dennisstein | 16.04.2016 04:39 | Authlog Teil 1 Code:
Apr 14 20:53:00 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22342:284322 (system bus name :1.225 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:00 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22342:284322 (system bus name :1.225, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22355:284357 (system bus name :1.227 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22355:284357 (system bus name :1.227, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22378:284392 (system bus name :1.228 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22378:284392 (system bus name :1.228, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22395:284403 (system bus name :1.229 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22395:284403 (system bus name :1.229, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22511:284870 (system bus name :1.230 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22511:284870 (system bus name :1.230, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22548:284889 (system bus name :1.231 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22548:284889 (system bus name :1.231, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22568:284905 (system bus name :1.232 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22568:284905 (system bus name :1.232, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:56:19 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 14 20:56:19 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 14 20:56:19 bbs-sophos pkexec[24529]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr 14 21:12:54 bbs-sophos systemd-logind[785]: System is rebooting.
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: New seat seat0.
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 15 02:04:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 02:04:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 02:04:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 02:04:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 02:04:27 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 15 02:04:27 bbs-sophos systemd-logind[766]: New session c1 of user lightdm.
Apr 15 02:04:27 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 15 02:04:33 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 02:04:33 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 02:04:33 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 02:04:33 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 02:04:33 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 15 02:04:51 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 15 02:04:51 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 15 02:04:51 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 15 02:04:51 bbs-sophos systemd-logind[766]: New session c2 of user bbs.
Apr 15 02:04:59 bbs-sophos dbus[767]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 02:05:00 bbs-sophos gnome-keyring-daemon[1118]: The PKCS#11 component was already initialized
Apr 15 02:05:00 bbs-sophos gnome-keyring-daemon[1118]: The Secret Service was already initialized
Apr 15 02:05:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.72 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:06:27 bbs-sophos systemd-logind[766]: Removed session c1.
Apr 15 02:06:27 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr 15 02:17:01 bbs-sophos CRON[2290]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 02:17:01 bbs-sophos CRON[2290]: pam_unix(cron:session): session closed for user root
Apr 15 02:25:12 bbs-sophos dbus[767]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.103" (uid=0 pid=2365 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.12" (uid=0 pid=783 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 15 02:26:19 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install tiger
Apr 15 02:26:19 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:27:42 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:3784:145618 (system bus name :1.106 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:42 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:3784:145618 (system bus name :1.106, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:49 bbs-sophos groupadd[3857]: group added to /etc/group: name=smmta, GID=129
Apr 15 02:27:49 bbs-sophos groupadd[3857]: group added to /etc/gshadow: name=smmta
Apr 15 02:27:50 bbs-sophos groupadd[3857]: new group: name=smmta, GID=129
Apr 15 02:27:50 bbs-sophos useradd[3863]: new user: name=smmta, UID=120, GID=129, home=/var/lib/sendmail, shell=/bin/false
Apr 15 02:27:50 bbs-sophos usermod[3879]: change user 'smmta' password
Apr 15 02:27:50 bbs-sophos chage[3886]: changed password expiry for smmta
Apr 15 02:27:50 bbs-sophos chfn[3889]: changed user 'smmta' information
Apr 15 02:27:51 bbs-sophos groupadd[3909]: group added to /etc/group: name=smmsp, GID=130
Apr 15 02:27:51 bbs-sophos groupadd[3909]: group added to /etc/gshadow: name=smmsp
Apr 15 02:27:51 bbs-sophos groupadd[3909]: new group: name=smmsp, GID=130
Apr 15 02:27:51 bbs-sophos useradd[3919]: new user: name=smmsp, UID=121, GID=130, home=/var/lib/sendmail, shell=/bin/false
Apr 15 02:27:51 bbs-sophos usermod[3927]: change user 'smmsp' password
Apr 15 02:27:51 bbs-sophos chage[3934]: changed password expiry for smmsp
Apr 15 02:27:51 bbs-sophos chfn[3975]: changed user 'smmsp' information
Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4105:146727 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4105:146727 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4147:146745 (system bus name :1.108 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4147:146745 (system bus name :1.108, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4195:146798 (system bus name :1.109 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4195:146798 (system bus name :1.109, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4214:146810 (system bus name :1.110 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4214:146810 (system bus name :1.110, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:5008:147057 (system bus name :1.111 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:5008:147057 (system bus name :1.111, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:5068:147074 (system bus name :1.112 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:59 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:5068:147074 (system bus name :1.112, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:28:55 bbs-sophos polkit-agent-helper-1[11903]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 02:28:55 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.84 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 02:29:02 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:12018:153632 (system bus name :1.114 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:29:02 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:12018:153632 (system bus name :1.114, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:29:04 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:29:22 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/tiger
Apr 15 02:29:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:30:00 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install chkrootkit
Apr 15 02:30:00 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:30:00 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:30:42 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1125:8533 [/sbin/upstart --user] (owned by unix-user:bbs)
Apr 15 02:30:42 bbs-sophos pkexec[30463]: bbs: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/share/apport/apport-gtk]
Apr 15 02:31:09 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:32:23 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:32:23 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:32:23 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:33:37 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:33:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:33:37 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:37:00 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21024:201360 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:37:00 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21024:201360 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21570:213007 (system bus name :1.122 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21570:213007 (system bus name :1.122, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21607:213042 (system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:38:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21607:213042 (system bus name :1.123, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:38:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21630:213053 (system bus name :1.124 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:38:58 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21630:213053 (system bus name :1.124, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:40:01 bbs-sophos CRON[22238]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 02:40:01 bbs-sophos CRON[22238]: pam_unix(cron:session): session closed for user smmsp
Apr 15 02:40:11 bbs-sophos su[22440]: Successful su for www-data by root
Apr 15 02:40:11 bbs-sophos su[22440]: + ??? root:www-data
Apr 15 02:40:11 bbs-sophos su[22440]: pam_unix(su:session): session opened for user www-data by (uid=0)
Apr 15 02:40:11 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user www-data by (uid=0)
Apr 15 02:40:11 bbs-sophos systemd-logind[766]: New session c3 of user www-data.
Apr 15 02:40:11 bbs-sophos su[22440]: pam_unix(su:session): session closed for user www-data
Apr 15 02:40:11 bbs-sophos systemd-logind[766]: Removed session c3.
Apr 15 02:40:21 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22745:221480 (system bus name :1.135 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:40:21 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22745:221480 (system bus name :1.135, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:41:41 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:41:41 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:41:42 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:42:00 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get autoremove
Apr 15 02:42:00 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:42:07 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:42:20 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:42:20 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:42:20 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:42:42 bbs-sophos sudo: bbs : TTY=unknown ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/geany /var/log/tiger/security.report.bbs-sophos.160415-02:29
Apr 15 02:42:42 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 02:44:29 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install chkrootkit
Apr 15 02:44:29 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:44:29 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:44:53 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit --update
Apr 15 02:44:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:44:53 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:45:22 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit -V
Apr 15 02:45:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:45:22 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:46:10 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit -r
Apr 15 02:46:10 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:46:10 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:46:18 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit
Apr 15 02:46:18 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:46:20 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:51:17 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:54:04 bbs-sophos sudo: bbs : TTY=unknown ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/geany /var/log/tiger/security.report.bbs-sophos.160415-02:29
Apr 15 02:54:04 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 02:54:29 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install rkhunter
Apr 15 02:54:29 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:54:59 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:55:11 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter -c
Apr 15 02:55:11 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:55:12 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Apr 15 02:55:52 bbs-sophos Rootkit Hunter: Scanning took 40 seconds
Apr 15 02:55:52 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected.
Apr 15 02:55:52 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:00:01 bbs-sophos CRON[29922]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 03:00:01 bbs-sophos CRON[29923]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 03:00:01 bbs-sophos CRON[29922]: pam_unix(cron:session): session closed for user smmsp
Apr 15 03:00:02 bbs-sophos CRON[29923]: pam_unix(cron:session): session closed for user root
Apr 15 03:01:21 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --check
Apr 15 03:01:21 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:01:22 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Apr 15 03:02:02 bbs-sophos Rootkit Hunter: Scanning took 40 seconds
Apr 15 03:02:02 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected.
Apr 15 03:02:02 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:02:14 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --update
Apr 15 03:02:14 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:02:16 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:02:37 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --versioncheck
Apr 15 03:02:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:02:38 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:03:03 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --config-check
Apr 15 03:03:03 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:03:04 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:07:49 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash {SHA1
Apr 15 03:07:49 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:07:49 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:08:07 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash {SHA1}
Apr 15 03:08:07 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:08:07 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:08:15 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash SHA1
Apr 15 03:08:15 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:08:18 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:09:56 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --hash SHA1 --vl
Apr 15 03:09:56 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:09:57 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:12:11 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --enable all --vl
Apr 15 03:12:11 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:12:12 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Apr 15 03:12:54 bbs-sophos Rootkit Hunter: Scanning took 41 seconds
Apr 15 03:12:54 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected.
Apr 15 03:12:54 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:16:06 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install lynis
Apr 15 03:16:06 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:16:12 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:16:30 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/lynis
Apr 15 03:16:30 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:16:30 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:17:01 bbs-sophos CRON[29663]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 03:17:01 bbs-sophos CRON[29663]: pam_unix(cron:session): session closed for user root
Apr 15 03:17:53 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/lynis audit system
Apr 15 03:17:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:20:01 bbs-sophos CRON[28945]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 03:20:01 bbs-sophos CRON[28945]: pam_unix(cron:session): session closed for user smmsp
Apr 15 03:20:21 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:24:50 bbs-sophos polkit-agent-helper-1[30829]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:24:50 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 03:30:34 bbs-sophos polkit-agent-helper-1[31196]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:30:34 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.change-repository for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 03:40:01 bbs-sophos CRON[31324]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 03:40:02 bbs-sophos CRON[31324]: pam_unix(cron:session): session closed for user smmsp
Apr 15 03:41:27 bbs-sophos polkit-agent-helper-1[31408]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:41:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 03:41:55 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.pkexec.synaptic for unix-process:31416:590511 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs)
Apr 15 03:41:55 bbs-sophos pkexec[31419]: bbs: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic]
Apr 15 03:42:10 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:32336:592386 (system bus name :1.156 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:42:11 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:32336:592386 (system bus name :1.156, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:43:39 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:44:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2486:608728 (system bus name :1.157 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2486:608728 (system bus name :1.157, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2503:608754 (system bus name :1.158 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2503:608754 (system bus name :1.158, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:54 bbs-sophos groupadd[2525]: group added to /etc/group: name=vboxusers, GID=131
Apr 15 03:44:54 bbs-sophos groupadd[2525]: group added to /etc/gshadow: name=vboxusers
Apr 15 03:44:54 bbs-sophos groupadd[2525]: new group: name=vboxusers, GID=131
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2666:608851 (system bus name :1.159 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2666:608851 (system bus name :1.159, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2691:608871 (system bus name :1.160 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2691:608871 (system bus name :1.160, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2735:609119 (system bus name :1.161 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2735:609119 (system bus name :1.161, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:49:31 bbs-sophos polkit-agent-helper-1[3638]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:49:31 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 04:00:02 bbs-sophos CRON[4461]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 04:00:02 bbs-sophos CRON[4460]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 04:00:03 bbs-sophos CRON[4460]: pam_unix(cron:session): session closed for user smmsp
Apr 15 04:00:03 bbs-sophos CRON[4461]: pam_unix(cron:session): session closed for user root
Apr 15 04:08:35 bbs-sophos systemd-logind[766]: Power key pressed.
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: New seat seat0.
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 15 13:00:43 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 13:00:43 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 13:00:43 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 13:00:43 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 13:00:44 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 15 13:00:44 bbs-sophos systemd-logind[869]: New session c1 of user lightdm.
Apr 15 13:00:44 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 15 13:00:50 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 13:00:50 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 13:00:50 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 13:00:50 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 13:00:50 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 15 13:01:16 bbs-sophos dbus[829]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 13:01:26 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 15 13:01:26 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 15 13:01:26 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 15 13:01:26 bbs-sophos systemd-logind[869]: New session c2 of user bbs.
Apr 15 13:01:29 bbs-sophos dbus[829]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.52" (uid=0 pid=1363 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=817 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 15 13:01:38 bbs-sophos gnome-keyring-daemon[1339]: The PKCS#11 component was already initialized
Apr 15 13:01:38 bbs-sophos gnome-keyring-daemon[1339]: The Secret Service was already initialized
Apr 15 13:01:39 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.76 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 13:02:00 bbs-sophos dbus[829]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 13:02:12 bbs-sophos polkit-agent-helper-1[2145]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 13:02:12 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1346:11851 [/sbin/upstart --user] (owned by unix-user:bbs)
Apr 15 13:02:12 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 13:02:12 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 13:02:12 bbs-sophos pkexec[2135]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/share/apport/apport-gtk]
Apr 15 13:02:44 bbs-sophos systemd-logind[869]: Removed session c1.
Apr 15 13:02:44 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr 15 13:04:01 bbs-sophos sudo: root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/ubuntu/+source/dpkg/+filebug/98e9837a-02e0-11e6-9c18-002481e7f48a?field.title=package+liblockfile1%3Aamd64+1.09-6ubuntu1+failed+to+install%2Fupgrade%3A+package+liblockfile1%3Aamd64+is+already+installed+and+configured
Apr 15 13:04:01 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0)
Apr 15 13:04:01 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs
Apr 15 13:14:09 bbs-sophos sudo: root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/bugs/1384986
Apr 15 13:14:09 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0)
Apr 15 13:14:12 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs
Apr 15 13:15:04 bbs-sophos sudo: root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/ubuntu/+source/dpkg/+filebug/218c1f3e-02e2-11e6-911c-d485646cd9a4?field.title=package+liblockfile-bin+1.09-6ubuntu1+failed+to+install%2Fupgrade%3A+package+liblockfile-bin+is+already+installed+and+configured
Apr 15 13:15:04 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0)
Apr 15 13:15:06 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs
Apr 15 13:17:08 bbs-sophos CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 13:17:09 bbs-sophos CRON[3100]: pam_unix(cron:session): session closed for user root
Apr 15 13:20:04 bbs-sophos CRON[3106]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 13:20:20 bbs-sophos CRON[3106]: pam_unix(cron:session): session closed for user smmsp
Apr 15 13:40:03 bbs-sophos CRON[3247]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 13:40:09 bbs-sophos CRON[3247]: pam_unix(cron:session): session closed for user smmsp
Apr 15 14:00:04 bbs-sophos CRON[3308]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 14:00:05 bbs-sophos CRON[3307]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 14:00:10 bbs-sophos CRON[3307]: pam_unix(cron:session): session closed for user smmsp
Apr 15 14:00:22 bbs-sophos CRON[3308]: pam_unix(cron:session): session closed for user root
Apr 15 14:17:05 bbs-sophos CRON[3474]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 14:17:06 bbs-sophos CRON[3474]: pam_unix(cron:session): session closed for user root
Apr 15 14:20:01 bbs-sophos CRON[3479]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 14:20:06 bbs-sophos CRON[3479]: pam_unix(cron:session): session closed for user smmsp
Apr 15 14:40:03 bbs-sophos CRON[3531]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 14:40:08 bbs-sophos CRON[3531]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:00:05 bbs-sophos CRON[3655]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 15:00:07 bbs-sophos CRON[3654]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 15:00:13 bbs-sophos CRON[3654]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:00:20 bbs-sophos CRON[3655]: pam_unix(cron:session): session closed for user root
Apr 15 15:17:03 bbs-sophos CRON[3810]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 15:17:03 bbs-sophos CRON[3810]: pam_unix(cron:session): session closed for user root
Apr 15 15:20:03 bbs-sophos CRON[3816]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 15:20:10 bbs-sophos CRON[3816]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:40:03 bbs-sophos CRON[3860]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 15:40:05 bbs-sophos CRON[3860]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: New seat seat0.
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 15 15:57:22 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 15:57:22 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 15:57:22 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 15:57:22 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 15:57:22 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 15 15:57:22 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 15 15:57:22 bbs-sophos systemd-logind[883]: New session c1 of user lightdm.
Apr 15 15:57:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 15:57:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 15:57:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 15:57:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 15:57:27 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 15 15:57:52 bbs-sophos dbus[851]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 15:58:08 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 15 15:58:08 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 15 15:58:08 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 15 15:58:08 bbs-sophos systemd-logind[883]: New session c2 of user bbs.
Apr 15 15:58:10 bbs-sophos dbus[851]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.54" (uid=0 pid=1379 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=848 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 15 15:58:12 bbs-sophos gnome-keyring-daemon[1355]: The PKCS#11 component was already initialized
Apr 15 15:58:12 bbs-sophos gnome-keyring-daemon[1355]: The Secret Service was already initialized
Apr 15 15:58:14 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.80 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 15:58:38 bbs-sophos dbus[851]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 15:59:23 bbs-sophos systemd-logind[883]: Removed session c1.
Apr 15 15:59:39 bbs-sophos polkit-agent-helper-1[2388]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 15:59:39 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 16:00:01 bbs-sophos CRON[2527]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 16:00:01 bbs-sophos CRON[2526]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 16:00:01 bbs-sophos CRON[2526]: pam_unix(cron:session): session closed for user smmsp
Apr 15 16:00:04 bbs-sophos CRON[2527]: pam_unix(cron:session): session closed for user root
Apr 15 16:00:12 bbs-sophos polkit-agent-helper-1[2669]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=bbs rhost= user=bbs
Apr 15 16:00:20 bbs-sophos polkit-agent-helper-1[2939]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:00:20 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:2664:24913 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs)
Apr 15 16:00:20 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:00:20 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:00:20 bbs-sophos pkexec[2666]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic]
Apr 15 16:08:12 bbs-sophos polkit-agent-helper-1[3211]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:08:12 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gufw for unix-process:3204:72862 [/bin/sh /usr/bin/gufw] (owned by unix-user:bbs)
Apr 15 16:08:12 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:08:12 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:08:12 bbs-sophos pkexec[3208]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/bin/gufw-pkexec bbs]
Apr 15 16:10:10 bbs-sophos polkit-agent-helper-1[3949]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:10:10 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:3943:84889 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs)
Apr 15 16:10:10 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:10:10 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:10:10 bbs-sophos pkexec[3945]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic]
Apr 15 16:15:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:8977:114390 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 16:15:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:8977:114390 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 16:15:19 bbs-sophos groupadd[9159]: group added to /etc/group: name=havp, GID=132
Apr 15 16:15:19 bbs-sophos groupadd[9159]: group added to /etc/gshadow: name=havp
Apr 15 16:15:19 bbs-sophos groupadd[9159]: new group: name=havp, GID=132
Apr 15 16:15:19 bbs-sophos useradd[9165]: new user: name=havp, UID=122, GID=132, home=/var/run/havp, shell=/bin/false
Apr 15 16:15:20 bbs-sophos usermod[9172]: change user 'havp' password
Apr 15 16:15:20 bbs-sophos chage[9179]: changed password expiry for havp
Apr 15 16:15:40 bbs-sophos groupadd[22432]: group added to /etc/group: name=clamav, GID=133
Apr 15 16:15:40 bbs-sophos groupadd[22432]: group added to /etc/gshadow: name=clamav
Apr 15 16:15:40 bbs-sophos groupadd[22432]: new group: name=clamav, GID=133
Apr 15 16:15:40 bbs-sophos useradd[22436]: new user: name=clamav, UID=123, GID=133, home=/var/lib/clamav, shell=/bin/false
Apr 15 16:15:41 bbs-sophos chage[22445]: changed password expiry for clamav
Apr 15 16:15:41 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22454:118362 (system bus name :1.108 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 16:15:41 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22454:118362 (system bus name :1.108, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 16:15:51 bbs-sophos groupadd[23080]: group added to /etc/group: name=clamsmtp, GID=134
Apr 15 16:15:51 bbs-sophos groupadd[23080]: group added to /etc/gshadow: name=clamsmtp
Apr 15 16:15:51 bbs-sophos groupadd[23080]: new group: name=clamsmtp, GID=134
Apr 15 16:15:51 bbs-sophos useradd[23084]: new user: name=clamsmtp, UID=124, GID=134, home=/var/spool/clamsmtp, shell=/bin/false
Apr 15 16:15:52 bbs-sophos chage[23089]: changed password expiry for clamsmtp
Apr 15 16:15:52 bbs-sophos gpasswd[23100]: user clamav added by root to group clamsmtp
Apr 15 16:16:15 bbs-sophos groupadd[23307]: group added to /etc/group: name=amavis, GID=135
Apr 15 16:16:15 bbs-sophos groupadd[23307]: group added to /etc/gshadow: name=amavis
Apr 15 16:16:15 bbs-sophos groupadd[23307]: new group: name=amavis, GID=135
Apr 15 16:16:15 bbs-sophos useradd[23313]: new user: name=amavis, UID=125, GID=135, home=/var/lib/amavis, shell=/bin/sh
Apr 15 16:16:16 bbs-sophos usermod[23320]: change user 'amavis' password
Apr 15 16:16:16 bbs-sophos chage[23325]: changed password expiry for amavis
Apr 15 16:16:16 bbs-sophos chfn[23328]: changed user 'amavis' information
Apr 15 16:16:21 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:23491:122404 (system bus name :1.109 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 16:16:21 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:23491:122404 (system bus name :1.109, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 16:17:01 bbs-sophos CRON[23573]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 16:17:01 bbs-sophos CRON[23573]: pam_unix(cron:session): session closed for user root
Apr 15 16:20:01 bbs-sophos CRON[23798]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 16:20:01 bbs-sophos CRON[23798]: pam_unix(cron:session): session closed for user smmsp
Apr 15 16:22:47 bbs-sophos polkit-agent-helper-1[24424]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:22:47 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.gnome.gnome-system-monitor.renice for unix-process:24400:159101 [gnome-system-monitor] (owned by unix-user:bbs)
Apr 15 16:22:47 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:22:47 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:22:47 bbs-sophos pkexec[24421]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23698]
Apr 15 16:22:54 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:22:54 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:22:54 bbs-sophos pkexec[24436]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23785]
Apr 15 16:23:02 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:02 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:02 bbs-sophos pkexec[24443]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 3204]
Apr 15 16:23:11 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:11 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:11 bbs-sophos pkexec[24452]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2487]
Apr 15 16:23:15 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:15 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:15 bbs-sophos pkexec[24457]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2183]
Apr 15 16:23:43 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:43 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:43 bbs-sophos pkexec[24479]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23241]
Apr 15 16:24:25 bbs-sophos polkit-agent-helper-1[24507]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:24:25 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.gnome.gnome-system-monitor.kill for unix-process:24400:159101 [gnome-system-monitor] (owned by unix-user:bbs)
Apr 15 16:24:25 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:25 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:25 bbs-sophos pkexec[24504]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-kill -s 18 1194]
Apr 15 16:24:29 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:29 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:29 bbs-sophos pkexec[24517]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-kill -s 18 1024]
Apr 15 16:24:53 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:53 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:53 bbs-sophos pkexec[24534]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2205]
Apr 15 16:24:57 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:57 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:57 bbs-sophos pkexec[24541]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2200]
Apr 15 16:25:34 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:25:34 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:25:34 bbs-sophos pkexec[24566]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 19 888]
Apr 15 16:25:44 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:25:44 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:25:44 bbs-sophos pkexec[24575]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 0 888]
Apr 15 16:26:00 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:26:00 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:26:00 bbs-sophos pkexec[24590]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 19 837]
Apr 15 16:26:24 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:26:24 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session bootlog Code:
/run/lvm/lvmetad.socket: connect failed: No such file or directory
WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
Reading all physical volumes. This may take a while...
Found volume group "ubuntu-vg" using metadata type lvm2
/run/lvm/lvmetad.socket: connect failed: No such file or directory
WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
2 logical volume(s) in volume group "ubuntu-vg" now active
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
Device sda5_crypt is still in use.
fsck from util-linux 2.26.2
/dev/mapper/ubuntu--vg-root: recovering journal
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512645 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512614 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512510 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512615 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511684 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512613 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512535 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512507 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512633 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597670 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597666 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597665 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597664 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597660 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597659 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512554 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597663 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597662 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597661 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512655 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512646 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511850 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512561 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597658 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597657 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597656 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26084606 (uid=0, gid=0, mode=0100644, size=231956)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597653 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597652 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597651 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512628 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597650 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597649 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597648 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26745989 (uid=0, gid=0, mode=0100644, size=20852)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 25429002 (uid=0, gid=0, mode=0100644, size=134664)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597644 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597643 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597642 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597629 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597620 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597619 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511834 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512542 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26088132 (uid=0, gid=0, mode=0100644, size=230159)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597628 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597627 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597626 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597625 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597623 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597622 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512546 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511799 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26746549 (uid=0, gid=0, mode=0100644, size=20796)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 25429045 (uid=0, gid=0, mode=0100644, size=134348)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597612 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597611 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597608 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597607 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597606 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597605 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512547 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597602 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597601 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597600 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512524 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512540 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511624 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512538 (uid=1000, gid=1000, mode=040700, size=4096)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512578 (uid=1000, gid=1000, mode=0100664, size=8192)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512573 (uid=1000, gid=1000, mode=0100664, size=8192)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512543 (uid=1000, gid=1000, mode=0100664, size=8192)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597599 (uid=1000, gid=1000, mode=0100600, size=16384)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597598 (uid=1000, gid=1000, mode=0100600, size=16384)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597595 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597594 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597593 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597592 (uid=1000, gid=1000, mode=0100600, size=1048576)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597591 (uid=1000, gid=1000, mode=0100600, size=1048576)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510628 (uid=1000, gid=1000, mode=0100640, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510672 (uid=1000, gid=1000, mode=0100640, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510905 (uid=1000, gid=1000, mode=0100640, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510911 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510921 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512549 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: clean, 270789/30253056 files, 7305684/120991744 blocks
[[0m[31m* [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (41s / 5min 33s)
[K[[1;31m*[0m[31m* [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (41s / 5min 33s)
[K[[31m*[1;31m*[0m[31m* [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (42s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m* [0m] (2 of 8) A start job is running for Wait for Plymouth Boot Screen to Quit (42s / no limit)
[K[[32m OK [0m] Started LSB: Apache2 web server.
[ [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (48s / no limit)
[K[ [31m*[1;31m*[0m[31m*[0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (48s / no limit)
[K[ [31m*[1;31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (49s / 5min 33s)
[K[ [31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (49s / 5min 33s)
[K[ [31m*[1;31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (50s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m*[0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (50s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m* [0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (51s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m* [0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (51s / 5min 33s)
[K[[31m*[1;31m*[0m[31m* [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (52s / no limit)
[K[[1;31m*[0m[31m* [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (52s / no limit)
[K[[0m[31m* [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (53s / no limit)
[K[[1;31m*[0m[31m* [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (53s / 5min 33s)
[K[[31m*[1;31m*[0m[31m* [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (54s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m* [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (54s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m* [0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (55s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m*[0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (55s / 5min 33s)
[K[ [31m*[1;31m*[0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (56s / 5min 33s)
[K[ [31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (56s / 5min 33s)
[K[ [31m*[1;31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (57s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (57s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (58s / no limit)
[K[ [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (58s / no limit)
[K[[31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (59s / no limit)
[K[[1;31m*[0m[31m* [0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (59s / 5min 33s)
[K[[0m[31m* [0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (1min / 5min 33s)
[K[[1;31mFAILED[0m] Failed to start LSB: Starts amavisd-new mailfilter.
See 'systemctl status amavis.service' for details.
[[32m OK [0m] Started LSB: start Samba daemons for the AD DC.
[[32m OK [0m] Started LSB: start Samba NetBIOS nameserver (nmbd).
Starting LSB: start Samba SMB/CIFS daemon (smbd)...
[[32m OK [0m] Started LSB: start Samba SMB/CIFS daemon (smbd).
[[32m OK [0m] Started Detect the available GPUs and deal with any system changes.
Starting Light Display Manager... Authlos Teil 2 Code:
Apr 14 19:33:47 bbs-sophos polkit-agent-helper-1[2617]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:33:47 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 19:39:36 bbs-sophos polkit-agent-helper-1[6132]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:39:36 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 19:48:22 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny ipp14
Apr 14 19:48:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:22 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:48:32 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny ipps
Apr 14 19:48:32 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:32 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:48:44 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny LDP
Apr 14 19:48:44 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:44 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:48:53 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny lpd
Apr 14 19:48:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:54 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:49:13 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny 9100
Apr 14 19:49:13 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:49:13 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:49:53 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny CUPS
Apr 14 19:49:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:49:53 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:52:27 bbs-sophos polkit-agent-helper-1[10706]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:52:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.115 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:bbs)
Apr 14 19:58:34 bbs-sophos polkit-agent-helper-1[11476]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:58:34 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.119 [/usr/bin/python3 /usr/bin/gnome-language-selector] (owned by unix-user:bbs)
Apr 14 20:00:04 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 14 20:00:04 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 14 20:00:04 bbs-sophos pkexec[12385]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr 14 20:02:21 bbs-sophos dbus[693]: [system] Failed to activate service 'org.bluez': timed out
Apr 14 20:05:10 bbs-sophos polkit-agent-helper-1[12717]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 20:05:10 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.134 [/usr/bin/python3 /usr/bin/software-properties-gtk --open-tab 2 --toplevel 62914567] (owned by unix-user:bbs)
Apr 14 20:05:22 bbs-sophos systemd-logind[745]: System is rebooting.
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: New seat seat0.
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 14 20:09:40 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 14 20:09:40 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 14 20:09:40 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 14 20:09:40 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 14 20:09:40 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 14 20:09:40 bbs-sophos systemd-logind[785]: New session c1 of user lightdm.
Apr 14 20:09:40 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 14 20:09:44 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 14 20:09:44 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 14 20:09:44 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 14 20:09:44 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 14 20:09:44 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 14 20:10:09 bbs-sophos dbus[789]: [system] Failed to activate service 'org.bluez': timed out
Apr 14 20:10:14 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 14 20:10:14 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 14 20:10:14 bbs-sophos systemd-logind[785]: New session c2 of user bbs.
Apr 14 20:10:14 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The Secret Service was already initialized
Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The SSH agent was already initialized
Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The PKCS#11 component was already initialized
Apr 14 20:10:17 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.63 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:10:41 bbs-sophos dbus[789]: [system] Failed to activate service 'org.bluez': timed out
Apr 14 20:11:31 bbs-sophos dbus[789]: [system] Rejected send message, 7 matched rules; type="method_call", sender=":1.90" (uid=1000 pid=1896 comm="/usr/bin/python /usr/lib/ubuntu-sso-client/ubuntu-") interface="(unset)" member="Get" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 14 20:11:41 bbs-sophos systemd-logind[785]: Removed session c1.
Apr 14 20:11:41 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr 14 20:14:30 bbs-sophos polkit-agent-helper-1[1996]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=bbs rhost= user=bbs
Apr 14 20:14:37 bbs-sophos polkit-agent-helper-1[1997]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 20:14:37 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.change-repository for system-bus-name::1.86 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 20:14:48 bbs-sophos dbus[789]: [system] Rejected send message, 7 matched rules; type="method_call", sender=":1.94" (uid=1000 pid=2042 comm="/usr/bin/python /usr/lib/ubuntu-sso-client/ubuntu-") interface="(unset)" member="Get" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 14 20:17:01 bbs-sophos CRON[2464]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 14 20:17:01 bbs-sophos CRON[2464]: pam_unix(cron:session): session closed for user root
Apr 14 20:18:56 bbs-sophos dbus[789]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.110" (uid=0 pid=2526 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 14 20:22:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.debian.apt.change-repository for system-bus-name::1.86 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 20:28:01 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de
Apr 14 20:28:01 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:28:01 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:30:48 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install apturl
Apr 14 20:30:48 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:30:48 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:31:19 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de
Apr 14 20:31:19 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:31:19 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:31:37 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get autoremove
Apr 14 20:31:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:34:02 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:36:15 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de
Apr 14 20:36:15 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:36:15 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:39:39 bbs-sophos polkit-agent-helper-1[5760]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 20:39:39 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.119 [/usr/bin/python3 /usr/bin/update-manager] (owned by unix-user:bbs)
Apr 14 20:41:19 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 14 20:41:19 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 14 20:41:19 bbs-sophos pkexec[5784]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr 14 20:43:40 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:14682:228282 (system bus name :1.127 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:43:40 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:14682:228282 (system bus name :1.127, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Clam log.
Clam läuft überhaupt nicht, logs werden meist nicht erstellt, obwohl in config aktiviert und neuste version, dann werden ordner einfach ausgelassen, die ich zum scannen gewählt habe, Infizierte Datein kann ich nicht löschen oder in Quarantäne verschieben.
Trotzdem hier ein Log mit möglichen Infekten (fett) Code:
-------------------------------------------------------------------------------
----------- SCAN SUMMARY -----------
Known viruses: 4303757
Engine version: 0.98.7
Scanned directories: 475
Scanned files: 1711
Infected files: 0
Total errors: 3
Data scanned: 271.81 MB
Data read: 14823.12 MB (ratio 0.02:1)
Time: 48.963 sec (0 m 48 s)
ClamTk, v5.19
Sat Apr 16 01:38:46 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
/etc/suricata/rules
/lib/firmware/vxge
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/share/clamav-testfiles
/usr/share/mime
47 wahrscheinlich infizierte Bedrohungen gefunden (163333 Dateien untersucht).
/usr/share/clamav-testfiles/clam.sis PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ea05.exe PUA.Win.Packer.Upx-48
/usr/share/clamav-testfiles/clam.newc.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ppt PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.bin-be.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-pespin.exe PUA.Win.Packer.PESpin-1
/usr/share/clamav-testfiles/clam.pdf PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.binhex PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.tar.gz PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam_IScab_int.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-aspack.exe PUA.Win.Packer.Asprotect-3
/usr/share/clamav-testfiles/clam-nsis.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.szdd PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam_cache_emax.tgz Clamav.Test.File-6
/usr/share/clamav-testfiles/clam_ISmsi_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-yc.exe PUA.Win.Packer.ExeshieldCrypto-1
/usr/share/clamav-testfiles/clam-upack.exe PUA.Win.Packer.UPack-3
/usr/share/clamav-testfiles/clam.cab PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ole.doc PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ea06.exe PUA.Win.Packer.Upx-48
/usr/share/clamav-testfiles/clam.zip PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.bz2 PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-fsg.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.7z PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.rtf PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-upx.exe PUA.Win.Packer.Upx-29
/usr/share/clamav-testfiles/clam.impl.zip PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.chm PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-petite.exe PUA.Win.Packer.Petite-1
/usr/share/clamav-testfiles/clam.bin-le.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.bz2.zip PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.arj PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-v2.rar PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam_ISmsi_int.exe PUA.Win.Packer.SetupExeSection-1
/usr/share/clamav-testfiles/clam_IScab_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1
/usr/lib/mono/4.5/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8
/usr/lib/mono/4.0/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8
/etc/suricata/rules/emerging-web_server.rules PUA.Html.Trojan.Crypt-355
/etc/suricata/rules/emerging-deleted.rules Html.Trojan.Blackhole-65
/etc/suricata/rules/emerging-activex.rules PUA.Win.Tool.ActiveX_CVE_2009_1671-1
/usr/share/clamav-testfiles/clam-v3.rar PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-wwpack.exe PUA.Win.Packer.Mslrh-35
/usr/share/clamav-testfiles/clam.odc.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-mew.exe PUA.Win.Packer.MEW-1
/usr/share/clamav-testfiles/clam.d64.zip PUA.Win.Packer.AcprotectUltraprotect-1
----------------------------------------------------------------------------------------------------
ClamTk, v5.19
Sat Apr 16 03:48:31 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht).
Keine Bedrohungen gefunden.
---------------------------------------------
ClamTk, v5.19
Sat Apr 16 04:42:42 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
/media/bbs/WIN/2/Neuer Ordner
/media/bbs/WIN/7
/media/bbs/WIN/8
0 wahrscheinlich infizierte Bedrohungen gefunden (2446 Dateien untersucht).
Keine Bedrohungen gefunden.
---------------------------------------------
ClamTk, v5.19
Sat Apr 16 04:45:04 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht).
Keine Bedrohungen gefunden.
---------------------------------------------
ClamTk, v5.19
Sat Apr 16 04:46:50 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht).
Keine Bedrohungen gefunden.
---------------------------------------------
ClamTk, v5.19
Sat Apr 16 06:52:13 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
/etc/suricata/rules
/lib/firmware/vxge
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/share/clamav-testfiles
/usr/share/mime
47 wahrscheinlich infizierte Bedrohungen gefunden (181162 Dateien untersucht).
/usr/share/clamav-testfiles/clam.sis PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ea05.exe PUA.Win.Packer.Upx-48
/usr/share/clamav-testfiles/clam.newc.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ppt PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.bin-be.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-pespin.exe PUA.Win.Packer.PESpin-1
/usr/share/clamav-testfiles/clam.pdf PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.binhex PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.tar.gz PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam_IScab_int.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-aspack.exe PUA.Win.Packer.Asprotect-3
/usr/share/clamav-testfiles/clam-nsis.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.szdd PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam_cache_emax.tgz Clamav.Test.File-6
/usr/share/clamav-testfiles/clam_ISmsi_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-yc.exe PUA.Win.Packer.ExeshieldCrypto-1
/usr/share/clamav-testfiles/clam-upack.exe PUA.Win.Packer.UPack-3
/usr/share/clamav-testfiles/clam.cab PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ole.doc PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.ea06.exe PUA.Win.Packer.Upx-48
/usr/share/clamav-testfiles/clam.zip PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.bz2 PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-fsg.exe PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.7z PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.exe.rtf PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-upx.exe PUA.Win.Packer.Upx-29
/usr/share/clamav-testfiles/clam.impl.zip PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.chm PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-petite.exe PUA.Win.Packer.Petite-1
/usr/share/clamav-testfiles/clam.bin-le.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.bz2.zip PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam.arj PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-v2.rar PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam_ISmsi_int.exe PUA.Win.Packer.SetupExeSection-1
/usr/share/clamav-testfiles/clam_IScab_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1
/usr/lib/mono/4.5/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8
/usr/lib/mono/4.0/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8 /etc/suricata/rules/emerging-web_server.rules PUA.Html.Trojan.Crypt-355
/etc/suricata/rules/emerging-deleted.rules Html.Trojan.Blackhole-65 /etc/suricata/rules/emerging-activex.rules PUA.Win.Tool.ActiveX_CVE_2009_1671-1
/usr/share/clamav-testfiles/clam-v3.rar PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-wwpack.exe PUA.Win.Packer.Mslrh-35
/usr/share/clamav-testfiles/clam.odc.cpio PUA.Win.Packer.AcprotectUltraprotect-1
/usr/share/clamav-testfiles/clam-mew.exe PUA.Win.Packer.MEW-1
/usr/share/clamav-testfiles/clam.d64.zip PUA.Win.Packer.AcprotectUltraprotect-1
----------------------------------------------------------------------------------------------------
chkrootkit Code:
bbs@bbs-sophos:~$ sudo chkrootkit
[sudo] Passwort für bbs:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while...
nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults...
nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
/lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected Checking `lkm'... You have 3 process hidden for readdir command
You have 3 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets enp3s0: PACKET SNIFFER(/sbin/dhclient[6636])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user bbs deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1164 tty7 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected Im Übrigen: Übuntu gestern auf einer NEUEN Festplatte neu aufgesetzt (kein heruntergeladenes Image, sondern mit einer nicht wieder beschreibbaren CD von einer offiziellen Quelle installiert).
Zudem: keine Software aus dritten Quellen installiert (Außnahme: Cryptkeeper/ Clam von offiziellen Quellen), keine neuen Benutzer angelegt oder bestehende konfiguriert, kein ssh, cups, samba, VNC, rdp, bluetooth, filesharing oder sonstigen Schnickschnack konfiguriert oder genutzt.
Sufen und VirtualBox waren die Hauptaktivitären (Win10 Iso direkt von Mircosoft). |