Zurück   Trojaner-Board > Web/PC > Alles rund um Mac OSX & Linux

Alles rund um Mac OSX & Linux: Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR

Windows 7 Für alle Fragen rund um Mac OSX, Linux und andere Unix-Derivate.

Antwort
Alt 27.03.2016, 19:23   #61
Dante12
/// Mac Expert
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Zitat:
Und dasselbe mit dir, DU hast behauptet in den Logs des TO findet sich etwas, sülzt irgendwas rein, meinst da würde es ja Hinweise gaben aber nach mehreren Nachfragen, endlich mal die Stellen aus den Logs zu zitieren, kommt nur weiteres Gesülze -
Danke da brauche ich nicht mehr kommentieren.
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Alt 01.04.2016, 17:55   #62
dennissteins
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Einige Sachverhalte möchte ich im Folgenden nochmal klarstellen, da sich einige wundern, warum es hier nicht weiter geht.

a)Ich habe diesen seperaten Linux-Thread zum Titel gar nicht erstellt und wurde auch gar nicht gefragt, ob das für mich okay ist.

b) Der Titel des Threads fasst meine Infektionshypothese zusammen, und zwar im Rahmen des Kenntnisstsndes zum damaligen Zeitpunkt. Dieser hat sich bis heute weiterentwickelt, sodass ich von der o.g. Infektion nicht mehr ausgehen würde.

c) Meine Intention mit den Logs war es, möglichst viele Informationen zur Verfügung zu stellen, damit eine ich zügig nach fachlich Analyse eines Experten handeln kann.
Das ging nach hinten los und war mein Fehler.

d) Wie bereits von mir erwähnt setze ich mich erst seid 6 Monaten intensiver mit Linux auseinander, das sollte jedem Linux-Vertrauten deitlich signalisieten: hier kann ich wahrscheinlich keine dezidierte Rootkitanalye und Ubuntu oder andere erwarten.

Der Originalthread (Windows Schwerpunkt) steht im Diskussionsforum.

Ich dachte, die engagierten User hier sollten dafüber informiert werden, zumal hier bisher, trotz weniger Beteilugung deutlich ersthafter und und fachlich auf höhetem Niveau geantwortet als im Win-Abschnitt.
__________________

__________________

Alt 01.04.2016, 20:59   #63
Fragerin
/// TB-Senior
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Das Problem ist, dass du ganz viele Screenshots gepostet hast, von denen viele ganz normal aussehen, so dass es den Anschein eines "wahllosen" Postens hat, und dass du dich weigerst, zu erklären, wo denn nun auf diesen Screenshots dein Verdacht begründet ist. Also etwas konkretes dazu zu sagen und zu erklären. Ein oder zwei mit eindeutigen, präzise formulierten Fragen dazu hätten viel mehr gebracht und tun es vielleicht auch jetzt noch.
__________________
__________________

Alt 03.04.2016, 13:56   #64
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Hat er doch....loop devices sind seine "Beweise"
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2016, 02:22   #65
dennisstein
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Bevor meine Installation mir Ubuntu wieder ganz umsonst war, hier noch einige Logs, bevor ich wahrscheinlich wieder nach dem Runterfahen formatieren kann.

RKhunter Teil 1

Code:
ATTFilter
[05:46:01] Running Rootkit Hunter version 1.4.2 on bbs-sophos
[05:46:01]
[05:46:01] Info: Start date is Sa 16. Apr 05:46:01 CEST 2016
[05:46:01]
[05:46:01] Checking configuration file and command-line options...
[05:46:01] Info: Detected operating system is 'Linux'
[05:46:01] Info: Found O/S name: Ubuntu 15.10
[05:46:01] Info: Command line is /usr/bin/rkhunter -c
[05:46:01] Info: Environment shell is /bin/bash; rkhunter is using dash
[05:46:01] Info: Using configuration file '/etc/rkhunter.conf'
[05:46:01] Info: Installation directory is '/usr'
[05:46:01] Info: Using language 'en'
[05:46:01] Info: Using '/var/lib/rkhunter/db' as the database directory
[05:46:01] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[05:46:01] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin' as the command directories
[05:46:01] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[05:46:01] Info: No mail-on-warning address configured
[05:46:01] Info: X will be automatically detected
[05:46:01] Info: Using second color set
[05:46:01] Info: Found the 'basename' command: /usr/bin/basename
[05:46:01] Info: Found the 'diff' command: /usr/bin/diff
[05:46:01] Info: Found the 'dirname' command: /usr/bin/dirname
[05:46:01] Info: Found the 'file' command: /usr/bin/file
[05:46:01] Info: Found the 'find' command: /usr/bin/find
[05:46:01] Info: Found the 'ifconfig' command: /sbin/ifconfig
[05:46:01] Info: Found the 'ip' command: /sbin/ip
[05:46:01] Info: Found the 'ipcs' command: /usr/bin/ipcs
[05:46:01] Info: Found the 'ldd' command: /usr/bin/ldd
[05:46:01] Info: Found the 'lsattr' command: /usr/bin/lsattr
[05:46:01] Info: Found the 'lsmod' command: /sbin/lsmod
[05:46:01] Info: Found the 'lsof' command: /usr/bin/lsof
[05:46:01] Info: Found the 'mktemp' command: /bin/mktemp
[05:46:01] Info: Found the 'netstat' command: /bin/netstat
[05:46:01] Info: Found the 'perl' command: /usr/bin/perl
[05:46:01] Info: Found the 'pgrep' command: /usr/bin/pgrep
[05:46:01] Info: Found the 'ps' command: /bin/ps
[05:46:01] Info: Found the 'pwd' command: /bin/pwd
[05:46:01] Info: Found the 'readlink' command: /bin/readlink
[05:46:01] Info: Found the 'stat' command: /usr/bin/stat
[05:46:01] Info: Found the 'strings' command: /usr/bin/strings
[05:46:01] Info: System is not using prelinking
[05:46:01] Info: Using the '/usr/bin/sha256sum' command for the file hash checks
[05:46:01] Info: Stored hash values used hash function '/usr/bin/sha1sum'
[05:46:01] Info: Stored hash values did not use a package manager
[05:46:01] Info: The hash function field index is set to 1
[05:46:01] Info: No package manager specified: using hash function '/usr/bin/sha256sum'
[05:46:01] Info: Previous file attributes were stored
[05:46:01] Info: Enabled tests are: all
[05:46:01] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps apps
[05:46:01] Info: Found ksym file '/proc/kallsyms'
[05:46:01] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.
[05:46:01] Info: Using 'date' to process epoch second times
[05:46:01]
[05:46:01] Checking if the O/S has changed since last time...
[05:46:01] Info: Nothing seems to have changed.
[05:46:01] Info: Locking is not being used
[05:46:01]
[05:46:01] Starting system checks...
[05:46:01]
[05:46:01] Info: Starting test name 'system_commands'
[05:46:01] Checking system commands...
[05:46:01]
[05:46:01] Info: Starting test name 'strings'
[05:46:01] Performing 'strings' command checks
[05:46:02]   Scanning for string /usr/sbin/ntpsx             [ OK ]
[05:46:02]   Scanning for string /usr/sbin/.../bkit-ava      [ OK ]
[05:46:02]   Scanning for string /usr/sbin/.../bkit-d        [ OK ]
[05:46:02]   Scanning for string /usr/sbin/.../bkit-shd      [ OK ]
[05:46:02]   Scanning for string /usr/sbin/.../bkit-f        [ OK ]
[05:46:02]   Scanning for string /usr/include/.../proc.h     [ OK ]
[05:46:02]   Scanning for string /usr/include/.../.bash_history [ OK ]
[05:46:02]   Scanning for string /usr/include/.../bkit-get   [ OK ]
[05:46:02]   Scanning for string /usr/include/.../bkit-dl    [ OK ]
[05:46:02]   Scanning for string /usr/include/.../bkit-screen [ OK ]
[05:46:02]   Scanning for string /usr/include/.../bkit-sleep [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-adore.o   [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../ls             [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../netstat        [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../lsof           [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-ssh/bkit-mots [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../uconf.inv      [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../psr            [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../find           [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../pstree         [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../slocate        [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../du             [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../top            [ OK ]
[05:46:02]   Scanning for string /usr/sbin/...               [ OK ]
[05:46:02]   Scanning for string /usr/include/...            [ OK ]
[05:46:02]   Scanning for string /usr/include/.../.tmp       [ OK ]
[05:46:02]   Scanning for string /usr/lib/...                [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../.ssh           [ OK ]
[05:46:02]   Scanning for string /usr/lib/.../bkit-ssh       [ OK ]
[05:46:02]   Scanning for string /usr/lib/.bkit-             [ OK ]
[05:46:02]   Scanning for string /tmp/.bkp                   [ OK ]
[05:46:02]   Scanning for string /tmp/.cinik                 [ OK ]
[05:46:02]   Scanning for string /tmp/.font-unix/.cinik      [ OK ]
[05:46:02]   Scanning for string /lib/.sso                   [ OK ]
[05:46:02]   Scanning for string /lib/.so                    [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/clean      [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/dxr        [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/read       [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/write      [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/lf         [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/xl         [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/xdr        [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/psg        [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/secure     [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/rdx        [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/va         [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/cl.sh      [ OK ]
[05:46:02]   Scanning for string /var/run/...dica/last.log   [ OK ]
[05:46:02]   Scanning for string /usr/bin/.etc               [ OK ]
[05:46:02]   Scanning for string /etc/sshd_config            [ OK ]
[05:46:02]   Scanning for string /etc/ssh_host_key           [ OK ]
[05:46:02]   Scanning for string /etc/ssh_random_seed        [ OK ]
[05:46:02]   Scanning for string /dev/ptyp                   [ OK ]
[05:46:02]   Scanning for string /dev/ptyq                   [ OK ]
[05:46:02]   Scanning for string /dev/ptyr                   [ OK ]
[05:46:02]   Scanning for string /dev/ptys                   [ OK ]
[05:46:02]   Scanning for string /dev/ptyt                   [ OK ]
[05:46:02]   Scanning for string /dev/fd/.88/freshb-bsd      [ OK ]
[05:46:02]   Scanning for string /dev/fd/.88/fresht          [ OK ]
[05:46:02]   Scanning for string /dev/fd/.88/zxsniff         [ OK ]
[05:46:02]   Scanning for string /dev/fd/.88/zxsniff.log     [ OK ]
[05:46:02]   Scanning for string /dev/fd/.99/.ttyf00         [ OK ]
[05:46:02]   Scanning for string /dev/fd/.99/.ttyp00         [ OK ]
[05:46:02]   Scanning for string /dev/fd/.99/.ttyq00         [ OK ]
[05:46:02]   Scanning for string /dev/fd/.99/.ttys00         [ OK ]
[05:46:03]   Scanning for string /dev/fd/.99/.pwsx00         [ OK ]
[05:46:03]   Scanning for string /etc/.acid                  [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/sched_host.2   [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/random_d.2     [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/set_pid.2      [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/setrgrp.2      [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/TOHIDE         [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/cons.saver     [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/adore/ava/ava  [ OK ]
[05:46:03]   Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[05:46:03]   Scanning for string /bin/sysback                [ OK ]
[05:46:03]   Scanning for string /usr/local/bin/sysback      [ OK ]
[05:46:03]   Scanning for string /usr/lib/.tbd               [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/t0rns     [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/du        [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/ls        [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/t0rnsb    [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/ps        [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/t0rnp     [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/find      [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/ifconfig  [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/pg        [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/ssh.tgz   [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/top       [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/sz        [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/login     [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/1i0n.sh   [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/pstree    [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/mjy       [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/sush      [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/tfn       [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/name      [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/getip.sh  [ OK ]
[05:46:03]   Scanning for string /usr/info/.torn/sh*         [ OK ]
[05:46:03]   Scanning for string /usr/src/.puta/.1addr       [ OK ]
[05:46:03]   Scanning for string /usr/src/.puta/.1file       [ OK ]
[05:46:03]   Scanning for string /usr/src/.puta/.1proc       [ OK ]
[05:46:03]   Scanning for string /usr/src/.puta/.1logz       [ OK ]
[05:46:03]   Scanning for string /usr/info/.t0rn             [ OK ]
[05:46:03]   Scanning for string /dev/.lib                   [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib               [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib           [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/lib/dev       [ OK ]
[05:46:03]   Scanning for string /dev/.lib/lib/scan          [ OK ]
[05:46:03]   Scanning for string /usr/src/.puta              [ OK ]
[05:46:03]   Scanning for string /usr/man/man1/man1          [ OK ]
[05:46:03]   Scanning for string /usr/man/man1/man1/lib      [ OK ]
[05:46:03]   Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[05:46:03]   Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[05:46:03]
[05:46:03] Info: Starting test name 'shared_libs'
[05:46:03] Performing 'shared libraries' checks
[05:46:03]   Checking for preloading variables               [ None found ]
[05:46:03]   Checking for preloaded libraries                [ None found ]
[05:46:03]
[05:46:03] Info: Starting test name 'shared_libs_path'
[05:46:03]   Checking LD_LIBRARY_PATH variable               [ Not found ]
[05:46:03]
[05:46:03] Info: Starting test name 'properties'
[05:46:03] Performing file properties checks
[05:46:03]   Checking for prerequisites                      [ OK ]
[05:46:05]   /usr/sbin/adduser                               [ Warning ]
[05:46:05] Warning: The file properties have changed:
[05:46:05]          File: /usr/sbin/adduser
[05:46:06]          Current hash: b26732ab356b3fa5e2e4a053e9a92cdaeb8c48197810701d38f3fbb4811741aa
[05:46:06]          Stored hash : 966f3c9cd1f833d35f85a790ad3efb9c312102c5
[05:46:06] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[05:46:06]   /usr/sbin/chroot                                [ Warning ]
[05:46:06] Warning: The file properties have changed:
[05:46:06]          File: /usr/sbin/chroot
[05:46:06]          Current hash: abfbf805ef5d26118b56f9058648d4741b65a440ad2c0efbdd2c4e126f9eceb3
[05:46:06]          Stored hash : b590f922e1b90d941f6e17c1e8628f88c1e7d1bd
[05:46:06]   /usr/sbin/cron                                  [ Warning ]
[05:46:06] Warning: The file properties have changed:
[05:46:06]          File: /usr/sbin/cron
[05:46:06]          Current hash: 0ac0dec694553e356cdf565ea9a2f8dda3b23e7cdd8d54bce5b6f2165db5724f
[05:46:06]          Stored hash : e0e91267e6a79646ed8cafd102a9e98fad435d5d
[05:46:06]   /usr/sbin/groupadd                              [ Warning ]
[05:46:06] Warning: The file properties have changed:
[05:46:06]          File: /usr/sbin/groupadd
[05:46:06]          Current hash: e2ee45e23194cdb414593cb2660db0b095dff8d00f0d15d7844964c39e5f7b5a
[05:46:06]          Stored hash : 90765d5b2f9f3418f8020e0c363a8f116d5c3ad1
[05:46:06]   /usr/sbin/groupdel                              [ Warning ]
[05:46:06] Warning: The file properties have changed:
[05:46:06]          File: /usr/sbin/groupdel
[05:46:06]          Current hash: 1bc6869cf0b2202491a5cff66a4b601b75d559f623d3088753bc94fcb5d60cfd
[05:46:06]          Stored hash : 39b301863c076a3bab345d63b3a6ebbba45573ec
[05:46:06]   /usr/sbin/groupmod                              [ Warning ]
[05:46:06] Warning: The file properties have changed:
[05:46:06]          File: /usr/sbin/groupmod
[05:46:06]          Current hash: 6fe6eb53b180de1893a0897661e3293a67bfeff37b3d5c6d339f027263c50a15
[05:46:06]          Stored hash : b644c5d54d66eba10947481267a3d0058a3ec304
[05:46:06]   /usr/sbin/grpck                                 [ Warning ]
[05:46:06] Warning: The file properties have changed:
[05:46:06]          File: /usr/sbin/grpck
[05:46:06]          Current hash: 0f343ae25c43e9228fbafdc2d9dee1d060dab41a55b17a5a2889bdf14a5c59e8
[05:46:06]          Stored hash : dbf2960bb15d27431d1fcdb326171b516ddeb50f
[05:46:07]   /usr/sbin/nologin                               [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/nologin
[05:46:07]          Current hash: 271a3219f26d7a71acaf17fca7ddc46a6b7ee1030e81ab86d9af63c46f209441
[05:46:07]          Stored hash : 522d03d335ba14e6b2edf8340c79757f84d43722
[05:46:07]   /usr/sbin/pwck                                  [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/pwck
[05:46:07]          Current hash: f3c3150240844035dcb780b11cf269e11bfb2cecdd8e1edf6d11b471b38b8390
[05:46:07]          Stored hash : 618886ceff8fc66a0c2edb1ca1638b6b268beedd
[05:46:07]   /usr/sbin/rsyslogd                              [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/rsyslogd
[05:46:07]          Current hash: 4fe70817c471d5f63c4cacc3ae28545eeb8c4101c03c5d78e53bed549a5eda95
[05:46:07]          Stored hash : e73ef3c5ff970d52b435a7f35f18a25008501143
[05:46:07]   /usr/sbin/tcpd                                  [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/tcpd
[05:46:07]          Current hash: e2f6d28d83953dcec5d713ba2015b23531864df372a1aa57c4ca8790b0d07b6c
[05:46:07]          Stored hash : cd9cfc19df7f0e4b7f9adfa4fe8c5d74caa53d86
[05:46:07]   /usr/sbin/useradd                               [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/useradd
[05:46:07]          Current hash: b636841e0997c2b6f3733b75b9a457e554def076ff30af989ac9f121be876557
[05:46:07]          Stored hash : 23961f70e84104790f9b6963425ab74ea6b97ec3
[05:46:07]   /usr/sbin/userdel                               [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/userdel
[05:46:07]          Current hash: 3487ce49e0e8e37778a6a7937d2b392ca3f12f0a51f233d0e05bf8e2e7d12665
[05:46:07]          Stored hash : 3abe2675ce163f322c7dd4dc5a82a9c22d846ef1
[05:46:07]   /usr/sbin/usermod                               [ Warning ]
[05:46:07] Warning: The file properties have changed:
[05:46:07]          File: /usr/sbin/usermod
[05:46:07]          Current hash: 362a72fb83de4bb621ecf8caebbd0a44c80de12824230a785e88a36c0a5a2b96
[05:46:07]          Stored hash : d3ad3f3f0257b18fc7eb2511f65cd9546caf2196
[05:46:08]   /usr/sbin/vipw                                  [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/sbin/vipw
[05:46:08]          Current hash: e43edf7a25c5e198590bb05ceb104e1a3bebf93105a71ea4aa72785377f6905d
[05:46:08]          Stored hash : 3e2318b9a6f147d9eb73b8022aea0df4dfd61729
[05:46:08]   /usr/sbin/unhide-linux                          [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/sbin/unhide-linux
[05:46:08]          Current hash: a41da60d4325d0805899b019f13ece793a2d9554cd667380bab8bb93a41b8332
[05:46:08]          Stored hash : b0a4f70f4284f3a0839f1ed33d15ec01b7ec8083
[05:46:08]   /usr/sbin/unhide-posix                          [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/sbin/unhide-posix
[05:46:08]          Current hash: 589b2bfe9200677cf4a213488217ce06c70acfc62d666eaaf2fcc68a832714d2
[05:46:08]          Stored hash : 14defd2522a5becafff2d7a6b4192d194c3b096e
[05:46:08]   /usr/sbin/unhide-tcp                            [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/sbin/unhide-tcp
[05:46:08]          Current hash: 92a492bda0c9277e0481ad1f3efc71eceb9a4ee3b04b897564c79402c8a143ce
[05:46:08]          Stored hash : 67d8f617e9e067c235e53d591f6ce64a7b65ab00
[05:46:08]   /usr/bin/awk                                    [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/bin/awk
[05:46:08]          Current hash: 91c3e9551264fc2b8a46a104715d51c13d717460f460e5d0d97295c69196ed1c
[05:46:08]          Stored hash : 3462fce89f3e37f0419cf118d90d6c36887e1609
[05:46:08]   /usr/bin/basename                               [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/bin/basename
[05:46:08]          Current hash: 0d173084775292059489a60ebd9978fd5202e58ff8d4c08a4a77e4148c9fc339
[05:46:08]          Stored hash : ce119e2c0d99b8d0fede01cbd565f16472b6f6c4
[05:46:08]   /usr/bin/chattr                                 [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/bin/chattr
[05:46:08]          Current hash: 8bed510f9778a9b9350ea811230f56f2389ffa1bbda595b1f1d31c328d174b8a
[05:46:08]          Stored hash : 2d34b4c7aa564c82c8e6f98c1ffb6db783a841b2
[05:46:08]   /usr/bin/curl                                   [ Warning ]
[05:46:08] Warning: The file properties have changed:
[05:46:08]          File: /usr/bin/curl
[05:46:08]          Current hash: be7fc9358c59203365c697aa690c199e3b82a4f434f0fc17645adef2943a3999
[05:46:08]          Stored hash : ebdfdee34ae05e35ce7e14f2850b53aa3d5f11cf
[05:46:08]   /usr/bin/cut                                    [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/cut
[05:46:09]          Current hash: c3dabc16adbc435346c16c27a93da2f594e8a2b1a997d635316dbe6c722453e6
[05:46:09]          Stored hash : 7b896a784f3251a73ae95ea3edc7517252b956a5
[05:46:09]   /usr/bin/diff                                   [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/diff
[05:46:09]          Current hash: cd61d2739c43aba7bacc478e1ab790d53bab55802ca662e6b1aac98e90f0bd4e
[05:46:09]          Stored hash : 907ea004a7830cc53fe53db52c26b16fdf17d5ee
[05:46:09]   /usr/bin/dirname                                [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/dirname
[05:46:09]          Current hash: b3b8d2b9675c0fc522387e7cd7b871bf1fb006b26536a097a66fb828ee42ad4c
[05:46:09]          Stored hash : d9f380f1216303d7db1af6538db4561a90537e53
[05:46:09]   /usr/bin/dpkg                                   [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/dpkg
[05:46:09]          Current hash: 75869329a6e4836540f6668faa742b7924d0dbabe124251184e538e3b360fffa
[05:46:09]          Stored hash : cd56737010133a0c5b85b060d33b1cd21d63050a
[05:46:09]   /usr/bin/dpkg-query                             [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/dpkg-query
[05:46:09]          Current hash: 4b52d7f69c86b7ef392e6207edfa44f11fed9b3487114ecaa7dedb8255cf31cd
[05:46:09]          Stored hash : a7aaa69d65a03133c55eceb5d388ada61ec30272
[05:46:09]   /usr/bin/du                                     [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/du
[05:46:09]          Current hash: 9a77c3b4e2859c9a1d3e31cda513964ce1602132fb994a8ba59e82e64a138f43
[05:46:09]          Stored hash : fc798299cdaf4243b70f7cced589f808457328a2
[05:46:09]   /usr/bin/env                                    [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/env
[05:46:09]          Current hash: 6e7eb2d4f3c12afc67e9cd64db7c38b9994626893e1a5cb394bbf32d02852ba2
[05:46:09]          Stored hash : 14996bf223a4f47c02505c2eb82996b31127e322
[05:46:09]   /usr/bin/file                                   [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/file
[05:46:09]          Current hash: 2749099cfeb3834bd6a255dd9cc26d0e6796254a8fa93be1cb922af463a8d50d
[05:46:09]          Stored hash : a796fca1bea54b05cea8a88be0f51a9f9e1f6f40
[05:46:09]   /usr/bin/find                                   [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/find
[05:46:09]          Current hash: f547b976f28c2edcb5fbe1f1c2969ed5123cf7af1ff2802b7355b2acd6959d33
[05:46:09]          Stored hash : 0976ef2017360581ede6489c04723dc9d8e630d7
[05:46:09]   /usr/bin/GET                                    [ Warning ]
[05:46:09] Warning: The file properties have changed:
[05:46:09]          File: /usr/bin/GET
[05:46:09]          Current hash: b38bbacb975fd69981a8bd41d866c9af75ededd2c5a4d6118b4b41aeb328ac72
[05:46:09]          Stored hash : e6e5247e0710669383e14160d54396fca4a1ede2
[05:46:10]   /usr/bin/groups                                 [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/groups
[05:46:10]          Current hash: 199a3b5d0772072dc1abb92c279b49e255e7fa4cc51eb59ecaa44550d52acc15
[05:46:10]          Stored hash : ac12db00ed48f79ee94535a483c0a199ab517e02
[05:46:10]   /usr/bin/head                                   [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/head
[05:46:10]          Current hash: fc22d2def2c4603c202e0ac66f979dc2ad3c9fea075e6941ab78f74a8cfebe02
[05:46:10]          Stored hash : 26cad14006da2c88c8c0c9b67c6bd9beec0517a8
[05:46:10]   /usr/bin/id                                     [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/id
[05:46:10]          Current hash: f425012c7175a97fb6829634ead4d58a9449f25ac3f8307dac9a6c4ccd0873cb
[05:46:10]          Stored hash : e1177f196b86a87da25bd6b3dace2e7874ef055a
[05:46:10]   /usr/bin/killall                                [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/killall
[05:46:10]          Current hash: 2641776193b7a6d0ee4931bfdca253b3f1ebad0c74c2eec871fc6e453439cbc3
[05:46:10]          Stored hash : 1034dea61785a938d0f468006319ebf140640201
[05:46:10]   /usr/bin/last                                   [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/last
[05:46:10]          Current hash: 988a6fe34da3d00dd7aa89112d6b38cfaa5ec4ca9e3dd525138b69927f7d20e3
[05:46:10]          Stored hash : 52d5bf4d24fb66a71cea6758419d27f59ff2b491
[05:46:10]   /usr/bin/lastlog                                [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/lastlog
[05:46:10]          Current hash: 43fff3bb733fbfae76c26724d54c8ae11c1ae921d90bc57b75e12d858175d3f2
[05:46:10]          Stored hash : 6d3371aa78bf864657dfd4df06177476db1162e8
[05:46:10]   /usr/bin/ldd                                    [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/ldd
[05:46:10]          Current hash: 7b253d20dcc8c0d57e1e15bdae100f57e1a3a80e6e5c7b5940f695a2dba5c622
[05:46:10]          Stored hash : 5d8d12cb912aae4d6bbce8d38d0ea73ddd76c7de
[05:46:10] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[05:46:10]   /usr/bin/less                                   [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/less
[05:46:10]          Current hash: 9d5de353eac7bbb6266e84b0ad7766216a6e65e6538a36360a0ea00d2287e054
[05:46:10]          Stored hash : 77ba0b7718b53ac019808400592d7c7f1a736e5d
[05:46:10]   /usr/bin/locate                                 [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/locate
[05:46:10]          Current hash: af93ee08472682d0b305071af17ddceca819b067f4b748cb3280d0a0cc8c8f23
[05:46:10]          Stored hash : 1e1017d8cc4ec3fec5de286391d288889679da98
[05:46:10]   /usr/bin/logger                                 [ Warning ]
[05:46:10] Warning: The file properties have changed:
[05:46:10]          File: /usr/bin/logger
[05:46:10]          Current hash: fd0dc190a2f44b4d1e5024aa9313879832524a0279031eead78224747886788c
[05:46:10]          Stored hash : cfdc862738d9740dc424e6efc9ee9a4f9d19383a
[05:46:11]   /usr/bin/lsattr                                 [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/lsattr
[05:46:11]          Current hash: 12562937b0c0ce92cc9e50348a4a184939e8516e3af8d958508aad1346d0d2be
[05:46:11]          Stored hash : 54faffe2cf9e65b88babb971b9e17b46d4af8bf4
[05:46:11]   /usr/bin/lsof                                   [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/lsof
[05:46:11]          Current hash: dd8553477e01410b5f8e955603510ee70c48b679bef6a611b135049bb1cd2080
[05:46:11]          Stored hash : a09e74f493b075c6febaa4fbeb0a59445f404937
[05:46:11]   /usr/bin/mail                                   [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/mail
[05:46:11]          Current hash: 760699dbec6e9ab1f6fdda9a9373a7bc5b8708fe60ce39fba58f952e3d099444
[05:46:11]          Stored hash : ae529220b04d2551a08d0ab4b7d13d1c6a4a2830
[05:46:11]   /usr/bin/md5sum                                 [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/md5sum
[05:46:11]          Current hash: d2feabf9a41ac50c7bfc7d3060997a4f927f0b0c339daa8fbe8a55d2f943b979
[05:46:11]          Stored hash : 3a37187f60dc9259e7e1f648b5291ca7b1e389e0
[05:46:11]   /usr/bin/mlocate                                [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/mlocate
[05:46:11]          Current hash: af93ee08472682d0b305071af17ddceca819b067f4b748cb3280d0a0cc8c8f23
[05:46:11]          Stored hash : 1e1017d8cc4ec3fec5de286391d288889679da98
[05:46:11]   /usr/bin/newgrp                                 [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/newgrp
[05:46:11]          Current hash: 7f34d2c65c974696b4f9bf74460fd4ae24063d6bcec6533b62c89cf5bfa082f6
[05:46:11]          Stored hash : f53350f9a469b43997bc7ee663045bdaf646d62c
[05:46:11]   /usr/bin/passwd                                 [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/passwd
[05:46:11]          Current hash: ed0d7e84c0f1e56c092c4939de549ec67968a252257d9d90c369a8bb207809b3
[05:46:11]          Stored hash : 6b1f0bea85a7585914d78621ff205854d01acc08
[05:46:11]   /usr/bin/perl                                   [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/perl
[05:46:11]          Current hash: c980066b572f250b51f59ccdd75b8321a8e164523e9edfa6ea876d45d832e91c
[05:46:11]          Stored hash : db619fc87b82c399c83cb672a19588774f0b0f9b
[05:46:11]   /usr/bin/pgrep                                  [ Warning ]
[05:46:11] Warning: The file properties have changed:
[05:46:11]          File: /usr/bin/pgrep
[05:46:11]          Current hash: fc7d8bb813af089fbe9d2badcb6caff1f600c8b62ee33ff64ac7f4529bf4a855
[05:46:12]          Stored hash : 0fd5048e0acf92556960ac173fa4471c9e573b4c
[05:46:12]   /usr/bin/pkill                                  [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/pkill
[05:46:12]          Current hash: fc7d8bb813af089fbe9d2badcb6caff1f600c8b62ee33ff64ac7f4529bf4a855
[05:46:12]          Stored hash : 0fd5048e0acf92556960ac173fa4471c9e573b4c
[05:46:12]   /usr/bin/pstree                                 [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/pstree
[05:46:12]          Current hash: f5f9af545b0cd9a104187b728e94509ca42ca7d19f6c1e92107f58ac89907b74
[05:46:12]          Stored hash : 4e21b8ea426b1e10f7df78e9bf445a84cee36c66
[05:46:12]   /usr/bin/rkhunter                               [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/rkhunter
[05:46:12]          Current hash: 522f8c9953f068b9f4d9b861ff3c162751ffc3324963b17617d0bbbc22227bba
[05:46:12]          Stored hash : be0db8f6e638164cc6abcaebc34f90cb9a832182
[05:46:12]   /usr/bin/runcon                                 [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/runcon
[05:46:12]          Current hash: 6ef25abf93a863881ba78c476f3e5859b84459447e41d7b2c9f52a635fcc749c
[05:46:12]          Stored hash : f52469f966b0f662a0b2d0b24b6c692a299ef600
[05:46:12]   /usr/bin/sha1sum                                [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/sha1sum
[05:46:12]          Current hash: e510792a4ececb78e32e2d07f1cebc8a8649438d86dd5400704f3b5937a627c1
[05:46:12]          Stored hash : e36cc1b35ba13f163c8481ec9b196a0e51a725d0
[05:46:12]   /usr/bin/sha224sum                              [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/sha224sum
[05:46:12]          Current hash: 69fa215cb61af5d45f773fbb939635f33a859d44e41dad6f9c08761b401e9e78
[05:46:12]          Stored hash : bc2abe93e0e7749c9d1261c4ce5d0649187fea7e
[05:46:12]   /usr/bin/sha256sum                              [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/sha256sum
[05:46:12]          Current hash: f855e9d7453561022df38f695ad7daba93c8fd1a3c6dae534ad665265232120f
[05:46:12]          Stored hash : 48cc1aee4a00d85ccaa885cec994ef4bece90593
[05:46:12]   /usr/bin/sha384sum                              [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/sha384sum
[05:46:12]          Current hash: fa6df178ac6cc70cabd2ec9ab2de4efe5cb6e2eced25413d0c6cba347e892c63
[05:46:12]          Stored hash : cb6d6e6fc9d236fc12946add2620d7aafe42d373
[05:46:12]   /usr/bin/sha512sum                              [ Warning ]
[05:46:12] Warning: The file properties have changed:
[05:46:12]          File: /usr/bin/sha512sum
[05:46:12]          Current hash: 69ee6b50010f6a5a09cc2a2daa3836ed31d4e4f7a277490e759f81e81401464f
[05:46:12]          Stored hash : 4240d540620baa729899a3b942d18891199025e8
[05:46:13]   /usr/bin/size                                   [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/size
[05:46:13]          Current hash: fd068f1b22fd74204858cff7f3b3e3a493a1971c0c70802582ae39362f7ff705
[05:46:13]          Stored hash : 06111baaed602204a5ee1c5051e98bc9076860f5
[05:46:13]   /usr/bin/sort                                   [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/sort
[05:46:13]          Current hash: b2ab7b5c56c363bbadef4f0a75345917ea53fe9015cc64908d18773eaabf0c93
[05:46:13]          Stored hash : a6a9fbf310ec415544bef74993d16896186dee9e
[05:46:13]   /usr/bin/ssh                                    [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/ssh
[05:46:13]          Current hash: 2b5d0118c7b5401b8466683564662e0799752952b8f537b18fae638a491c45af
[05:46:13]          Stored hash : 8a13fbb97c609d2dff08150a8e11870e3da3c984
[05:46:13]   /usr/bin/stat                                   [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/stat
[05:46:13]          Current hash: 7dd1ba73896e9e6f76bce7fea951086f3f6aefd416d21f891070611ef84f8871
[05:46:13]          Stored hash : 1a3e07652ca5227bbe9b7c88f529bcedf21c2843
[05:46:13]   /usr/bin/strace                                 [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/strace
[05:46:13]          Current hash: 2d20afd0ae46abb8ef442bd39bf602b1ad6dd8bc8be4bd6cb9fc69ba9afd8f55
[05:46:13]          Stored hash : 01bb37ec082045f3d4d39c5f48df607e09f9882e
[05:46:13]   /usr/bin/strings                                [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/strings
[05:46:13]          Current hash: d021a5d313adc2edbb7e5baaa8b75a6db8b888ede9a784679642b0e060719e02
[05:46:13]          Stored hash : 9641523123f6abbef34a36bd995457f319482404
[05:46:13]   /usr/bin/sudo                                   [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/sudo
[05:46:13]          Current hash: 2ad491f3dbdac3ff40b46565d253e5e84e653af7c05d5cca2fa8848f46e49ee8
[05:46:13]          Stored hash : a0dac5cc4b520e4cd45e9cfed381ac66960f40a2
[05:46:13]   /usr/bin/tail                                   [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/tail
[05:46:13]          Current hash: 82bd160a5ce7246f0951793940319e690a95ec2aa59a9a42f8b91e5150358696
[05:46:13]          Stored hash : 7e4988299aee8129cd129f06fef6688cbf8fe0f7
[05:46:13]   /usr/bin/telnet                                 [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/telnet
[05:46:13]          Current hash: d3379c3587823675a2324fefe702c25f52776bc47cab73d7c128e82426887583
[05:46:13]          Stored hash : 6bda2713e3bb0d48c4919606e0c24e132175d855
[05:46:13]   /usr/bin/test                                   [ Warning ]
[05:46:13] Warning: The file properties have changed:
[05:46:13]          File: /usr/bin/test
[05:46:13]          Current hash: e6e8a3610ff040c8e75eb2dd3e4aace7e2181caf13a36a9fddc66df6d9aed407
[05:46:13]          Stored hash : 367e4e59dfe36b96dcf34bae9a2c5d2e5b0acd40
[05:46:14]   /usr/bin/top                                    [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/top
[05:46:14]          Current hash: 3b9a065ac4a781ca70052c8b09cb11a4b519cd4a486872209156f2fa89c3c672
[05:46:14]          Stored hash : 3dbd0cad6dcda87f1ee81597fbe9d4472ffaa28c
[05:46:14]   /usr/bin/touch                                  [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/touch
[05:46:14]          Current hash: 592bf9c6a1204f9a2adc782d410677c7eca3af1b8134caf85c54e1e9b75c39b9
[05:46:14]          Stored hash : 3d11398da75dcee8dc34204a5a4624e5ee45b5ea
[05:46:14]   /usr/bin/tr                                     [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/tr
[05:46:14]          Current hash: 5281bd37d76657804dabf24e534659e0f5801825981ddbc85e6a8e3464c090dc
[05:46:14]          Stored hash : a99a52338eb13d36873116a7734d83dda5f3ceea
[05:46:14]   /usr/bin/uniq                                   [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/uniq
[05:46:14]          Current hash: 962b6401f2e0ef8ee8da90c7b2927b9149f613d118413aff6f68bd81443654b3
[05:46:14]          Stored hash : 98e5d7cb9890667d210f4b37df6ff25c0fa2e177
[05:46:14]   /usr/bin/users                                  [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/users
[05:46:14]          Current hash: 0cf97082d0dcb5939212b73f991f6ab11790dcd4ed1d490865a4b92583af19ac
[05:46:14]          Stored hash : 7a4f62fae74b51fcb8290beae14f3778df2b8663
[05:46:14]   /usr/bin/vmstat                                 [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/vmstat
[05:46:14]          Current hash: 955360adb7fa8a69f2d67371540da272d2f3a5e2d14e77fa8ea7d3412fe7ea78
[05:46:14]          Stored hash : a5fa50efebb7282c80e807c00c0776a4f5233c20
[05:46:14]   /usr/bin/w                                      [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/w
[05:46:14]          Current hash: 4acf846dd7c29c028a9453804b98483778390053011c132d7dec96e07d9149be
[05:46:14]          Stored hash : 84b1649d3c541fd2d81d361c24b7338588865c68
[05:46:14]   /usr/bin/watch                                  [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/watch
[05:46:14]          Current hash: b484860d2bd3ad2371974778a0662b806101b4102fd5ea69664d058571ff1cbb
[05:46:14]          Stored hash : 22e384388a0bf9ea1d01ff3970391318985bb8bb
[05:46:14]   /usr/bin/wc                                     [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/wc
[05:46:14]          Current hash: 23c06d7658ae3f4f11d9a71da847ee7e27c1d18efdcdf22719f133e7977f9e63
[05:46:14]          Stored hash : 7a1f65b4bc0f15bdf68409d8897552b7da393b2e
[05:46:14]   /usr/bin/wget                                   [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/wget
[05:46:14]          Current hash: 6c72ef6959f9be21b4693d4a0d3cf2f0706f24ca5e9a451ba5a291db9f1dd469
[05:46:14]          Stored hash : 24c983093f5ff807650b7582934012eed64812d8
[05:46:14]   /usr/bin/whatis                                 [ Warning ]
[05:46:14] Warning: The file properties have changed:
[05:46:14]          File: /usr/bin/whatis
[05:46:14]          Current hash: 7c8ca90f64b33c15f9a8a7983952b59742b7f8d5063a3c41b7bb27cb7565c93d
[05:46:15]          Stored hash : 5f5903825c61b0c7b9e1cb0f291c3ddb8e327609
[05:46:15]   /usr/bin/whereis                                [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/whereis
[05:46:15]          Current hash: 7c0758c09b3148c54492977a342f8c532a438c59a7fd512eacf29b0767994968
[05:46:15]          Stored hash : cbf487a9a88566d15dc1bdab9be9eb315e636c2d
[05:46:15]   /usr/bin/which                                  [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/which
[05:46:15]          Current hash: 7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b
[05:46:15]          Stored hash : cd2cdf42c04fba4123f4b8f12bca9bbd76552c95
[05:46:15]   /usr/bin/who                                    [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/who
[05:46:15]          Current hash: f1dd6dc503c8a7a868285c41509f6f457f8143668b4f89629c4bb6f96369b3db
[05:46:15]          Stored hash : 2376e2db78736e8b4663840e26e947bef0c51286
[05:46:15]   /usr/bin/whoami                                 [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/whoami
[05:46:15]          Current hash: 3277d2ecc82f7fa37e906929615ab464be685986388755ed709c8406ede8e250
[05:46:15]          Stored hash : ee9517192f8434384c3956f18a49b507bd00bbff
[05:46:15]   /usr/bin/unhide                                 [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/unhide
[05:46:15]          Current hash: a41da60d4325d0805899b019f13ece793a2d9554cd667380bab8bb93a41b8332
[05:46:15]          Stored hash : b0a4f70f4284f3a0839f1ed33d15ec01b7ec8083
[05:46:15]   /usr/bin/mawk                                   [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/mawk
[05:46:15]          Current hash: 91c3e9551264fc2b8a46a104715d51c13d717460f460e5d0d97295c69196ed1c
[05:46:15]          Stored hash : 3462fce89f3e37f0419cf118d90d6c36887e1609
[05:46:15]   /usr/bin/lwp-request                            [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/lwp-request
[05:46:15]          Current hash: b38bbacb975fd69981a8bd41d866c9af75ededd2c5a4d6118b4b41aeb328ac72
[05:46:15]          Stored hash : e6e5247e0710669383e14160d54396fca4a1ede2
[05:46:15]   /usr/bin/bsd-mailx                              [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/bsd-mailx
[05:46:15]          Current hash: 760699dbec6e9ab1f6fdda9a9373a7bc5b8708fe60ce39fba58f952e3d099444
[05:46:15]          Stored hash : ae529220b04d2551a08d0ab4b7d13d1c6a4a2830
[05:46:15]   /usr/bin/telnet.netkit                          [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/telnet.netkit
[05:46:15]          Current hash: d3379c3587823675a2324fefe702c25f52776bc47cab73d7c128e82426887583
[05:46:15]          Stored hash : 6bda2713e3bb0d48c4919606e0c24e132175d855
[05:46:15]   /usr/bin/w.procps                               [ Warning ]
[05:46:15] Warning: The file properties have changed:
[05:46:15]          File: /usr/bin/w.procps
[05:46:15]          Current hash: 4acf846dd7c29c028a9453804b98483778390053011c132d7dec96e07d9149be
[05:46:15]          Stored hash : 84b1649d3c541fd2d81d361c24b7338588865c68
[05:46:16]   /sbin/depmod                                    [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/depmod
[05:46:16]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:16]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:16]   /sbin/fsck                                      [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/fsck
[05:46:16]          Current hash: f2fe40a64cd998f49ca36918410559243eab39cb417b661eeaf1864aa8f07e36
[05:46:16]          Stored hash : 8850b196d1ae72ecb933d16a73d6b2ed3c4907d0
[05:46:16]   /sbin/ifconfig                                  [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/ifconfig
[05:46:16]          Current hash: 44731bbb6523d8bbfdcc09e2eb6f8341524c0656ef8ab6c62ed758afac95140c
[05:46:16]          Stored hash : add07092b8f96e5c0d36be45d53692ace3a8d34b
[05:46:16]   /sbin/ifdown                                    [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/ifdown
[05:46:16]          Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2
[05:46:16]          Stored hash : 284790aec5ad6cee524b309788f039348ee85a51
[05:46:16]   /sbin/ifup                                      [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/ifup
[05:46:16]          Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2
[05:46:16]          Stored hash : 284790aec5ad6cee524b309788f039348ee85a51
[05:46:16]   /sbin/init                                      [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/init
[05:46:16]          Current hash: 97089b739ae4727d312eff88901d5c088f29f72f878c8213112e41559e46bcf9
[05:46:16]          Stored hash : f27f7f1a84e12120e587148aa6e97c5545c7f909
[05:46:16]   /sbin/insmod                                    [ Warning ]
[05:46:16] Warning: The file properties have changed:
[05:46:16]          File: /sbin/insmod
[05:46:16]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:17]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:17]   /sbin/ip                                        [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/ip
[05:46:17]          Current hash: d1a0a23a3a2686957237b350516569184af7d5a494b6b4443510fa1ae4784891
[05:46:17]          Stored hash : ce5da9e0fb5f58ce574c6bf5dcc6781a8a36e5d3
[05:46:17]   /sbin/lsmod                                     [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/lsmod
[05:46:17]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:17]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:17]   /sbin/modinfo                                   [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/modinfo
[05:46:17]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:17]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:17]   /sbin/modprobe                                  [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/modprobe
[05:46:17]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:17]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:17]   /sbin/rmmod                                     [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/rmmod
[05:46:17]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:17]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:17]   /sbin/route                                     [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/route
[05:46:17]          Current hash: bcec0906e2f49b98182a810fd751735efb02192dbfb8d5e3d3787cfa63843af5
[05:46:17]          Stored hash : 7fa0d95fec023b2db88162e7b4f554552e6510d1
[05:46:17]   /sbin/runlevel                                  [ Warning ]
[05:46:17] Warning: The file properties have changed:
[05:46:17]          File: /sbin/runlevel
[05:46:17]          Current hash: 0cb19a37bc96d70bcdabae8f7723a6c74c376e367f91531a82254878759b9e9c
[05:46:17]          Stored hash : ff23fef9209eb18843944a2a68bccaecaeadbaf1
[05:46:18]   /sbin/sulogin                                   [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /sbin/sulogin
[05:46:18]          Current hash: ab0e37346995372da64001067970dbcef03b871b459ba889ba09f60f68768119
[05:46:18]          Stored hash : 42581c8b311666b697f699559c1210513b826fb3
[05:46:18]   /sbin/sysctl                                    [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /sbin/sysctl
[05:46:18]          Current hash: fcbe69441937ec7453715cd8a35a356ca26f2ecf00df8a50d00570d17bb1cd5a
[05:46:18]          Stored hash : a0232e153465a4b70fa78b1ece2b39b7e976d61c
[05:46:18]   /bin/bash                                       [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /bin/bash
[05:46:18]          Current hash: 2b607f16148bcd2c95cc1069df4ca6c0ac60f1c049451f6d323c0b0b657f9206
[05:46:18]          Stored hash : a6cabb20a54bba91d925d8d97d079ffc6437c6d8
[05:46:18]   /bin/cat                                        [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /bin/cat
[05:46:18]          Current hash: 8d6da6a751b66c3cdfebb56cc89a72b9a64a42f4c4e7dc8e198698bba280008a
[05:46:18]          Stored hash : 53d12746d7abba6d23d807ed01bcea0c824d3a9c
[05:46:18]   /bin/chmod                                      [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /bin/chmod
[05:46:18]          Current hash: 28be01cf30115c49d511f92161455538c4fd44775e46a390ea8cce4eeb7ec63b
[05:46:18]          Stored hash : ed933bb26ded3ea2c815a45778f54d33284e97c7
[05:46:18]   /bin/chown                                      [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /bin/chown
[05:46:18]          Current hash: b2c06da3a417737602d9b486c6c3105ac52c8f9c0e019b58c7297bd7e266db91
[05:46:18]          Stored hash : 17074822f5a9c0ebc275b247f6ea6a1d0338c3ce
[05:46:18]   /bin/cp                                         [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:18]          File: /bin/cp
[05:46:18]          Current hash: 43ee5f18dd9cdaff7c5ab8842cd6341c0e29be905b8195f24c9b069cc49ac196
[05:46:18]          Stored hash : 6b94202b1885ec2c00dfb537d94e6ab15db00214
[05:46:18]   /bin/date                                       [ Warning ]
[05:46:18] Warning: The file properties have changed:
[05:46:19]          File: /bin/date
[05:46:19]          Current hash: 6127e7afa1338ff0f031a31c5b8282b3515fe35a94ec9ab83bf7026a410ddec2
[05:46:19]          Stored hash : 0806310d3e00e4e20d9bb09306501f270bc1fae5
[05:46:19]   /bin/df                                         [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/df
[05:46:19]          Current hash: a421040f5aa9236a92148b98edc6b62e5ccae197aa788f488990f68509132151
[05:46:19]          Stored hash : 50c5921d20a679e8762c08af1ecaabfb1a05b24b
[05:46:19]   /bin/dmesg                                      [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/dmesg
[05:46:19]          Current hash: 338db6578e6129ecc9e9ca4bd4641cab88bc8ae528a3a238b7f4d422ea2a6a91
[05:46:19]          Stored hash : 8687790451d286e4f643872c67bf09fcf9a2e7ec
[05:46:19]   /bin/echo                                       [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/echo
[05:46:19]          Current hash: 44c212c3828eb931b4b45d2ac672fd49dcd4b7ee50f52e8460f473c3c2758d87
[05:46:19]          Stored hash : a72d805016b81f76182968836c692cb1eced8087
[05:46:19]   /bin/ed                                         [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/ed
[05:46:19]          Current hash: c00c78fa172ac82d126ae0df152a2b72f252e7c5d19f14d592af0d39fea9f20b
[05:46:19]          Stored hash : 0d509cbe4531ea3ecf1455552fdc222335019390
[05:46:19]   /bin/egrep                                      [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/egrep
[05:46:19]          Current hash: 3c4178db943e4e8e667e32d9ac5992110f17dffdc0dfd3863d6184d693be2376
[05:46:19]          Stored hash : 79c712245588e086b95ad5375fcf4a32d7312485
[05:46:19] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[05:46:19]   /bin/fgrep                                      [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/fgrep
[05:46:19]          Current hash: f364bd304ababe3b2dd9149fbbf816fdf6e55c093ca3b1121859dd934e5dde2c
[05:46:19]          Stored hash : a52df03b928b802bf86780a4a411519c4bfc7c14
[05:46:19] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[05:46:19]   /bin/fuser                                      [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/fuser
[05:46:19]          Current hash: 9c7eb7b89bbff88a1ba80b4f068c5eba00436407c8f4494aa851de9934ec0b29
[05:46:19]          Stored hash : ce27b62c83648b9022fde65c2a2f9b2ea38d347d
[05:46:19]   /bin/grep                                       [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/grep
[05:46:19]          Current hash: 5be890e64503dc898b9406378b95bb7d3487f1bfebb458ee49502e486e5fc921
[05:46:19]          Stored hash : 3995b06c261e13c69a2ebd8bb51fe45f01a02b32
[05:46:19]   /bin/ip                                         [ Warning ]
[05:46:19] Warning: The file properties have changed:
[05:46:19]          File: /bin/ip
[05:46:19]          Current hash: d1a0a23a3a2686957237b350516569184af7d5a494b6b4443510fa1ae4784891
[05:46:19]          Stored hash : ce5da9e0fb5f58ce574c6bf5dcc6781a8a36e5d3
[05:46:20]   /bin/kill                                       [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/kill
[05:46:20]          Current hash: b566730c421725ab09f29ae8cdcda7aa83295fdb24d9bb246bae7f8ec7fdff5a
[05:46:20]          Stored hash : f06668807a4e6c103bdc70913b122c3a026e37dd
[05:46:20]   /bin/less                                       [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/less
[05:46:20]          Current hash: 9d5de353eac7bbb6266e84b0ad7766216a6e65e6538a36360a0ea00d2287e054
[05:46:20]          Stored hash : 77ba0b7718b53ac019808400592d7c7f1a736e5d
[05:46:20]   /bin/login                                      [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/login
[05:46:20]          Current hash: cf692e9dbea54d1228ce9ec890ecb6d3c86e540b0100c0dcdf33895cd37901d9
[05:46:20]          Stored hash : 71f5bd17224e3e8b53bbfac5e263b0624823a66c
[05:46:20]   /bin/ls                                         [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/ls
[05:46:20]          Current hash: 0b786b336b0391b56dabb7b078a23ec4295115628cfd4b635f4d8ae5ae0cfafc
[05:46:20]          Stored hash : 68837276277029c9ca14c262b01d28512226bff7
[05:46:20]   /bin/lsmod                                      [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/lsmod
[05:46:20]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:20]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:20]   /bin/mktemp                                     [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/mktemp
[05:46:20]          Current hash: cab2a03368627e01d9f5c7aba32b42a0657321b306a8133a4de4cfd68eda7976
[05:46:20]          Stored hash : f4dca855e85a092e113d16227789e98516fbeb50
[05:46:20]   /bin/more                                       [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/more
[05:46:20]          Current hash: f52b8e3f464873032cc2e393fa2fa5d4f678fe17eb89b1398adebb7f826f91ff
[05:46:20]          Stored hash : 228bcdd7f34eea6f8ed7b9c2bc2920664d15c42b
[05:46:20]   /bin/mount                                      [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/mount
[05:46:20]          Current hash: 37165d647b40243d219b947c060b3cecb91d8a8bb529afb7c8fdf5b00abffdef
[05:46:20]          Stored hash : 81d572586ffa44094a816c1a661a42aaf2be2507
[05:46:20]   /bin/mv                                         [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/mv
[05:46:20]          Current hash: 7457f616b3eab7910f7ed006e4f7145442a9d8e24126247556e8180222ff8d62
[05:46:20]          Stored hash : d97fa1490fc424d5b0d6afdcb63096d013bd4465
[05:46:20]   /bin/netstat                                    [ Warning ]
[05:46:20] Warning: The file properties have changed:
[05:46:20]          File: /bin/netstat
[05:46:20]          Current hash: b013c213d8c408e72d4bebcb471c9ed2a76f976c6c2ff5c90b396332928b78f1
[05:46:21]          Stored hash : 8a0165cb4bf34d083ee755efee338dd9b8e1ccbe
[05:46:21]   /bin/ping                                       [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/ping
[05:46:21]          Current hash: 5249815d2afc2011df86ad95cb2990e4f225990c37372d5e0d6019085df7dee6
[05:46:21]          Stored hash : b78428f497b6ee2ebcfcde9dadbaeb78b71e8add
[05:46:21]   /bin/ps                                         [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/ps
[05:46:21]          Current hash: 7ba7fbc891e831b58e3267d74237a06dd9701501c36515dff74153b9b2a64a92
[05:46:21]          Stored hash : cf40ccb422af5a4a720866a07cdd393816f1f6e1
[05:46:21]   /bin/pwd                                        [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/pwd
[05:46:21]          Current hash: 8ad543e044f77020f4a8aeed95cd91a1bed4c759cc14cb1a517041ee8a6b0bc4
[05:46:21]          Stored hash : 53b3304ac61ae0e0dfc57e176bb09e0feded87f0
[05:46:21]   /bin/readlink                                   [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/readlink
[05:46:21]          Current hash: 61359b5a4dfa37408032b8903e80110c0ee163b3f563c770a7031c6a9f22066f
[05:46:21]          Stored hash : 05773d2729050a42bced99f2568564b24c88820f
[05:46:21]   /bin/sed                                        [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/sed
[05:46:21]          Current hash: e80ef105ffd7e023f685a6480e8cc72c60b0528ed3a9abe0ad74976669c9e265
[05:46:21]          Stored hash : 98f0ce777f57ddf69110600ca863286d15ff19e6
[05:46:21]   /bin/sh                                         [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/sh
[05:46:21]          Current hash: e865a4ff01b0df1afec7b5fd7b3a8906baa57d77daaa4888a31dccbf004d011b
[05:46:21]          Stored hash : 1f20b39898c7cf4768a2023276b419bcea142c34
[05:46:21]   /bin/su                                         [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/su
[05:46:21]          Current hash: bf143b29fbd67da0feb885a328d243bfc3c31c861ff71d74dab0608e41080007
[05:46:21]          Stored hash : 7e1f29a968867f2f61c60f6536454c8b2bc156f1
[05:46:21]   /bin/touch                                      [ Warning ]
[05:46:21] Warning: The file properties have changed:
[05:46:21]          File: /bin/touch
[05:46:21]          Current hash: 592bf9c6a1204f9a2adc782d410677c7eca3af1b8134caf85c54e1e9b75c39b9
[05:46:21]          Stored hash : 3d11398da75dcee8dc34204a5a4624e5ee45b5ea
[05:46:22]   /bin/uname                                      [ Warning ]
[05:46:22] Warning: The file properties have changed:
[05:46:22]          File: /bin/uname
[05:46:22]          Current hash: 20cfebd591ce1d3d2b78c55fd022ea1a94d0aac6675b0f75c9ade9567274e1ec
[05:46:22]          Stored hash : 7e862cc56ef28f118c477f3a4937927be0b8de6a
[05:46:22]   /bin/which                                      [ Warning ]
[05:46:22] Warning: The file properties have changed:
[05:46:22]          File: /bin/which
[05:46:22]          Current hash: 7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b
[05:46:22]          Stored hash : cd2cdf42c04fba4123f4b8f12bca9bbd76552c95
[05:46:22] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[05:46:22]   /bin/kmod                                       [ Warning ]
[05:46:22] Warning: The file properties have changed:
[05:46:22]          File: /bin/kmod
[05:46:22]          Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c
[05:46:22]          Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e
[05:46:22]   /bin/systemd                                    [ Warning ]
[05:46:22] Warning: The file properties have changed:
[05:46:22]          File: /bin/systemd
[05:46:22]          Current hash: 97089b739ae4727d312eff88901d5c088f29f72f878c8213112e41559e46bcf9
[05:46:22]          Stored hash : f27f7f1a84e12120e587148aa6e97c5545c7f909
[05:46:22]   /bin/systemctl                                  [ Warning ]
[05:46:22] Warning: The file properties have changed:
[05:46:22]          File: /bin/systemctl
[05:46:22]          Current hash: 0cb19a37bc96d70bcdabae8f7723a6c74c376e367f91531a82254878759b9e9c
[05:46:22]          Stored hash : ff23fef9209eb18843944a2a68bccaecaeadbaf1
[05:46:22]   /bin/dash                                       [ Warning ]
[05:46:22] Warning: The file properties have changed:
[05:46:22]          File: /bin/dash
[05:46:22]          Current hash: e865a4ff01b0df1afec7b5fd7b3a8906baa57d77daaa4888a31dccbf004d011b
[05:46:22]          Stored hash : 1f20b39898c7cf4768a2023276b419bcea142c34
[05:46:23]   /lib/systemd/systemd                            [ Warning ]
[05:46:23] Warning: The file properties have changed:
[05:46:23]          File: /lib/systemd/systemd
[05:46:23]          Current hash: 97089b739ae4727d312eff88901d5c088f29f72f878c8213112e41559e46bcf9
[05:46:23]          Stored hash : f27f7f1a84e12120e587148aa6e97c5545c7f909
[05:46:24]
[05:46:24] Info: Starting test name 'rootkits'
[05:46:24] Checking for rootkits...
[05:46:24]
[05:46:24] Info: Starting test name 'known_rkts'
[05:46:24] Performing check of known rootkit files and directories
[05:46:24]
[05:46:24] Checking for 55808 Trojan - Variant A...
[05:46:24]   Checking for file '/tmp/.../r'                  [ Not found ]
[05:46:24]   Checking for file '/tmp/.../a'                  [ Not found ]
[05:46:24] 55808 Trojan - Variant A                          [ Not found ]
[05:46:24]
[05:46:24] Checking for ADM Worm...
[05:46:24]   Checking for string 'w0rm'                      [ Not found ]
[05:46:24] ADM Worm                                          [ Not found ]
[05:46:24]
[05:46:24] Checking for AjaKit Rootkit...
[05:46:24]   Checking for file '/dev/tux/.addr'              [ Not found ]
[05:46:24]   Checking for file '/dev/tux/.proc'              [ Not found ]
[05:46:24]   Checking for file '/dev/tux/.file'              [ Not found ]
[05:46:24]   Checking for file '/lib/.libgh-gh/cleaner'      [ Not found ]
[05:46:24]   Checking for file '/lib/.libgh-gh/Patch/patch'  [ Not found ]
[05:46:24]   Checking for file '/lib/.libgh-gh/sb0k'         [ Not found ]
[05:46:24]   Checking for directory '/dev/tux'               [ Not found ]
[05:46:24]   Checking for directory '/lib/.libgh-gh'         [ Not found ]
[05:46:24] AjaKit Rootkit                                    [ Not found ]
[05:46:24]
[05:46:24] Checking for Adore Rootkit...
[05:46:24]   Checking for file '/usr/secure'                 [ Not found ]
[05:46:24]   Checking for file '/usr/doc/sys/qrt'            [ Not found ]
[05:46:24]   Checking for file '/usr/doc/sys/run'            [ Not found ]
[05:46:24]   Checking for file '/usr/doc/sys/crond'          [ Not found ]
[05:46:24]   Checking for file '/usr/sbin/kfd'               [ Not found ]
[05:46:24]   Checking for file '/usr/doc/kern/var'           [ Not found ]
[05:46:24]   Checking for file '/usr/doc/kern/string.o'      [ Not found ]
[05:46:24]   Checking for file '/usr/doc/kern/ava'           [ Not found ]
[05:46:24]   Checking for file '/usr/doc/kern/adore.o'       [ Not found ]
[05:46:24]   Checking for file '/var/log/ssh/old'            [ Not found ]
[05:46:24]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[05:46:24]   Checking for directory '/usr/doc/kern'          [ Not found ]
[05:46:24]   Checking for directory '/usr/doc/backup'        [ Not found ]
[05:46:24]   Checking for directory '/usr/doc/backup/txt'    [ Not found ]
[05:46:24]   Checking for directory '/lib/backup'            [ Not found ]
[05:46:24]   Checking for directory '/lib/backup/txt'        [ Not found ]
[05:46:24]   Checking for directory '/usr/doc/work'          [ Not found ]
[05:46:24]   Checking for directory '/usr/doc/sys'           [ Not found ]
[05:46:24]   Checking for directory '/var/log/ssh'           [ Not found ]
[05:46:24]   Checking for directory '/usr/doc/.spool'        [ Not found ]
[05:46:24]   Checking for directory '/usr/lib/kterm'         [ Not found ]
[05:46:24] Adore Rootkit                                     [ Not found ]
[05:46:24]
[05:46:24] Checking for aPa Kit...
[05:46:24]   Checking for file '/usr/share/.aPa'             [ Not found ]
[05:46:24] aPa Kit                                           [ Not found ]
[05:46:24]
[05:46:24] Checking for Apache Worm...
[05:46:24]   Checking for file '/bin/.log'                   [ Not found ]
[05:46:24] Apache Worm                                       [ Not found ]
[05:46:24]
[05:46:24] Checking for Ambient (ark) Rootkit...
[05:46:24]   Checking for file '/usr/lib/.ark?'              [ Not found ]
[05:46:24]   Checking for file '/dev/ptyxx/.log'             [ Not found ]
[05:46:24]   Checking for file '/dev/ptyxx/.file'            [ Not found ]
[05:46:24]   Checking for file '/dev/ptyxx/.proc'            [ Not found ]
[05:46:24]   Checking for file '/dev/ptyxx/.addr'            [ Not found ]
[05:46:24]   Checking for directory '/dev/ptyxx'             [ Not found ]
[05:46:24] Ambient (ark) Rootkit                             [ Not found ]
[05:46:24]
[05:46:24] Checking for Balaur Rootkit...
[05:46:24]   Checking for file '/usr/lib/liblog.o'           [ Not found ]
[05:46:24]   Checking for directory '/usr/lib/.kinetic'      [ Not found ]
[05:46:24]   Checking for directory '/usr/lib/.egcs'         [ Not found ]
[05:46:24]   Checking for directory '/usr/lib/.wormie'       [ Not found ]
[05:46:24] Balaur Rootkit                                    [ Not found ]
[05:46:24]
[05:46:24] Checking for BeastKit Rootkit...
[05:46:24]   Checking for file '/usr/sbin/arobia'            [ Not found ]
[05:46:24]   Checking for file '/usr/sbin/idrun'             [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm'     [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm/hk'  [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm/sc'  [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[05:46:24]   Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[05:46:24]   Checking for directory '/lib/ldd.so/bktools'    [ Not found ]
[05:46:24] BeastKit Rootkit                                  [ Not found ]
[05:46:25]
[05:46:25] Checking for beX2 Rootkit...
[05:46:25]   Checking for file '/usr/info/termcap.info-5.gz' [ Not found ]
[05:46:25]   Checking for file '/usr/bin/sshd2'              [ Not found ]
[05:46:25]   Checking for directory '/usr/include/bex'       [ Not found ]
[05:46:25] beX2 Rootkit                                      [ Not found ]
[05:46:25]
[05:46:25] Checking for BOBKit Rootkit...
[05:46:25]   Checking for file '/usr/sbin/ntpsx'             [ Not found ]
[05:46:25]   Checking for file '/usr/sbin/.../bkit-ava'      [ Not found ]
[05:46:25]   Checking for file '/usr/sbin/.../bkit-d'        [ Not found ]
[05:46:25]   Checking for file '/usr/sbin/.../bkit-shd'      [ Not found ]
[05:46:25]   Checking for file '/usr/sbin/.../bkit-f'        [ Not found ]
[05:46:25]   Checking for file '/usr/include/.../proc.h'     [ Not found ]
[05:46:25]   Checking for file '/usr/include/.../.bash_history' [ Not found ]
[05:46:25]   Checking for file '/usr/include/.../bkit-get'   [ Not found ]
[05:46:25]   Checking for file '/usr/include/.../bkit-dl'    [ Not found ]
[05:46:25]   Checking for file '/usr/include/.../bkit-screen' [ Not found ]
[05:46:25]   Checking for file '/usr/include/.../bkit-sleep' [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../bkit-adore.o'   [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../ls'             [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../netstat'        [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../lsof'           [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../bkit-ssh/bkit-mots' [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../uconf.inv'      [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../psr'            [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../find'           [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../pstree'         [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../slocate'        [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../du'             [ Not found ]
[05:46:25]   Checking for file '/usr/lib/.../top'            [ Not found ]
[05:46:25]   Checking for directory '/usr/sbin/...'          [ Not found ]
[05:46:25]   Checking for directory '/usr/include/...'       [ Not found ]
[05:46:25]   Checking for directory '/usr/include/.../.tmp'  [ Not found ]
[05:46:25]   Checking for directory '/usr/lib/...'           [ Not found ]
[05:46:25]   Checking for directory '/usr/lib/.../.ssh'      [ Not found ]
[05:46:25]   Checking for directory '/usr/lib/.../bkit-ssh'  [ Not found ]
[05:46:25]   Checking for directory '/usr/lib/.bkit-'        [ Not found ]
[05:46:25]   Checking for directory '/tmp/.bkp'              [ Not found ]
[05:46:25] BOBKit Rootkit                                    [ Not found ]
[05:46:25]
[05:46:25] Checking for cb Rootkit...
[05:46:25]   Checking for file '/dev/srd0'                   [ Not found ]
[05:46:25]   Checking for file '/lib/libproc.so.2.0.6'       [ Not found ]
[05:46:25]   Checking for file '/dev/mounnt'                 [ Not found ]
[05:46:25]   Checking for file '/etc/rc.d/init.d/init'       [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/cl'    [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/.x.tgz' [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/statdx' [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/wted'  [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/write' [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/scan'  [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/sc'    [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/sl2'   [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/wroot' [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/wscan' [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/wu'    [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/v'     [ Not found ]
[05:46:25]   Checking for file '/usr/bin/.zeen/..<SP>/read'  [ Not found ]
[05:46:25]   Checking for file '/usr/lib/sshrc'              [ Not found ]
[05:46:25]   Checking for file '/usr/lib/ssh_host_key'       [ Not found ]
[05:46:25]   Checking for file '/usr/lib/ssh_host_key.pub'   [ Not found ]
[05:46:25]   Checking for file '/usr/lib/ssh_random_seed'    [ Not found ]
[05:46:26]   Checking for file '/usr/lib/sshd_config'        [ Not found ]
[05:46:26]   Checking for file '/usr/lib/shosts.equiv'       [ Not found ]
[05:46:26]   Checking for file '/usr/lib/ssh_known_hosts'    [ Not found ]
[05:46:26]   Checking for file '/u/zappa/.ssh/pid'           [ Not found ]
[05:46:26]   Checking for file '/usr/bin/.system/..<SP>/tcp.log' [ Not found ]
[05:46:26]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/attrib' [ Not found ]
[05:46:26]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/chattr' [ Not found ]
[05:46:26]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/ps' [ Not found ]
[05:46:26]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/pstree' [ Not found ]
[05:46:26]   Checking for file '/usr/bin/.system/..<SP>/.x/xC.o' [ Not found ]
[05:46:26]   Checking for directory '/usr/bin/.zeen'         [ Not found ]
[05:46:26]   Checking for directory '/usr/bin/.zeen/..<SP>/curatare' [ Not found ]
[05:46:26]   Checking for directory '/usr/bin/.zeen/..<SP>/scan' [ Not found ]
[05:46:26]   Checking for directory '/usr/bin/.system/..<SP>' [ Not found ]
[05:46:26] cb Rootkit                                        [ Not found ]
[05:46:26]
[05:46:26] Checking for CiNIK Worm (Slapper.B variant)...
[05:46:26]   Checking for file '/tmp/.cinik'                 [ Not found ]
[05:46:26]   Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[05:46:26] CiNIK Worm (Slapper.B variant)                    [ Not found ]
[05:46:26]
[05:46:26] Checking for Danny-Boy's Abuse Kit...
[05:46:26]   Checking for file '/dev/mdev'                   [ Not found ]
[05:46:26]   Checking for file '/usr/lib/libX.a'             [ Not found ]
[05:46:26] Danny-Boy's Abuse Kit                             [ Not found ]
[05:46:26]
[05:46:26] Checking for Devil RootKit...
[05:46:26]   Checking for file '/var/lib/games/.src'         [ Not found ]
[05:46:26]   Checking for file '/dev/dsx'                    [ Not found ]
[05:46:26]   Checking for file '/dev/caca'                   [ Not found ]
[05:46:26]   Checking for file '/dev/pro'                    [ Not found ]
[05:46:26]   Checking for file '/bin/bye'                    [ Not found ]
[05:46:26]   Checking for file '/bin/homedir'                [ Not found ]
[05:46:26]   Checking for file '/usr/bin/xfss'               [ Not found ]
[05:46:26]   Checking for file '/usr/sbin/tzava'             [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/holber' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/sense' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/clear' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/tzava' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/citeste' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/killrk' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/searchlog' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/gaoaza' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/cleaner' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/shk' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/srs' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/utile.tgz' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/webpage' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/getpsy' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/getbnc' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/getemech' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/localroot.sh' [ Not found ]
[05:46:26]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/old/sense' [ Not found ]
[05:46:26]   Checking for directory '/usr/doc/tar/.../.dracusor' [ Not found ]
[05:46:26] Devil RootKit                                     [ Not found ]
[05:46:26]
[05:46:26] Checking for Dica-Kit Rootkit...
[05:46:26]   Checking for file '/lib/.sso'                   [ Not found ]
[05:46:26]   Checking for file '/lib/.so'                    [ Not found ]
[05:46:26]   Checking for file '/var/run/...dica/clean'      [ Not found ]
[05:46:26]   Checking for file '/var/run/...dica/dxr'        [ Not found ]
[05:46:26]   Checking for file '/var/run/...dica/read'       [ Not found ]
[05:46:26]   Checking for file '/var/run/...dica/write'      [ Not found ]
[05:46:26]   Checking for file '/var/run/...dica/lf'         [ Not found ]
[05:46:26]   Checking for file '/var/run/...dica/xl'         [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/xdr'        [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/psg'        [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/secure'     [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/rdx'        [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/va'         [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/cl.sh'      [ Not found ]
[05:46:27]   Checking for file '/var/run/...dica/last.log'   [ Not found ]
[05:46:27]   Checking for file '/usr/bin/.etc'               [ Not found ]
[05:46:27]   Checking for file '/etc/sshd_config'            [ Not found ]
[05:46:27]   Checking for file '/etc/ssh_host_key'           [ Not found ]
[05:46:27]   Checking for file '/etc/ssh_random_seed'        [ Not found ]
[05:46:27]   Checking for directory '/var/run/...dica'       [ Not found ]
[05:46:27]   Checking for directory '/var/run/...dica/mh'    [ Not found ]
[05:46:27]   Checking for directory '/var/run/...dica/scan'  [ Not found ]
[05:46:27] Dica-Kit Rootkit                                  [ Not found ]
[05:46:27]
[05:46:27] Checking for Dreams Rootkit...
[05:46:27]   Checking for file '/dev/ttyoa'                  [ Not found ]
[05:46:27]   Checking for file '/dev/ttyof'                  [ Not found ]
[05:46:27]   Checking for file '/dev/ttyop'                  [ Not found ]
[05:46:27]   Checking for file '/usr/bin/sense'              [ Not found ]
[05:46:27]   Checking for file '/usr/bin/sl2'                [ Not found ]
[05:46:27]   Checking for file '/usr/bin/logclear'           [ Not found ]
[05:46:27]   Checking for file '/usr/bin/(swapd)'            [ Not found ]
[05:46:27]   Checking for file '/usr/bin/initrd'             [ Not found ]
[05:46:27]   Checking for file '/usr/bin/crontabs'           [ Not found ]
[05:46:27]   Checking for file '/usr/bin/snfs'               [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libsss'             [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libsnf.log'         [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libshtift/top'      [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libshtift/ps'       [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libshtift/netstat'  [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libshtift/ls'       [ Not found ]
[05:46:27]   Checking for file '/usr/lib/libshtift/ifconfig' [ Not found ]
[05:46:27]   Checking for file '/usr/include/linseed.h'      [ Not found ]
[05:46:27]   Checking for file '/usr/include/linpid.h'       [ Not found ]
[05:46:27]   Checking for file '/usr/include/linkey.h'       [ Not found ]
[05:46:27]   Checking for file '/usr/include/linconf.h'      [ Not found ]
[05:46:27]   Checking for file '/usr/include/iceseed.h'      [ Not found ]
[05:46:27]   Checking for file '/usr/include/icepid.h'       [ Not found ]
[05:46:27]   Checking for file '/usr/include/icekey.h'       [ Not found ]
[05:46:27]   Checking for file '/usr/include/iceconf.h'      [ Not found ]
[05:46:27]   Checking for directory '/dev/ida/.hpd'          [ Not found ]
[05:46:27]   Checking for directory '/usr/lib/libshtift'     [ Not found ]
[05:46:27] Dreams Rootkit                                    [ Not found ]
[05:46:27]
[05:46:27] Checking for Duarawkz Rootkit...
[05:46:27]   Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ]
[05:46:27]   Checking for directory '/usr/bin/duarawkz'      [ Not found ]
[05:46:27] Duarawkz Rootkit                                  [ Not found ]
[05:46:27]
[05:46:27] Checking for Enye LKM...
[05:46:27]   Checking for file '/etc/.enyelkmHIDE^IT.ko'     [ Not found ]
[05:46:27]   Checking for file '/etc/.enyelkmOCULTAR.ko'     [ Not found ]
[05:46:27] Enye LKM                                          [ Not found ]
[05:46:27]
[05:46:27] Checking for Flea Linux Rootkit...
[05:46:27]   Checking for file '/etc/ld.so.hash'             [ Not found ]
[05:46:27]   Checking for file '/lib/security/.config/ssh/sshd_config' [ Not found ]
[05:46:27]   Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[05:46:27]   Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[05:46:27]   Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[05:46:27]   Checking for file '/usr/bin/ssh2d'              [ Not found ]
[05:46:27]   Checking for file '/usr/lib/ldlibns.so'         [ Not found ]
[05:46:27]   Checking for file '/usr/lib/ldlibps.so'         [ Not found ]
[05:46:27]   Checking for file '/usr/lib/ldlibpst.so'        [ Not found ]
[05:46:27]   Checking for file '/usr/lib/ldlibdu.so'         [ Not found ]
[05:46:27]   Checking for file '/usr/lib/ldlibct.so'         [ Not found ]
[05:46:27]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[05:46:27]   Checking for directory '/dev/..0'               [ Not found ]
[05:46:27]   Checking for directory '/dev/..0/backup'        [ Not found ]
[05:46:27] Flea Linux Rootkit                                [ Not found ]
[05:46:27]
[05:46:27] Checking for Fu Rootkit...
[05:46:27]   Checking for file '/sbin/xc'                    [ Not found ]
[05:46:27]   Checking for file '/usr/include/ivtype.h'       [ Not found ]
[05:46:27]   Checking for file '/bin/.lib'                   [ Not found ]
[05:46:27] Fu Rootkit                                        [ Not found ]
[05:46:28]
[05:46:28] Checking for Fuck`it Rootkit...
[05:46:28]   Checking for file '/lib/libproc.so.2.0.7'       [ Not found ]
[05:46:28]   Checking for file '/dev/proc/.bash_profile'     [ Not found ]
[05:46:28]   Checking for file '/dev/proc/.bashrc'           [ Not found ]
[05:46:28]   Checking for file '/dev/proc/.cshrc'            [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/hax0r'      [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/hax0rshell' [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/config/lports' [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/config/rports' [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/config/rkconf' [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/config/password' [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/config/progs' [ Not found ]
[05:46:28]   Checking for file '/dev/proc/fuckit/system-bins/init' [ Not found ]
[05:46:28]   Checking for file '/usr/lib/libcps.a'           [ Not found ]
[05:46:28]   Checking for file '/usr/lib/libtty.a'           [ Not found ]
[05:46:28]   Checking for directory '/dev/proc'              [ Not found ]
[05:46:28]   Checking for directory '/dev/proc/fuckit'       [ Not found ]
[05:46:28]   Checking for directory '/dev/proc/fuckit/system-bins' [ Not found ]
[05:46:28]   Checking for directory '/dev/proc/toolz'        [ Not found ]
[05:46:28] Fuck`it Rootkit                                   [ Not found ]
[05:46:28]
[05:46:28] Checking for GasKit Rootkit...
[05:46:28]   Checking for file '/dev/dev/gaskit/sshd/sshdd'  [ Not found ]
[05:46:28]   Checking for directory '/dev/dev'               [ Not found ]
[05:46:28]   Checking for directory '/dev/dev/gaskit'        [ Not found ]
[05:46:28]   Checking for directory '/dev/dev/gaskit/sshd'   [ Not found ]
[05:46:28] GasKit Rootkit                                    [ Not found ]
[05:46:28]
[05:46:28] Checking for Heroin LKM...
[05:46:28]   Checking for kernel symbol 'heroin'             [ Not found ]
[05:46:28] Heroin LKM                                        [ Not found ]
[05:46:28]
[05:46:28] Checking for HjC Kit...
[05:46:28]   Checking for directory '/dev/.hijackerz'        [ Not found ]
[05:46:28] HjC Kit                                           [ Not found ]
[05:46:28]
[05:46:28] Checking for ignoKit Rootkit...
[05:46:28]   Checking for file '/lib/defs/p'                 [ Not found ]
[05:46:28]   Checking for file '/lib/defs/q'                 [ Not found ]
[05:46:28]   Checking for file '/lib/defs/r'                 [ Not found ]
[05:46:28]   Checking for file '/lib/defs/s'                 [ Not found ]
[05:46:28]   Checking for file '/lib/defs/t'                 [ Not found ]
[05:46:28]   Checking for file '/usr/lib/defs/p'             [ Not found ]
[05:46:28]   Checking for file '/usr/lib/defs/q'             [ Not found ]
[05:46:28]   Checking for file '/usr/lib/defs/r'             [ Not found ]
[05:46:28]   Checking for file '/usr/lib/defs/s'             [ Not found ]
[05:46:28]   Checking for file '/usr/lib/defs/t'             [ Not found ]
[05:46:28]   Checking for file '/usr/lib/.libigno/pkunsec'   [ Not found ]
[05:46:28]   Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ]
[05:46:28]   Checking for directory '/usr/lib/.libigno'      [ Not found ]
[05:46:28]   Checking for directory '/usr/lib/.libigno/.igno' [ Not found ]
[05:46:28] ignoKit Rootkit                                   [ Not found ]
[05:46:28]
[05:46:28] Checking for IntoXonia-NG Rootkit...
[05:46:28]   Checking for kernel symbol 'funces'             [ Not found ]
[05:46:29]   Checking for kernel symbol 'ixinit'             [ Not found ]
[05:46:29]   Checking for kernel symbol 'tricks'             [ Not found ]
[05:46:29]   Checking for kernel symbol 'kernel_unlink'      [ Not found ]
[05:46:29]   Checking for kernel symbol 'rootme'             [ Not found ]
[05:46:29]   Checking for kernel symbol 'hide_module'        [ Not found ]
[05:46:29]   Checking for kernel symbol 'find_sys_call_tbl'  [ Not found ]
[05:46:29] IntoXonia-NG Rootkit                              [ Not found ]
[05:46:29]
[05:46:29] Checking for Irix Rootkit...
[05:46:29]   Checking for directory '/dev/pts/01'            [ Not found ]
[05:46:29]   Checking for directory '/dev/pts/01/backup'     [ Not found ]
[05:46:29]   Checking for directory '/dev/pts/01/etc'        [ Not found ]
[05:46:29]   Checking for directory '/dev/pts/01/tmp'        [ Not found ]
[05:46:29] Irix Rootkit                                      [ Not found ]
[05:46:29]
[05:46:29] Checking for Jynx Rootkit...
[05:46:29]   Checking for file '/xochikit/bc'                [ Not found ]
[05:46:29]   Checking for file '/xochikit/ld_poison.so'      [ Not found ]
[05:46:29]   Checking for file '/omgxochi/bc'                [ Not found ]
[05:46:29]   Checking for file '/omgxochi/ld_poison.so'      [ Not found ]
[05:46:29]   Checking for file '/var/local/^^/bc'            [ Not found ]
[05:46:29]   Checking for file '/var/local/^^/ld_poison.so'  [ Not found ]
[05:46:29]   Checking for directory '/xochikit'              [ Not found ]
[05:46:29]   Checking for directory '/omgxochi'              [ Not found ]
[05:46:29]   Checking for directory '/var/local/^^'          [ Not found ]
[05:46:29] Jynx Rootkit                                      [ Not found ]
[05:46:29]
[05:46:29] Checking for KBeast Rootkit...
[05:46:29]   Checking for file '/usr/_h4x_/ipsecs-kbeast-v1.ko' [ Not found ]
[05:46:29]   Checking for file '/usr/_h4x_/_h4x_bd'          [ Not found ]
[05:46:29]   Checking for file '/usr/_h4x_/acctlog'          [ Not found ]
[05:46:29]   Checking for directory '/usr/_h4x_'             [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_delete_module'  [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_getdents64'     [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_kill'           [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_open'           [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_read'           [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_rename'         [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_rmdir'          [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_tcp4_seq_show'  [ Not found ]
[05:46:30]   Checking for kernel symbol 'h4x_write'          [ Not found ]
[05:46:30] KBeast Rootkit                                    [ Not found ]
[05:46:30]
[05:46:30] Checking for Kitko Rootkit...
[05:46:30]   Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ]
[05:46:30] Kitko Rootkit                                     [ Not found ]
[05:46:30]
[05:46:30] Checking for Knark Rootkit...
[05:46:30]   Checking for file '/proc/knark/pids'            [ Not found ]
[05:46:30]   Checking for directory '/proc/knark'            [ Not found ]
[05:46:30] Knark Rootkit                                     [ Not found ]
[05:46:30]
[05:46:30] Checking for ld-linuxv.so Rootkit...
[05:46:30]   Checking for file '/lib/ld-linuxv.so.1'         [ Not found ]
[05:46:30]   Checking for directory '/var/opt/_so_cache'     [ Not found ]
[05:46:30]   Checking for directory '/var/opt/_so_cache/ld'  [ Not found ]
[05:46:30]   Checking for directory '/var/opt/_so_cache/lc'  [ Not found ]
[05:46:30] ld-linuxv.so Rootkit                              [ Not found ]
[05:46:30]
[05:46:30] Checking for Li0n Worm...
[05:46:30]   Checking for file '/bin/in.telnetd'             [ Not found ]
[05:46:30]   Checking for file '/bin/mjy'                    [ Not found ]
[05:46:30]   Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ]
[05:46:30]   Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ]
[05:46:30]   Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/1i0n.sh'  [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/hack.sh'  [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/bind'     [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/randb'    [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/scan.sh'  [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/pscan'    [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/star.sh'  [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/1i0n.sh'       [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/lib/netstat'   [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ]
[05:46:30]   Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ]
[05:46:30] Li0n Worm                                         [ Not found ]
[05:46:30]
[05:46:30] Checking for Lockit / LJK2 Rootkit...
[05:46:30]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ]
[05:46:30]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ]
[05:46:30]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ]
[05:46:30]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ]
[05:46:30]   Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ]
[05:46:30]   Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parse' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ]
[05:46:31]   Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ]
[05:46:31]   Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ]
[05:46:31] Lockit / LJK2 Rootkit                             [ Not found ]
[05:46:31]
[05:46:31] Checking for Mood-NT Rootkit...
[05:46:31]   Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ]
[05:46:31]   Checking for file '/_cthulhu/mood-nt.init'      [ Not found ]
[05:46:31]   Checking for file '/_cthulhu/mood-nt.conf'      [ Not found ]
[05:46:31]   Checking for file '/_cthulhu/mood-nt.sniff'     [ Not found ]
[05:46:31]   Checking for directory '/_cthulhu'              [ Not found ]
[05:46:31] Mood-NT Rootkit                                   [ Not found ]
[05:46:31]
[05:46:31] Checking for MRK Rootkit...
[05:46:31]   Checking for file '/dev/ida/.inet/pid'          [ Not found ]
[05:46:31]   Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[05:46:31]   Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[05:46:31]   Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[05:46:31]   Checking for directory '/dev/ida/.inet'         [ Not found ]
[05:46:31]   Checking for directory '/var/spool/cron/.sh'    [ Not found ]
[05:46:31] MRK Rootkit                                       [ Not found ]
         


Alt 16.04.2016, 02:23   #66
dennisstein
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



RKHunter Teil 2

Code:
ATTFilter
[05:46:31]
[05:46:31] Checking for Ni0 Rootkit...
[05:46:31]   Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ]
[05:46:31]   Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ]
[05:46:31]   Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ]
[05:46:31]   Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ]
[05:46:31]   Checking for directory '/tmp/waza'              [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[05:46:31]   Checking for directory '/usr/sbin/es'           [ Not found ]
[05:46:31] Ni0 Rootkit                                       [ Not found ]
[05:46:31]
[05:46:31] Checking for Ohhara Rootkit...
[05:46:31]   Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ]
[05:46:31]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ]
[05:46:31] Ohhara Rootkit                                    [ Not found ]
[05:46:31]
[05:46:31] Checking for Optic Kit (Tux) Worm...
[05:46:31]   Checking for directory '/dev/tux'               [ Not found ]
[05:46:31]   Checking for directory '/usr/bin/xchk'          [ Not found ]
[05:46:31]   Checking for directory '/usr/bin/xsf'           [ Not found ]
[05:46:31]   Checking for directory '/usr/bin/ssh2d'         [ Not found ]
[05:46:31] Optic Kit (Tux) Worm                              [ Not found ]
[05:46:31]
[05:46:31] Checking for Oz Rootkit...
[05:46:31]   Checking for file '/dev/.oz/.nap/rkit/terror'   [ Not found ]
[05:46:31]   Checking for directory '/dev/.oz'               [ Not found ]
[05:46:31] Oz Rootkit                                        [ Not found ]
[05:46:31]
[05:46:31] Checking for Phalanx Rootkit...
[05:46:31]   Checking for file '/uNFuNF'                     [ Not found ]
[05:46:31]   Checking for file '/etc/host.ph1'               [ Not found ]
[05:46:31]   Checking for file '/bin/host.ph1'               [ Not found ]
[05:46:31]   Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ]
[05:46:31]   Checking for file '/usr/share/.home.ph1/cb'     [ Not found ]
[05:46:31]   Checking for file '/usr/share/.home.ph1/kebab'  [ Not found ]
[05:46:31]   Checking for directory '/usr/share/.home.ph1'   [ Not found ]
[05:46:31]   Checking for directory '/usr/share/.home.ph1/tty' [ Not found ]
[05:46:31] Phalanx Rootkit                                   [ Not found ]
[05:46:31]
[05:46:31] Checking for Phalanx2 Rootkit...
[05:46:31]   Checking for file '/etc/khubd.p2/.p2rc'         [ Not found ]
[05:46:32]   Checking for file '/etc/khubd.p2/.phalanx2'     [ Not found ]
[05:46:32]   Checking for file '/etc/khubd.p2/.sniff'        [ Not found ]
[05:46:32]   Checking for file '/etc/khubd.p2/sshgrab.py'    [ Not found ]
[05:46:32]   Checking for file '/etc/lolzz.p2/.p2rc'         [ Not found ]
[05:46:32]   Checking for file '/etc/lolzz.p2/.phalanx2'     [ Not found ]
[05:46:32]   Checking for file '/etc/lolzz.p2/.sniff'        [ Not found ]
[05:46:32]   Checking for file '/etc/lolzz.p2/sshgrab.py'    [ Not found ]
[05:46:32]   Checking for file '/etc/cron.d/zupzzplaceholder' [ Not found ]
[05:46:32]   Checking for file '/usr/lib/zupzz.p2/.p-2.3d'   [ Not found ]
[05:46:32]   Checking for file '/usr/lib/zupzz.p2/.p2rc'     [ Not found ]
[05:46:32]   Checking for directory '/etc/khubd.p2'          [ Not found ]
[05:46:32]   Checking for directory '/etc/lolzz.p2'          [ Not found ]
[05:46:32]   Checking for directory '/usr/lib/zupzz.p2'      [ Not found ]
[05:46:32] Phalanx2 Rootkit                                  [ Not found ]
[05:46:32]
[05:46:32] Checking for Phalanx2 Rootkit (extended tests)...
[05:46:32]   Checking for directory '/etc/khubd.p2'          [ Not found ]
[05:46:32]   Checking for directory '/etc/lolzz.p2'          [ Not found ]
[05:46:32]   Checking for directory '/usr/lib/zupzz.p2'      [ Not found ]
[05:46:32] Phalanx2 Rootkit (extended tests)                 [ Not found ]
[05:46:32]
[05:46:32] Checking for Portacelo Rootkit...
[05:46:32]   Checking for file '/var/lib/.../.ak'            [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../.hk'            [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../.rs'            [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../.p'             [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../getty'          [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../lkt.o'          [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../show'           [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../nlkt.o'         [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../ssshrc'         [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../sssh_equiv'     [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ]
[05:46:32]   Checking for file '/var/lib/.../sssh_pid'       [ Not found ]
[05:46:32]   Checking for file '~/.sssh/known_hosts'         [ Not found ]
[05:46:32] Portacelo Rootkit                                 [ Not found ]
[05:46:32]
[05:46:32] Checking for R3dstorm Toolkit...
[05:46:32]   Checking for file '/var/log/tk02/see_all'       [ Not found ]
[05:46:32]   Checking for file '/var/log/tk02/.scris'        [ Not found ]
[05:46:32]   Checking for file '/bin/.../sshd/sbin/sshd1'    [ Not found ]
[05:46:32]   Checking for file '/bin/.../hate/sk'            [ Not found ]
[05:46:32]   Checking for file '/bin/.../see_all'            [ Not found ]
[05:46:32]   Checking for directory '/var/log/tk02'          [ Not found ]
[05:46:32]   Checking for directory '/var/log/tk02/old'      [ Not found ]
[05:46:32]   Checking for directory '/bin/...'               [ Not found ]
[05:46:32] R3dstorm Toolkit                                  [ Not found ]
[05:46:32]
[05:46:32] Checking for RH-Sharpe's Rootkit...
[05:46:32]   Checking for file '/bin/lps'                    [ Not found ]
[05:46:32]   Checking for file '/usr/bin/lpstree'            [ Not found ]
[05:46:32]   Checking for file '/usr/bin/ltop'               [ Not found ]
[05:46:32]   Checking for file '/usr/bin/lkillall'           [ Not found ]
[05:46:32]   Checking for file '/usr/bin/ldu'                [ Not found ]
[05:46:32]   Checking for file '/usr/bin/lnetstat'           [ Not found ]
[05:46:32]   Checking for file '/usr/bin/wp'                 [ Not found ]
[05:46:32]   Checking for file '/usr/bin/shad'               [ Not found ]
[05:46:32]   Checking for file '/usr/bin/vadim'              [ Not found ]
[05:46:32]   Checking for file '/usr/bin/slice'              [ Not found ]
[05:46:32]   Checking for file '/usr/bin/cleaner'            [ Not found ]
[05:46:32]   Checking for file '/usr/include/rpcsvc/du'      [ Not found ]
[05:46:32] RH-Sharpe's Rootkit                               [ Not found ]
[05:46:32]
[05:46:32] Checking for RSHA's Rootkit...
[05:46:32]   Checking for file '/bin/kr4p'                   [ Not found ]
[05:46:32]   Checking for file '/usr/bin/n3tstat'            [ Not found ]
[05:46:32]   Checking for file '/usr/bin/chsh2'              [ Not found ]
[05:46:32]   Checking for file '/usr/bin/slice2'             [ Not found ]
[05:46:32]   Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[05:46:32]   Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[05:46:32]   Checking for directory '/etc/rc.d/rsha'         [ Not found ]
[05:46:32]   Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[05:46:32] RSHA's Rootkit                                    [ Not found ]
[05:46:32]
[05:46:32] Checking for Scalper Worm...
[05:46:32]   Checking for file '/tmp/.a'                     [ Not found ]
[05:46:32]   Checking for file '/tmp/.uua'                   [ Not found ]
[05:46:32] Scalper Worm                                      [ Not found ]
[05:46:32]
[05:46:32] Checking for Sebek LKM...
[05:46:32]   Checking for kernel symbol 'adore or sebek'     [ Not found ]
[05:46:32] Sebek LKM                                         [ Not found ]
[05:46:32]
[05:46:32] Checking for Shutdown Rootkit...
[05:46:32]   Checking for file '/usr/man/man5/..<SP>/.dir/scannah/asus' [ Not found ]
[05:46:33]   Checking for file '/usr/man/man5/..<SP>/.dir/see' [ Not found ]
[05:46:33]   Checking for file '/usr/man/man5/..<SP>/.dir/nscd' [ Not found ]
[05:46:33]   Checking for file '/usr/man/man5/..<SP>/.dir/alpd' [ Not found ]
[05:46:33]   Checking for file '/etc/rc.d/rc.local<SP>'      [ Not found ]
[05:46:33]   Checking for directory '/usr/man/man5/..<SP>/.dir' [ Not found ]
[05:46:33]   Checking for directory '/usr/man/man5/..<SP>/.dir/scannah' [ Not found ]
[05:46:33]   Checking for directory '/etc/rc.d/rc0.d/..<SP>/.dir' [ Not found ]
[05:46:33] Shutdown Rootkit                                  [ Not found ]
[05:46:33]
[05:46:33] Checking for SHV4 Rootkit...
[05:46:33]   Checking for file '/etc/ld.so.hash'             [ Not found ]
[05:46:33]   Checking for file '/lib/libext-2.so.7'          [ Not found ]
[05:46:33]   Checking for file '/lib/lidps1.so'              [ Not found ]
[05:46:33]   Checking for file '/lib/libproc.a'              [ Not found ]
[05:46:33]   Checking for file '/lib/libproc.so.2.0.6'       [ Not found ]
[05:46:33]   Checking for file '/lib/ldd.so/tks'             [ Not found ]
[05:46:33]   Checking for file '/lib/ldd.so/tkp'             [ Not found ]
[05:46:33]   Checking for file '/lib/ldd.so/tksb'            [ Not found ]
[05:46:33]   Checking for file '/lib/security/.config/sshd'  [ Not found ]
[05:46:33]   Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[05:46:33]   Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[05:46:33]   Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[05:46:33]   Checking for file '/usr/include/file.h'         [ Not found ]
[05:46:33]   Checking for file '/usr/include/hosts.h'        [ Not found ]
[05:46:33]   Checking for file '/usr/include/lidps1.so'      [ Not found ]
[05:46:33]   Checking for file '/usr/include/log.h'          [ Not found ]
[05:46:33]   Checking for file '/usr/include/proc.h'         [ Not found ]
[05:46:33]   Checking for file '/usr/sbin/xntps'             [ Not found ]
[05:46:33]   Checking for file '/dev/srd0'                   [ Not found ]
[05:46:33]   Checking for directory '/lib/ldd.so'            [ Not found ]
[05:46:33]   Checking for directory '/lib/security/.config'  [ Not found ]
[05:46:33]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[05:46:33] SHV4 Rootkit                                      [ Not found ]
[05:46:33]
[05:46:33] Checking for SHV5 Rootkit...
[05:46:33]   Checking for file '/etc/sh.conf'                [ Not found ]
[05:46:33]   Checking for file '/lib/libproc.a'              [ Not found ]
[05:46:33]   Checking for file '/lib/libproc.so.2.0.6'       [ Not found ]
[05:46:33]   Checking for file '/lib/lidps1.so'              [ Not found ]
[05:46:33]   Checking for file '/lib/libsh.so/bash'          [ Not found ]
[05:46:33]   Checking for file '/usr/include/file.h'         [ Not found ]
[05:46:33]   Checking for file '/usr/include/hosts.h'        [ Not found ]
[05:46:33]   Checking for file '/usr/include/log.h'          [ Not found ]
[05:46:33]   Checking for file '/usr/include/proc.h'         [ Not found ]
[05:46:33]   Checking for file '/lib/libsh.so/shdcf2'        [ Not found ]
[05:46:33]   Checking for file '/lib/libsh.so/shhk'          [ Not found ]
[05:46:33]   Checking for file '/lib/libsh.so/shhk.pub'      [ Not found ]
[05:46:33]   Checking for file '/lib/libsh.so/shrs'          [ Not found ]
[05:46:33]   Checking for file '/usr/lib/libsh/.bashrc'      [ Not found ]
[05:46:33]   Checking for file '/usr/lib/libsh/shsb'         [ Not found ]
[05:46:33]   Checking for file '/usr/lib/libsh/hide'         [ Not found ]
[05:46:33]   Checking for file '/usr/lib/libsh/.sniff/shsniff' [ Not found ]
[05:46:33]   Checking for file '/usr/lib/libsh/.sniff/shp'   [ Not found ]
[05:46:33]   Checking for file '/dev/srd0'                   [ Not found ]
[05:46:33]   Checking for directory '/lib/libsh.so'          [ Not found ]
[05:46:33]   Checking for directory '/usr/lib/libsh'         [ Not found ]
[05:46:33]   Checking for directory '/usr/lib/libsh/utilz'   [ Not found ]
[05:46:33]   Checking for directory '/usr/lib/libsh/.backup' [ Not found ]
[05:46:33] SHV5 Rootkit                                      [ Not found ]
[05:46:33]
[05:46:33] Checking for Sin Rootkit...
[05:46:33]   Checking for file '/dev/.haos/haos1/.f/Denyed'  [ Not found ]
[05:46:33]   Checking for file '/dev/ttyoa'                  [ Not found ]
[05:46:33]   Checking for file '/dev/ttyof'                  [ Not found ]
[05:46:33]   Checking for file '/dev/ttyop'                  [ Not found ]
[05:46:33]   Checking for file '/dev/ttyos'                  [ Not found ]
[05:46:33]   Checking for file '/usr/lib/.lib'               [ Not found ]
[05:46:33]   Checking for file '/usr/lib/sn/.X'              [ Not found ]
[05:46:33]   Checking for file '/usr/lib/sn/.sys'            [ Not found ]
[05:46:33]   Checking for file '/usr/lib/ld/.X'              [ Not found ]
[05:46:33]   Checking for file '/usr/man/man1/...'           [ Not found ]
[05:46:33]   Checking for file '/usr/man/man1/.../.m'        [ Not found ]
[05:46:33]   Checking for file '/usr/man/man1/.../.w'        [ Not found ]
[05:46:33]   Checking for directory '/usr/lib/sn'            [ Not found ]
[05:46:33]   Checking for directory '/usr/lib/man1/...'      [ Not found ]
[05:46:33]   Checking for directory '/dev/.haos'             [ Not found ]
[05:46:33] Sin Rootkit                                       [ Not found ]
[05:46:33]
[05:46:33] Checking for Slapper Worm...
[05:46:33]   Checking for file '/tmp/.bugtraq'               [ Not found ]
[05:46:33]   Checking for file '/tmp/.uubugtraq'             [ Not found ]
[05:46:33]   Checking for file '/tmp/.bugtraq.c'             [ Not found ]
[05:46:33]   Checking for file '/tmp/httpd'                  [ Not found ]
[05:46:33]   Checking for file '/tmp/.unlock'                [ Not found ]
[05:46:33]   Checking for file '/tmp/update'                 [ Not found ]
[05:46:33]   Checking for file '/tmp/.cinik'                 [ Not found ]
[05:46:33]   Checking for file '/tmp/.b'                     [ Not found ]
[05:46:34] Slapper Worm                                      [ Not found ]
[05:46:34]
[05:46:34] Checking for Sneakin Rootkit...
[05:46:34]   Checking for directory '/tmp/.X11-unix/.../rk'  [ Not found ]
[05:46:34] Sneakin Rootkit                                   [ Not found ]
[05:46:34]
[05:46:34] Checking for 'Spanish' Rootkit...
[05:46:34]   Checking for file '/dev/ptyq'                   [ Not found ]
[05:46:34]   Checking for file '/bin/ad'                     [ Not found ]
[05:46:34]   Checking for file '/bin/ava'                    [ Not found ]
[05:46:34]   Checking for file '/bin/server'                 [ Not found ]
[05:46:34]   Checking for file '/usr/sbin/rescue'            [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../chrps'        [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../chrifconfig'  [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../netstat'      [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../linsniffer'   [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../charbd'       [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../charbd2'      [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../charbd3'      [ Not found ]
[05:46:34]   Checking for file '/usr/share/.../charbd4'      [ Not found ]
[05:46:34]   Checking for file '/usr/man/tmp/update.tgz'     [ Not found ]
[05:46:34]   Checking for file '/var/lib/rpm/db.rpm'         [ Not found ]
[05:46:34]   Checking for file '/var/cache/man/.cat'         [ Not found ]
[05:46:34]   Checking for file '/var/spool/lpd/remote/.lpq'  [ Not found ]
[05:46:34]   Checking for directory '/usr/share/...'         [ Not found ]
[05:46:34] 'Spanish' Rootkit                                 [ Not found ]
[05:46:34]
[05:46:34] Checking for Suckit Rootkit...
[05:46:34]   Checking for file '/sbin/initsk12'              [ Not found ]
[05:46:34]   Checking for file '/sbin/initxrk'               [ Not found ]
[05:46:34]   Checking for file '/usr/bin/null'               [ Not found ]
[05:46:34]   Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc0.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc1.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc2.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc3.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc4.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc5.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for file '/etc/rc.d/rc6.d/S23kmdac'    [ Not found ]
[05:46:34]   Checking for directory '/dev/sdhu0/tehdrakg'    [ Not found ]
[05:46:34]   Checking for directory '/etc/.MG'               [ Not found ]
[05:46:34]   Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[05:46:34]   Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[05:46:34] Suckit Rootkit                                    [ Not found ]
[05:46:34]
[05:46:34] Checking for Superkit Rootkit...
[05:46:34]   Checking for file '/usr/man/.sman/sk/backsh'    [ Not found ]
[05:46:34]   Checking for file '/usr/man/.sman/sk/izbtrag'   [ Not found ]
[05:46:34]   Checking for file '/usr/man/.sman/sk/sksniff'   [ Not found ]
[05:46:34]   Checking for file '/var/www/cgi-bin/cgiback.cgi' [ Not found ]
[05:46:34]   Checking for directory '/usr/man/.sman/sk'      [ Not found ]
[05:46:34] Superkit Rootkit                                  [ Not found ]
[05:46:34]
[05:46:34] Checking for TBD (Telnet BackDoor)...
[05:46:34]   Checking for file '/usr/lib/.tbd'               [ Not found ]
[05:46:34] TBD (Telnet BackDoor)                             [ Not found ]
[05:46:34]
[05:46:34] Checking for TeLeKiT Rootkit...
[05:46:34]   Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[05:46:34]   Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[05:46:34]   Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[05:46:34]   Checking for file '/usr/man/man3/.../cl'        [ Not found ]
[05:46:34]   Checking for file '/dev/ptyr'                   [ Not found ]
[05:46:34]   Checking for file '/dev/ptyp'                   [ Not found ]
[05:46:34]   Checking for file '/dev/ptyq'                   [ Not found ]
[05:46:34]   Checking for file '/dev/hda06'                  [ Not found ]
[05:46:34]   Checking for file '/usr/info/libc1.so'          [ Not found ]
[05:46:34]   Checking for directory '/usr/man/man3/...'      [ Not found ]
[05:46:34]   Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[05:46:34]   Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[05:46:34] TeLeKiT Rootkit                                   [ Not found ]
[05:46:34]
[05:46:34] Checking for T0rn Rootkit...
[05:46:34]   Checking for file '/dev/.lib/lib/lib/t0rns'     [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/du'        [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/ls'        [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/t0rnsb'    [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/ps'        [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/t0rnp'     [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/find'      [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/ifconfig'  [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/pg'        [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/ssh.tgz'   [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/top'       [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/sz'        [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/login'     [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/1i0n.sh'   [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/pstree'    [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[05:46:34]   Checking for file '/dev/.lib/lib/lib/mjy'       [ Not found ]
[05:46:35]   Checking for file '/dev/.lib/lib/lib/sush'      [ Not found ]
[05:46:35]   Checking for file '/dev/.lib/lib/lib/tfn'       [ Not found ]
[05:46:35]   Checking for file '/dev/.lib/lib/lib/name'      [ Not found ]
[05:46:35]   Checking for file '/dev/.lib/lib/lib/getip.sh'  [ Not found ]
[05:46:35]   Checking for file '/usr/info/.torn/sh*'         [ Not found ]
[05:46:35]   Checking for file '/usr/src/.puta/.1addr'       [ Not found ]
[05:46:35]   Checking for file '/usr/src/.puta/.1file'       [ Not found ]
[05:46:35]   Checking for file '/usr/src/.puta/.1proc'       [ Not found ]
[05:46:35]   Checking for file '/usr/src/.puta/.1logz'       [ Not found ]
[05:46:35]   Checking for file '/usr/info/.t0rn'             [ Not found ]
[05:46:35]   Checking for directory '/dev/.lib'              [ Not found ]
[05:46:35]   Checking for directory '/dev/.lib/lib'          [ Not found ]
[05:46:35]   Checking for directory '/dev/.lib/lib/lib'      [ Not found ]
[05:46:35]   Checking for directory '/dev/.lib/lib/lib/dev'  [ Not found ]
[05:46:35]   Checking for directory '/dev/.lib/lib/scan'     [ Not found ]
[05:46:35]   Checking for directory '/usr/src/.puta'         [ Not found ]
[05:46:35]   Checking for directory '/usr/man/man1/man1'     [ Not found ]
[05:46:35]   Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[05:46:35]   Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[05:46:35]   Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[05:46:35] T0rn Rootkit                                      [ Not found ]
[05:46:35]
[05:46:35] Checking for trNkit Rootkit...
[05:46:35]   Checking for file '/usr/lib/libbins.la'         [ Not found ]
[05:46:35]   Checking for file '/usr/lib/libtcs.so'          [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/ulogin.sh'        [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/tcpshell.sh'      [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/bupdu'            [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/buloc'            [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/buloc1'           [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/buloc2'           [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/stat'             [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/backps'           [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/tree'             [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/topk'             [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/wold'             [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/whoold'           [ Not found ]
[05:46:35]   Checking for file '/dev/.ttpy/backdoors'        [ Not found ]
[05:46:35] trNkit Rootkit                                    [ Not found ]
[05:46:35]
[05:46:35] Checking for Trojanit Kit...
[05:46:35]   Checking for file '/bin/.ls'                    [ Not found ]
[05:46:35]   Checking for file '/bin/.ps'                    [ Not found ]
[05:46:35]   Checking for file '/bin/.netstat'               [ Not found ]
[05:46:35]   Checking for file '/usr/bin/.nop'               [ Not found ]
[05:46:35]   Checking for file '/usr/bin/.who'               [ Not found ]
[05:46:35] Trojanit Kit                                      [ Not found ]
[05:46:35]
[05:46:35] Checking for Tuxtendo Rootkit...
[05:46:35]   Checking for file '/lib/libproc.so.2.0.7'       [ Not found ]
[05:46:35]   Checking for file '/usr/bin/xchk'               [ Not found ]
[05:46:35]   Checking for file '/usr/bin/xsf'                [ Not found ]
[05:46:35]   Checking for file '/dev/tux/suidsh'             [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.addr'              [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.cron'              [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.file'              [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.log'               [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.proc'              [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.iface'             [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.pw'                [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.df'                [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.ssh'               [ Not found ]
[05:46:35]   Checking for file '/dev/tux/.tux'               [ Not found ]
[05:46:35]   Checking for file '/dev/tux/ssh2/sshd2_config'  [ Not found ]
[05:46:35]   Checking for file '/dev/tux/ssh2/hostkey'       [ Not found ]
[05:46:35]   Checking for file '/dev/tux/ssh2/hostkey.pub'   [ Not found ]
[05:46:35]   Checking for file '/dev/tux/ssh2/logo'          [ Not found ]
[05:46:35]   Checking for file '/dev/tux/ssh2/random_seed'   [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/crontab'     [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/df'          [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/dir'         [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/find'        [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/ifconfig'    [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/locate'      [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/netstat'     [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/ps'          [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/pstree'      [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/syslogd'     [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/tcpd'        [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/top'         [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/updatedb'    [ Not found ]
[05:46:35]   Checking for file '/dev/tux/backup/vdir'        [ Not found ]
[05:46:36]   Checking for directory '/dev/tux'               [ Not found ]
[05:46:36]   Checking for directory '/dev/tux/ssh2'          [ Not found ]
[05:46:36]   Checking for directory '/dev/tux/backup'        [ Not found ]
[05:46:36] Tuxtendo Rootkit                                  [ Not found ]
[05:46:36]
[05:46:36] Checking for URK Rootkit...
[05:46:36]   Checking for file '/dev/prom/sn.l'              [ Not found ]
[05:46:36]   Checking for file '/usr/lib/ldlibps.so'         [ Not found ]
[05:46:36]   Checking for file '/usr/lib/ldlibnet.so'        [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/uconf.inv'       [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/cleaner'         [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/psniff'      [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/du'          [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/ls'          [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/passwd'      [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/ps'          [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/psr'         [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/su'          [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/find'        [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/netstat'     [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/ping'        [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/strings'     [ Not found ]
[05:46:36]   Checking for file '/dev/pts/01/bin/bash'        [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/du'  [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/ls'  [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/passwd' [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/ps'  [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/psr' [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/su'  [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/netstat' [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/ping' [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/strings' [ Not found ]
[05:46:36]   Checking for file '/usr/man/man1/xxxxxxbin/bash' [ Not found ]
[05:46:36]   Checking for file '/tmp/conf.inv'               [ Not found ]
[05:46:36]   Checking for directory '/dev/prom'              [ Not found ]
[05:46:36]   Checking for directory '/dev/pts/01'            [ Not found ]
[05:46:36]   Checking for directory '/dev/pts/01/bin'        [ Not found ]
[05:46:36]   Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[05:46:36] URK Rootkit                                       [ Not found ]
[05:46:36]
[05:46:36] Checking for Vampire Rootkit...
[05:46:36]   Checking for kernel symbol 'new_getdents'       [ Not found ]
[05:46:36]   Checking for kernel symbol 'old_getdents'       [ Not found ]
[05:46:36]   Checking for kernel symbol 'should_hide_file_name' [ Not found ]
[05:46:36]   Checking for kernel symbol 'should_hide_task_name' [ Not found ]
[05:46:36] Vampire Rootkit                                   [ Not found ]
[05:46:36]
[05:46:36] Checking for VcKit Rootkit...
[05:46:36]   Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[05:46:36]   Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[05:46:36] VcKit Rootkit                                     [ Not found ]
[05:46:36]
[05:46:36] Checking for Volc Rootkit...
[05:46:36]   Checking for file '/usr/bin/volc'               [ Not found ]
[05:46:36]   Checking for file '/usr/lib/volc/backdoor/divine' [ Not found ]
[05:46:36]   Checking for file '/usr/lib/volc/linsniff'      [ Not found ]
[05:46:36]   Checking for file '/etc/rc.d/rc1.d/S25sysconf'  [ Not found ]
[05:46:36]   Checking for file '/etc/rc.d/rc2.d/S25sysconf'  [ Not found ]
[05:46:36]   Checking for file '/etc/rc.d/rc3.d/S25sysconf'  [ Not found ]
[05:46:36]   Checking for file '/etc/rc.d/rc4.d/S25sysconf'  [ Not found ]
[05:46:36]   Checking for file '/etc/rc.d/rc5.d/S25sysconf'  [ Not found ]
[05:46:36]   Checking for directory '/var/spool/.recent'     [ Not found ]
[05:46:36]   Checking for directory '/var/spool/.recent/.files' [ Not found ]
[05:46:36]   Checking for directory '/usr/lib/volc'          [ Not found ]
[05:46:36]   Checking for directory '/usr/lib/volc/backup'   [ Not found ]
[05:46:36] Volc Rootkit                                      [ Not found ]
[05:46:36]
[05:46:36] Checking for Xzibit Rootkit...
[05:46:36]   Checking for file '/dev/dsx'                    [ Not found ]
[05:46:36]   Checking for file '/dev/caca'                   [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/linsniffer'   [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/logclear'     [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/sense'        [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/sl2'          [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/sshdu'        [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/s'            [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/sl2new.c'     [ Not found ]
[05:46:37]   Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[05:46:37]   Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not found ]
[05:46:37]   Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [ Not found ]
[05:46:37]   Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [ Not found ]
[05:46:37]   Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not found ]
[05:46:37]   Checking for file '/www/cgi-bin/becys.cgi'      [ Not found ]
[05:46:37]   Checking for directory '/dev/ida/.inet'         [ Not found ]
[05:46:37] Xzibit Rootkit                                    [ Not found ]
[05:46:37]
[05:46:37] Checking for zaRwT.KiT Rootkit...
[05:46:37]   Checking for file '/dev/rd/s/sendmeil'          [ Not found ]
[05:46:37]   Checking for file '/dev/ttyf'                   [ Not found ]
[05:46:37]   Checking for file '/dev/ttyp'                   [ Not found ]
[05:46:37]   Checking for file '/dev/ttyn'                   [ Not found ]
[05:46:37]   Checking for file '/rk/tulz'                    [ Not found ]
[05:46:37]   Checking for directory '/rk'                    [ Not found ]
[05:46:37]   Checking for directory '/dev/rd/s'              [ Not found ]
[05:46:37] zaRwT.KiT Rootkit                                 [ Not found ]
[05:46:37]
[05:46:37] Checking for ZK Rootkit...
[05:46:37]   Checking for file '/usr/share/.zk/zk'           [ Not found ]
[05:46:37]   Checking for file '/usr/X11R6/.zk/xfs'          [ Not found ]
[05:46:37]   Checking for file '/usr/X11R6/.zk/echo'         [ Not found ]
[05:46:37]   Checking for file '/etc/1ssue.net'              [ Not found ]
[05:46:37]   Checking for file '/etc/sysconfig/console/load.zk' [ Not found ]
[05:46:37]   Checking for directory '/usr/share/.zk'         [ Not found ]
[05:46:37]   Checking for directory '/usr/X11R6/.zk'         [ Not found ]
[05:46:37] ZK Rootkit                                        [ Not found ]
[05:47:55]
[05:47:55] Info: Starting test name 'additional_rkts'
[05:47:55] Performing additional rootkit checks
[05:47:55]
[05:47:55]   Performing Suckit Rookit additional checks
[05:47:55]     Checking hard link count on '/sbin/init'      [ OK ]
[05:47:55]     Checking for hidden file extensions           [ None found ]
[05:47:55]     Running skdet command                         [ Skipped ]
[05:47:55] Info: Unable to find the 'skdet' command
[05:47:55]   Suckit Rookit additional checks                 [ OK ]
[05:47:55]
[05:47:55] Info: Starting test name 'possible_rkt_files'
[05:47:55]   Performing check of possible rootkit files and directories
[05:47:55]     Checking for file '/dev/sdr0'                 [ Not found ]
[05:47:55]     Checking for file '/dev/pisu'                 [ Not found ]
[05:47:55]     Checking for file '/dev/xdta'                 [ Not found ]
[05:47:55]     Checking for file '/dev/saux'                 [ Not found ]
[05:47:55]     Checking for file '/dev/hdx'                  [ Not found ]
[05:47:55]     Checking for file '/dev/hdx1'                 [ Not found ]
[05:47:55]     Checking for file '/dev/hdx2'                 [ Not found ]
[05:47:55]     Checking for file '/dev/ptyy'                 [ Not found ]
[05:47:55]     Checking for file '/dev/ptyu'                 [ Not found ]
[05:47:55]     Checking for file '/dev/ptyv'                 [ Not found ]
[05:47:55]     Checking for file '/dev/hdbb'                 [ Not found ]
[05:47:55]     Checking for file '/tmp/.syshackfile'         [ Not found ]
[05:47:55]     Checking for file '/tmp/.bash_history'        [ Not found ]
[05:47:55]     Checking for file '/usr/info/.clib'           [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/tcp.log'         [ Not found ]
[05:47:55]     Checking for file '/usr/bin/take/pid'         [ Not found ]
[05:47:55]     Checking for file '/sbin/create'              [ Not found ]
[05:47:55]     Checking for file '/dev/ttypz'                [ Not found ]
[05:47:55]     Checking for file '/var/log/tcp.log'          [ Not found ]
[05:47:55]     Checking for file '/usr/include/audit.h'      [ Not found ]
[05:47:55]     Checking for file '/usr/bin/sourcemask'       [ Not found ]
[05:47:55]     Checking for file '/usr/bin/ras2xm'           [ Not found ]
[05:47:55]     Checking for file '/dev/xmx'                  [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/gpm.root'        [ Not found ]
[05:47:55]     Checking for file '/bin/vobiscum'             [ Not found ]
[05:47:55]     Checking for file '/bin/psr'                  [ Not found ]
[05:47:55]     Checking for file '/dev/kdx'                  [ Not found ]
[05:47:55]     Checking for file '/dev/dkx'                  [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/sshd3'           [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/jcd'             [ Not found ]
[05:47:55]     Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/atd2'            [ Not found ]
[05:47:55]     Checking for file '/home/httpd/cgi-bin/linux.cgi' [ Not found ]
[05:47:55]     Checking for file '/home/httpd/cgi-bin/psid'  [ Not found ]
[05:47:55]     Checking for file '/home/httpd/cgi-bin/void.cgi' [ Not found ]
[05:47:55]     Checking for file '/etc/rc.d/init.d/system'   [ Not found ]
[05:47:55]     Checking for file '/etc/rc.d/rc3.d/S93users'  [ Not found ]
[05:47:55]     Checking for file '/tmp/.ush'                 [ Not found ]
[05:47:55]     Checking for file '/usr/lib/libhidefile.so'   [ Not found ]
[05:47:55]     Checking for file '/etc/cron.d/kmod'          [ Not found ]
[05:47:55]     Checking for file '/usr/lib/dmis/dmisd'       [ Not found ]
[05:47:55]     Checking for file '/lib/secure/libhij.so'     [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/sshd3'           [ Not found ]
[05:47:55]     Checking for file '/etc/rc.d/init.d/crontab'  [ Not found ]
[05:47:55]     Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/atd2'            [ Not found ]
[05:47:55]     Checking for file '/etc/rc.d/rc5.d/S93users'  [ Not found ]
[05:47:55]     Checking for file '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:47:55]     Checking for file '/etc/init.d/xfs3'          [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/t.txt'           [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/change'          [ Not found ]
[05:47:55]     Checking for file '/usr/sbin/s'               [ Not found ]
[05:47:55]     Checking for file '/bin/f'                    [ Not found ]
[05:47:55]     Checking for file '/bin/i'                    [ Not found ]
[05:47:55]     Checking for file '/lib/libncom.so.4.0.1'     [ Not found ]
[05:47:55]     Checking for file '/sbin/zinit'               [ Not found ]
[05:47:55]     Checking for file '/tmp/pass_ssh.log'         [ Not found ]
[05:47:56]     Checking for file '/usr/include/gpm2.h'       [ Not found ]
[05:47:56]     Checking for file '/etc/ssh/.sshd_auth'       [ Not found ]
[05:47:56]     Checking for file '/usr/lib/.sshd.h'          [ Not found ]
[05:47:56]     Checking for file '/var/run/.defunct'         [ Not found ]
[05:47:56]     Checking for file '/etc/httpd/run/.defunct'   [ Not found ]
[05:47:56]     Checking for file '/usr/share/pci.r'          [ Not found ]
[05:47:56]     Checking for file '/etc/cron.daily/dnsquery'  [ Not found ]
[05:47:56]     Checking for file '/usr/lib/libutil1.2.1.2.so' [ Not found ]
[05:47:56]     Checking for file '/bin/ceva'                 [ Not found ]
[05:47:56]     Checking for file '/sbin/syslogd<SP>'         [ Not found ]
[05:47:56]     Checking for file '/usr/include/shup.h'       [ Not found ]
[05:47:56]     Checking for file '/etc/rpm/sshdOLD'          [ Not found ]
[05:47:56]     Checking for file '/etc/rpm/sshOLD'           [ Not found ]
[05:47:56]     Checking for file '/usr/share/passwd.h'       [ Not found ]
[05:47:56]     Checking for file '/lib/.xsyslog'             [ Not found ]
[05:47:56]     Checking for file '/etc/.xsyslog'             [ Not found ]
[05:47:56]     Checking for file '/lib/.ssyslog'             [ Not found ]
[05:47:56]     Checking for file '/tmp/.sendmail'            [ Not found ]
[05:47:56]     Checking for file '/usr/share/sshd.sync'      [ Not found ]
[05:47:56]     Checking for file '/bin/zcut'                 [ Not found ]
[05:47:56]     Checking for file '/usr/bin/zmuie'            [ Not found ]
[05:47:56]     Checking for file '/lib/libkeyutils.so.1.9'   [ Not found ]
[05:47:56]     Checking for file '/lib64/libkeyutils.so.1.9' [ Not found ]
[05:47:56]     Checking for file '/usr/lib/libkeyutils.so.1.9' [ Not found ]
[05:47:56]     Checking for file '/usr/lib64/libkeyutils.so.1.9' [ Not found ]
[05:47:56]     Checking for directory '/dev/ptyas'           [ Not found ]
[05:47:56]     Checking for directory '/usr/bin/take'        [ Not found ]
[05:47:56]     Checking for directory '/usr/src/.lib'        [ Not found ]
[05:47:56]     Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[05:47:56]     Checking for directory '/lib/lblip.tk'        [ Not found ]
[05:47:56]     Checking for directory '/usr/sbin/...'        [ Not found ]
[05:47:56]     Checking for directory '/usr/share/.gun'      [ Not found ]
[05:47:56]     Checking for directory '/unde/vrei/tu/sa/te/ascunzi/in/server' [ Not found ]
[05:47:56]     Checking for directory '/usr/man/man1/..<SP><SP>/.dir' [ Not found ]
[05:47:56]     Checking for directory '/usr/X11R6/include/X11/...' [ Not found ]
[05:47:56]     Checking for directory '/usr/X11R6/lib/X11/.fonts/misc/...' [ Not found ]
[05:47:56]     Checking for directory '/tmp/.sys'            [ Not found ]
[05:47:56]     Checking for directory '/tmp/''               [ Not found ]
[05:47:56]     Checking for directory '/tmp/.,'              [ Not found ]
[05:47:56]     Checking for directory '/tmp/,.,'             [ Not found ]
[05:47:56]     Checking for directory '/dev/shm/emilien'     [ Not found ]
[05:47:56]     Checking for directory '/var/tmp/.log'        [ Not found ]
[05:47:56]     Checking for directory '/tmp/zmeu/...<SP>'    [ Not found ]
[05:47:56]     Checking for directory '/var/log/ssh'         [ Not found ]
[05:47:56]     Checking for directory '/dev/ida'             [ Not found ]
[05:47:56]     Checking for directory '/var/lib/games/.src/ssk/shit' [ Not found ]
[05:47:56]     Checking for directory '/usr/lib/libshtift'   [ Not found ]
[05:47:56]     Checking for directory '/usr/src/.poop'       [ Not found ]
[05:47:56]     Checking for directory '/dev/wd4'             [ Not found ]
[05:47:56]     Checking for directory '/var/run/.tmp'        [ Not found ]
[05:47:56]     Checking for directory '/usr/man/man1/lib/.lib' [ Not found ]
[05:47:56]     Checking for directory '/dev/portd'           [ Not found ]
[05:47:56]     Checking for directory '/dev/...'             [ Not found ]
[05:47:56]     Checking for directory '/usr/share/man/mansps' [ Not found ]
[05:47:56]     Checking for directory '/lib/.so'             [ Not found ]
[05:47:56]     Checking for directory '/lib/.sso'            [ Not found ]
[05:47:56]     Checking for directory '/usr/include/sslv3'   [ Not found ]
[05:47:56]     Checking for directory '/dev/shm/sshd'        [ Not found ]
[05:47:56]     Checking for directory '/usr/share/locale/mk/.dev/sk' [ Not found ]
[05:47:56]     Checking for directory '/usr/share/locale/mk/.dev' [ Not found ]
[05:47:56]     Checking for directory '/usr/include/netda.h' [ Not found ]
[05:47:56]     Checking for directory '/usr/include/.ssh'    [ Not found ]
[05:47:57]     Checking for directory '/usr/share/locale/jp/.<SP>' [ Not found ]
[05:47:57]     Checking for directory '/usr/share/.sqe'      [ Not found ]
[05:47:57]   Checking for possible rootkit files and directories [ None found ]
[05:47:57]
[05:47:57] Info: Starting test name 'possible_rkt_strings'
[05:47:57]   Performing check for possible rootkit strings
[05:47:57] Info: Using system startup paths: /etc/rc.local /etc/init.d
[05:47:57]     Checking for string 'phalanx'                 [ Not found ]
[05:47:57]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[05:47:57]     Checking for string 'FUCK'                    [ Not found ]
[05:47:57]     Checking for string 'backdoor'                [ Not found ]
[05:47:57]     Checking for string '/usr/bin/rcpc'           [ Not found ]
[05:47:57]     Checking for string '/usr/sbin/login'         [ Not found ]
[05:47:57]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[05:47:57]     Checking for string 'vt200'                   [ Not found ]
[05:47:57]     Checking for string '/usr/bin/xstat'          [ Not found ]
[05:47:57]     Checking for string '/bin/envpc'              [ Not found ]
[05:47:57]     Checking for string 'L4m3r0x'                 [ Not found ]
[05:47:57]     Checking for string '/lib/libext'             [ Not found ]
[05:47:57]     Checking for string '/usr/sbin/login'         [ Not found ]
[05:47:57]     Checking for string '/usr/lib/.tbd'           [ Not found ]
[05:47:57]     Checking for string 'sendmail'                [ Not found ]
[05:47:57]     Checking for string 'cocacola'                [ Not found ]
[05:47:57]     Checking for string 'joao'                    [ Not found ]
[05:47:57]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[05:47:57]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[05:47:57]     Checking for string '/dev/sgk'                [ Not found ]
[05:47:57]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[05:47:57]     Checking for string '/usr/lib/.tbd'           [ Not found ]
[05:47:57]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[05:47:57]     Checking for string '/lib/.sso'               [ Not found ]
[05:47:57]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[05:47:57]     Checking for string '/dev/caca'               [ Not found ]
[05:47:57]     Checking for string '/dev/ttyoa'              [ Not found ]
[05:47:57]     Checking for string '/usr/lib/ldlibns.so'     [ Not found ]
[05:47:57]     Checking for string '/dev/ptyxx/.addr'        [ Not found ]
[05:47:57]     Checking for string 'syg'                     [ Not found ]
[05:47:57]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[05:47:57]     Checking for string '/dev/pts/01'             [ Not found ]
[05:47:57]     Checking for string 'tw33dl3'                 [ Not found ]
[05:47:57]     Checking for string 'psniff'                  [ Not found ]
[05:47:57]     Checking for string 'uconf.inv'               [ Not found ]
[05:47:57]     Checking for string 'lib/ldlibps.so'          [ Not found ]
[05:47:57]     Checking for string '/usr/lib/ldlibpst.so'    [ Not found ]
[05:47:57]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:47:57]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[05:47:57]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[05:47:57]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:47:57]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:47:57]     Checking for string '/bin/bash'               [ Not found ]
[05:47:57]     Checking for string '/dev/xdta'               [ Not found ]
[05:47:57]     Checking for string '/usr/lib/.tbd'           [ Not found ]
[05:47:58]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[05:47:58]     Checking for string 'in.inetd'                [ Not found ]
[05:47:58]     Checking for string '#<HIDE_.*>'              [ Not found ]
[05:47:58]     Checking for string 'bin/xchk'                [ Not found ]
[05:47:59]     Checking for string 'bin/xsf'                 [ Not found ]
[05:47:59]     Checking for string '/usr/bin/ssh2d'          [ Not found ]
[05:47:59]     Checking for string '/usr/sbin/xntps'         [ Not found ]
[05:47:59]     Checking for string 'ttyload'                 [ Not found ]
[05:47:59]     Checking for string '/etc/rc.d/init.d/init'   [ Not found ]
[05:48:00]     Checking for string 'usr/bin/xfss'            [ Not found ]
[05:48:00]     Checking for string '/usr/sbin/rpc.netinet'   [ Not found ]
[05:48:00]     Checking for string '/usr/lib/.fx/cons.saver' [ Not found ]
[05:48:00]     Checking for string '/usr/lib/.fx/xs'         [ Not found ]
[05:48:00]     Checking for string '/ssh2d'                  [ Not found ]
[05:48:01]     Checking for string '/dev/kmod'               [ Not found ]
[05:48:01]     Checking for string '/crth.o'                 [ Not found ]
[05:48:01]     Checking for string '/crtz.o'                 [ Not found ]
[05:48:01]     Checking for string '/dev/dos'                [ Not found ]
[05:48:01]     Checking for string '/lpq'                    [ Not found ]
[05:48:02]     Checking for string '/usr/sbin/rescue'        [ Not found ]
[05:48:02]     Checking for string '/usr/lib/lpstart'        [ Not found ]
[05:48:02]     Checking for string '/volc'                   [ Not found ]
[05:48:02]     Checking for string 'sourcemask'              [ Not found ]
[05:48:03]     Checking for string '/bin/vobiscum'           [ Not found ]
[05:48:03]     Checking for string '/usr/sbin/in.telnet'     [ Not found ]
[05:48:03]     Checking for string '/usr/bin/hdparm?-t1?-X53?-p' [ Not found ]
[05:48:03]     Checking for string '/lib/.xsyslog'           [ Not found ]
[05:48:03]     Checking for string '/etc/.xsyslog'           [ Not found ]
[05:48:04]     Checking for string '/lib/.ssyslog'           [ Not found ]
[05:48:04]     Checking for string '/tmp/.sendmail'          [ Not found ]
[05:48:04]     Checking for string '/lib/ldd.so/tkps'        [ Not found ]
[05:48:04]     Checking for string 't0rnkit'                 [ Not found ]
[05:48:04]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[05:48:04]     Checking for string 'backdoor.h'              [ Not found ]
[05:48:04]     Checking for string 'backdoor_active'         [ Not found ]
[05:48:04]     Checking for string 'magic_pass_active'       [ Not found ]
[05:48:04]     Checking for string '/usr/include/gpm2.h'     [ Not found ]
[05:48:04]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:48:04]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:48:04]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:48:04]     Checking for string '/usr/lib/ldlibct.so'     [ Not found ]
[05:48:04]     Checking for string '/usr/lib/ldlibdu.so'     [ Not found ]
[05:48:04]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[05:48:04]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[05:48:04]     Checking for string '/dev/ida/.inet'          [ Not found ]
[05:48:04]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:48:04]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:48:04]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:48:04]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:48:04]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:48:04]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[05:48:05]     Checking for string 'backconnect'             [ Not found ]
[05:48:05]     Checking for string 'magic?packet?received'   [ Not found ]
[05:48:05]   Checking for possible rootkit strings           [ None found ]
[05:48:05]
[05:48:05] Info: Starting test name 'malware'
[05:48:05] Performing malware checks
[05:48:05]
[05:48:05] Info: Test 'deleted_files' disabled at users request.
[05:48:05]
[05:48:05] Info: Starting test name 'running_procs'
[05:48:06]   Checking running processes for suspicious files [ None found ]
[05:48:06]
[05:48:06] Info: Test 'hidden_procs' disabled at users request.
[05:48:06]
[05:48:06] Info: Test 'suspscan' disabled at users request.
[05:48:06]
[05:48:06] Info: Starting test name 'other_malware'
[05:48:06]   Performing check for login backdoors
[05:48:06]     Checking for '/bin/.login'                    [ Not found ]
[05:48:06]     Checking for '/sbin/.login'                   [ Not found ]
[05:48:06]   Checking for login backdoors                    [ None found ]
[05:48:06]
[05:48:06]   Performing check for suspicious directories
[05:48:06]     Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[05:48:06]     Checking for directory '/dev/rd/cdb'          [ Not found ]
[05:48:06]   Checking for suspicious directories             [ None found ]
[05:48:06]
[05:48:06]   Checking for software intrusions                [ Skipped ]
[05:48:06] Info: Check skipped - tripwire not installed
[05:48:06]
[05:48:06]   Performing check for sniffer log files
[05:48:06]     Checking for file '/usr/lib/libice.log'       [ Not found ]
[05:48:06]     Checking for file '/dev/prom/sn.l'            [ Not found ]
[05:48:06]     Checking for file '/dev/fd/.88/zxsniff.log'   [ Not found ]
[05:48:06]   Checking for sniffer log files                  [ None found ]
[05:48:06]
[05:48:06] Suspicious Shared Memory segments
[05:48:06]   Suspicious Shared Memory segments               [ None found ]
[05:48:06]
[05:48:06] Info: Starting test name 'trojans'
[05:48:06] Performing trojan specific checks
[05:48:06]   Checking for enabled inetd services             [ Skipped ]
[05:48:06] Info: Check skipped - file '/etc/inetd.conf' does not exist.
[05:48:06]
[05:48:06]   Performing check for enabled xinetd services
[05:48:06]   Checking for enabled xinetd services            [ Skipped ]
[05:48:06] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[05:48:06]   Checking for Apache backdoor                    [ Not found ]
[05:48:06]
[05:48:06] Info: Starting test name 'os_specific'
[05:48:06] Performing Linux specific checks
[05:48:07]   Checking loaded kernel modules                  [ OK ]
[05:48:07] Info: Using modules pathname of '/lib/modules/4.2.0-35-generic'
[05:48:09]   Checking kernel module names                    [ OK ]
[05:48:11]
[05:48:11] Info: Starting test name 'network'
[05:48:11] Checking the network...
[05:48:11]
[05:48:11] Performing checks on the network ports
[05:48:11] Info: Starting test name 'ports'
[05:48:11]   Performing check for backdoor ports
[05:48:11]     Checking for TCP port 1524                    [ Not found ]
[05:48:11]     Checking for TCP port 1984                    [ Not found ]
[05:48:11]     Checking for UDP port 2001                    [ Not found ]
[05:48:11]     Checking for TCP port 2006                    [ Not found ]
[05:48:11]     Checking for TCP port 2128                    [ Not found ]
[05:48:11]     Checking for TCP port 6666                    [ Not found ]
[05:48:11]     Checking for TCP port 6667                    [ Not found ]
[05:48:11]     Checking for TCP port 6668                    [ Not found ]
[05:48:11]     Checking for TCP port 6669                    [ Not found ]
[05:48:11]     Checking for TCP port 7000                    [ Not found ]
[05:48:11]     Checking for TCP port 13000                   [ Not found ]
[05:48:11]     Checking for TCP port 14856                   [ Not found ]
[05:48:11]     Checking for TCP port 25000                   [ Not found ]
[05:48:11]     Checking for TCP port 29812                   [ Not found ]
[05:48:11]     Checking for TCP port 31337                   [ Not found ]
[05:48:11]     Checking for TCP port 32982                   [ Not found ]
[05:48:11]     Checking for TCP port 33369                   [ Not found ]
[05:48:11]     Checking for TCP port 47107                   [ Not found ]
[05:48:11]     Checking for TCP port 47018                   [ Not found ]
[05:48:11]     Checking for TCP port 60922                   [ Not found ]
[05:48:12]     Checking for TCP port 62883                   [ Not found ]
[05:48:12]     Checking for TCP port 65535                   [ Not found ]
[05:48:12]   Checking for backdoor ports                     [ None found ]
[05:48:12]
[05:48:12] Info: Starting test name 'hidden_ports'
[05:48:12] Info: Found the 'unhide-tcp' command: /usr/sbin/unhide-tcp 
[05:48:12]   Checking for hidden ports                       [ None found ]
[05:48:12]
[05:48:12] Performing checks on the network interfaces
[05:48:12] Info: Starting test name 'promisc'
[05:48:12]   Checking for promiscuous interfaces             [ None found ]
[05:48:12]
[05:48:12] Info: Test 'packet_cap_apps' disabled at users request.
[05:48:12]
[05:48:12] Info: Starting test name 'local_host'
[05:48:12] Checking the local host...
[05:48:12]
[05:48:12] Info: Starting test name 'startup_files'
[05:48:12] Performing system boot checks
[05:48:12]   Checking for local host name                    [ Found ]
[05:48:12]
[05:48:12] Info: Starting test name 'startup_malware'
[05:48:12]   Checking for system startup files               [ Found ]
[05:48:13]   Checking system startup files for malware       [ None found ]
[05:48:13]
[05:48:13] Info: Starting test name 'group_accounts'
[05:48:13] Performing group and account checks
[05:48:13]   Checking for passwd file                        [ Found ]
[05:48:13] Info: Found password file: /etc/passwd
[05:48:13]   Checking for root equivalent (UID 0) accounts   [ None found ]
[05:48:13] Info: Found shadow file: /etc/shadow
[05:48:13]   Checking for passwordless accounts              [ None found ]
[05:48:13]
[05:48:13] Info: Starting test name 'passwd_changes'
[05:48:13]   Checking for passwd file changes                [ Warning ]
[05:48:13] Warning: User 'havp' has been added to the passwd file.
[05:48:13] Warning: User 'clamav' has been added to the passwd file.
[05:48:13] Warning: User 'clamsmtp' has been added to the passwd file.
[05:48:13] Warning: User 'amavis' has been added to the passwd file.
[05:48:13] Warning: User 'clickpkg' has been added to the passwd file.
[05:48:13] Warning: User 'dirmngr' has been added to the passwd file.
[05:48:13]
[05:48:13] Info: Starting test name 'group_changes'
[05:48:13]   Checking for group file changes                 [ Warning ]
[05:48:13] Warning: Group 'vboxusers' has been added to the group file.
[05:48:13] Warning: Group 'havp' has been added to the group file.
[05:48:13] Warning: Group 'clamav' has been added to the group file.
[05:48:13] Warning: Group 'clamsmtp' has been added to the group file.
[05:48:13] Warning: Group 'amavis' has been added to the group file.
[05:48:13] Warning: Group 'autopilot' has been added to the group file.
[05:48:13] Warning: Group 'clickpkg' has been added to the group file.
[05:48:13] Warning: Group 'dirmngr' has been added to the group file.
[05:48:13]   Checking root account shell history files       [ None found ]
[05:48:13]
[05:48:13] Info: Starting test name 'system_configs'
[05:48:13] Performing system configuration file checks
[05:48:13]   Checking for an SSH configuration file          [ Not found ]
[05:48:14]   Checking for a running system logging daemon    [ Found ]
[05:48:14] Info: A running 'rsyslog' daemon has been found.
[05:48:14] Info: A running 'systemd-journald' daemon has been found.
[05:48:14] Info: Found an rsyslog configuration file: /etc/rsyslog.conf
[05:48:14] Info: Found a systemd configuration file: /etc/systemd/journald.conf
[05:48:14]   Checking for a system logging configuration file [ Found ]
[05:48:14]   Checking if syslog remote logging is allowed    [ Not allowed ]
[05:48:14]
[05:48:14] Info: Starting test name 'filesystem'
[05:48:14] Performing filesystem checks
[05:48:14] Info: SCAN_MODE_DEV set to 'THOROUGH'
[05:48:15]   Checking /dev for suspicious file types         [ Warning ]
[05:48:15] Warning: Suspicious file types found in /dev:
[05:48:15]          /dev/shm/pulse-shm-4209799112: data
[05:48:15]          /dev/shm/pulse-shm-2804304956: data
[05:48:15]          /dev/shm/pulse-shm-314701331: data
[05:48:15]          /dev/shm/pulse-shm-2251038954: data
[05:48:15]          /dev/shm/pulse-shm-1056751454: data
[05:48:15]          /dev/shm/pulse-shm-4207284760: data
[05:48:15]          /dev/shm/pulse-shm-4133351312: data
[05:48:15]          /dev/shm/ecryptfs-bbs-Private: ASCII text
[05:48:15]          /dev/shm/pulse-shm-1962024324: data
[05:48:15]          /dev/shm/pulse-shm-995775837: data
[05:48:15]   Checking for hidden files and directories       [ Warning ]
[05:48:15] Warning: Hidden file found: /etc/.oinkmaster.conf.swp: data
[05:48:15]   Checking for missing log files                  [ Skipped ]
[05:48:15]   Checking for empty log files                    [ Skipped ]
[05:48:20]
[05:48:20] Info: Test 'apps' disabled at users request.
[05:48:21]
[05:48:21] System checks summary
[05:48:21] =====================
[05:48:21]
[05:48:21] File properties checks...
[05:48:21] Files checked: 147
[05:48:21] Suspect files: 147
[05:48:21]
[05:48:21] Rootkit checks...
[05:48:21] Rootkits checked : 365
[05:48:21] Possible rootkits: 0
[05:48:21]
[05:48:21] Applications checks...
[05:48:21] All checks skipped
[05:48:21]
[05:48:21] The system checks took: 2 minutes and 19 seconds
[05:48:21]
[05:48:21] Info: End date is Sa 16. Apr 05:48:21 CEST 2016
         

Alt 16.04.2016, 04:39   #67
dennisstein
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Authlog Teil 1

Code:
ATTFilter
Apr 14 20:53:00 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22342:284322 (system bus name :1.225 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:00 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22342:284322 (system bus name :1.225, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22355:284357 (system bus name :1.227 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22355:284357 (system bus name :1.227, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22378:284392 (system bus name :1.228 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22378:284392 (system bus name :1.228, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22395:284403 (system bus name :1.229 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22395:284403 (system bus name :1.229, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22511:284870 (system bus name :1.230 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22511:284870 (system bus name :1.230, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22548:284889 (system bus name :1.231 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22548:284889 (system bus name :1.231, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22568:284905 (system bus name :1.232 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22568:284905 (system bus name :1.232, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 14 20:56:19 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 14 20:56:19 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 14 20:56:19 bbs-sophos pkexec[24529]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr 14 21:12:54 bbs-sophos systemd-logind[785]: System is rebooting.
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: New seat seat0.
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 15 02:04:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 02:04:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 02:04:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 02:04:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 02:04:27 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 15 02:04:27 bbs-sophos systemd-logind[766]: New session c1 of user lightdm.
Apr 15 02:04:27 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 15 02:04:33 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 02:04:33 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 02:04:33 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 02:04:33 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 02:04:33 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 15 02:04:51 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 15 02:04:51 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 15 02:04:51 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 15 02:04:51 bbs-sophos systemd-logind[766]: New session c2 of user bbs.
Apr 15 02:04:59 bbs-sophos dbus[767]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 02:05:00 bbs-sophos gnome-keyring-daemon[1118]: The PKCS#11 component was already initialized
Apr 15 02:05:00 bbs-sophos gnome-keyring-daemon[1118]: The Secret Service was already initialized
Apr 15 02:05:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.72 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:06:27 bbs-sophos systemd-logind[766]: Removed session c1.
Apr 15 02:06:27 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr 15 02:17:01 bbs-sophos CRON[2290]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 02:17:01 bbs-sophos CRON[2290]: pam_unix(cron:session): session closed for user root
Apr 15 02:25:12 bbs-sophos dbus[767]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.103" (uid=0 pid=2365 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.12" (uid=0 pid=783 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 15 02:26:19 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install tiger
Apr 15 02:26:19 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:27:42 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:3784:145618 (system bus name :1.106 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:42 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:3784:145618 (system bus name :1.106, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:49 bbs-sophos groupadd[3857]: group added to /etc/group: name=smmta, GID=129
Apr 15 02:27:49 bbs-sophos groupadd[3857]: group added to /etc/gshadow: name=smmta
Apr 15 02:27:50 bbs-sophos groupadd[3857]: new group: name=smmta, GID=129
Apr 15 02:27:50 bbs-sophos useradd[3863]: new user: name=smmta, UID=120, GID=129, home=/var/lib/sendmail, shell=/bin/false
Apr 15 02:27:50 bbs-sophos usermod[3879]: change user 'smmta' password
Apr 15 02:27:50 bbs-sophos chage[3886]: changed password expiry for smmta
Apr 15 02:27:50 bbs-sophos chfn[3889]: changed user 'smmta' information
Apr 15 02:27:51 bbs-sophos groupadd[3909]: group added to /etc/group: name=smmsp, GID=130
Apr 15 02:27:51 bbs-sophos groupadd[3909]: group added to /etc/gshadow: name=smmsp
Apr 15 02:27:51 bbs-sophos groupadd[3909]: new group: name=smmsp, GID=130
Apr 15 02:27:51 bbs-sophos useradd[3919]: new user: name=smmsp, UID=121, GID=130, home=/var/lib/sendmail, shell=/bin/false
Apr 15 02:27:51 bbs-sophos usermod[3927]: change user 'smmsp' password
Apr 15 02:27:51 bbs-sophos chage[3934]: changed password expiry for smmsp
Apr 15 02:27:51 bbs-sophos chfn[3975]: changed user 'smmsp' information
Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4105:146727 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4105:146727 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4147:146745 (system bus name :1.108 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4147:146745 (system bus name :1.108, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4195:146798 (system bus name :1.109 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4195:146798 (system bus name :1.109, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4214:146810 (system bus name :1.110 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4214:146810 (system bus name :1.110, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:5008:147057 (system bus name :1.111 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:5008:147057 (system bus name :1.111, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:5068:147074 (system bus name :1.112 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:27:59 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:5068:147074 (system bus name :1.112, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:28:55 bbs-sophos polkit-agent-helper-1[11903]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 02:28:55 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.84 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 02:29:02 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:12018:153632 (system bus name :1.114 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:29:02 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:12018:153632 (system bus name :1.114, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:29:04 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:29:22 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/tiger
Apr 15 02:29:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:30:00 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install chkrootkit
Apr 15 02:30:00 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:30:00 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:30:42 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1125:8533 [/sbin/upstart --user] (owned by unix-user:bbs)
Apr 15 02:30:42 bbs-sophos pkexec[30463]: bbs: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/share/apport/apport-gtk]
Apr 15 02:31:09 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:32:23 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:32:23 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:32:23 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:33:37 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:33:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:33:37 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:37:00 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21024:201360 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:37:00 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21024:201360 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21570:213007 (system bus name :1.122 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21570:213007 (system bus name :1.122, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21607:213042 (system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:38:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21607:213042 (system bus name :1.123, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:38:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21630:213053 (system bus name :1.124 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:38:58 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21630:213053 (system bus name :1.124, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:40:01 bbs-sophos CRON[22238]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 02:40:01 bbs-sophos CRON[22238]: pam_unix(cron:session): session closed for user smmsp
Apr 15 02:40:11 bbs-sophos su[22440]: Successful su for www-data by root
Apr 15 02:40:11 bbs-sophos su[22440]: + ??? root:www-data
Apr 15 02:40:11 bbs-sophos su[22440]: pam_unix(su:session): session opened for user www-data by (uid=0)
Apr 15 02:40:11 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user www-data by (uid=0)
Apr 15 02:40:11 bbs-sophos systemd-logind[766]: New session c3 of user www-data.
Apr 15 02:40:11 bbs-sophos su[22440]: pam_unix(su:session): session closed for user www-data
Apr 15 02:40:11 bbs-sophos systemd-logind[766]: Removed session c3.
Apr 15 02:40:21 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22745:221480 (system bus name :1.135 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 02:40:21 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22745:221480 (system bus name :1.135, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 02:41:41 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:41:41 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:41:42 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:42:00 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get autoremove
Apr 15 02:42:00 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:42:07 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:42:20 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu
Apr 15 02:42:20 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:42:20 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:42:42 bbs-sophos sudo:      bbs : TTY=unknown ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/geany /var/log/tiger/security.report.bbs-sophos.160415-02:29
Apr 15 02:42:42 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 02:44:29 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install chkrootkit
Apr 15 02:44:29 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:44:29 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:44:53 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit --update
Apr 15 02:44:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:44:53 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:45:22 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit -V
Apr 15 02:45:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:45:22 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:46:10 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit -r
Apr 15 02:46:10 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:46:10 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:46:18 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit
Apr 15 02:46:18 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:46:20 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:51:17 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:54:04 bbs-sophos sudo:      bbs : TTY=unknown ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/geany /var/log/tiger/security.report.bbs-sophos.160415-02:29
Apr 15 02:54:04 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Apr 15 02:54:29 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install rkhunter
Apr 15 02:54:29 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:54:59 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 02:55:11 bbs-sophos sudo:      bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter -c
Apr 15 02:55:11 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 02:55:12 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Apr 15 02:55:52 bbs-sophos Rootkit Hunter: Scanning took 40 seconds
Apr 15 02:55:52 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected.
Apr 15 02:55:52 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:00:01 bbs-sophos CRON[29922]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 03:00:01 bbs-sophos CRON[29923]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 03:00:01 bbs-sophos CRON[29922]: pam_unix(cron:session): session closed for user smmsp
Apr 15 03:00:02 bbs-sophos CRON[29923]: pam_unix(cron:session): session closed for user root
Apr 15 03:01:21 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --check
Apr 15 03:01:21 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:01:22 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Apr 15 03:02:02 bbs-sophos Rootkit Hunter: Scanning took 40 seconds
Apr 15 03:02:02 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected.
Apr 15 03:02:02 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:02:14 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --update
Apr 15 03:02:14 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:02:16 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:02:37 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --versioncheck
Apr 15 03:02:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:02:38 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:03:03 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --config-check
Apr 15 03:03:03 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:03:04 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:07:49 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash {SHA1
Apr 15 03:07:49 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:07:49 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:08:07 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash {SHA1}
Apr 15 03:08:07 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:08:07 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:08:15 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash SHA1
Apr 15 03:08:15 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:08:18 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:09:56 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --hash SHA1 --vl
Apr 15 03:09:56 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:09:57 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:12:11 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --enable all --vl
Apr 15 03:12:11 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:12:12 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2)
Apr 15 03:12:54 bbs-sophos Rootkit Hunter: Scanning took 41 seconds
Apr 15 03:12:54 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected.
Apr 15 03:12:54 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:16:06 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install lynis
Apr 15 03:16:06 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:16:12 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:16:30 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/lynis
Apr 15 03:16:30 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:16:30 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:17:01 bbs-sophos CRON[29663]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 03:17:01 bbs-sophos CRON[29663]: pam_unix(cron:session): session closed for user root
Apr 15 03:17:53 bbs-sophos sudo:      bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/lynis audit system
Apr 15 03:17:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 15 03:20:01 bbs-sophos CRON[28945]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 03:20:01 bbs-sophos CRON[28945]: pam_unix(cron:session): session closed for user smmsp
Apr 15 03:20:21 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:24:50 bbs-sophos polkit-agent-helper-1[30829]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:24:50 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 03:30:34 bbs-sophos polkit-agent-helper-1[31196]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:30:34 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.change-repository for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 03:40:01 bbs-sophos CRON[31324]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 03:40:02 bbs-sophos CRON[31324]: pam_unix(cron:session): session closed for user smmsp
Apr 15 03:41:27 bbs-sophos polkit-agent-helper-1[31408]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:41:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 03:41:55 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.pkexec.synaptic for unix-process:31416:590511 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs)
Apr 15 03:41:55 bbs-sophos pkexec[31419]: bbs: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic]
Apr 15 03:42:10 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:32336:592386 (system bus name :1.156 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:42:11 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:32336:592386 (system bus name :1.156, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:43:39 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 15 03:44:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2486:608728 (system bus name :1.157 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2486:608728 (system bus name :1.157, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2503:608754 (system bus name :1.158 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2503:608754 (system bus name :1.158, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:54 bbs-sophos groupadd[2525]: group added to /etc/group: name=vboxusers, GID=131
Apr 15 03:44:54 bbs-sophos groupadd[2525]: group added to /etc/gshadow: name=vboxusers
Apr 15 03:44:54 bbs-sophos groupadd[2525]: new group: name=vboxusers, GID=131
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2666:608851 (system bus name :1.159 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2666:608851 (system bus name :1.159, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2691:608871 (system bus name :1.160 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2691:608871 (system bus name :1.160, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:44:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2735:609119 (system bus name :1.161 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 03:44:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2735:609119 (system bus name :1.161, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 03:49:31 bbs-sophos polkit-agent-helper-1[3638]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 03:49:31 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 04:00:02 bbs-sophos CRON[4461]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 04:00:02 bbs-sophos CRON[4460]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 04:00:03 bbs-sophos CRON[4460]: pam_unix(cron:session): session closed for user smmsp
Apr 15 04:00:03 bbs-sophos CRON[4461]: pam_unix(cron:session): session closed for user root
Apr 15 04:08:35 bbs-sophos systemd-logind[766]: Power key pressed.
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: New seat seat0.
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 15 13:00:43 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 13:00:43 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 13:00:43 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 13:00:43 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 13:00:44 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 15 13:00:44 bbs-sophos systemd-logind[869]: New session c1 of user lightdm.
Apr 15 13:00:44 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 15 13:00:50 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 13:00:50 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 13:00:50 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 13:00:50 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 13:00:50 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 15 13:01:16 bbs-sophos dbus[829]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 13:01:26 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 15 13:01:26 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 15 13:01:26 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 15 13:01:26 bbs-sophos systemd-logind[869]: New session c2 of user bbs.
Apr 15 13:01:29 bbs-sophos dbus[829]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.52" (uid=0 pid=1363 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=817 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 15 13:01:38 bbs-sophos gnome-keyring-daemon[1339]: The PKCS#11 component was already initialized
Apr 15 13:01:38 bbs-sophos gnome-keyring-daemon[1339]: The Secret Service was already initialized
Apr 15 13:01:39 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.76 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 13:02:00 bbs-sophos dbus[829]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 13:02:12 bbs-sophos polkit-agent-helper-1[2145]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 13:02:12 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1346:11851 [/sbin/upstart --user] (owned by unix-user:bbs)
Apr 15 13:02:12 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 13:02:12 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 13:02:12 bbs-sophos pkexec[2135]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/share/apport/apport-gtk]
Apr 15 13:02:44 bbs-sophos systemd-logind[869]: Removed session c1.
Apr 15 13:02:44 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr 15 13:04:01 bbs-sophos sudo:     root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/ubuntu/+source/dpkg/+filebug/98e9837a-02e0-11e6-9c18-002481e7f48a?field.title=package+liblockfile1%3Aamd64+1.09-6ubuntu1+failed+to+install%2Fupgrade%3A+package+liblockfile1%3Aamd64+is+already+installed+and+configured
Apr 15 13:04:01 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0)
Apr 15 13:04:01 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs
Apr 15 13:14:09 bbs-sophos sudo:     root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/bugs/1384986
Apr 15 13:14:09 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0)
Apr 15 13:14:12 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs
Apr 15 13:15:04 bbs-sophos sudo:     root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/ubuntu/+source/dpkg/+filebug/218c1f3e-02e2-11e6-911c-d485646cd9a4?field.title=package+liblockfile-bin+1.09-6ubuntu1+failed+to+install%2Fupgrade%3A+package+liblockfile-bin+is+already+installed+and+configured
Apr 15 13:15:04 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0)
Apr 15 13:15:06 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs
Apr 15 13:17:08 bbs-sophos CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 13:17:09 bbs-sophos CRON[3100]: pam_unix(cron:session): session closed for user root
Apr 15 13:20:04 bbs-sophos CRON[3106]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 13:20:20 bbs-sophos CRON[3106]: pam_unix(cron:session): session closed for user smmsp
Apr 15 13:40:03 bbs-sophos CRON[3247]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 13:40:09 bbs-sophos CRON[3247]: pam_unix(cron:session): session closed for user smmsp
Apr 15 14:00:04 bbs-sophos CRON[3308]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 14:00:05 bbs-sophos CRON[3307]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 14:00:10 bbs-sophos CRON[3307]: pam_unix(cron:session): session closed for user smmsp
Apr 15 14:00:22 bbs-sophos CRON[3308]: pam_unix(cron:session): session closed for user root
Apr 15 14:17:05 bbs-sophos CRON[3474]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 14:17:06 bbs-sophos CRON[3474]: pam_unix(cron:session): session closed for user root
Apr 15 14:20:01 bbs-sophos CRON[3479]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 14:20:06 bbs-sophos CRON[3479]: pam_unix(cron:session): session closed for user smmsp
Apr 15 14:40:03 bbs-sophos CRON[3531]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 14:40:08 bbs-sophos CRON[3531]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:00:05 bbs-sophos CRON[3655]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 15:00:07 bbs-sophos CRON[3654]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 15:00:13 bbs-sophos CRON[3654]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:00:20 bbs-sophos CRON[3655]: pam_unix(cron:session): session closed for user root
Apr 15 15:17:03 bbs-sophos CRON[3810]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 15:17:03 bbs-sophos CRON[3810]: pam_unix(cron:session): session closed for user root
Apr 15 15:20:03 bbs-sophos CRON[3816]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 15:20:10 bbs-sophos CRON[3816]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:40:03 bbs-sophos CRON[3860]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 15:40:05 bbs-sophos CRON[3860]: pam_unix(cron:session): session closed for user smmsp
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: New seat seat0.
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 15 15:57:22 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 15:57:22 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 15:57:22 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 15:57:22 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 15:57:22 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 15 15:57:22 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 15 15:57:22 bbs-sophos systemd-logind[883]: New session c1 of user lightdm.
Apr 15 15:57:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 15 15:57:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 15 15:57:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 15 15:57:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 15 15:57:27 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 15 15:57:52 bbs-sophos dbus[851]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 15:58:08 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 15 15:58:08 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 15 15:58:08 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 15 15:58:08 bbs-sophos systemd-logind[883]: New session c2 of user bbs.
Apr 15 15:58:10 bbs-sophos dbus[851]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.54" (uid=0 pid=1379 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=848 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 15 15:58:12 bbs-sophos gnome-keyring-daemon[1355]: The PKCS#11 component was already initialized
Apr 15 15:58:12 bbs-sophos gnome-keyring-daemon[1355]: The Secret Service was already initialized
Apr 15 15:58:14 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.80 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 15:58:38 bbs-sophos dbus[851]: [system] Failed to activate service 'org.bluez': timed out
Apr 15 15:59:23 bbs-sophos systemd-logind[883]: Removed session c1.
Apr 15 15:59:39 bbs-sophos polkit-agent-helper-1[2388]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 15:59:39 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 15 16:00:01 bbs-sophos CRON[2527]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 16:00:01 bbs-sophos CRON[2526]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 16:00:01 bbs-sophos CRON[2526]: pam_unix(cron:session): session closed for user smmsp
Apr 15 16:00:04 bbs-sophos CRON[2527]: pam_unix(cron:session): session closed for user root
Apr 15 16:00:12 bbs-sophos polkit-agent-helper-1[2669]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=bbs rhost=  user=bbs
Apr 15 16:00:20 bbs-sophos polkit-agent-helper-1[2939]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:00:20 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:2664:24913 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs)
Apr 15 16:00:20 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:00:20 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:00:20 bbs-sophos pkexec[2666]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic]
Apr 15 16:08:12 bbs-sophos polkit-agent-helper-1[3211]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:08:12 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gufw for unix-process:3204:72862 [/bin/sh /usr/bin/gufw] (owned by unix-user:bbs)
Apr 15 16:08:12 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:08:12 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:08:12 bbs-sophos pkexec[3208]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/bin/gufw-pkexec bbs]
Apr 15 16:10:10 bbs-sophos polkit-agent-helper-1[3949]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:10:10 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:3943:84889 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs)
Apr 15 16:10:10 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:10:10 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:10:10 bbs-sophos pkexec[3945]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic]
Apr 15 16:15:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:8977:114390 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 16:15:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:8977:114390 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 16:15:19 bbs-sophos groupadd[9159]: group added to /etc/group: name=havp, GID=132
Apr 15 16:15:19 bbs-sophos groupadd[9159]: group added to /etc/gshadow: name=havp
Apr 15 16:15:19 bbs-sophos groupadd[9159]: new group: name=havp, GID=132
Apr 15 16:15:19 bbs-sophos useradd[9165]: new user: name=havp, UID=122, GID=132, home=/var/run/havp, shell=/bin/false
Apr 15 16:15:20 bbs-sophos usermod[9172]: change user 'havp' password
Apr 15 16:15:20 bbs-sophos chage[9179]: changed password expiry for havp
Apr 15 16:15:40 bbs-sophos groupadd[22432]: group added to /etc/group: name=clamav, GID=133
Apr 15 16:15:40 bbs-sophos groupadd[22432]: group added to /etc/gshadow: name=clamav
Apr 15 16:15:40 bbs-sophos groupadd[22432]: new group: name=clamav, GID=133
Apr 15 16:15:40 bbs-sophos useradd[22436]: new user: name=clamav, UID=123, GID=133, home=/var/lib/clamav, shell=/bin/false
Apr 15 16:15:41 bbs-sophos chage[22445]: changed password expiry for clamav
Apr 15 16:15:41 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22454:118362 (system bus name :1.108 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 16:15:41 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22454:118362 (system bus name :1.108, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 16:15:51 bbs-sophos groupadd[23080]: group added to /etc/group: name=clamsmtp, GID=134
Apr 15 16:15:51 bbs-sophos groupadd[23080]: group added to /etc/gshadow: name=clamsmtp
Apr 15 16:15:51 bbs-sophos groupadd[23080]: new group: name=clamsmtp, GID=134
Apr 15 16:15:51 bbs-sophos useradd[23084]: new user: name=clamsmtp, UID=124, GID=134, home=/var/spool/clamsmtp, shell=/bin/false
Apr 15 16:15:52 bbs-sophos chage[23089]: changed password expiry for clamsmtp
Apr 15 16:15:52 bbs-sophos gpasswd[23100]: user clamav added by root to group clamsmtp
Apr 15 16:16:15 bbs-sophos groupadd[23307]: group added to /etc/group: name=amavis, GID=135
Apr 15 16:16:15 bbs-sophos groupadd[23307]: group added to /etc/gshadow: name=amavis
Apr 15 16:16:15 bbs-sophos groupadd[23307]: new group: name=amavis, GID=135
Apr 15 16:16:15 bbs-sophos useradd[23313]: new user: name=amavis, UID=125, GID=135, home=/var/lib/amavis, shell=/bin/sh
Apr 15 16:16:16 bbs-sophos usermod[23320]: change user 'amavis' password
Apr 15 16:16:16 bbs-sophos chage[23325]: changed password expiry for amavis
Apr 15 16:16:16 bbs-sophos chfn[23328]: changed user 'amavis' information
Apr 15 16:16:21 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:23491:122404 (system bus name :1.109 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 15 16:16:21 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:23491:122404 (system bus name :1.109, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
Apr 15 16:17:01 bbs-sophos CRON[23573]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 15 16:17:01 bbs-sophos CRON[23573]: pam_unix(cron:session): session closed for user root
Apr 15 16:20:01 bbs-sophos CRON[23798]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
Apr 15 16:20:01 bbs-sophos CRON[23798]: pam_unix(cron:session): session closed for user smmsp
Apr 15 16:22:47 bbs-sophos polkit-agent-helper-1[24424]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:22:47 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.gnome.gnome-system-monitor.renice for unix-process:24400:159101 [gnome-system-monitor] (owned by unix-user:bbs)
Apr 15 16:22:47 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:22:47 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:22:47 bbs-sophos pkexec[24421]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23698]
Apr 15 16:22:54 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:22:54 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:22:54 bbs-sophos pkexec[24436]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23785]
Apr 15 16:23:02 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:02 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:02 bbs-sophos pkexec[24443]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 3204]
Apr 15 16:23:11 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:11 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:11 bbs-sophos pkexec[24452]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2487]
Apr 15 16:23:15 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:15 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:15 bbs-sophos pkexec[24457]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2183]
Apr 15 16:23:43 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:23:43 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:23:43 bbs-sophos pkexec[24479]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23241]
Apr 15 16:24:25 bbs-sophos polkit-agent-helper-1[24507]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 15 16:24:25 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.gnome.gnome-system-monitor.kill for unix-process:24400:159101 [gnome-system-monitor] (owned by unix-user:bbs)
Apr 15 16:24:25 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:25 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:25 bbs-sophos pkexec[24504]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-kill -s 18 1194]
Apr 15 16:24:29 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:29 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:29 bbs-sophos pkexec[24517]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-kill -s 18 1024]
Apr 15 16:24:53 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:53 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:53 bbs-sophos pkexec[24534]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2205]
Apr 15 16:24:57 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:24:57 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:24:57 bbs-sophos pkexec[24541]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2200]
Apr 15 16:25:34 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:25:34 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:25:34 bbs-sophos pkexec[24566]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 19 888]
Apr 15 16:25:44 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:25:44 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:25:44 bbs-sophos pkexec[24575]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 0 888]
Apr 15 16:26:00 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:26:00 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 15 16:26:00 bbs-sophos pkexec[24590]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 19 837]
Apr 15 16:26:24 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 15 16:26:24 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
         
bootlog

Code:
ATTFilter
  /run/lvm/lvmetad.socket: connect failed: No such file or directory
  WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
  Reading all physical volumes.  This may take a while...
  Found volume group "ubuntu-vg" using metadata type lvm2
  /run/lvm/lvmetad.socket: connect failed: No such file or directory
  WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
  2 logical volume(s) in volume group "ubuntu-vg" now active
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy
Device sda5_crypt is still in use.
fsck from util-linux 2.26.2
/dev/mapper/ubuntu--vg-root: recovering journal
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512645 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512614 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512510 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512615 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511684 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512613 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512535 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512507 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512633 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597670 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597666 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597665 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597664 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597660 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597659 (uid=1000, gid=1000, mode=0100600, size=1024)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512554 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597663 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597662 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597661 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512655 (uid=1000, gid=1000, mode=0100664, size=40960)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512646 (uid=1000, gid=1000, mode=0100600, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511850 (uid=1000, gid=1000, mode=0100664, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512561 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597658 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597657 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597656 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26084606 (uid=0, gid=0, mode=0100644, size=231956)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597653 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597652 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597651 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512628 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597650 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597649 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597648 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26745989 (uid=0, gid=0, mode=0100644, size=20852)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 25429002 (uid=0, gid=0, mode=0100644, size=134664)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597644 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597643 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597642 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597629 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597620 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597619 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511834 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512542 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26088132 (uid=0, gid=0, mode=0100644, size=230159)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597628 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597627 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597626 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597625 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597623 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597622 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512546 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511799 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26746549 (uid=0, gid=0, mode=0100644, size=20796)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 25429045 (uid=0, gid=0, mode=0100644, size=134348)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597612 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597611 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597608 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597607 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597606 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597605 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512547 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597602 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597601 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597600 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512524 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512540 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511624 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512538 (uid=1000, gid=1000, mode=040700, size=4096)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512578 (uid=1000, gid=1000, mode=0100664, size=8192)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512573 (uid=1000, gid=1000, mode=0100664, size=8192)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512543 (uid=1000, gid=1000, mode=0100664, size=8192)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597599 (uid=1000, gid=1000, mode=0100600, size=16384)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597598 (uid=1000, gid=1000, mode=0100600, size=16384)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597595 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597594 (uid=1000, gid=1000, mode=0100600, size=32768)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597593 (uid=1000, gid=1000, mode=0100600, size=65536)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597592 (uid=1000, gid=1000, mode=0100600, size=1048576)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597591 (uid=1000, gid=1000, mode=0100600, size=1048576)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510628 (uid=1000, gid=1000, mode=0100640, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510672 (uid=1000, gid=1000, mode=0100640, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510905 (uid=1000, gid=1000, mode=0100640, size=12288)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510911 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510921 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512549 (uid=1000, gid=1000, mode=0100664, size=28672)
/dev/mapper/ubuntu--vg-root: clean, 270789/30253056 files, 7305684/120991744 blocks
[[0m[31m*     [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (41s / 5min 33s)
[K[[1;31m*[0m[31m*    [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (41s / 5min 33s)
[K[[31m*[1;31m*[0m[31m*   [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (42s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m*  [0m] (2 of 8) A start job is running for Wait for Plymouth Boot Screen to Quit (42s / no limit)
[K[[32m  OK  [0m] Started LSB: Apache2 web server.
[  [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (48s / no limit)
[K[   [31m*[1;31m*[0m[31m*[0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (48s / no limit)
[K[    [31m*[1;31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (49s / 5min 33s)
[K[     [31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (49s / 5min 33s)
[K[    [31m*[1;31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (50s / 5min 33s)
[K[   [31m*[1;31m*[0m[31m*[0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (50s / 5min 33s)
[K[  [31m*[1;31m*[0m[31m* [0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (51s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m*  [0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (51s / 5min 33s)
[K[[31m*[1;31m*[0m[31m*   [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (52s / no limit)
[K[[1;31m*[0m[31m*    [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (52s / no limit)
[K[[0m[31m*     [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (53s / no limit)
[K[[1;31m*[0m[31m*    [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (53s / 5min 33s)
[K[[31m*[1;31m*[0m[31m*   [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (54s / 5min 33s)
[K[ [31m*[1;31m*[0m[31m*  [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (54s / 5min 33s)
[K[  [31m*[1;31m*[0m[31m* [0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (55s / 5min 33s)
[K[   [31m*[1;31m*[0m[31m*[0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (55s / 5min 33s)
[K[    [31m*[1;31m*[0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (56s / 5min 33s)
[K[     [31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (56s / 5min 33s)
[K[    [31m*[1;31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (57s / 5min 33s)
[K[   [31m*[1;31m*[0m[31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (57s / 5min 33s)
[K[  [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (58s / no limit)
[K[ [31m*[1;31m*[0m[31m*  [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (58s / no limit)
[K[[31m*[1;31m*[0m[31m*   [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (59s / no limit)
[K[[1;31m*[0m[31m*    [0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (59s / 5min 33s)
[K[[0m[31m*     [0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (1min / 5min 33s)
[K[[1;31mFAILED[0m] Failed to start LSB: Starts amavisd-new mailfilter.
See 'systemctl status amavis.service' for details.
[[32m  OK  [0m] Started LSB: start Samba daemons for the AD DC.
[[32m  OK  [0m] Started LSB: start Samba NetBIOS nameserver (nmbd).
         Starting LSB: start Samba SMB/CIFS daemon (smbd)...
[[32m  OK  [0m] Started LSB: start Samba SMB/CIFS daemon (smbd).
[[32m  OK  [0m] Started Detect the available GPUs and deal with any system changes.
         Starting Light Display Manager...
         
Authlos Teil 2

Code:
ATTFilter
Apr 14 19:33:47 bbs-sophos polkit-agent-helper-1[2617]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:33:47 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 19:39:36 bbs-sophos polkit-agent-helper-1[6132]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:39:36 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 19:48:22 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny ipp14
Apr 14 19:48:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:22 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:48:32 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny ipps
Apr 14 19:48:32 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:32 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:48:44 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny LDP
Apr 14 19:48:44 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:44 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:48:53 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny lpd
Apr 14 19:48:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:48:54 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:49:13 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny 9100
Apr 14 19:49:13 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:49:13 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:49:53 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny CUPS
Apr 14 19:49:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 19:49:53 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 19:52:27 bbs-sophos polkit-agent-helper-1[10706]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:52:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.115 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:bbs)
Apr 14 19:58:34 bbs-sophos polkit-agent-helper-1[11476]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 19:58:34 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.119 [/usr/bin/python3 /usr/bin/gnome-language-selector] (owned by unix-user:bbs)
Apr 14 20:00:04 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 14 20:00:04 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 14 20:00:04 bbs-sophos pkexec[12385]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr 14 20:02:21 bbs-sophos dbus[693]: [system] Failed to activate service 'org.bluez': timed out
Apr 14 20:05:10 bbs-sophos polkit-agent-helper-1[12717]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 20:05:10 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.134 [/usr/bin/python3 /usr/bin/software-properties-gtk --open-tab 2 --toplevel 62914567] (owned by unix-user:bbs)
Apr 14 20:05:22 bbs-sophos systemd-logind[745]: System is rebooting.
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: New seat seat0.
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event2 (Power Button)
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event3 (Video Bus)
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event0 (Power Button)
Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event1 (Sleep Button)
Apr 14 20:09:40 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 14 20:09:40 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 14 20:09:40 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 14 20:09:40 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 14 20:09:40 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Apr 14 20:09:40 bbs-sophos systemd-logind[785]: New session c1 of user lightdm.
Apr 14 20:09:40 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0)
Apr 14 20:09:44 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Apr 14 20:09:44 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so
Apr 14 20:09:44 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Apr 14 20:09:44 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so
Apr 14 20:09:44 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs"
Apr 14 20:10:09 bbs-sophos dbus[789]: [system] Failed to activate service 'org.bluez': timed out
Apr 14 20:10:14 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Apr 14 20:10:14 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0)
Apr 14 20:10:14 bbs-sophos systemd-logind[785]: New session c2 of user bbs.
Apr 14 20:10:14 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0)
Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The Secret Service was already initialized
Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The SSH agent was already initialized
Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The PKCS#11 component was already initialized
Apr 14 20:10:17 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.63 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:10:41 bbs-sophos dbus[789]: [system] Failed to activate service 'org.bluez': timed out
Apr 14 20:11:31 bbs-sophos dbus[789]: [system] Rejected send message, 7 matched rules; type="method_call", sender=":1.90" (uid=1000 pid=1896 comm="/usr/bin/python /usr/lib/ubuntu-sso-client/ubuntu-") interface="(unset)" member="Get" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 14 20:11:41 bbs-sophos systemd-logind[785]: Removed session c1.
Apr 14 20:11:41 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm
Apr 14 20:14:30 bbs-sophos polkit-agent-helper-1[1996]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=bbs rhost=  user=bbs
Apr 14 20:14:37 bbs-sophos polkit-agent-helper-1[1997]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 20:14:37 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.change-repository for system-bus-name::1.86 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 20:14:48 bbs-sophos dbus[789]: [system] Rejected send message, 7 matched rules; type="method_call", sender=":1.94" (uid=1000 pid=2042 comm="/usr/bin/python /usr/lib/ubuntu-sso-client/ubuntu-") interface="(unset)" member="Get" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 14 20:17:01 bbs-sophos CRON[2464]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 14 20:17:01 bbs-sophos CRON[2464]: pam_unix(cron:session): session closed for user root
Apr 14 20:18:56 bbs-sophos dbus[789]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.110" (uid=0 pid=2526 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ")
Apr 14 20:22:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.debian.apt.change-repository for system-bus-name::1.86 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs)
Apr 14 20:28:01 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de
Apr 14 20:28:01 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:28:01 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:30:48 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install apturl
Apr 14 20:30:48 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:30:48 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:31:19 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de
Apr 14 20:31:19 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:31:19 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:31:37 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get autoremove
Apr 14 20:31:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:34:02 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:36:15 bbs-sophos sudo:      bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de
Apr 14 20:36:15 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0)
Apr 14 20:36:15 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root
Apr 14 20:39:39 bbs-sophos polkit-agent-helper-1[5760]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted
Apr 14 20:39:39 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.119 [/usr/bin/python3 /usr/bin/update-manager] (owned by unix-user:bbs)
Apr 14 20:41:19 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Apr 14 20:41:19 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session
Apr 14 20:41:19 bbs-sophos pkexec[5784]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Apr 14 20:43:40 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:14682:228282 (system bus name :1.127 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 14 20:43:40 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:14682:228282 (system bus name :1.127, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus)
         
Clam log.
Clam läuft überhaupt nicht, logs werden meist nicht erstellt, obwohl in config aktiviert und neuste version, dann werden ordner einfach ausgelassen, die ich zum scannen gewählt habe, Infizierte Datein kann ich nicht löschen oder in Quarantäne verschieben.

Trotzdem hier ein Log mit möglichen Infekten (fett)


Code:
ATTFilter
-------------------------------------------------------------------------------


----------- SCAN SUMMARY -----------
Known viruses: 4303757
Engine version: 0.98.7
Scanned directories: 475
Scanned files: 1711
Infected files: 0
Total errors: 3
Data scanned: 271.81 MB
Data read: 14823.12 MB (ratio 0.02:1)
Time: 48.963 sec (0 m 48 s)

ClamTk, v5.19
Sat Apr 16 01:38:46 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
/etc/suricata/rules
/lib/firmware/vxge
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/share/clamav-testfiles
/usr/share/mime

47 wahrscheinlich infizierte Bedrohungen gefunden (163333 Dateien untersucht).

/usr/share/clamav-testfiles/clam.sis                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ea05.exe            PUA.Win.Packer.Upx-48                      
/usr/share/clamav-testfiles/clam.newc.cpio           PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ppt                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.bin-be.cpio         PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-pespin.exe          PUA.Win.Packer.PESpin-1                    
/usr/share/clamav-testfiles/clam.pdf                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.binhex          PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.tar.gz              PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam_IScab_int.exe       PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-aspack.exe          PUA.Win.Packer.Asprotect-3                 
/usr/share/clamav-testfiles/clam-nsis.exe            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.szdd            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam_cache_emax.tgz      Clamav.Test.File-6                         
/usr/share/clamav-testfiles/clam_ISmsi_ext.exe       PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-yc.exe              PUA.Win.Packer.ExeshieldCrypto-1           
/usr/share/clamav-testfiles/clam-upack.exe           PUA.Win.Packer.UPack-3                     
/usr/share/clamav-testfiles/clam.cab                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ole.doc             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ea06.exe            PUA.Win.Packer.Upx-48                      
/usr/share/clamav-testfiles/clam.zip                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.bz2             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-fsg.exe             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.7z                  PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.rtf             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-upx.exe             PUA.Win.Packer.Upx-29                      
/usr/share/clamav-testfiles/clam.impl.zip            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.chm                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-petite.exe          PUA.Win.Packer.Petite-1                    
/usr/share/clamav-testfiles/clam.bin-le.cpio         PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.bz2.zip             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.arj                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-v2.rar              PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam_ISmsi_int.exe       PUA.Win.Packer.SetupExeSection-1           
/usr/share/clamav-testfiles/clam_IScab_ext.exe       PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/mime/mime.cache                           PUA.Win.Exploit.CVE_2012_0110-1            
/usr/lib/mono/4.5/mscorlib.dll                       PUA.Win.Packer.PrivateExeProte-8           
/usr/lib/mono/4.0/mscorlib.dll                       PUA.Win.Packer.PrivateExeProte-8           
/etc/suricata/rules/emerging-web_server.rules        PUA.Html.Trojan.Crypt-355                  
/etc/suricata/rules/emerging-deleted.rules           Html.Trojan.Blackhole-65                   
/etc/suricata/rules/emerging-activex.rules           PUA.Win.Tool.ActiveX_CVE_2009_1671-1       
/usr/share/clamav-testfiles/clam-v3.rar              PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-wwpack.exe          PUA.Win.Packer.Mslrh-35                    
/usr/share/clamav-testfiles/clam.odc.cpio            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-mew.exe             PUA.Win.Packer.MEW-1                       
/usr/share/clamav-testfiles/clam.d64.zip             PUA.Win.Packer.AcprotectUltraprotect-1     
----------------------------------------------------------------------------------------------------

ClamTk, v5.19
Sat Apr 16 03:48:31 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:

0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht).

Keine Bedrohungen gefunden.
---------------------------------------------

ClamTk, v5.19
Sat Apr 16 04:42:42 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
/media/bbs/WIN/2/Neuer Ordner
/media/bbs/WIN/7
/media/bbs/WIN/8

0 wahrscheinlich infizierte Bedrohungen gefunden (2446 Dateien untersucht).

Keine Bedrohungen gefunden.
---------------------------------------------

ClamTk, v5.19
Sat Apr 16 04:45:04 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:

0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht).

Keine Bedrohungen gefunden.
---------------------------------------------

ClamTk, v5.19
Sat Apr 16 04:46:50 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:

0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht).

Keine Bedrohungen gefunden.
---------------------------------------------

ClamTk, v5.19
Sat Apr 16 06:52:13 2016
ClamAV-Signaturen: 4304101
Untersuchte Verzeichnisse:
/etc/suricata/rules
/lib/firmware/vxge
/usr/lib/mono/4.0
/usr/lib/mono/4.5
/usr/share/clamav-testfiles
/usr/share/mime

47 wahrscheinlich infizierte Bedrohungen gefunden (181162 Dateien untersucht).

/usr/share/clamav-testfiles/clam.sis                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ea05.exe            PUA.Win.Packer.Upx-48                      
/usr/share/clamav-testfiles/clam.newc.cpio           PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ppt                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.bin-be.cpio         PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-pespin.exe          PUA.Win.Packer.PESpin-1                    
/usr/share/clamav-testfiles/clam.pdf                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.binhex          PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.tar.gz              PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam_IScab_int.exe       PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-aspack.exe          PUA.Win.Packer.Asprotect-3                 
/usr/share/clamav-testfiles/clam-nsis.exe            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.szdd            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam_cache_emax.tgz      Clamav.Test.File-6                         
/usr/share/clamav-testfiles/clam_ISmsi_ext.exe       PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-yc.exe              PUA.Win.Packer.ExeshieldCrypto-1           
/usr/share/clamav-testfiles/clam-upack.exe           PUA.Win.Packer.UPack-3                     
/usr/share/clamav-testfiles/clam.cab                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ole.doc             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.ea06.exe            PUA.Win.Packer.Upx-48                      
/usr/share/clamav-testfiles/clam.zip                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.bz2             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-fsg.exe             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.7z                  PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.exe.rtf             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-upx.exe             PUA.Win.Packer.Upx-29                      
/usr/share/clamav-testfiles/clam.impl.zip            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.chm                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-petite.exe          PUA.Win.Packer.Petite-1                    
/usr/share/clamav-testfiles/clam.bin-le.cpio         PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.bz2.zip             PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam.arj                 PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-v2.rar              PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam_ISmsi_int.exe       PUA.Win.Packer.SetupExeSection-1           
/usr/share/clamav-testfiles/clam_IScab_ext.exe       PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/mime/mime.cache                           PUA.Win.Exploit.CVE_2012_0110-1            
/usr/lib/mono/4.5/mscorlib.dll                       PUA.Win.Packer.PrivateExeProte-8           
/usr/lib/mono/4.0/mscorlib.dll                       PUA.Win.Packer.PrivateExeProte-8           
/etc/suricata/rules/emerging-web_server.rules        PUA.Html.Trojan.Crypt-355                  
/etc/suricata/rules/emerging-deleted.rules           Html.Trojan.Blackhole-65                   
/etc/suricata/rules/emerging-activex.rules           PUA.Win.Tool.ActiveX_CVE_2009_1671-1       
/usr/share/clamav-testfiles/clam-v3.rar              PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-wwpack.exe          PUA.Win.Packer.Mslrh-35                    
/usr/share/clamav-testfiles/clam.odc.cpio            PUA.Win.Packer.AcprotectUltraprotect-1     
/usr/share/clamav-testfiles/clam-mew.exe             PUA.Win.Packer.MEW-1                       
/usr/share/clamav-testfiles/clam.d64.zip             PUA.Win.Packer.AcprotectUltraprotect-1     
----------------------------------------------------------------------------------------------------
         


chkrootkit
Code:
ATTFilter
bbs@bbs-sophos:~$ sudo chkrootkit
[sudo] Passwort für bbs: 
ROOTDIR is `/'
Checking `amd'...                                           not found
Checking `basename'...                                      not infected
Checking `biff'...                                          not found
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not found
Checking `gpm'...                                           not found
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not found
Checking `identd'...                                        not found
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not found
Checking `netstat'...                                       not infected
Checking `named'...                                         not found
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not found
Checking `pop3'...                                          not found
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not found
Checking `rlogind'...                                       not found
Checking `rshd'...                                          not found
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not found
Checking `syslogd'...                                       not tested
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not found
Checking `timed'...                                         not found
Checking `traceroute'...                                    not found
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        
nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         
nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:  
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
/lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected
Checking `lkm'...                                           You have     3 process hidden for readdir command
You have     3 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed


chkdirs: nothing detected
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       lo: not promisc and no packet sniffer sockets
enp3s0: PACKET SNIFFER(/sbin/dhclient[6636])
Checking `w55808'...                                        not infected
Checking `wted'...                                          chkwtmp: nothing deleted
Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected
Checking `z2'...                                            user bbs deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         1164 tty7   /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
         
Im Übrigen: Übuntu gestern auf einer NEUEN Festplatte neu aufgesetzt (kein heruntergeladenes Image, sondern mit einer nicht wieder beschreibbaren CD von einer offiziellen Quelle installiert).

Zudem: keine Software aus dritten Quellen installiert (Außnahme: Cryptkeeper/ Clam von offiziellen Quellen), keine neuen Benutzer angelegt oder bestehende konfiguriert, kein ssh, cups, samba, VNC, rdp, bluetooth, filesharing oder sonstigen Schnickschnack konfiguriert oder genutzt.
Sufen und VirtualBox waren die Hauptaktivitären (Win10 Iso direkt von Mircosoft).

Alt 16.04.2016, 09:55   #68
Dante12
/// Mac Expert
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Du verwendest tools die nachweislich Fehlalarme erzeugen. Alle Dateien die du dort aufgelistet hast sind nicht infiziert.

Zitat:
/usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1
Das ist eine generierte Datei die alle bekannten Mime-Typen enthält und ist nicht ausführbar!

https://wiki.ubuntuusers.de/MIME-Typ/

... sind Bestandteile von Mono. Das einzige was du damit bewirkst wenn du sie löscht ist, dass du mono neu Aufsetzen musst. Die PUA-Funktion von ClamAV ist fehlerhaft und ist Standardmässig deaktiviert. Ich nehme mal an das du es selbst aktiviert hast?

Zitat:
/usr/lib/mono/4.5/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8
/usr/lib/mono/4.0/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8
https://www.virustotal.com/de/file/4...is/1423563969/

Zitat:
/etc/suricata/rules/emerging-web_server.rules PUA.Html.Trojan.Crypt-355
/etc/suricata/rules/emerging-deleted.rules Html.Trojan.Blackhole-65
/etc/suricata/rules/emerging-activex.rules PUA.Win.Tool.ActiveX_CVE_2009_1671-1
Das gehört doch nicht zu Standardinstallation von Ubuntu oder irre ich da. Das hast du doch selbst installiert oder? . Suricata ist ein Intrusion detection System, also wird jedes AV auch wenn es noch so schlecht ist darauf anschlagen.

Zitat:
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
/lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id
Sind Bestanteile des Systems.

Zitat:
Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
Nochmal, selbst für gute AVs ist es schwer Ebury eindeutig zu identifizieren. Hier meldet dein AV eine mögliche Ebury-Infektion die keine ist. Ein Bestandteil von Ubuntu sind die atm-tools und beinhalteten ähnliche Funktionalitäten wie Ebury, nur das diese für ganz andere Aufgaben zuständig sind.

...und das ist das beste
Zitat:
enp3s0: PACKET SNIFFER(/sbin/dhclient[6636])
Lass den mal von deinem AV löschen und schwups hast du kein Netz mehr.

Ubuntu Manpage: dhclient - Dynamic Host Configuration Protocol Client

Bevor du also weiterhin mit panischen Attacken nach Infektionen suchst die gar keine sind, solltest du dich mal hinsetzen und ein wenig über forensische Analyse bei Malware und Reverse Engineering in Erfahrung bringen. Denn dieses wilde posten von Logs ohne selbst eine konkrete Vermutung oder Untersuchung anzustellen -oder zumindest selbst aktiv zu werden - postest du munter weiter.

PS: ...und mehr über die Sicherheit von Unix/Linux Systemen in Erfahrung bringen. Denn wären diese wirklich so Anfällig wie es deine Logs beschreiben würden, dann wären sie nicht Weltweit die Standards für Server-Applikationen.
__________________
-----------------
-Gruß dante12
-----------------
Lob, Kritik, Wünsche? Spende fürs trojaner-board?

Geändert von Dante12 (16.04.2016 um 10:02 Uhr)

Alt 16.04.2016, 18:32   #69
W_Dackel
 
Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Standard

Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR



Kurzfassung: du verwendest die Tools falsch und bist panikartig auf Gespensterjagd. Ein Ubuntu in der Standardinstallation ist schonmal ziemlich sicher, lehn dich zurück und arbeite dich erst in Linux, dann in diese Tools ein bevor du weiter Panik schiebst.

Antwort

Themen zu Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR
required




Ähnliche Themen: Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR


  1. Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert
    Diskussionsforum - 17.04.2016 (158)
  2. Pc spinnt / Unknown MBR Code... Bootkit?
    Log-Analyse und Auswertung - 27.10.2015 (11)
  3. Malware in Firmware und Hardware
    Diskussionsforum - 18.08.2015 (26)
  4. Neuinstallation & MBR , evtl Malware - Wechsel zu Linux
    Alles rund um Mac OSX & Linux - 11.06.2015 (25)
  5. Malware für das Bios... gibt es Schutz?
    Antiviren-, Firewall- und andere Schutzprogramme - 02.01.2014 (8)
  6. Bootkit Remover hat ein Problem erkannt, wie gehts jetzt weiter?
    Log-Analyse und Auswertung - 22.11.2013 (26)
  7. C:\WINXP\system32\dllcache\explorer.exe (Trojan.Bootkit.Dropper)
    Log-Analyse und Auswertung - 30.08.2012 (13)
  8. Bootkit Mebratix.B ?
    Log-Analyse und Auswertung - 06.04.2012 (10)
  9. (Unbekanntes) Bootkit
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (6)
  10. AVAST findet Bootkit?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (86)
  11. Bootkit Remover findet anscheinend defekten MBR, was nun?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (4)
  12. Virus überschreibt MBR immer neu.. (evt Bootkit?)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (19)
  13. Bootkit Remover
    Anleitungen, FAQs & Links - 30.05.2010 (1)
  14. BIOS/Firmware Virus/RK sehr hartnäckig und intelligent
    Plagegeister aller Art und deren Bekämpfung - 20.03.2010 (11)
  15. Rechner infiziert? Linux/Rootkit-S Linux/Posix HTML/Spoofing.Gen adaware
    Log-Analyse und Auswertung - 26.01.2010 (1)
  16. Bootkit hebelt Festplattenverschlüsselung aus
    Nachrichten - 30.07.2009 (0)
  17. Windows als Bios für Linux
    Alles rund um Mac OSX & Linux - 27.01.2004 (1)

Zum Thema Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR - Zitat: Und dasselbe mit dir, DU hast behauptet in den Logs des TO findet sich etwas, sülzt irgendwas rein, meinst da würde es ja Hinweise gaben aber nach mehreren Nachfragen, - Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR...
Archiv
Du betrachtest: Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.