
/usr/include/./wordexp.h
/usr/include/./nl_types.h
/usr/include/./termio.h
/usr/include/./complex.h
/usr/include/./reglib
/usr/include/./reglib/reglib.h
/usr/include/./reglib/nl80211.h
/usr/include/./reglib/regdb.h
/usr/include/./netcdf_meta.h
/usr/include/./inttypes.h
/usr/include/./assuan.h
/usr/include/./link.h
/usr/include/./xlocale.h
/usr/include/./search.h
/usr/include/./exodusII.h
/usr/include/./strings.h
/usr/include/./nss.h
/usr/include/./iconv.h
/usr/include/./wctype.h
/usr/include/./gnu-versions.h
/usr/include/./tgmath.h
/usr/include/./gnumake.h
/usr/include/./netax25
/usr/include/./netax25/ax25.h
/usr/include/./sched.h
/usr/include/./setjmp.h
/usr/include/./x86_64-linux-gnu
/usr/include/./x86_64-linux-gnu/bits
/usr/include/./x86_64-linux-gnu/bits/select2.h
/usr/include/./x86_64-linux-gnu/bits/dirent.h
/usr/include/./x86_64-linux-gnu/bits/sigset.h
/usr/include/./x86_64-linux-gnu/bits/msq.h
/usr/include/./x86_64-linux-gnu/bits/statfs.h
/usr/include/./x86_64-linux-gnu/bits/libc-lock.h
/usr/include/./x86_64-linux-gnu/bits/string.h
/usr/include/./x86_64-linux-gnu/bits/uio.h
/usr/include/./x86_64-linux-gnu/bits/waitstatus.h
/usr/include/./x86_64-linux-gnu/bits/statvfs.h
/usr/include/./x86_64-linux-gnu/bits/timex.h
/usr/include/./x86_64-linux-gnu/bits/ioctls.h
/usr/include/./x86_64-linux-gnu/bits/syslog.h
/usr/include/./x86_64-linux-gnu/bits/xopen_lim.h
/usr/include/./x86_64-linux-gnu/bits/poll.h
/usr/include/./x86_64-linux-gnu/bits/confname.h
/usr/include/./x86_64-linux-gnu/bits/fenv.h
/usr/include/./x86_64-linux-gnu/bits/auxv.h
/usr/include/./x86_64-linux-gnu/bits/stdlib-bsearch.h
/usr/include/./x86_64-linux-gnu/bits/sockaddr.h
/usr/include/./x86_64-linux-gnu/bits/select.h
/usr/include/./x86_64-linux-gnu/bits/wordsize.h
/usr/include/./x86_64-linux-gnu/bits/error.h
/usr/include/./x86_64-linux-gnu/bits/huge_val.h
/usr/include/./x86_64-linux-gnu/bits/wchar2.h
/usr/include/./x86_64-linux-gnu/bits/sys_errlist.h
/usr/include/./x86_64-linux-gnu/bits/syslog-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/socket2.h
/usr/include/./x86_64-linux-gnu/bits/in.h
/usr/include/./x86_64-linux-gnu/bits/mathinline.h
/usr/include/./x86_64-linux-gnu/bits/dlfcn.h
/usr/include/./x86_64-linux-gnu/bits/eventfd.h
/usr/include/./x86_64-linux-gnu/bits/stdio-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/math-finite.h
/usr/include/./x86_64-linux-gnu/bits/mman.h
/usr/include/./x86_64-linux-gnu/bits/huge_valf.h
/usr/include/./x86_64-linux-gnu/bits/mathdef.h
/usr/include/./x86_64-linux-gnu/bits/endian.h
/usr/include/./x86_64-linux-gnu/bits/param.h
/usr/include/./x86_64-linux-gnu/bits/semaphore.h
/usr/include/./x86_64-linux-gnu/bits/resource.h
/usr/include/./x86_64-linux-gnu/bits/byteswap-16.h
/usr/include/./x86_64-linux-gnu/bits/locale.h
/usr/include/./x86_64-linux-gnu/bits/signalfd.h
/usr/include/./x86_64-linux-gnu/bits/fenvinline.h
/usr/include/./x86_64-linux-gnu/bits/monetary-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/shm.h
/usr/include/./x86_64-linux-gnu/bits/siginfo.h
/usr/include/./x86_64-linux-gnu/bits/syscall.h
/usr/include/./x86_64-linux-gnu/bits/a.out.h
/usr/include/./x86_64-linux-gnu/bits/stdio-lock.h
/usr/include/./x86_64-linux-gnu/bits/inotify.h
/usr/include/./x86_64-linux-gnu/bits/utsname.h
/usr/include/./x86_64-linux-gnu/bits/posix1_lim.h
/usr/include/./x86_64-linux-gnu/bits/xtitypes.h
/usr/include/./x86_64-linux-gnu/bits/string3.h
/usr/include/./x86_64-linux-gnu/bits/stdio.h
/usr/include/./x86_64-linux-gnu/bits/socket_type.h
/usr/include/./x86_64-linux-gnu/bits/fcntl.h
/usr/include/./x86_64-linux-gnu/bits/mqueue2.h
/usr/include/./x86_64-linux-gnu/bits/sigaction.h
/usr/include/./x86_64-linux-gnu/bits/pthreadtypes.h
/usr/include/./x86_64-linux-gnu/bits/time.h
/usr/include/./x86_64-linux-gnu/bits/stdlib.h
/usr/include/./x86_64-linux-gnu/bits/syslog-path.h
/usr/include/./x86_64-linux-gnu/bits/environments.h
/usr/include/./x86_64-linux-gnu/bits/timerfd.h
/usr/include/./x86_64-linux-gnu/bits/waitflags.h
/usr/include/./x86_64-linux-gnu/bits/sigstack.h
/usr/include/./x86_64-linux-gnu/bits/mman-linux.h
/usr/include/./x86_64-linux-gnu/bits/string2.h
/usr/include/./x86_64-linux-gnu/bits/utmp.h
/usr/include/./x86_64-linux-gnu/bits/errno.h
/usr/include/./x86_64-linux-gnu/bits/wchar-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/poll2.h
/usr/include/./x86_64-linux-gnu/bits/sigcontext.h
/usr/include/./x86_64-linux-gnu/bits/cmathcalls.h
/usr/include/./x86_64-linux-gnu/bits/posix_opt.h
/usr/include/./x86_64-linux-gnu/bits/hwcap.h
/usr/include/./x86_64-linux-gnu/bits/elfclass.h
/usr/include/./x86_64-linux-gnu/bits/unistd.h
/usr/include/./x86_64-linux-gnu/bits/libio-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/wchar.h
/usr/include/./x86_64-linux-gnu/bits/ustat.h
/usr/include/./x86_64-linux-gnu/bits/netdb.h
/usr/include/./x86_64-linux-gnu/bits/ipc.h
/usr/include/./x86_64-linux-gnu/bits/stdlib-float.h
/usr/include/./x86_64-linux-gnu/bits/ioctl-types.h
/usr/include/./x86_64-linux-gnu/bits/ipctypes.h
/usr/include/./x86_64-linux-gnu/bits/stropts.h
/usr/include/./x86_64-linux-gnu/bits/posix2_lim.h
/usr/include/./x86_64-linux-gnu/bits/byteswap.h
/usr/include/./x86_64-linux-gnu/bits/termios.h
/usr/include/./x86_64-linux-gnu/bits/sigthread.h
/usr/include/./x86_64-linux-gnu/bits/sem.h
/usr/include/./x86_64-linux-gnu/bits/mqueue.h
/usr/include/./x86_64-linux-gnu/bits/sysctl.h
/usr/include/./x86_64-linux-gnu/bits/inf.h
/usr/include/./x86_64-linux-gnu/bits/huge_vall.h
/usr/include/./x86_64-linux-gnu/bits/local_lim.h
/usr/include/./x86_64-linux-gnu/bits/stdio2.h
/usr/include/./x86_64-linux-gnu/bits/stdio_lim.h
/usr/include/./x86_64-linux-gnu/bits/initspin.h
/usr/include/./x86_64-linux-gnu/bits/link.h
/usr/include/./x86_64-linux-gnu/bits/nan.h
/usr/include/./x86_64-linux-gnu/bits/epoll.h
/usr/include/./x86_64-linux-gnu/bits/types.h
/usr/include/./x86_64-linux-gnu/bits/socket.h
/usr/include/./x86_64-linux-gnu/bits/fcntl2.h
/usr/include/./x86_64-linux-gnu/bits/stat.h
/usr/include/./x86_64-linux-gnu/bits/printf-ldbl.h
/usr/include/./x86_64-linux-gnu/bits/typesizes.h
/usr/include/./x86_64-linux-gnu/bits/stab.def
/usr/include/./x86_64-linux-gnu/bits/signum.h
/usr/include/./x86_64-linux-gnu/bits/sched.h
/usr/include/./x86_64-linux-gnu/bits/mathcalls.h
/usr/include/./x86_64-linux-gnu/bits/setjmp.h
/usr/include/./x86_64-linux-gnu/bits/fcntl-linux.h
/usr/include/./x86_64-linux-gnu/bits/setjmp2.h
/usr/include/./x86_64-linux-gnu/bits/utmpx.h
/usr/include/./x86_64-linux-gnu/bits/stdlib-ldbl.h
/usr/include/./x86_64-linux-gnu/openssl
/usr/include/./x86_64-linux-gnu/openssl/opensslconf.h
/usr/include/./x86_64-linux-gnu/gnu
/usr/include/./x86_64-linux-gnu/gnu/lib-names-64.h
/usr/include/./x86_64-linux-gnu/gnu/lib-names.h
/usr/include/./x86_64-linux-gnu/gnu/libc-version.h
/usr/include/./x86_64-linux-gnu/gnu/stubs-64.h
/usr/include/./x86_64-linux-gnu/gnu/stubs.h
/usr/include/./x86_64-linux-gnu/zconf.h
/usr/include/./x86_64-linux-gnu/a.out.h
/usr/include/./x86_64-linux-gnu/sys
/usr/include/./x86_64-linux-gnu/sys/statfs.h
/usr/include/./x86_64-linux-gnu/sys/raw.h
/usr/include/./x86_64-linux-gnu/sys/sendfile.h
/usr/include/./x86_64-linux-gnu/sys/uio.h
/usr/include/./x86_64-linux-gnu/sys/timeb.h
/usr/include/./x86_64-linux-gnu/sys/ucontext.h
/usr/include/./x86_64-linux-gnu/sys/statvfs.h
/usr/include/./x86_64-linux-gnu/sys/timex.h
/usr/include/./x86_64-linux-gnu/sys/swap.h
/usr/include/./x86_64-linux-gnu/sys/syslog.h
/usr/include/./x86_64-linux-gnu/sys/io.h
/usr/include/./x86_64-linux-gnu/sys/poll.h
/usr/include/./x86_64-linux-gnu/sys/auxv.h
/usr/include/./x86_64-linux-gnu/sys/klog.h
/usr/include/./x86_64-linux-gnu/sys/select.h
/usr/include/./x86_64-linux-gnu/sys/ioctl.h
/usr/include/./x86_64-linux-gnu/sys/file.h
/usr/include/./x86_64-linux-gnu/sys/bitypes.h
/usr/include/./x86_64-linux-gnu/sys/soundcard.h
/usr/include/./x86_64-linux-gnu/sys/msg.h
/usr/include/./x86_64-linux-gnu/sys/mount.h
/usr/include/./x86_64-linux-gnu/sys/ttychars.h
/usr/include/./x86_64-linux-gnu/sys/wait.h
/usr/include/./x86_64-linux-gnu/sys/mtio.h
/usr/include/./x86_64-linux-gnu/sys/sysmacros.h
/usr/include/./x86_64-linux-gnu/sys/sysinfo.h
/usr/include/./x86_64-linux-gnu/sys/ultrasound.h
/usr/include/./x86_64-linux-gnu/sys/eventfd.h
/usr/include/./x86_64-linux-gnu/sys/mman.h
/usr/include/./x86_64-linux-gnu/sys/queue.h
/usr/include/./x86_64-linux-gnu/sys/param.h
/usr/include/./x86_64-linux-gnu/sys/kd.h
/usr/include/./x86_64-linux-gnu/sys/resource.h
/usr/include/./x86_64-linux-gnu/sys/signalfd.h
/usr/include/./x86_64-linux-gnu/sys/profil.h
/usr/include/./x86_64-linux-gnu/sys/procfs.h
/usr/include/./x86_64-linux-gnu/sys/vlimit.h
/usr/include/./x86_64-linux-gnu/sys/acct.h
/usr/include/./x86_64-linux-gnu/sys/cdefs.h
/usr/include/./x86_64-linux-gnu/sys/ptrace.h
/usr/include/./x86_64-linux-gnu/sys/shm.h
/usr/include/./x86_64-linux-gnu/sys/vt.h
/usr/include/./x86_64-linux-gnu/sys/syscall.h
/usr/include/./x86_64-linux-gnu/sys/prctl.h
/usr/include/./x86_64-linux-gnu/sys/xattr.h
/usr/include/./x86_64-linux-gnu/sys/inotify.h
/usr/include/./x86_64-linux-gnu/sys/utsname.h
/usr/include/./x86_64-linux-gnu/sys/fcntl.h
/usr/include/./x86_64-linux-gnu/sys/un.h
/usr/include/./x86_64-linux-gnu/sys/time.h
/usr/include/./x86_64-linux-gnu/sys/perm.h
/usr/include/./x86_64-linux-gnu/sys/timerfd.h
/usr/include/./x86_64-linux-gnu/sys/user.h
/usr/include/./x86_64-linux-gnu/sys/pci.h
/usr/include/./x86_64-linux-gnu/sys/errno.h
/usr/include/./x86_64-linux-gnu/sys/gmon_out.h
/usr/include/./x86_64-linux-gnu/sys/unistd.h
/usr/include/./x86_64-linux-gnu/sys/elf.h
/usr/include/./x86_64-linux-gnu/sys/reboot.h
/usr/include/./x86_64-linux-gnu/sys/ttydefaults.h
/usr/include/./x86_64-linux-gnu/sys/ustat.h
/usr/include/./x86_64-linux-gnu/sys/vfs.h
/usr/include/./x86_64-linux-gnu/sys/ipc.h
/usr/include/./x86_64-linux-gnu/sys/times.h
/usr/include/./x86_64-linux-gnu/sys/quota.h
/usr/include/./x86_64-linux-gnu/sys/debugreg.h
/usr/include/./x86_64-linux-gnu/sys/stropts.h
/usr/include/./x86_64-linux-gnu/sys/personality.h
/usr/include/./x86_64-linux-gnu/sys/termios.h
/usr/include/./x86_64-linux-gnu/sys/vm86.h
/usr/include/./x86_64-linux-gnu/sys/fanotify.h
/usr/include/./x86_64-linux-gnu/sys/signal.h
/usr/include/./x86_64-linux-gnu/sys/sem.h
/usr/include/./x86_64-linux-gnu/sys/gmon.h
/usr/include/./x86_64-linux-gnu/sys/sysctl.h
/usr/include/./x86_64-linux-gnu/sys/socketvar.h
/usr/include/./x86_64-linux-gnu/sys/epoll.h
/usr/include/./x86_64-linux-gnu/sys/types.h
/usr/include/./x86_64-linux-gnu/sys/kdaemon.h
/usr/include/./x86_64-linux-gnu/sys/socket.h
/usr/include/./x86_64-linux-gnu/sys/stat.h
/usr/include/./x86_64-linux-gnu/sys/reg.h
/usr/include/./x86_64-linux-gnu/sys/vtimes.h
/usr/include/./x86_64-linux-gnu/sys/dir.h
/usr/include/./x86_64-linux-gnu/sys/fsuid.h
/usr/include/./x86_64-linux-gnu/jconfig.h
/usr/include/./x86_64-linux-gnu/c++
/usr/include/./x86_64-linux-gnu/c++/5.2.1
/usr/include/./x86_64-linux-gnu/c++/5
/usr/include/./x86_64-linux-gnu/c++/5/bits
/usr/include/./x86_64-linux-gnu/c++/5/bits/stdtr1c++.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/cxxabi_tweaks.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++locale.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++config.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/ctype_inline.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/messages_members.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr-default.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/time_members.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr-single.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/stdc++.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/ctype_base.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/basic_file.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/gthr-posix.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++io.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/atomic_word.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/c++allocator.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/opt_random.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/os_defines.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/error_constants.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/extc++.h
/usr/include/./x86_64-linux-gnu/c++/5/bits/cpu_defines.h
/usr/include/./x86_64-linux-gnu/c++/5/ext
/usr/include/./x86_64-linux-gnu/c++/5/ext/opt_random.h
/usr/include/./x86_64-linux-gnu/fpu_control.h
/usr/include/./x86_64-linux-gnu/asm
/usr/include/./x86_64-linux-gnu/asm/kvm_para.h
/usr/include/./x86_64-linux-gnu/asm/hyperv.h
/usr/include/./x86_64-linux-gnu/asm/bitsperlong.h
/usr/include/./x86_64-linux-gnu/asm/statfs.h
/usr/include/./x86_64-linux-gnu/asm/hw_breakpoint.h
/usr/include/./x86_64-linux-gnu/asm/kvm_perf.h
/usr/include/./x86_64-linux-gnu/asm/ucontext.h
/usr/include/./x86_64-linux-gnu/asm/ioctls.h
/usr/include/./x86_64-linux-gnu/asm/poll.h
/usr/include/./x86_64-linux-gnu/asm/processor-flags.h
/usr/include/./x86_64-linux-gnu/asm/byteorder.h
/usr/include/./x86_64-linux-gnu/asm/sockios.h
/usr/include/./x86_64-linux-gnu/asm/kvm.h
/usr/include/./x86_64-linux-gnu/asm/ioctl.h
/usr/include/./x86_64-linux-gnu/asm/sembuf.h
/usr/include/./x86_64-linux-gnu/asm/posix_types_x32.h
/usr/include/./x86_64-linux-gnu/asm/e820.h
/usr/include/./x86_64-linux-gnu/asm/mman.h
/usr/include/./x86_64-linux-gnu/asm/msr.h
/usr/include/./x86_64-linux-gnu/asm/termbits.h
/usr/include/./x86_64-linux-gnu/asm/param.h
/usr/include/./x86_64-linux-gnu/asm/resource.h
/usr/include/./x86_64-linux-gnu/asm/ipcbuf.h
/usr/include/./x86_64-linux-gnu/asm/ist.h
/usr/include/./x86_64-linux-gnu/asm/boot.h
/usr/include/./x86_64-linux-gnu/asm/ptrace.h
/usr/include/./x86_64-linux-gnu/asm/siginfo.h
/usr/include/./x86_64-linux-gnu/asm/mce.h
/usr/include/./x86_64-linux-gnu/asm/a.out.h
/usr/include/./x86_64-linux-gnu/asm/prctl.h
/usr/include/./x86_64-linux-gnu/asm/svm.h
/usr/include/./x86_64-linux-gnu/asm/fcntl.h
/usr/include/./x86_64-linux-gnu/asm/posix_types.h
/usr/include/./x86_64-linux-gnu/asm/ptrace-abi.h
/usr/include/./x86_64-linux-gnu/asm/vmx.h
/usr/include/./x86_64-linux-gnu/asm/posix_types_32.h
/usr/include/./x86_64-linux-gnu/asm/errno.h
/usr/include/./x86_64-linux-gnu/asm/sigcontext.h
/usr/include/./x86_64-linux-gnu/asm/msr-index.h
/usr/include/./x86_64-linux-gnu/asm/swab.h
/usr/include/./x86_64-linux-gnu/asm/unistd_64.h
/usr/include/./x86_64-linux-gnu/asm/unistd.h
/usr/include/./x86_64-linux-gnu/asm/mtrr.h
/usr/include/./x86_64-linux-gnu/asm/posix_types_64.h
/usr/include/./x86_64-linux-gnu/asm/setup.h
/usr/include/./x86_64-linux-gnu/asm/msgbuf.h
/usr/include/./x86_64-linux-gnu/asm/unistd_32.h
/usr/include/./x86_64-linux-gnu/asm/auxvec.h
/usr/include/./x86_64-linux-gnu/asm/bootparam.h
/usr/include/./x86_64-linux-gnu/asm/debugreg.h
/usr/include/./x86_64-linux-gnu/asm/shmbuf.h
/usr/include/./x86_64-linux-gnu/asm/termios.h
/usr/include/./x86_64-linux-gnu/asm/vm86.h
/usr/include/./x86_64-linux-gnu/asm/signal.h
/usr/include/./x86_64-linux-gnu/asm/perf_regs.h
/usr/include/./x86_64-linux-gnu/asm/vsyscall.h
/usr/include/./x86_64-linux-gnu/asm/types.h
/usr/include/./x86_64-linux-gnu/asm/socket.h
/usr/include/./x86_64-linux-gnu/asm/stat.h
/usr/include/./x86_64-linux-gnu/asm/unistd_x32.h
/usr/include/./x86_64-linux-gnu/asm/ldt.h
/usr/include/./x86_64-linux-gnu/asm/sigcontext32.h
/usr/include/./x86_64-linux-gnu/ieee754.h
/usr/include/./tld.h
/usr/include/./netipx
/usr/include/./netipx/ipx.h
/usr/include/./_G_config.h
/usr/include/./bzlib.h
/usr/include/./prelude-lml
/usr/include/./prelude-lml/prelude-lml.h
/usr/include/./dlg_keys.h
/usr/include/./jmorecfg.h
/usr/include/./utmpx.h
.
./check_wtmpx
./chkproc
./chklastlog
./chkwtmp
./chkdirs
./chkutmp
./ifpromisc
./strings-static
###
### Output of: /bin/ls -l /usr/lib/tcl5.3
###
/bin/ls: cannot access /usr/lib/tcl5.3: No such file or directory
###
### Output of: /bin/ls -l //usr/local/sbin/rootedoor
###
/bin/ls: cannot access //usr/local/sbin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //usr/local/bin/rootedoor
###
/bin/ls: cannot access //usr/local/bin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //usr/sbin/rootedoor
###
/bin/ls: cannot access //usr/sbin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //usr/bin/rootedoor
###
/bin/ls: cannot access //usr/bin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //sbin/rootedoor
###
/bin/ls: cannot access //sbin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l //bin/rootedoor
###
/bin/ls: cannot access //bin/rootedoor: No such file or directory
###
### Output of: /bin/ls -l /etc/.enyeOCULTAR.ko
###
/bin/ls: cannot access /etc/.enyeOCULTAR.ko: No such file or directory
###
### Output of: /usr/bin/ssh -G 2>&1  | grep -e illegal -e unknow
###
###
### Output of: /usr/bin/find //tmp //var/tmp  -name vuln.txt -o -name ssh-scan -o -name pscan2
###
###
### Output of: /usr/bin/find //home/ruut -maxdepth 1 -name .*history  -size 0
###
###
### Output of: /usr/bin/find //home/ruut -maxdepth 1 -name .*history  \( -links 2 -o -type l \)
###
###
### Output of: /bin/egrep ^asp /etc/inetd.conf
###
###
### Output of: /usr/bin/strings -a asp
###
/usr/bin/strings: 'asp': No such file
###
### Output of: /bin/netstat -an
###
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State     
tcp        0      0 127.0.0.1:587          0.0.0.0:*              LISTEN   
tcp        0      0 127.0.1.1:53            0.0.0.0:*              LISTEN   
tcp        0      0 127.0.0.1:631          0.0.0.0:*              LISTEN   
tcp        0      0 127.0.0.1:25            0.0.0.0:*              LISTEN   
tcp        1      0 192.168.178.20:57132    91.189.94.25:80        CLOSE_WAIT
tcp6      0      0 :::3142                :::*                    LISTEN   
tcp6      0      0 ::1:631                :::*                    LISTEN   
udp        0      0 0.0.0.0:36708          0.0.0.0:*                         
udp        0      0 127.0.1.1:53            0.0.0.0:*                         
udp        0      0 0.0.0.0:68              0.0.0.0:*                         
udp        0      0 0.0.0.0:60434          0.0.0.0:*                         
udp        0      0 0.0.0.0:5353            0.0.0.0:*                         
udp6      0      0 :::44591                :::*                             
udp6      0      0 :::33616                :::*                             
udp6      0      0 :::5353                :::*                             
raw        0      0 0.0.0.0:255            0.0.0.0:*              7         
raw6      0      0 :::58                  :::*                    7         
raw6      0      0 :::255                  :::*                    7         
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags      Type      State        I-Node  Path
unix  2      [ ]        DGRAM                    18995    /run/user/1000/systemd/notify
unix  2      [ ACC ]    STREAM    LISTENING    18996    /run/user/1000/systemd/private
unix  2      [ ACC ]    SEQPACKET  LISTENING    10485    /run/udev/control
unix  2      [ ACC ]    STREAM    LISTENING    19025    /run/user/1000/keyring/control
unix  2      [ ACC ]    STREAM    LISTENING    17184    /tmp/.X11-unix/X0
unix  2      [ ACC ]    STREAM    LISTENING    3178285  /tmp/aptdaemon-hKA7W_/debconf.socket
unix  2      [ ACC ]    STREAM    LISTENING    19264    /run/user/1000/keyring/pkcs11
unix  2      [ ACC ]    STREAM    LISTENING    14057    /sys/fs/cgroup/cgmanager/sock
unix  2      [ ACC ]    STREAM    LISTENING    19266    /run/user/1000/keyring/ssh
unix  2      [ ACC ]    STREAM    LISTENING    20155    /run/user/1000/pulse/native
unix  2      [ ACC ]    STREAM    LISTENING    19183    /tmp/gpg-LYCBI3/S.gpg-agent
unix  2      [ ACC ]    STREAM    LISTENING    155592  /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]    STREAM    LISTENING    20058    /tmp/.ICE-unix/1803
unix  2      [ ACC ]    STREAM    LISTENING    20057    @/tmp/.ICE-unix/1803
unix  2      [ ACC ]    STREAM    LISTENING    17183    @/tmp/.X11-unix/X0
unix  2      [ ACC ]    STREAM    LISTENING    1382143  /tmp/.vbox-ruut-ipc/ipcd
unix  2      [ ACC ]    STREAM    LISTENING    263089  /var/run/clamav/clamav-milter.ctl
unix  2      [ ACC ]    STREAM    LISTENING    31302    @/tmp/dbus-spzT7OkGtL
unix  2      [ ACC ]    STREAM    LISTENING    262853  /run/clamav/clamd.ctl
unix  2      [ ACC ]    STREAM    LISTENING    19806    @/tmp/dbus-hdL1ikuldS
unix  2      [ ACC ]    STREAM    LISTENING    563003  @ruut-com.canonical.Unity.Scope.files.T54566403189377
unix  2      [ ACC ]    STREAM    LISTENING    19318    @/tmp/dbus-HWsxYgltc7
unix  2      [ ACC ]    STREAM    LISTENING    13654    /run/acpid.socket
unix  2      [ ]        DGRAM                    10470    /run/systemd/notify
unix  2      [ ACC ]    STREAM    LISTENING    10471    /run/systemd/private
unix  2      [ ACC ]    STREAM    LISTENING    10482    /run/systemd/journal/stdout
unix  7      [ ]        DGRAM                    10483    /run/systemd/journal/socket
unix  2      [ ACC ]    STREAM    LISTENING    13655    /run/uuidd/request
unix  2      [ ACC ]    STREAM    LISTENING    13657    /var/run/avahi-daemon/socket
unix  2      [ ACC ]    STREAM    LISTENING    10484    /run/lvm/lvmpolld.socket
unix  2      [ ACC ]    STREAM    LISTENING    13659    /var/run/dbus/system_bus_socket
unix  22    [ ]        DGRAM                    10486    /run/systemd/journal/dev-log
unix  2      [ ACC ]    STREAM    LISTENING    10490    /run/systemd/fsck.progress
unix  2      [ ACC ]    STREAM    LISTENING    10491    /run/lvm/lvmetad.socket
unix  2      [ ACC ]    STREAM    LISTENING    19769    @/com/ubuntu/upstart-session/1000/1616
unix  2      [ ]        DGRAM                    9891    /run/systemd/journal/syslog
unix  2      [ ACC ]    STREAM    LISTENING    220957  /var/run/cups/cups.sock
unix  2      [ ACC ]    STREAM    LISTENING    599726  @ruut-com.canonical.Unity.Master.Scope.applications.T54564518794383
unix  2      [ ACC ]    STREAM    LISTENING    599767  @ruut-com.canonical.Unity.Scope.scopes.T54564604745408
unix  2      [ ACC ]    STREAM    LISTENING    16510    /var/run/NetworkManager/private
unix  2      [ ACC ]    STREAM    LISTENING    16868    /var/run/NetworkManager/private-dhcp
unix  2      [ ACC ]    STREAM    LISTENING    599733  @ruut-com.canonical.Unity.Master.Scope.files.T54564521425825
unix  2      [ ACC ]    STREAM    LISTENING    19867    @/tmp/dbus-HrCqHDIX
unix  2      [ ACC ]    STREAM    LISTENING    599764  @ruut-com.canonical.Unity.Scope.applications.T54564593521530
unix  2      [ ACC ]    STREAM    LISTENING    469064  @ruut-com.canonical.Unity.Scope.applications.T54240662904203
unix  2      [ ACC ]    STREAM    LISTENING    4030452  @ruut-com.canonical.Unity.Master.Scope.music.T62797063523039
unix  2      [ ACC ]    STREAM    LISTENING    469065  @ruut-com.canonical.Unity.Scope.scopes.T54240773952
unix  2      [ ACC ]    STREAM    LISTENING    20437    /var/run/sendmail/mta/smcontrol
unix  3      [ ]        DGRAM                    1370266 
unix  3      [ ]        STREAM    CONNECTED    221419 
unix  3      [ ]        STREAM    CONNECTED    220953  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    146313  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    119855 
unix  3      [ ]        STREAM    CONNECTED    21518    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20458   
unix  3      [ ]        STREAM    CONNECTED    19943   
unix  3      [ ]        STREAM    CONNECTED    21356   
unix  3      [ ]        STREAM    CONNECTED    20934    @/tmp/.X11-unix/X0
unix  2      [ ]        DGRAM                    10936   
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    22915   
unix  3      [ ]        STREAM    CONNECTED    16449   
unix  3      [ ]        STREAM    CONNECTED    21938   
unix  3      [ ]        STREAM    CONNECTED    20290    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20563    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21085    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20860   
unix  3      [ ]        STREAM    CONNECTED    18424   
unix  3      [ ]        STREAM    CONNECTED    15328   
unix  3      [ ]        STREAM    CONNECTED    20152    @/tmp/.X11-unix/X0
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        DGRAM                    340522 
unix  3      [ ]        STREAM    CONNECTED    22682   
unix  3      [ ]        STREAM    CONNECTED    18421    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20352    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    14006    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    108703  @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    22876   
unix  3      [ ]        STREAM    CONNECTED    20283   
unix  3      [ ]        STREAM    CONNECTED    20258   
unix  3      [ ]        STREAM    CONNECTED    20252    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    19847    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    155044 
unix  3      [ ]        STREAM    CONNECTED    119848  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    22997    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21530   
unix  3      [ ]        STREAM    CONNECTED    20276   
unix  3      [ ]        STREAM    CONNECTED    19293    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    15061   
unix  3      [ ]        STREAM    CONNECTED    599742  @ruut-com.canonical.Unity.Master.Scope.applications.T54564518794383
unix  3      [ ]        STREAM    CONNECTED    108487  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    1772183  @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    19336   
unix  3      [ ]        STREAM    CONNECTED    19160   
unix  3      [ ]        STREAM    CONNECTED    2410483  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    164059 
unix  3      [ ]        STREAM    CONNECTED    22787    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    21625    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21506    /run/systemd/journal/stdout
unix  2      [ ]        DGRAM                    1787512 
unix  3      [ ]        STREAM    CONNECTED    23005    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21342   
unix  3      [ ]        STREAM    CONNECTED    20686   
unix  3      [ ]        STREAM    CONNECTED    19871    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21413   
unix  3      [ ]        STREAM    CONNECTED    17597    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    108701  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20643    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19973   
unix  3      [ ]        STREAM    CONNECTED    15329    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    5243642 
unix  3      [ ]        STREAM    CONNECTED    18425    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21152   
unix  3      [ ]        STREAM    CONNECTED    600429  @ruut-com.canonical.Unity.Scope.files.T54566403189377
unix  3      [ ]        STREAM    CONNECTED    119861  /run/systemd/journal/stdout
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    1382144 
unix  3      [ ]        STREAM    CONNECTED    232063  @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    19434   
unix  3      [ ]        STREAM    CONNECTED    2699145 
unix  3      [ ]        STREAM    CONNECTED    22879   
unix  3      [ ]        STREAM    CONNECTED    20249    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19451    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    19849   
unix  3      [ ]        STREAM    CONNECTED    4030453 
unix  3      [ ]        STREAM    CONNECTED    145157 
unix  3      [ ]        STREAM    CONNECTED    108696 
unix  3      [ ]        STREAM    CONNECTED    21812   
unix  3      [ ]        STREAM    CONNECTED    20466   
unix  3      [ ]        STREAM    CONNECTED    19454    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19288    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        DGRAM                    13509   
unix  3      [ ]        STREAM    CONNECTED    2719462 
unix  3      [ ]        STREAM    CONNECTED    308681  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20672    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    17496    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21922    @/dbus-vfs-daemon/socket-cjFpCW8G
unix  3      [ ]        STREAM    CONNECTED    2719463  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    1786729  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    1370184 
unix  3      [ ]        STREAM    CONNECTED    464362 
unix  3      [ ]        STREAM    CONNECTED    119864  @/tmp/dbus-hdL1ikuldS
unix  2      [ ]        DGRAM                    20327   
unix  3      [ ]        STREAM    CONNECTED    20022   
unix  3      [ ]        STREAM    CONNECTED    15463    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20825    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    32380   
unix  3      [ ]        STREAM    CONNECTED    16511   
unix  3      [ ]        STREAM    CONNECTED    19374   
unix  3      [ ]        STREAM    CONNECTED    21075   
unix  3      [ ]        STREAM    CONNECTED    220946  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20629   
unix  2      [ ]        DGRAM                    16185   
unix  3      [ ]        STREAM    CONNECTED    21932    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21664    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    32392   
unix  3      [ ]        STREAM    CONNECTED    119042 
unix  3      [ ]        STREAM    CONNECTED    19980   
unix  3      [ ]        STREAM    CONNECTED    19976   
unix  3      [ ]        STREAM    CONNECTED    220968 
unix  3      [ ]        STREAM    CONNECTED    20330    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    119046 
unix  3      [ ]        STREAM    CONNECTED    19634    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    14748    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    1383759  /tmp/.vbox-ruut-ipc/ipcd
unix  3      [ ]        STREAM    CONNECTED    17561   
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    232684 
unix  3      [ ]        STREAM    CONNECTED    108485  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21362    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20669    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    1782160 
unix  3      [ ]        STREAM    CONNECTED    2410482 
unix  3      [ ]        STREAM    CONNECTED    1370204  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    221414 
unix  3      [ ]        STREAM    CONNECTED    21789    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    21637    @/tmp/dbus-hdL1ikuldS
unix  2      [ ]        DGRAM                    14028   
unix  3      [ ]        STREAM    CONNECTED    31118    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    20930   
unix  3      [ ]        STREAM    CONNECTED    22031   
unix  3      [ ]        STREAM    CONNECTED    16850   
unix  3      [ ]        STREAM    CONNECTED    411414 
unix  3      [ ]        STREAM    CONNECTED    21461   
unix  3      [ ]        STREAM    CONNECTED    20443   
unix  3      [ ]        STREAM    CONNECTED    21931   
unix  3      [ ]        STREAM    CONNECTED    21148    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    15327   
unix  3      [ ]        STREAM    CONNECTED    22874    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19368    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    146277  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    31303   
unix  3      [ ]        STREAM    CONNECTED    20987    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    21473    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20271   
unix  3      [ ]        STREAM    CONNECTED    19325   
unix  3      [ ]        STREAM    CONNECTED    232683  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    22857   
unix  3      [ ]        STREAM    CONNECTED    20264    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20145    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    19969   
unix  3      [ ]        STREAM    CONNECTED    19161    /var/run/dbus/system_bus_socket
unix  2      [ ]        DGRAM                    19627   
unix  3      [ ]        STREAM    CONNECTED    23056    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20640   
unix  3      [ ]        STREAM    CONNECTED    19165   
unix  3      [ ]        STREAM    CONNECTED    21183    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    20611    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    13151   
unix  3      [ ]        STREAM    CONNECTED    232673 
unix  3      [ ]        STREAM    CONNECTED    20861    @/tmp/.ICE-unix/1803
unix  3      [ ]        DGRAM                    340521 
unix  3      [ ]        STREAM    CONNECTED    19547    /var/run/dbus/system_bus_socket
unix  3      [ ]        DGRAM                    1370265 
unix  3      [ ]        STREAM    CONNECTED    221409  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    146279 
unix  3      [ ]        STREAM    CONNECTED    21442   
unix  3      [ ]        STREAM    CONNECTED    19331    @/tmp/.X11-unix/X0
unix  3      [ ]        DGRAM                    11317   
unix  3      [ ]        STREAM    CONNECTED    464361 
unix  3      [ ]        STREAM    CONNECTED    21357   
unix  3      [ ]        STREAM    CONNECTED    20792    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    1795239 
unix  3      [ ]        STREAM    CONNECTED    308700 
unix  3      [ ]        STREAM    CONNECTED    232681 
unix  3      [ ]        STREAM    CONNECTED    119037 
unix  3      [ ]        STREAM    CONNECTED    21806    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20160    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19846   
unix  3      [ ]        STREAM    CONNECTED    599817 
unix  3      [ ]        STREAM    CONNECTED    19350    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19195    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21522   
unix  3      [ ]        STREAM    CONNECTED    20534    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    19292   
unix  3      [ ]        STREAM    CONNECTED    10064    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20990    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    23034   
unix  3      [ ]        STREAM    CONNECTED    22654   
unix  3      [ ]        STREAM    CONNECTED    20342    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21082   
unix  3      [ ]        STREAM    CONNECTED    16155    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20642   
unix  3      [ ]        STREAM    CONNECTED    19125   
unix  3      [ ]        STREAM    CONNECTED    14012   
unix  3      [ ]        STREAM    CONNECTED    20931    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    1779708 
unix  3      [ ]        STREAM    CONNECTED    108499 
unix  3      [ ]        STREAM    CONNECTED    21482    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20133   
unix  3      [ ]        STREAM    CONNECTED    1390216  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    220983 
unix  3      [ ]        STREAM    CONNECTED    146311  @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    21760   
unix  3      [ ]        STREAM    CONNECTED    21468   
unix  3      [ ]        STREAM    CONNECTED    1787520 
unix  3      [ ]        STREAM    CONNECTED    119049 
unix  3      [ ]        STREAM    CONNECTED    15314   
unix  3      [ ]        STREAM    CONNECTED    21354   
unix  3      [ ]        STREAM    CONNECTED    20310    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    10929   
unix  3      [ ]        STREAM    CONNECTED    562986  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20454    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    17495   
unix  3      [ ]        STREAM    CONNECTED    21810    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21248    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20581    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    20156   
unix  3      [ ]        STREAM    CONNECTED    562996 
unix  3      [ ]        STREAM    CONNECTED    599741 
unix  3      [ ]        STREAM    CONNECTED    21467   
unix  3      [ ]        STREAM    CONNECTED    119856  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21459    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19435    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    19287   
unix  3      [ ]        STREAM    CONNECTED    108493 
unix  3      [ ]        STREAM    CONNECTED    599852  @ruut-com.canonical.Unity.Scope.scopes.T54564604745408
unix  3      [ ]        STREAM    CONNECTED    19987   
unix  3      [ ]        STREAM    CONNECTED    16210   
unix  3      [ ]        STREAM    CONNECTED    18426   
unix  3      [ ]        STREAM    CONNECTED    232058  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20826   
unix  2      [ ]        DGRAM                    18989   
unix  3      [ ]        STREAM    CONNECTED    15591    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20646   
unix  3      [ ]        STREAM    CONNECTED    20005    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21076    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    20610   
unix  2      [ ]        DGRAM                    16830   
unix  3      [ ]        STREAM    CONNECTED    463482  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    119052  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20673   
unix  2      [ ]        STREAM    CONNECTED    4921556 
unix  3      [ ]        STREAM    CONNECTED    23019   
unix  3      [ ]        STREAM    CONNECTED    1370180  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    221422  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    119050 
unix  3      [ ]        STREAM    CONNECTED    21534    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21395   
unix  2      [ ]        DGRAM                    16448   
unix  3      [ ]        STREAM    CONNECTED    119851  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20272    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19977    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    148344  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20957   
unix  3      [ ]        STREAM    CONNECTED    22861   
unix  3      [ ]        STREAM    CONNECTED    20261   
unix  3      [ ]        STREAM    CONNECTED    20518   
unix  3      [ ]        STREAM    CONNECTED    19240    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19622   
unix  3      [ ]        STREAM    CONNECTED    1382146  /tmp/.vbox-ruut-ipc/ipcd
unix  3      [ ]        STREAM    CONNECTED    562988  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19168    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    108699 
unix  2      [ ]        DGRAM                    5001493 
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    22713   
unix  3      [ ]        STREAM    CONNECTED    19990    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    108495 
unix  3      [ ]        STREAM    CONNECTED    20885   
unix  3      [ ]        STREAM    CONNECTED    19948    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20447   
unix  3      [ ]        STREAM    CONNECTED    463555 
unix  3      [ ]        STREAM    CONNECTED    20831   
unix  3      [ ]        STREAM    CONNECTED    20153   
unix  2      [ ]        DGRAM                    308694 
unix  3      [ ]        STREAM    CONNECTED    21434    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20618    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    411444  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19369   
unix  3      [ ]        STREAM    CONNECTED    469134  @ruut-com.canonical.Unity.Scope.scopes.T54240773952
unix  3      [ ]        STREAM    CONNECTED    308701  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20460    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    19263   
unix  3      [ ]        STREAM    CONNECTED    14300    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    32394    @/tmp/.X11-unix/X0
unix  2      [ ]        DGRAM                    17907   
unix  3      [ ]        STREAM    CONNECTED    1772386 
unix  3      [ ]        STREAM    CONNECTED    1772186  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    146312 
unix  3      [ ]        STREAM    CONNECTED    21788   
unix  3      [ ]        STREAM    CONNECTED    21503    @/tmp/dbus-hdL1ikuldS
unix  2      [ ]        DGRAM                    20311   
unix  3      [ ]        STREAM    CONNECTED    599738 
unix  3      [ ]        STREAM    CONNECTED    145151 
unix  3      [ ]        STREAM    CONNECTED    20986   
unix  3      [ ]        STREAM    CONNECTED    20306   
unix  3      [ ]        STREAM    CONNECTED    21910   
unix  3      [ ]        STREAM    CONNECTED    21630    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    20269    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19324   
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    1379806  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    599818 
unix  3      [ ]        STREAM    CONNECTED    21177    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    15333    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    119040 
unix  3      [ ]        STREAM    CONNECTED    22858    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    20265   
unix  3      [ ]        STREAM    CONNECTED    20561   
unix  3      [ ]        STREAM    CONNECTED    19842    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    221407 
unix  3      [ ]        STREAM    CONNECTED    21147   
unix  3      [ ]        STREAM    CONNECTED    1199814 
unix  3      [ ]        STREAM    CONNECTED    21667    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    20004   
unix  3      [ ]        STREAM    CONNECTED    22655    @/dbus-vfs-daemon/socket-ZpqNbMpe
unix  3      [ ]        STREAM    CONNECTED    20577   
unix  3      [ ]        STREAM    CONNECTED    102124 
unix  3      [ ]        STREAM    CONNECTED    13994    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    108702 
unix  3      [ ]        STREAM    CONNECTED    19237   
unix  3      [ ]        STREAM    CONNECTED    469133 
unix  3      [ ]        STREAM    CONNECTED    22810   
unix  3      [ ]        STREAM    CONNECTED    20571    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    1379805 
unix  3      [ ]        STREAM    CONNECTED    599841 
unix  3      [ ]        STREAM    CONNECTED    20074    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    17488    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    119041 
unix  3      [ ]        STREAM    CONNECTED    20469   
unix  3      [ ]        STREAM    CONNECTED    20149   
unix  3      [ ]        STREAM    CONNECTED    19347    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    19220   
unix  3      [ ]        STREAM    CONNECTED    21011    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    1370305 
unix  3      [ ]        STREAM    CONNECTED    22788    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    21476   
unix  3      [ ]        STREAM    CONNECTED    19385    @/tmp/dbus-hdL1ikuldS
unix  2      [ ]        DGRAM                    16441   
unix  3      [ ]        STREAM    CONNECTED    1786731  /run/systemd/journal/stdout
unix  2      [ ]        DGRAM                    21360   
unix  3      [ ]        STREAM    CONNECTED    20935   
unix  3      [ ]        STREAM    CONNECTED    23004   
unix  3      [ ]        STREAM    CONNECTED    15330    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21505    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20288    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    18846   
unix  3      [ ]        STREAM    CONNECTED    21247   
unix  3      [ ]        STREAM    CONNECTED    20614    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    32393   
unix  3      [ ]        STREAM    CONNECTED    20832    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    21111   
unix  3      [ ]        STREAM    CONNECTED    14961   
unix  3      [ ]        STREAM    CONNECTED    600428 
unix  3      [ ]        STREAM    CONNECTED    19365    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    16135   
unix  3      [ ]        STREAM    CONNECTED    232062 
unix  3      [ ]        STREAM    CONNECTED    15760   
unix  3      [ ]        STREAM    CONNECTED    2719769  @/dbus-vfs-daemon/socket-QyhR3LsN
unix  3      [ ]        STREAM    CONNECTED    119047  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20791   
unix  3      [ ]        STREAM    CONNECTED    20633    /run/user/1000/pulse/native
unix  3      [ ]        STREAM    CONNECTED    19971   
unix  3      [ ]        STREAM    CONNECTED    19518    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21020   
unix  3      [ ]        STREAM    CONNECTED    20030   
unix  3      [ ]        STREAM    CONNECTED    23206   
unix  3      [ ]        STREAM    CONNECTED    20142   
unix  3      [ ]        STREAM    CONNECTED    19946    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    23207    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    19167   
unix  2      [ ]        STREAM    CONNECTED    5001490 
unix  3      [ ]        STREAM    CONNECTED    1772387 
unix  3      [ ]        STREAM    CONNECTED    1777643  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    22714    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    1787586  @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    232682  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    18778    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    464513 
unix  3      [ ]        STREAM    CONNECTED    308708  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20299    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21083    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    20647    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    17265   
unix  3      [ ]        STREAM    CONNECTED    21804   
unix  3      [ ]        STREAM    CONNECTED    20444    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    19338   
unix  3      [ ]        STREAM    CONNECTED    22081   
unix  3      [ ]        STREAM    CONNECTED    20886    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19394    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    16839    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    21662    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19373    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    21151   
unix  3      [ ]        STREAM    CONNECTED    15012   
unix  3      [ ]        STREAM    CONNECTED    22995    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21529   
unix  3      [ ]        STREAM    CONNECTED    20132   
unix  3      [ ]        STREAM    CONNECTED    19335   
unix  3      [ ]        STREAM    CONNECTED    4030454  @ruut-com.canonical.Unity.Master.Scope.music.T62797063523039
unix  3      [ ]        STREAM    CONNECTED    1370179 
unix  3      [ ]        STREAM    CONNECTED    308696 
unix  3      [ ]        STREAM    CONNECTED    21101    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    22859   
unix  3      [ ]        STREAM    CONNECTED    20262    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20566    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20519    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    1370267  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    599842  @ruut-com.canonical.Unity.Scope.applications.T54564593521530
unix  3      [ ]        STREAM    CONNECTED    462089 
unix  3      [ ]        STREAM    CONNECTED    15754   
unix  3      [ ]        STREAM    CONNECTED    14082   
unix  3      [ ]        STREAM    CONNECTED    1383756 
unix  3      [ ]        STREAM    CONNECTED    21436   
unix  3      [ ]        STREAM    CONNECTED    14299   
unix  3      [ ]        STREAM    CONNECTED    10934    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    108695 
unix  3      [ ]        STREAM    CONNECTED    13833   
unix  3      [ ]        STREAM    CONNECTED    1370203 
unix  3      [ ]        STREAM    CONNECTED    220972 
unix  3      [ ]        STREAM    CONNECTED    119867  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21796    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21627    @/dbus-vfs-daemon/socket-CYxQsFiz
unix  3      [ ]        STREAM    CONNECTED    20391   
unix  3      [ ]        STREAM    CONNECTED    1772215  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    22650   
unix  3      [ ]        STREAM    CONNECTED    463480  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    232065  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20864    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    21396    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19114   
unix  3      [ ]        STREAM    CONNECTED    22872    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19382   
unix  3      [ ]        STREAM    CONNECTED    31116    @/tmp/dbus-HWsxYgltc7
unix  2      [ ]        DGRAM                    21078   
unix  3      [ ]        STREAM    CONNECTED    411413 
unix  3      [ ]        STREAM    CONNECTED    22029   
unix  3      [ ]        STREAM    CONNECTED    232676 
unix  3      [ ]        STREAM    CONNECTED    23035    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    22674   
unix  3      [ ]        STREAM    CONNECTED    147343 
unix  3      [ ]        STREAM    CONNECTED    20989   
unix  3      [ ]        STREAM    CONNECTED    21904    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21523    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20560    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        DGRAM                    13508   
unix  3      [ ]        STREAM    CONNECTED    17588    /run/acpid.socket
unix  3      [ ]        STREAM    CONNECTED    14144    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    22877   
unix  3      [ ]        STREAM    CONNECTED    20612    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20157   
unix  3      [ ]        STREAM    CONNECTED    20562    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19812   
unix  3      [ ]        DGRAM                    13510   
unix  2      [ ]        DGRAM                    3461558 
unix  3      [ ]        STREAM    CONNECTED    108500 
unix  3      [ ]        STREAM    CONNECTED    19970    @/tmp/.X11-unix/X0
unix  2      [ ]        DGRAM                    15324   
unix  3      [ ]        STREAM    CONNECTED    21384    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20392   
unix  3      [ ]        STREAM    CONNECTED    19261   
unix  3      [ ]        STREAM    CONNECTED    15430    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    1370227 
unix  3      [ ]        STREAM    CONNECTED    22619   
unix  3      [ ]        STREAM    CONNECTED    20307    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    22652   
unix  3      [ ]        STREAM    CONNECTED    19117    @/com/ubuntu/upstart-session/1000/1616
unix  3      [ ]        STREAM    CONNECTED    20827    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    13479    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    411446  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20446    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19370    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    22811    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    20248   
unix  3      [ ]        STREAM    CONNECTED    19450   
unix  3      [ ]        STREAM    CONNECTED    19770   
unix  3      [ ]        STREAM    CONNECTED    19194   
unix  3      [ ]        STREAM    CONNECTED    17487   
unix  3      [ ]        STREAM    CONNECTED    119854  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21460    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20624    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19291   
unix  3      [ ]        STREAM    CONNECTED    9996   
unix  3      [ ]        STREAM    CONNECTED    562997  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    599743  @ruut-com.canonical.Unity.Master.Scope.files.T54564521425825
unix  3      [ ]        STREAM    CONNECTED    21010   
unix  3      [ ]        STREAM    CONNECTED    19989   
unix  3      [ ]        STREAM    CONNECTED    14901    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    32101   
unix  3      [ ]        STREAM    CONNECTED    19945   
unix  3      [ ]        STREAM    CONNECTED    20462    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20639   
unix  3      [ ]        STREAM    CONNECTED    19515    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21508    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21100   
unix  3      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  3      [ ]        STREAM    CONNECTED    31117   
unix  3      [ ]        STREAM    CONNECTED    20863   
unix  3      [ ]        STREAM    CONNECTED    21638    @/dbus-vfs-daemon/socket-LgBY86qL
unix  3      [ ]        STREAM    CONNECTED    18921   
unix  2      [ ]        DGRAM                    16509   
unix  3      [ ]        STREAM    CONNECTED    1772187 
unix  3      [ ]        STREAM    CONNECTED    220976  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    220969  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    146310 
unix  3      [ ]        STREAM    CONNECTED    21761   
unix  3      [ ]        STREAM    CONNECTED    21527    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20448    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    16442   
unix  3      [ ]        STREAM    CONNECTED    462090  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    21361   
unix  3      [ ]        STREAM    CONNECTED    20933   
unix  3      [ ]        STREAM    CONNECTED    14010    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    119038  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21829    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    20573   
unix  3      [ ]        STREAM    CONNECTED    232064 
unix  3      [ ]        STREAM    CONNECTED    21343    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    15755    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21811    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21443    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20936    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19346    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19517   
unix  3      [ ]        STREAM    CONNECTED    22617   
unix  3      [ ]        STREAM    CONNECTED    21021    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21813    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21629   
unix  3      [ ]        STREAM    CONNECTED    20076   
unix  3      [ ]        STREAM    CONNECTED    15528    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21112    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19974    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    599851 
unix  3      [ ]        STREAM    CONNECTED    18420   
unix  3      [ ]        STREAM    CONNECTED    19243   
unix  3      [ ]        STREAM    CONNECTED    108700  @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    21084   
unix  3      [ ]        STREAM    CONNECTED    20617   
unix  2      [ ]        DGRAM                    16964   
unix  3      [ ]        STREAM    CONNECTED    21444   
unix  3      [ ]        STREAM    CONNECTED    19339    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    31294    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    20151   
unix  3      [ ]        STREAM    CONNECTED    232674  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    22082    @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    1782161  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19330    @/tmp/dbus-HWsxYgltc7
unix  3      [ ]        STREAM    CONNECTED    1772185 
unix  3      [ ]        STREAM    CONNECTED    165008  /run/user/1000/pulse/native
unix  3      [ ]        STREAM    CONNECTED    146280  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    32391   
unix  3      [ ]        STREAM    CONNECTED    21668   
unix  3      [ ]        STREAM    CONNECTED    21470   
unix  3      [ ]        STREAM    CONNECTED    119868 
unix  3      [ ]        STREAM    CONNECTED    15072   
unix  3      [ ]        STREAM    CONNECTED    340576 
unix  3      [ ]        STREAM    CONNECTED    21355   
unix  3      [ ]        STREAM    CONNECTED    21179    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    21909   
unix  3      [ ]        STREAM    CONNECTED    21479    @/tmp/.X11-unix/X0
unix  3      [ ]        DGRAM                    11316   
unix  2      [ ]        DGRAM                    20961   
unix  3      [ ]        STREAM    CONNECTED    21797    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20263   
unix  3      [ ]        STREAM    CONNECTED    20551   
unix  3      [ ]        STREAM    CONNECTED    19128    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    14743   
unix  2      [ ]        STREAM    CONNECTING    0        /run/clamav/clamd.ctl
unix  2      [ ]        DGRAM                    17580   
unix  3      [ ]        STREAM    CONNECTED    23030    /var/run/dbus/system_bus_socket
unix  2      [ ]        DGRAM                    16154   
unix  3      [ ]        STREAM    CONNECTED    23037   
unix  3      [ ]        STREAM    CONNECTED    22675   
unix  3      [ ]        STREAM    CONNECTED    102125  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    14900   
unix  3      [ ]        STREAM    CONNECTED    469078  @ruut-com.canonical.Unity.Scope.applications.T54240662904203
unix  3      [ ]        STREAM    CONNECTED    220980  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    20824   
unix  3      [ ]        STREAM    CONNECTED    32397    @/tmp/dbus-spzT7OkGtL
unix  3      [ ]        STREAM    CONNECTED    16474   
unix  3      [ ]        STREAM    CONNECTED    20279    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    19383    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    19166    @/com/ubuntu/upstart-session/1000/1616
unix  3      [ ]        STREAM    CONNECTED    21182   
unix  3      [ ]        STREAM    CONNECTED    20613   
unix  3      [ ]        STREAM    CONNECTED    340513 
unix  3      [ ]        STREAM    CONNECTED    21392   
unix  3      [ ]        STREAM    CONNECTED    20671   
unix  3      [ ]        STREAM    CONNECTED    1787521  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    14904    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    1378151  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    220952 
unix  3      [ ]        STREAM    CONNECTED    119051 
unix  3      [ ]        STREAM    CONNECTED    21795   
unix  3      [ ]        STREAM    CONNECTED    21502   
unix  3      [ ]        STREAM    CONNECTED    21393    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    20159    /run/user/1000/pulse/native
unix  3      [ ]        STREAM    CONNECTED    1777508 
unix  3      [ ]        STREAM    CONNECTED    19222    @/com/ubuntu/upstart-session/1000/1616
unix  3      [ ]        STREAM    CONNECTED    21023   
unix  3      [ ]        STREAM    CONNECTED    21903   
unix  3      [ ]        STREAM    CONNECTED    21525   
unix  3      [ ]        STREAM    CONNECTED    19452    /run/systemd/journal/stdout
unix  2      [ ]        DGRAM                    13504   
unix  3      [ ]        STREAM    CONNECTED    1384586 
unix  3      [ ]        STREAM    CONNECTED    154108  /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    15761    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    14143   
unix  3      [ ]        STREAM    CONNECTED    21798    @/dbus-vfs-daemon/socket-qd3Q6D8q
unix  3      [ ]        STREAM    CONNECTED    20268   
unix  3      [ ]        STREAM    CONNECTED    20570   
unix  3      [ ]        STREAM    CONNECTED    19082    /var/run/dbus/system_bus_socket
unix  3      [ ]        DGRAM                    13511   
unix  3      [ ]        STREAM    CONNECTED    16957    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    308695 
unix  3      [ ]        STREAM    CONNECTED    221420 
unix  3      [ ]        STREAM    CONNECTED    108494  @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    21660    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19988   
unix  3      [ ]        STREAM    CONNECTED    19124   
unix  3      [ ]        STREAM    CONNECTED    16512    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21024    /run/systemd/journal/stdout
unix  3      [ ]        STREAM    CONNECTED    19172   
unix  3      [ ]        STREAM    CONNECTED    22030    @/tmp/.X11-unix/X0
unix  3      [ ]        STREAM    CONNECTED    22032    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    20445   
unix  2      [ ]        DGRAM                    4921560 
unix  3      [ ]        STREAM    CONNECTED    15332    /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    21383   
unix  3      [ ]        STREAM    CONNECTED    20668   
unix  3      [ ]        STREAM    CONNECTED    19872    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    15409   
unix  3      [ ]        STREAM    CONNECTED    19850    @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    19813    @/com/ubuntu/upstart-session/1000/1616
unix  3      [ ]        STREAM    CONNECTED    1370228  @/tmp/dbus-HrCqHDIX
unix  3      [ ]        STREAM    CONNECTED    464514  @/tmp/dbus-hdL1ikuldS
unix  3      [ ]        STREAM    CONNECTED    220973  /var/run/dbus/system_bus_socket
unix  3      [ ]        STREAM    CONNECTED    145156 
unix  3      [ ]        STREAM    CONNECTED    21803   
unix  3      [ ]        STREAM    CONNECTED    21501   
unix  2      [ ]        STREAM    CONNECTED    20308   
###
### Output of: ./chkproc -v -v -p 3
###
CWD  703: /
EXE  703: /lib/systemd/systemd-timesyncd
CWD  859: /
EXE  859: /usr/sbin/rsyslogd
CWD  860: /
EXE  860: /usr/sbin/rsyslogd
CWD  861: /
EXE  861: /usr/sbin/rsyslogd
CWD  862: /
EXE  862: /usr/lib/accountsservice/accounts-daemon
CWD  870: /
EXE  870: /usr/lib/accountsservice/accounts-daemon
CWD  892: /
EXE  892: /usr/sbin/ModemManager
CWD  894: /
EXE  894: /usr/sbin/ModemManager
CWD  900: /
EXE  900: /usr/lib/policykit-1/polkitd
CWD  902: /
EXE  902: /usr/lib/policykit-1/polkitd
CWD  903: /
EXE  903: /usr/sbin/thermald
CWD  908: /
EXE  908: /usr/sbin/NetworkManager
CWD  936: /
EXE  936: /usr/sbin/NetworkManager
CWD  1284: /
EXE  1284: /usr/sbin/lightdm
CWD  1286: /
EXE  1286: /usr/sbin/lightdm
CWD  1299: /
EXE  1299: /usr/bin/Xorg
CWD  1477: /
EXE  1477: /usr/lib/upower/upowerd
CWD  1478: /
EXE  1478: /usr/lib/upower/upowerd
CWD  1498: /
EXE  1498: /usr/lib/colord/colord
CWD  1500: /
EXE  1500: /usr/lib/colord/colord
CWD  1508: /
EXE  1508: /usr/sbin/lightdm
CWD  1509: /
EXE  1509: /usr/sbin/lightdm
CWD  1610: /
EXE  1610: /usr/bin/gnome-keyring-daemon
CWD  1742: /
EXE  1742: /usr/bin/gnome-keyring-daemon
CWD  1743: /
EXE  1743: /usr/bin/gnome-keyring-daemon
CWD  1744: /
EXE  1744: /usr/bin/gnome-keyring-daemon
CWD  1766: /home/ruut
EXE  1766: /usr/bin/ibus-daemon
CWD  1767: /home/ruut
EXE  1767: /usr/bin/ibus-daemon
CWD  1770: /
EXE  1770: /usr/lib/gvfs/gvfsd
CWD  1771: /
EXE  1771: /usr/lib/gvfs/gvfsd
CWD  1777: /
EXE  1777: /usr/lib/gvfs/gvfsd-fuse
CWD  1778: /
EXE  1778: /usr/lib/gvfs/gvfsd-fuse
CWD  1779: /
EXE  1779: /usr/lib/gvfs/gvfsd-fuse
CWD  1780: /
EXE  1780: /usr/lib/gvfs/gvfsd-fuse
CWD  1781: /
EXE  1781: /usr/lib/gvfs/gvfsd-fuse
CWD  1805: /home/ruut
EXE  1805: /usr/lib/ibus/ibus-dconf
CWD  1806: /home/ruut
EXE  1806: /usr/lib/ibus/ibus-dconf
CWD  1807: /home/ruut
EXE  1807: /usr/lib/at-spi2-core/at-spi-bus-launcher
CWD  1808: /home/ruut
EXE  1808: /usr/lib/at-spi2-core/at-spi-bus-launcher
CWD  1810: /home/ruut
EXE  1810: /usr/lib/at-spi2-core/at-spi-bus-launcher
CWD  1820: /home/ruut
EXE  1820: /usr/lib/at-spi2-core/at-spi2-registryd
CWD  1821: /home/ruut
EXE  1821: /usr/lib/at-spi2-core/at-spi2-registryd
CWD  1827: /home/ruut
EXE  1827: /usr/lib/unity/unity-panel-service
CWD  1828: /home/ruut
EXE  1828: /usr/lib/unity-settings-daemon/unity-settings-daemon
CWD  1829: /home/ruut
EXE  1829: /usr/lib/unity-settings-daemon/unity-settings-daemon
CWD  1830: /home/ruut
EXE  1830: /usr/lib/ibus/ibus-ui-gtk3
CWD  1831: /home/ruut
EXE  1831: /usr/lib/unity/unity-panel-service
CWD  1832: /home/ruut
EXE  1832: /usr/lib/unity/unity-panel-service
CWD  1835: /home/ruut
EXE  1835: /usr/lib/unity-settings-daemon/unity-settings-daemon
CWD  1836: /home/ruut
EXE  1836: /usr/lib/ibus/ibus-ui-gtk3
CWD  1837: /home/ruut
EXE  1837: /usr/lib/ibus/ibus-ui-gtk3
CWD  1842: /home/ruut
EXE  1842: /usr/bin/gnome-session
CWD  1843: /home/ruut
EXE  1843: /usr/bin/gnome-session
CWD  1845: /home/ruut
EXE  1845: /usr/bin/gnome-session
CWD  1848: /home/ruut
EXE  1848: /usr/lib/ibus/ibus-dconf
CWD  1858: /home/ruut
EXE  1858: /usr/lib/ibus/ibus-engine-simple
CWD  1859: /home/ruut
EXE  1859: /usr/lib/ibus/ibus-engine-simple
CWD  1874: /
EXE  1874: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
CWD  1875: /
EXE  1875: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
CWD  1876: /
EXE  1876: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon
CWD  1878: /
EXE  1878: /usr/bin/pulseaudio
CWD  1885: /
EXE  1885: /usr/lib/dconf/dconf-service
CWD  1886: /
EXE  1886: /usr/lib/dconf/dconf-service
CWD  1887: /home/ruut
EXE  1887: /usr/bin/compiz
CWD  1896: /home/ruut
EXE  1896: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD  1898: /home/ruut
EXE  1898: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
CWD  1899: /home/ruut
EXE  1899: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
CWD  1903: /home/ruut
EXE  1903: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD  1904: /home/ruut
EXE  1904: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD  1905: /home/ruut
EXE  1905: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD  1916: /home/ruut
EXE  1916: /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
CWD  1917: /home/ruut
EXE  1917: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD  1918: /home/ruut
EXE  1918: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
CWD  1920: /home/ruut
EXE  1920: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
CWD  1921: /home/ruut
EXE  1921: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD  1922: /home/ruut
EXE  1922: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD  1924: /home/ruut
EXE  1924: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD  1925: /home/ruut
EXE  1925: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD  1926: /home/ruut
EXE  1926: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD  1927: /home/ruut
EXE  1927: /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
CWD  1933: /home/ruut
EXE  1933: /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
CWD  1937: /home/ruut
EXE  1937: /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
CWD  1944: /home/ruut
EXE  1944: /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
CWD  1945: /home/ruut
EXE  1945: /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
CWD  1946: /home/ruut
EXE  1946: /usr/lib/x86_64-linux-gnu/indicator-printers/indicator-printers-service
CWD  1953: /
EXE  1953: /usr/lib/evolution/evolution-source-registry
CWD  1954: /
EXE  1954: /usr/lib/evolution/evolution-source-registry
CWD  1955: /
EXE  1955: /usr/lib/evolution/evolution-source-registry
CWD  1967: /home/ruut
EXE  1967: /usr/lib/ibus/ibus-x11
CWD  1968: /home/ruut
EXE  1968: /usr/lib/ibus/ibus-x11
CWD  1969: /home/ruut
EXE  1969: /usr/lib/ibus/ibus-x11
CWD  1972: /home/ruut
EXE  1972: /usr/lib/x86_64-linux-gnu/hud/hud-service
CWD  1973: /home/ruut
EXE  1973: /usr/lib/x86_64-linux-gnu/hud/hud-service
CWD  1974: /home/ruut
EXE  1974: /usr/lib/x86_64-linux-gnu/hud/hud-service
CWD  1984: /home/ruut
EXE  1984: /usr/bin/compiz
CWD  1985: /home/ruut
EXE  1985: /usr/bin/compiz
CWD  1989: /home/ruut
EXE  1989: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
CWD  1990: /home/ruut
EXE  1990: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
CWD  1991: /home/ruut
EXE  1991: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
CWD  1995: /home/ruut
EXE  1995: /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
CWD  1996: /home/ruut
EXE  1996: /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
CWD  1997: /home/ruut
EXE  1997: /usr/lib/unity-settings-daemon/unity-fallback-mount-helper
CWD  2002: /home/ruut
EXE  2002: /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
CWD  2011: /home/ruut
EXE  2011: /usr/bin/nm-applet
CWD  2012: /home/ruut
EXE  2012: /usr/bin/nm-applet
CWD  2013: /home/ruut
EXE  2013: /usr/bin/nm-applet
CWD  2037: /
EXE  2037: /usr/lib/evolution/evolution-calendar-factory
CWD  2059: /
EXE  2059: /usr/lib/gvfs/gvfs-udisks2-volume-monitor
CWD  2060: /
EXE  2060: /usr/lib/gvfs/gvfs-udisks2-volume-monitor
CWD  2068: /
EXE  2068: /usr/lib/udisks2/udisksd
CWD  2070: /
EXE  2070: /usr/lib/udisks2/udisksd
CWD  2071: /
EXE  2071: /usr/lib/udisks2/udisksd
CWD  2079: /
EXE  2079: /usr/lib/udisks2/udisksd
CWD  2083: /home/ruut
EXE  2083: /usr/bin/nautilus
CWD  2084: /home/ruut
EXE  2084: /usr/bin/nautilus
CWD  2085: /
EXE  2085: /usr/lib/evolution/evolution-calendar-factory
CWD  2086: /
EXE  2086: /usr/lib/evolution/evolution-calendar-factory
CWD  2087: /
EXE  2087: /usr/lib/evolution/evolution-calendar-factory
CWD  2095: /
EXE  2095: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2096: /
EXE  2096: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2097: /
EXE  2097: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2098: /
EXE  2098: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2101: /
EXE  2101: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2102: /
EXE  2102: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2107: /
EXE  2107: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2108: /
EXE  2108: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2109: /
EXE  2109: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2110: /
EXE  2110: /usr/lib/evolution/evolution-calendar-factory-subprocess
CWD  2117: /
EXE  2117: /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
CWD  2119: /
EXE  2119: /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
CWD  2123: /
EXE  2123: /usr/lib/evolution/evolution-addressbook-factory
CWD  2126: /
EXE  2126: /usr/lib/gvfs/gvfs-afc-volume-monitor
CWD  2127: /
EXE  2127: /usr/lib/gvfs/gvfs-afc-volume-monitor
CWD  2129: /
EXE  2129: /usr/lib/gvfs/gvfs-afc-volume-monitor
CWD  2132: /
EXE  2132: /usr/lib/gvfs/gvfs-mtp-volume-monitor
CWD  2134: /
EXE  2134: /usr/lib/gvfs/gvfs-mtp-volume-monitor
CWD  2135: /home/ruut
EXE  2135: /usr/bin/nautilus
CWD  2141: /
EXE  2141: /usr/lib/evolution/evolution-addressbook-factory
CWD  2142: /
EXE  2142: /usr/lib/evolution/evolution-addressbook-factory
CWD  2143: /
EXE  2143: /usr/lib/evolution/evolution-addressbook-factory
CWD  2147: /
EXE  2147: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD  2149: /
EXE  2149: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD  2150: /
EXE  2150: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD  2151: /
EXE  2151: /usr/lib/evolution/evolution-addressbook-factory-subprocess
CWD  2176: /
EXE  2176: /usr/lib/gvfs/gvfsd-trash
CWD  2177: /
EXE  2177: /usr/lib/gvfs/gvfsd-trash
CWD  2183: /
EXE  2183: /usr/lib/gvfs/gvfsd-burn
CWD  2184: /
EXE  2184: /usr/lib/gvfs/gvfsd-burn
CWD  2198: /
EXE  2198: /usr/lib/gvfs/gvfsd-metadata
CWD  2199: /
EXE  2199: /usr/lib/gvfs/gvfsd-metadata
CWD  2206: /home/ruut
EXE  2206: /usr/bin/telepathy-indicator
CWD  2207: /home/ruut
EXE  2207: /usr/bin/telepathy-indicator
CWD  2208: /home/ruut
EXE  2208: /usr/bin/telepathy-indicator
CWD  2212: /
EXE  2212: /usr/lib/telepathy/mission-control-5
CWD  2213: /
EXE  2213: /usr/lib/telepathy/mission-control-5
CWD  2215: /
EXE  2215: /usr/lib/telepathy/mission-control-5
CWD  2229: /home/ruut
EXE  2229: /usr/bin/zeitgeist-datahub
CWD  2230: /home/ruut
EXE  2230: /usr/bin/zeitgeist-datahub
CWD  2231: /home/ruut
EXE  2231: /usr/bin/zeitgeist-datahub
CWD  2235: /
EXE  2235: /usr/bin/zeitgeist-daemon
CWD  2236: /
EXE  2236: /usr/bin/zeitgeist-daemon
CWD  2252: /home/ruut
EXE  2252: /usr/bin/zeitgeist-datahub
CWD  2258: /
EXE  2258: /usr/lib/x86_64-linux-gnu/zeitgeist-fts
CWD  2259: /
EXE  2259: /usr/lib/x86_64-linux-gnu/zeitgeist-fts
CWD  2295: /home/ruut
EXE  2295: /usr/bin/update-notifier
CWD  2296: /home/ruut
EXE  2296: /usr/bin/update-notifier
CWD  2297: /home/ruut
EXE  2297: /usr/bin/update-notifier
CWD  2402: /etc/gufw/app_profiles
EXE  2402: /usr/bin/python2.7
CWD  2403: /etc/gufw/app_profiles
EXE  2403: /usr/bin/python2.7
CWD  2431: /etc/gufw/app_profiles
EXE  2431: /usr/bin/python2.7
CWD  2432: /etc/gufw/app_profiles
EXE  2432: /usr/bin/python2.7
CWD  2433: /etc/gufw/app_profiles
EXE  2433: /usr/bin/python2.7
CWD  2439: /etc/gufw/app_profiles
EXE  2439: /usr/bin/python2.7
CWD  2440: /etc/gufw/app_profiles
EXE  2440: /usr/bin/python2.7
CWD  2527: /home/ruut
EXE  2527: /usr/bin/compiz
CWD  2528: /home/ruut
EXE  2528: /usr/bin/compiz
CWD  4506: /root
EXE  4506: /usr/bin/ettercap
CWD  4519: /root
EXE  4519: /usr/bin/ettercap
CWD  4520: /root
EXE  4520: /usr/bin/ettercap
CWD  4521: /root
EXE  4521: /usr/bin/ettercap
CWD  4563: /root
EXE  4563: /usr/bin/ettercap
CWD  4963: /home/ruut
EXE  4963: /usr/lib/gnome-terminal/gnome-terminal-server
CWD  4964: /home/ruut
EXE  4964: /usr/lib/gnome-terminal/gnome-terminal-server
CWD  4965: /home/ruut
EXE  4965: /usr/lib/gnome-terminal/gnome-terminal-server
CWD 12817: /
EXE 12817: /usr/lib/geoclue/geoclue-master
CWD 12818: /
EXE 12818: /usr/lib/geoclue/geoclue-master
CWD 12819: /
EXE 12819: /usr/lib/geoclue/geoclue-master
CWD 12822: /
EXE 12822: /usr/lib/x86_64-linux-gnu/ubuntu-geoip-provider
CWD 12823: /
EXE 12823: /usr/lib/x86_64-linux-gnu/ubuntu-geoip-provider
CWD 12824: /
EXE 12824: /usr/lib/x86_64-linux-gnu/ubuntu-geoip-provider
CWD 14767: /home/ruut
EXE 14767: /usr/lib/firefox/firefox
CWD 14768: /home/ruut
EXE 14768: /usr/lib/firefox/firefox
CWD 14769: /home/ruut
EXE 14769: /usr/lib/firefox/firefox
CWD 14770: /home/ruut
EXE 14770: /usr/lib/firefox/firefox
CWD 14771: /home/ruut
EXE 14771: /usr/lib/firefox/firefox
CWD 14772: /home/ruut
EXE 14772: /usr/lib/firefox/firefox
CWD 14773: /home/ruut
EXE 14773: /usr/lib/firefox/firefox
CWD 14776: /home/ruut
EXE 14776: /usr/lib/firefox/firefox
CWD 14777: /home/ruut
EXE 14777: /usr/lib/firefox/firefox
CWD 14778: /home/ruut
EXE 14778: /usr/lib/firefox/firefox
CWD 14779: /home/ruut
EXE 14779: /usr/lib/firefox/firefox
CWD 14780: /home/ruut
EXE 14780: /usr/lib/firefox/firefox
CWD 14781: /home/ruut
EXE 14781: /usr/lib/firefox/firefox
CWD 14782: /home/ruut
EXE 14782: /usr/lib/firefox/firefox
CWD 14783: /home/ruut
EXE 14783: /usr/lib/firefox/firefox
CWD 14787: /home/ruut
EXE 14787: /usr/lib/firefox/firefox
CWD 14788: /home/ruut
EXE 14788: /usr/lib/firefox/firefox
CWD 14791: /home/ruut
EXE 14791: /usr/lib/firefox/firefox
CWD 14792: /home/ruut
EXE 14792: /usr/lib/firefox/firefox
CWD 15770: /home/ruut
EXE 15770: /usr/lib/firefox/firefox
CWD 15773: /home/ruut
EXE 15773: /usr/lib/firefox/firefox
CWD 15774: /home/ruut
EXE 15774: /usr/lib/firefox/firefox
CWD 15775: /home/ruut
EXE 15775: /usr/lib/firefox/firefox
CWD 15778: /home/ruut
EXE 15778: /usr/lib/firefox/firefox
CWD 15779: /home/ruut
EXE 15779: /usr/lib/firefox/firefox
CWD 15782: /home/ruut
EXE 15782: /usr/lib/firefox/firefox
CWD 15783: /home/ruut
EXE 15783: /usr/lib/firefox/firefox
CWD 15784: /home/ruut
EXE 15784: /usr/lib/firefox/firefox
CWD 15785: /home/ruut
EXE 15785: /usr/lib/firefox/firefox
CWD 15786: /home/ruut
EXE 15786: /usr/lib/firefox/firefox
CWD 15787: /home/ruut
EXE 15787: /usr/lib/firefox/firefox
CWD 15788: /home/ruut
EXE 15788: /usr/lib/firefox/firefox
CWD 15807: /home/ruut
EXE 15807: /usr/lib/firefox/firefox
CWD 15829: /home/ruut
EXE 15829: /usr/lib/firefox/firefox
CWD 15832: /home/ruut
EXE 15832: /usr/lib/firefox/firefox
CWD 15834: /home/ruut
EXE 15834: /usr/lib/firefox/firefox
CWD 15835: /home/ruut
EXE 15835: /usr/lib/firefox/firefox
CWD 15836: /home/ruut
EXE 15836: /usr/lib/firefox/firefox
CWD 15837: /home/ruut
EXE 15837: /usr/lib/firefox/firefox
CWD 15838: /home/ruut
EXE 15838: /usr/lib/firefox/firefox
CWD 15841: /home/ruut
EXE 15841: /usr/lib/firefox/firefox
CWD 15864: /home/ruut
EXE 15864: /usr/lib/firefox/firefox
CWD 19105: /
EXE 19105: /usr/lib/x86_64-linux-gnu/notify-osd
CWD 19106: /
EXE 19106: /usr/lib/x86_64-linux-gnu/notify-osd
CWD 19107: /
EXE 19107: /usr/lib/x86_64-linux-gnu/notify-osd
CWD 20244: /home/ruut
EXE 20244: /usr/bin/compiz
CWD 20414: /
EXE 20414: /usr/bin/python3.4
CWD 20415: /
EXE 20415: /usr/bin/python3.4
CWD 20420: /home/ruut
EXE 20420: /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
CWD 20421: /home/ruut
EXE 20421: /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
CWD 20645: /home/ruut
EXE 20645: /usr/lib/firefox/firefox
PID 21226(/proc/21226): not in readdir output
PID 21226: not in ps output
CWD 21226: /home/ruut
EXE 21226: /bin/dash
PID 21227(/proc/21227): not in readdir output
PID 21227: not in ps output
CWD 21227: /home/ruut
EXE 21227: /bin/dash
PID 21228(/proc/21228): not in readdir output
PID 21228: not in ps output
CWD 21228: /home/ruut
EXE 21228: /bin/dash
CWD 21379: /root
EXE 21379: /usr/bin/ettercap
CWD 23091: /home/ruut
EXE 23091: /usr/lib/firefox/firefox
CWD 26116: /
EXE 26116: /usr/sbin/clamav-milter
CWD 26118: /
EXE 26118: /usr/sbin/clamav-milter
CWD 26119: /
EXE 26119: /usr/sbin/clamav-milter
CWD 26120: /
EXE 26120: /usr/sbin/clamav-milter
CWD 26121: /
EXE 26121: /usr/sbin/clamav-milter
CWD 26248: /proc
EXE 26248: /usr/lib/rtkit/rtkit-daemon
CWD 26249: /proc
EXE 26249: /usr/lib/rtkit/rtkit-daemon
CWD 26302: /
EXE 26302: /usr/lib/x86_64-linux-gnu/unity-scope-home/unity-scope-home
CWD 26304: /
EXE 26304: /usr/lib/x86_64-linux-gnu/unity-scope-home/unity-scope-home
CWD 26305: /
EXE 26305: /usr/lib/x86_64-linux-gnu/unity-scope-home/unity-scope-home
CWD 26315: /
EXE 26315: /usr/bin/unity-scope-loader
CWD 26316: /
EXE 26316: /usr/bin/unity-scope-loader
CWD 26317: /
EXE 26317: /usr/bin/unity-scope-loader
CWD 26444: /
EXE 26444: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26445: /
EXE 26445: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26446: /
EXE 26446: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26448: /
EXE 26448: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26449: /
EXE 26449: /usr/lib/x86_64-linux-gnu/unity-lens-files/unity-files-daemon
CWD 26835: /home/ruut
EXE 26835: /usr/lib/virtualbox/VirtualBox
CWD 26836: /home/ruut
EXE 26836: /usr/lib/virtualbox/VirtualBox
CWD 26837: /home/ruut
EXE 26837: /usr/lib/virtualbox/VirtualBox
CWD 26844: /home/ruut
EXE 26844: /usr/lib/virtualbox/VirtualBox
CWD 26845: /home/ruut
EXE 26845: /usr/lib/virtualbox/VirtualBox
CWD 26849: /home/ruut
EXE 26849: /usr/lib/virtualbox/VBoxSVC
CWD 26850: /home/ruut
EXE 26850: /usr/lib/virtualbox/VBoxSVC
CWD 26851: /home/ruut
EXE 26851: /usr/lib/virtualbox/VBoxSVC
CWD 26852: /home/ruut
EXE 26852: /usr/lib/virtualbox/VBoxSVC
CWD 26853: /home/ruut
EXE 26853: /usr/lib/virtualbox/VBoxSVC
CWD 26854: /home/ruut
EXE 26854: /usr/lib/virtualbox/VBoxSVC
CWD 26855: /home/ruut
EXE 26855: /usr/lib/virtualbox/VBoxSVC
CWD 26856: /home/ruut
EXE 26856: /usr/lib/virtualbox/VBoxSVC
CWD 26857: /home/ruut
EXE 26857: /usr/lib/virtualbox/VBoxSVC
CWD 26858: /home/ruut
EXE 26858: /usr/lib/virtualbox/VirtualBox
CWD 26864: /home/ruut
EXE 26864: /usr/lib/virtualbox/VBoxSVC
CWD 26865: /home/ruut
EXE 26865: /usr/lib/virtualbox/VBoxSVC
CWD 27039: /home/ruut
EXE 27039: /usr/bin/python2.7
CWD 27040: /home/ruut
EXE 27040: /usr/bin/python2.7
CWD 27041: /home/ruut
EXE 27041: /usr/bin/python2.7
CWD 27053: /
EXE 27053: /usr/bin/python3.4
CWD 27071: /home/ruut
EXE 27071: /usr/bin/python2.7
CWD 27072: /home/ruut
EXE 27072: /usr/bin/python2.7
CWD 27234: /home/ruut
EXE 27234: /usr/bin/python2.7
CWD 27235: /home/ruut
EXE 27235: /usr/bin/python2.7
CWD 32037: /
EXE 32037: /usr/lib/gvfs/gvfsd-http
CWD 32038: /
EXE 32038: /usr/lib/gvfs/gvfsd-http
CWD 32078: /
EXE 32078: /usr/lib/gvfs/gvfsd-http
You have    3 process hidden for readdir command
You have    3 process hidden for ps command
not found
###
### Output of: ./ifpromisc
###
lo: not promisc and no packet sniffer sockets
enp3s0: PACKET SNIFFER(/sbin/dhclient[1007], /usr/bin/ettercap[4481])
not infected
###
### Output of: ./chkwtmp -f /var/log/wtmp
###
not infected
not infected
###
### Output of: ./chklastlog  -f /var/log/wtmp -l /var/log/lastlog
###
user ruut deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
 The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root        1291 tty7  /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
not infected

dennissteins 17.03.2016 02:23
auth.log...Auszug

Code:
Mar 17 00:11:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:11:36 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:11024:404799 (system bus name :1.118, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:11:49 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service ntp stop
Mar 17 00:11:49 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:11:49 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:11081:406152 (system bus name :1.119 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:11:49 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:11:49 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:11081:406152 (system bus name :1.119, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:11:56 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service list
Mar 17 00:11:56 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:11:56 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:12:02 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service
Mar 17 00:12:02 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:12:02 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:12:10 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service --status all
Mar 17 00:12:10 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:12:10 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:12:35 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service --status-all
Mar 17 00:12:35 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:12:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:13:11 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups stop
Mar 17 00:13:11 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12006:414351 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12006:414351 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:11993:414343 (system bus name :1.121 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:13:11 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:13:11 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:11993:414343 (system bus name :1.121, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:13:17 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:13:17 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:13:17 ruut-HP-280-G1-MT pkexec[12058]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:13:44 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service dns-clean reload
Mar 17 00:13:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:13:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:01 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups-browsed
Mar 17 00:14:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:14:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:19 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups-browsed
Mar 17 00:14:19 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:14:19 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:27 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service cups-browsed stop
Mar 17 00:14:27 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:14:27 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12234:421984 (system bus name :1.127 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:14:27 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:14:27 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12234:421984 (system bus name :1.127, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:15:00 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service bluetooth
Mar 17 00:15:00 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:15:00 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:15:13 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service bluetooth stop
Mar 17 00:15:13 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:15:13 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12368:426585 (system bus name :1.128 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:15:13 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:15:13 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12368:426585 (system bus name :1.128, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:15:51 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service checkroot-bootclean.sh stop
Mar 17 00:15:51 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:15:51 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12476:430320 (system bus name :1.129 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:15:51 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:15:51 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12476:430320 (system bus name :1.129, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:16:07 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service checkroot-bootclean.sh reload
Mar 17 00:16:07 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:16:07 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:16:36 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/service pure-ftpd stop
Mar 17 00:16:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:16:36 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:12610:434838 (system bus name :1.130 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:16:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:16:36 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:12610:434838 (system bus name :1.130, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:17:01 ruut-HP-280-G1-MT CRON[13971]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 00:17:01 ruut-HP-280-G1-MT CRON[13971]: pam_unix(cron:session): session closed for user root
Mar 17 00:19:04 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:15601:449644 (system bus name :1.134 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:19:04 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:15601:449644 (system bus name :1.134, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:19:42 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:20:01 ruut-HP-280-G1-MT CRON[17850]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 00:20:01 ruut-HP-280-G1-MT CRON[17850]: pam_unix(cron:session): session closed for user smmsp
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17911:456818 (system bus name :1.142 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17911:456818 (system bus name :1.142, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17934:456843 (system bus name :1.143 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17934:456843 (system bus name :1.143, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17954:456857 (system bus name :1.144 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17954:456857 (system bus name :1.144, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:16 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:17971:456910 (system bus name :1.145 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:17 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:17971:456910 (system bus name :1.145, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:47 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18838:459917 (system bus name :1.146 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:47 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18838:459917 (system bus name :1.146, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18878:460452 (system bus name :1.147 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18878:460452 (system bus name :1.147, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18922:460481 (system bus name :1.148 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18922:460481 (system bus name :1.148, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18945:460498 (system bus name :1.149 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:52 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18945:460498 (system bus name :1.149, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:20:54 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:18967:460648 (system bus name :1.151 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:20:54 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:18967:460648 (system bus name :1.151, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:22:17 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:22:17 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:22:17 ruut-HP-280-G1-MT pkexec[19187]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:22:46 ruut-HP-280-G1-MT polkit-agent-helper-1[19263]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 00:22:46 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:19257:471471 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:ruut)
Mar 17 00:22:46 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:22:46 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:22:46 ruut-HP-280-G1-MT pkexec[19259]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/sbin/synaptic]
Mar 17 00:23:45 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/17 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install sqlite3+
Mar 17 00:23:45 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:23:45 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:23:55 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install sqlite3
Mar 17 00:23:55 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:23:55 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:24:04 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install sqlite3
Mar 17 00:24:04 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:24:16 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:24:57 ruut-HP-280-G1-MT polkit-agent-helper-1[20066]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 00:24:57 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:20060:484555 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:ruut)
Mar 17 00:24:57 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:24:57 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:24:57 ruut-HP-280-G1-MT pkexec[20062]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/sbin/synaptic]
Mar 17 00:25:01 ruut-HP-280-G1-MT CRON[20097]: pam_unix(cron:session): session opened for user daemon by (uid=0)
Mar 17 00:25:01 ruut-HP-280-G1-MT CRON[20097]: pam_unix(cron:session): session closed for user daemon
Mar 17 00:25:17 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:25:17 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:25:17 ruut-HP-280-G1-MT pkexec[20140]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:33:28 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:24973:536068 (system bus name :1.166 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:28 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:24973:536068 (system bus name :1.166, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:31 ruut-HP-280-G1-MT groupadd[25120]: group added to /etc/group: name=clamav, GID=135
Mar 17 00:33:32 ruut-HP-280-G1-MT groupadd[25120]: group added to /etc/gshadow: name=clamav
Mar 17 00:33:32 ruut-HP-280-G1-MT groupadd[25120]: new group: name=clamav, GID=135
Mar 17 00:33:32 ruut-HP-280-G1-MT useradd[25126]: new user: name=clamav, UID=125, GID=135, home=/var/lib/clamav, shell=/bin/false
Mar 17 00:33:32 ruut-HP-280-G1-MT chage[25133]: changed password expiry for clamav
Mar 17 00:33:32 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25142:536506 (system bus name :1.167 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:32 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25142:536506 (system bus name :1.167, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:35 ruut-HP-280-G1-MT useradd[25303]: new user: name=c-icap, UID=126, GID=65534, home=/var/run/c-icap, shell=/bin/false
Mar 17 00:33:36 ruut-HP-280-G1-MT usermod[25308]: change user 'c-icap' password
Mar 17 00:33:36 ruut-HP-280-G1-MT chage[25315]: changed password expiry for c-icap
Mar 17 00:33:36 ruut-HP-280-G1-MT groupadd[25319]: group added to /etc/group: name=c-icap, GID=136
Mar 17 00:33:36 ruut-HP-280-G1-MT groupadd[25319]: group added to /etc/gshadow: name=c-icap
Mar 17 00:33:36 ruut-HP-280-G1-MT groupadd[25319]: new group: name=c-icap, GID=136
Mar 17 00:33:36 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25326:536900 (system bus name :1.168 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:36 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25326:536900 (system bus name :1.168, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:36 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25363:536913 (system bus name :1.169 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:37 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25363:536913 (system bus name :1.169, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:37 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:25386:536926 (system bus name :1.170 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:37 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:25386:536926 (system bus name :1.170, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:33:47 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:26170:537929 (system bus name :1.171 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:33:47 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:26170:537929 (system bus name :1.171, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:34:55 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 00:34:55 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 00:34:55 ruut-HP-280-G1-MT pkexec[26396]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 00:36:16 ruut-HP-280-G1-MT userhelper[26601]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost=  user=ruut
Mar 17 00:36:39 ruut-HP-280-G1-MT userhelper[26647]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost=  user=ruut
Mar 17 00:36:56 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/passwd root
Mar 17 00:36:56 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:36:56 ruut-HP-280-G1-MT passwd[26690]: pam_ecryptfs: PAM passphrase change module retrieved a NULL passphrase; nothing to do
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: pam_unix(passwd:chauthtok): password changed for root
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: gkr-pam: couldn't update the login keyring password: no old password was entered
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: pam_ecryptfs: Passphrase file wrapped
Mar 17 00:37:11 ruut-HP-280-G1-MT passwd[26690]: pam_ecryptfs: PAM passphrase change module retrieved at least one NULL passphrase; nothing to do
Mar 17 00:37:11 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:37:26 ruut-HP-280-G1-MT userhelper[26726]: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost=  user=ruut
Mar 17 00:39:48 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/1 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/chkrootkit
Mar 17 00:39:48 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:40:01 ruut-HP-280-G1-MT CRON[27754]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 00:40:02 ruut-HP-280-G1-MT CRON[27754]: pam_unix(cron:session): session closed for user smmsp
Mar 17 00:40:08 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:40:52 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/13 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/rkhunter -c
Mar 17 00:40:52 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:40:58 ruut-HP-280-G1-MT Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Mar 17 00:44:43 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/bin/bash
Mar 17 00:44:43 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:45:01 ruut-HP-280-G1-MT CRON[24645]: pam_unix(cron:session): session opened for user clamav by (uid=0)
Mar 17 00:45:29 ruut-HP-280-G1-MT polkit-agent-helper-1[28616]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 00:45:29 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain TEMPORARY authorization for action org.debian.apt.install-file for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 00:46:00 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:7551:611224 (system bus name :1.188 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:46:00 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:7551:611224 (system bus name :1.188, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:46:01 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:7572:611323 (system bus name :1.189 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:46:01 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:7572:611323 (system bus name :1.189, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:46:09 ruut-HP-280-G1-MT polkitd(authority=local): Registered Authentication Agent for unix-process:7612:612197 (system bus name :1.190 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Mar 17 00:46:10 ruut-HP-280-G1-MT polkitd(authority=local): Unregistered Authentication Agent for unix-process:7612:612197 (system bus name :1.190, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Mar 17 00:48:22 ruut-HP-280-G1-MT CRON[24645]: pam_unix(cron:session): session closed for user clamav
Mar 17 00:50:06 ruut-HP-280-G1-MT sudo:    root : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/geany /var/mail/root
Mar 17 00:50:06 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:51:49 ruut-HP-280-G1-MT Rootkit Hunter: Scanning took 10 minutes and 49 seconds
Mar 17 00:51:49 ruut-HP-280-G1-MT Rootkit Hunter: Please inspect this machine, because it may be infected.
Mar 17 00:51:49 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:52:24 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/13 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/tiger
Mar 17 00:52:24 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:52:44 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/18 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/chkrootkit -x
Mar 17 00:52:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 00:55:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:55:01 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:55:33 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 00:56:13 ruut-HP-280-G1-MT sudo: pam_unix(sudo:auth): authentication failure; logname=ruut uid=1000 euid=0 tty=/dev/pts/12 ruser=ruut rhost=  user=ruut
Mar 17 00:58:32 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 01:00:01 ruut-HP-280-G1-MT CRON[17376]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 01:00:01 ruut-HP-280-G1-MT CRON[17377]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 01:00:01 ruut-HP-280-G1-MT CRON[17377]: pam_unix(cron:session): session closed for user smmsp
Mar 17 01:00:03 ruut-HP-280-G1-MT CRON[17376]: pam_unix(cron:session): session closed for user root
Mar 17 01:01:32 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 01:01:32 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 01:01:32 ruut-HP-280-G1-MT pkexec[17590]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 01:02:31 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/apt-get install openssh-client
Mar 17 01:02:31 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:02:36 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 01:06:30 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/12 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/tcpdump -Annvvs 1500 -i any udp and dst port 53
Mar 17 01:06:30 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:11:47 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.debian.apt.install-file for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 01:17:01 ruut-HP-280-G1-MT CRON[18784]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 01:17:01 ruut-HP-280-G1-MT CRON[18784]: pam_unix(cron:session): session closed for user root
Mar 17 01:17:45 ruut-HP-280-G1-MT polkit-agent-helper-1[18836]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 01:17:46 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 01:18:42 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/19 ; PWD=/home/ruut ; USER=root ; COMMAND=/bin/bash
Mar 17 01:18:42 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:20:01 ruut-HP-280-G1-MT CRON[19181]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 01:20:02 ruut-HP-280-G1-MT CRON[19181]: pam_unix(cron:session): session closed for user smmsp
Mar 17 01:22:26 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 01:22:26 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 01:22:26 ruut-HP-280-G1-MT pkexec[19423]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 01:25:02 ruut-HP-280-G1-MT CRON[19634]: pam_unix(cron:session): session opened for user daemon by (uid=0)
Mar 17 01:25:03 ruut-HP-280-G1-MT CRON[19634]: pam_unix(cron:session): session closed for user daemon
Mar 17 01:35:52 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/21 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/sbin/chkrootkit
Mar 17 01:35:52 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:36:12 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 01:40:01 ruut-HP-280-G1-MT CRON[22824]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 01:40:02 ruut-HP-280-G1-MT CRON[22824]: pam_unix(cron:session): session closed for user smmsp
Mar 17 01:41:59 ruut-HP-280-G1-MT polkit-agent-helper-1[22953]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=ruut rhost=  user=ruut
Mar 17 01:42:04 ruut-HP-280-G1-MT polkit-agent-helper-1[22975]: pam_ecryptfs: pam_sm_authenticate: /home/ruut is already mounted
Mar 17 01:42:04 ruut-HP-280-G1-MT polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:ruut to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.180 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:ruut)
Mar 17 01:45:01 ruut-HP-280-G1-MT CRON[26066]: pam_unix(cron:session): session opened for user clamav by (uid=0)
Mar 17 01:47:57 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/21 ; PWD=/home/ruut ; USER=root ; COMMAND=/bin/bash
Mar 17 01:47:57 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Mar 17 01:49:48 ruut-HP-280-G1-MT CRON[26066]: pam_unix(cron:session): session closed for user clamav
Mar 17 01:52:42 ruut-HP-280-G1-MT pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar 17 01:52:42 ruut-HP-280-G1-MT pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Mar 17 01:52:42 ruut-HP-280-G1-MT pkexec[26825]: ruut: Executing command [USER=root] [TTY=unknown] [CWD=/home/ruut] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Mar 17 02:00:01 ruut-HP-280-G1-MT CRON[27331]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 17 02:00:01 ruut-HP-280-G1-MT CRON[27332]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Mar 17 02:00:01 ruut-HP-280-G1-MT CRON[27332]: pam_unix(cron:session): session closed for user smmsp
Mar 17 02:00:03 ruut-HP-280-G1-MT CRON[27331]: pam_unix(cron:session): session closed for user root
Mar 17 02:08:15 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session closed for user root
Mar 17 02:08:43 ruut-HP-280-G1-MT sudo:    ruut : TTY=pts/13 ; PWD=/home/ruut ; USER=root ; COMMAND=/usr/bin/nautilus
Mar 17 02:08:44 ruut-HP-280-G1-MT sudo: pam_unix(sudo:session): session opened for user root by ruut(uid=0)
Verdacht? Ebury?

Code:
ruut@ruut-HP-280-G1-MT:~$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected"
System infected
ruut@ruut-HP-280-G1-MT:~$  2>&1 | grep -e illegal -e unknown > /dev/null
Zitat:
ruut@ruut-HP-280-G1-MT:~$ sudo tcpdump -Annvvs 1500 -i any udp and dst port 53
[sudo] password for ruut:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 1500 bytes
01:06:37.305794 IP (tos 0x0, ttl 64, id 30384, offset 0, flags [DF], proto UDP (17), length 65)
127.0.0.1.52743 > 127.0.1.1.53: [bad udp cksum 0xff40 -> 0x72bb!] 13866+ A? blog.ip-projects.de. (37)
E..Av.@.@..............5.-.@6*...........blog.ip-projects.de.....
01:06:37.307828 IP (tos 0x0, ttl 64, id 19227, offset 0, flags [DF], proto UDP (17), length 65)
192.168.178.20.52277 > 192.168.178.1.53: [udp sum ok] 28920+ A? blog.ip-projects.de. (37)
E..AK.@.@.
*.........5.5.-SZp............blog.ip-projects.de.....
01:07:25.053540 IP (tos 0x0, ttl 64, id 35512, offset 0, flags [DF], proto UDP (17), length 65)
127.0.0.1.39834 > 127.0.1.1.53: [bad udp cksum 0xff40 -> 0x70a1!] 27313+ A? blog.ip-projects.de. (37)
E..A..@.@..............5.-.@j............blog.ip-projects.de.....
01:07:25.053771 IP (tos 0x0, ttl 64, id 30654, offset 0, flags [DF], proto UDP (17), length 65)
192.168.178.20.30394 > 192.168.178.1.53: [udp sum ok] 38044+ A? blog.ip-projects.de. (37)
E..Aw.@.@...........v..5.-.1.............blog.ip-projects.de.....
01:07:36.804357 IP (tos 0x0, ttl 64, id 37662, offset 0, flags [DF], proto UDP (17), length 73)
127.0.0.1.44224 > 127.0.1.1.53: [bad udp cksum 0xff48 -> 0x0a64!] 31408+ A? shavar.services.mozilla.com. (45)
E..I..@.@..............5.5.Hz............shavar.services.mozilla.com.....
01:07:36.804534 IP (tos 0x0, ttl 64, id 30978, offset 0, flags [DF], proto UDP (17), length 73)
192.168.178.20.28316 > 192.168.178.1.53: [udp sum ok] 5742+ A? shavar.services.mozilla.com. (45)
E..Iy.@.@..:........n..5.5.e.n...........shavar.services.mozilla.com.....
01:08:05.393064 IP (tos 0x0, ttl 64, id 38431, offset 0, flags [DF], proto UDP (17), length 59)
127.0.0.1.51009 > 127.0.1.1.53: [bad udp cksum 0xff3a -> 0xa444!] 32223+ A? bitbucket.org. (31)
E..;..@.@............A.5.'.:}........... bitbucket.org.....
01:08:05.393148 IP (tos 0x0, ttl 64, id 33243, offset 0, flags [DF], proto UDP (17), length 59)
192.168.178.20.46095 > 192.168.178.1.53: [udp sum ok] 38909+ A? bitbucket.org. (31)
E..;..@.@..o...........5.'.............. bitbucket.org.....
Ebury, ja, auch...

Dante12 17.03.2016 03:41
Du schmeisst hier mit Listen um dich

Zitat:
Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
Erklär mir doch mal wie du herausfinden kannst ob der Ebury Backdoor aktiv ist...

stephan65 17.03.2016 09:52
Da der "Virus" scheinbar:crazy: im BIOS sitzt, könnte man doch einfach das komplette Mainboard austauschen.

cosinus 17.03.2016 09:54
Zitat:
Zitat von stephan65 (Beitrag 1571194)
Da der "Virus" scheinbar:crazy: im BIOS sitzt, könnte man doch einfach das komplette Mainboard austauschen.
Vllt nutzt er auch Metallteile des Gehäuses als Cache...also besser auch das Gehäuse tauschen :lach:

stephan65 17.03.2016 09:59
Oder gleich den User.... :headbang:

purzelbär 17.03.2016 11:29
Zitat:
Zitat von stephan65 (Beitrag 1571194)
Da der "Virus" scheinbar:crazy: im BIOS sitzt, könnte man doch einfach das komplette Mainboard austauschen.
Könnte man in dem Fall nicht eine womöglich andere, neuere BIOS Version für das Mainboard installieren nachdem die bisherige gelöscht wurde?


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:21 Uhr.
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130