27.03.2016, 19:23 | #61 | |
/// Mac Expert | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBRZitat:
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? |
01.04.2016, 17:55 | #62 |
| Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Einige Sachverhalte möchte ich im Folgenden nochmal klarstellen, da sich einige wundern, warum es hier nicht weiter geht.
__________________a)Ich habe diesen seperaten Linux-Thread zum Titel gar nicht erstellt und wurde auch gar nicht gefragt, ob das für mich okay ist. b) Der Titel des Threads fasst meine Infektionshypothese zusammen, und zwar im Rahmen des Kenntnisstsndes zum damaligen Zeitpunkt. Dieser hat sich bis heute weiterentwickelt, sodass ich von der o.g. Infektion nicht mehr ausgehen würde. c) Meine Intention mit den Logs war es, möglichst viele Informationen zur Verfügung zu stellen, damit eine ich zügig nach fachlich Analyse eines Experten handeln kann. Das ging nach hinten los und war mein Fehler. d) Wie bereits von mir erwähnt setze ich mich erst seid 6 Monaten intensiver mit Linux auseinander, das sollte jedem Linux-Vertrauten deitlich signalisieten: hier kann ich wahrscheinlich keine dezidierte Rootkitanalye und Ubuntu oder andere erwarten. Der Originalthread (Windows Schwerpunkt) steht im Diskussionsforum. Ich dachte, die engagierten User hier sollten dafüber informiert werden, zumal hier bisher, trotz weniger Beteilugung deutlich ersthafter und und fachlich auf höhetem Niveau geantwortet als im Win-Abschnitt.
__________________ |
01.04.2016, 20:59 | #63 |
/// TB-Senior | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Das Problem ist, dass du ganz viele Screenshots gepostet hast, von denen viele ganz normal aussehen, so dass es den Anschein eines "wahllosen" Postens hat, und dass du dich weigerst, zu erklären, wo denn nun auf diesen Screenshots dein Verdacht begründet ist. Also etwas konkretes dazu zu sagen und zu erklären. Ein oder zwei mit eindeutigen, präzise formulierten Fragen dazu hätten viel mehr gebracht und tun es vielleicht auch jetzt noch.
__________________
__________________ |
03.04.2016, 13:56 | #64 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Hat er doch....loop devices sind seine "Beweise"
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2016, 02:22 | #65 |
| Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Bevor meine Installation mir Ubuntu wieder ganz umsonst war, hier noch einige Logs, bevor ich wahrscheinlich wieder nach dem Runterfahen formatieren kann. RKhunter Teil 1 Code:
ATTFilter [05:46:01] Running Rootkit Hunter version 1.4.2 on bbs-sophos [05:46:01] [05:46:01] Info: Start date is Sa 16. Apr 05:46:01 CEST 2016 [05:46:01] [05:46:01] Checking configuration file and command-line options... [05:46:01] Info: Detected operating system is 'Linux' [05:46:01] Info: Found O/S name: Ubuntu 15.10 [05:46:01] Info: Command line is /usr/bin/rkhunter -c [05:46:01] Info: Environment shell is /bin/bash; rkhunter is using dash [05:46:01] Info: Using configuration file '/etc/rkhunter.conf' [05:46:01] Info: Installation directory is '/usr' [05:46:01] Info: Using language 'en' [05:46:01] Info: Using '/var/lib/rkhunter/db' as the database directory [05:46:01] Info: Using '/usr/share/rkhunter/scripts' as the support script directory [05:46:01] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin' as the command directories [05:46:01] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory [05:46:01] Info: No mail-on-warning address configured [05:46:01] Info: X will be automatically detected [05:46:01] Info: Using second color set [05:46:01] Info: Found the 'basename' command: /usr/bin/basename [05:46:01] Info: Found the 'diff' command: /usr/bin/diff [05:46:01] Info: Found the 'dirname' command: /usr/bin/dirname [05:46:01] Info: Found the 'file' command: /usr/bin/file [05:46:01] Info: Found the 'find' command: /usr/bin/find [05:46:01] Info: Found the 'ifconfig' command: /sbin/ifconfig [05:46:01] Info: Found the 'ip' command: /sbin/ip [05:46:01] Info: Found the 'ipcs' command: /usr/bin/ipcs [05:46:01] Info: Found the 'ldd' command: /usr/bin/ldd [05:46:01] Info: Found the 'lsattr' command: /usr/bin/lsattr [05:46:01] Info: Found the 'lsmod' command: /sbin/lsmod [05:46:01] Info: Found the 'lsof' command: /usr/bin/lsof [05:46:01] Info: Found the 'mktemp' command: /bin/mktemp [05:46:01] Info: Found the 'netstat' command: /bin/netstat [05:46:01] Info: Found the 'perl' command: /usr/bin/perl [05:46:01] Info: Found the 'pgrep' command: /usr/bin/pgrep [05:46:01] Info: Found the 'ps' command: /bin/ps [05:46:01] Info: Found the 'pwd' command: /bin/pwd [05:46:01] Info: Found the 'readlink' command: /bin/readlink [05:46:01] Info: Found the 'stat' command: /usr/bin/stat [05:46:01] Info: Found the 'strings' command: /usr/bin/strings [05:46:01] Info: System is not using prelinking [05:46:01] Info: Using the '/usr/bin/sha256sum' command for the file hash checks [05:46:01] Info: Stored hash values used hash function '/usr/bin/sha1sum' [05:46:01] Info: Stored hash values did not use a package manager [05:46:01] Info: The hash function field index is set to 1 [05:46:01] Info: No package manager specified: using hash function '/usr/bin/sha256sum' [05:46:01] Info: Previous file attributes were stored [05:46:01] Info: Enabled tests are: all [05:46:01] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps apps [05:46:01] Info: Found ksym file '/proc/kallsyms' [05:46:01] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'. [05:46:01] Info: Using 'date' to process epoch second times [05:46:01] [05:46:01] Checking if the O/S has changed since last time... [05:46:01] Info: Nothing seems to have changed. [05:46:01] Info: Locking is not being used [05:46:01] [05:46:01] Starting system checks... [05:46:01] [05:46:01] Info: Starting test name 'system_commands' [05:46:01] Checking system commands... [05:46:01] [05:46:01] Info: Starting test name 'strings' [05:46:01] Performing 'strings' command checks [05:46:02] Scanning for string /usr/sbin/ntpsx [ OK ] [05:46:02] Scanning for string /usr/sbin/.../bkit-ava [ OK ] [05:46:02] Scanning for string /usr/sbin/.../bkit-d [ OK ] [05:46:02] Scanning for string /usr/sbin/.../bkit-shd [ OK ] [05:46:02] Scanning for string /usr/sbin/.../bkit-f [ OK ] [05:46:02] Scanning for string /usr/include/.../proc.h [ OK ] [05:46:02] Scanning for string /usr/include/.../.bash_history [ OK ] [05:46:02] Scanning for string /usr/include/.../bkit-get [ OK ] [05:46:02] Scanning for string /usr/include/.../bkit-dl [ OK ] [05:46:02] Scanning for string /usr/include/.../bkit-screen [ OK ] [05:46:02] Scanning for string /usr/include/.../bkit-sleep [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-adore.o [ OK ] [05:46:02] Scanning for string /usr/lib/.../ls [ OK ] [05:46:02] Scanning for string /usr/lib/.../netstat [ OK ] [05:46:02] Scanning for string /usr/lib/.../lsof [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-ssh/bkit-mots [ OK ] [05:46:02] Scanning for string /usr/lib/.../uconf.inv [ OK ] [05:46:02] Scanning for string /usr/lib/.../psr [ OK ] [05:46:02] Scanning for string /usr/lib/.../find [ OK ] [05:46:02] Scanning for string /usr/lib/.../pstree [ OK ] [05:46:02] Scanning for string /usr/lib/.../slocate [ OK ] [05:46:02] Scanning for string /usr/lib/.../du [ OK ] [05:46:02] Scanning for string /usr/lib/.../top [ OK ] [05:46:02] Scanning for string /usr/sbin/... [ OK ] [05:46:02] Scanning for string /usr/include/... [ OK ] [05:46:02] Scanning for string /usr/include/.../.tmp [ OK ] [05:46:02] Scanning for string /usr/lib/... [ OK ] [05:46:02] Scanning for string /usr/lib/.../.ssh [ OK ] [05:46:02] Scanning for string /usr/lib/.../bkit-ssh [ OK ] [05:46:02] Scanning for string /usr/lib/.bkit- [ OK ] [05:46:02] Scanning for string /tmp/.bkp [ OK ] [05:46:02] Scanning for string /tmp/.cinik [ OK ] [05:46:02] Scanning for string /tmp/.font-unix/.cinik [ OK ] [05:46:02] Scanning for string /lib/.sso [ OK ] [05:46:02] Scanning for string /lib/.so [ OK ] [05:46:02] Scanning for string /var/run/...dica/clean [ OK ] [05:46:02] Scanning for string /var/run/...dica/dxr [ OK ] [05:46:02] Scanning for string /var/run/...dica/read [ OK ] [05:46:02] Scanning for string /var/run/...dica/write [ OK ] [05:46:02] Scanning for string /var/run/...dica/lf [ OK ] [05:46:02] Scanning for string /var/run/...dica/xl [ OK ] [05:46:02] Scanning for string /var/run/...dica/xdr [ OK ] [05:46:02] Scanning for string /var/run/...dica/psg [ OK ] [05:46:02] Scanning for string /var/run/...dica/secure [ OK ] [05:46:02] Scanning for string /var/run/...dica/rdx [ OK ] [05:46:02] Scanning for string /var/run/...dica/va [ OK ] [05:46:02] Scanning for string /var/run/...dica/cl.sh [ OK ] [05:46:02] Scanning for string /var/run/...dica/last.log [ OK ] [05:46:02] Scanning for string /usr/bin/.etc [ OK ] [05:46:02] Scanning for string /etc/sshd_config [ OK ] [05:46:02] Scanning for string /etc/ssh_host_key [ OK ] [05:46:02] Scanning for string /etc/ssh_random_seed [ OK ] [05:46:02] Scanning for string /dev/ptyp [ OK ] [05:46:02] Scanning for string /dev/ptyq [ OK ] [05:46:02] Scanning for string /dev/ptyr [ OK ] [05:46:02] Scanning for string /dev/ptys [ OK ] [05:46:02] Scanning for string /dev/ptyt [ OK ] [05:46:02] Scanning for string /dev/fd/.88/freshb-bsd [ OK ] [05:46:02] Scanning for string /dev/fd/.88/fresht [ OK ] [05:46:02] Scanning for string /dev/fd/.88/zxsniff [ OK ] [05:46:02] Scanning for string /dev/fd/.88/zxsniff.log [ OK ] [05:46:02] Scanning for string /dev/fd/.99/.ttyf00 [ OK ] [05:46:02] Scanning for string /dev/fd/.99/.ttyp00 [ OK ] [05:46:02] Scanning for string /dev/fd/.99/.ttyq00 [ OK ] [05:46:02] Scanning for string /dev/fd/.99/.ttys00 [ OK ] [05:46:03] Scanning for string /dev/fd/.99/.pwsx00 [ OK ] [05:46:03] Scanning for string /etc/.acid [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/sched_host.2 [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/random_d.2 [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/set_pid.2 [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/setrgrp.2 [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/TOHIDE [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/cons.saver [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/adore/ava/ava [ OK ] [05:46:03] Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ] [05:46:03] Scanning for string /bin/sysback [ OK ] [05:46:03] Scanning for string /usr/local/bin/sysback [ OK ] [05:46:03] Scanning for string /usr/lib/.tbd [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/t0rns [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/du [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/ls [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/t0rnsb [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/ps [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/t0rnp [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/find [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/ifconfig [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/pg [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/ssh.tgz [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/top [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/sz [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/login [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/1i0n.sh [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/pstree [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/mjy [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/sush [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/tfn [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/name [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/getip.sh [ OK ] [05:46:03] Scanning for string /usr/info/.torn/sh* [ OK ] [05:46:03] Scanning for string /usr/src/.puta/.1addr [ OK ] [05:46:03] Scanning for string /usr/src/.puta/.1file [ OK ] [05:46:03] Scanning for string /usr/src/.puta/.1proc [ OK ] [05:46:03] Scanning for string /usr/src/.puta/.1logz [ OK ] [05:46:03] Scanning for string /usr/info/.t0rn [ OK ] [05:46:03] Scanning for string /dev/.lib [ OK ] [05:46:03] Scanning for string /dev/.lib/lib [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/lib/dev [ OK ] [05:46:03] Scanning for string /dev/.lib/lib/scan [ OK ] [05:46:03] Scanning for string /usr/src/.puta [ OK ] [05:46:03] Scanning for string /usr/man/man1/man1 [ OK ] [05:46:03] Scanning for string /usr/man/man1/man1/lib [ OK ] [05:46:03] Scanning for string /usr/man/man1/man1/lib/.lib [ OK ] [05:46:03] Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ] [05:46:03] [05:46:03] Info: Starting test name 'shared_libs' [05:46:03] Performing 'shared libraries' checks [05:46:03] Checking for preloading variables [ None found ] [05:46:03] Checking for preloaded libraries [ None found ] [05:46:03] [05:46:03] Info: Starting test name 'shared_libs_path' [05:46:03] Checking LD_LIBRARY_PATH variable [ Not found ] [05:46:03] [05:46:03] Info: Starting test name 'properties' [05:46:03] Performing file properties checks [05:46:03] Checking for prerequisites [ OK ] [05:46:05] /usr/sbin/adduser [ Warning ] [05:46:05] Warning: The file properties have changed: [05:46:05] File: /usr/sbin/adduser [05:46:06] Current hash: b26732ab356b3fa5e2e4a053e9a92cdaeb8c48197810701d38f3fbb4811741aa [05:46:06] Stored hash : 966f3c9cd1f833d35f85a790ad3efb9c312102c5 [05:46:06] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check. [05:46:06] /usr/sbin/chroot [ Warning ] [05:46:06] Warning: The file properties have changed: [05:46:06] File: /usr/sbin/chroot [05:46:06] Current hash: abfbf805ef5d26118b56f9058648d4741b65a440ad2c0efbdd2c4e126f9eceb3 [05:46:06] Stored hash : b590f922e1b90d941f6e17c1e8628f88c1e7d1bd [05:46:06] /usr/sbin/cron [ Warning ] [05:46:06] Warning: The file properties have changed: [05:46:06] File: /usr/sbin/cron [05:46:06] Current hash: 0ac0dec694553e356cdf565ea9a2f8dda3b23e7cdd8d54bce5b6f2165db5724f [05:46:06] Stored hash : e0e91267e6a79646ed8cafd102a9e98fad435d5d [05:46:06] /usr/sbin/groupadd [ Warning ] [05:46:06] Warning: The file properties have changed: [05:46:06] File: /usr/sbin/groupadd [05:46:06] Current hash: e2ee45e23194cdb414593cb2660db0b095dff8d00f0d15d7844964c39e5f7b5a [05:46:06] Stored hash : 90765d5b2f9f3418f8020e0c363a8f116d5c3ad1 [05:46:06] /usr/sbin/groupdel [ Warning ] [05:46:06] Warning: The file properties have changed: [05:46:06] File: /usr/sbin/groupdel [05:46:06] Current hash: 1bc6869cf0b2202491a5cff66a4b601b75d559f623d3088753bc94fcb5d60cfd [05:46:06] Stored hash : 39b301863c076a3bab345d63b3a6ebbba45573ec [05:46:06] /usr/sbin/groupmod [ Warning ] [05:46:06] Warning: The file properties have changed: [05:46:06] File: /usr/sbin/groupmod [05:46:06] Current hash: 6fe6eb53b180de1893a0897661e3293a67bfeff37b3d5c6d339f027263c50a15 [05:46:06] Stored hash : b644c5d54d66eba10947481267a3d0058a3ec304 [05:46:06] /usr/sbin/grpck [ Warning ] [05:46:06] Warning: The file properties have changed: [05:46:06] File: /usr/sbin/grpck [05:46:06] Current hash: 0f343ae25c43e9228fbafdc2d9dee1d060dab41a55b17a5a2889bdf14a5c59e8 [05:46:06] Stored hash : dbf2960bb15d27431d1fcdb326171b516ddeb50f [05:46:07] /usr/sbin/nologin [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/nologin [05:46:07] Current hash: 271a3219f26d7a71acaf17fca7ddc46a6b7ee1030e81ab86d9af63c46f209441 [05:46:07] Stored hash : 522d03d335ba14e6b2edf8340c79757f84d43722 [05:46:07] /usr/sbin/pwck [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/pwck [05:46:07] Current hash: f3c3150240844035dcb780b11cf269e11bfb2cecdd8e1edf6d11b471b38b8390 [05:46:07] Stored hash : 618886ceff8fc66a0c2edb1ca1638b6b268beedd [05:46:07] /usr/sbin/rsyslogd [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/rsyslogd [05:46:07] Current hash: 4fe70817c471d5f63c4cacc3ae28545eeb8c4101c03c5d78e53bed549a5eda95 [05:46:07] Stored hash : e73ef3c5ff970d52b435a7f35f18a25008501143 [05:46:07] /usr/sbin/tcpd [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/tcpd [05:46:07] Current hash: e2f6d28d83953dcec5d713ba2015b23531864df372a1aa57c4ca8790b0d07b6c [05:46:07] Stored hash : cd9cfc19df7f0e4b7f9adfa4fe8c5d74caa53d86 [05:46:07] /usr/sbin/useradd [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/useradd [05:46:07] Current hash: b636841e0997c2b6f3733b75b9a457e554def076ff30af989ac9f121be876557 [05:46:07] Stored hash : 23961f70e84104790f9b6963425ab74ea6b97ec3 [05:46:07] /usr/sbin/userdel [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/userdel [05:46:07] Current hash: 3487ce49e0e8e37778a6a7937d2b392ca3f12f0a51f233d0e05bf8e2e7d12665 [05:46:07] Stored hash : 3abe2675ce163f322c7dd4dc5a82a9c22d846ef1 [05:46:07] /usr/sbin/usermod [ Warning ] [05:46:07] Warning: The file properties have changed: [05:46:07] File: /usr/sbin/usermod [05:46:07] Current hash: 362a72fb83de4bb621ecf8caebbd0a44c80de12824230a785e88a36c0a5a2b96 [05:46:07] Stored hash : d3ad3f3f0257b18fc7eb2511f65cd9546caf2196 [05:46:08] /usr/sbin/vipw [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/sbin/vipw [05:46:08] Current hash: e43edf7a25c5e198590bb05ceb104e1a3bebf93105a71ea4aa72785377f6905d [05:46:08] Stored hash : 3e2318b9a6f147d9eb73b8022aea0df4dfd61729 [05:46:08] /usr/sbin/unhide-linux [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/sbin/unhide-linux [05:46:08] Current hash: a41da60d4325d0805899b019f13ece793a2d9554cd667380bab8bb93a41b8332 [05:46:08] Stored hash : b0a4f70f4284f3a0839f1ed33d15ec01b7ec8083 [05:46:08] /usr/sbin/unhide-posix [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/sbin/unhide-posix [05:46:08] Current hash: 589b2bfe9200677cf4a213488217ce06c70acfc62d666eaaf2fcc68a832714d2 [05:46:08] Stored hash : 14defd2522a5becafff2d7a6b4192d194c3b096e [05:46:08] /usr/sbin/unhide-tcp [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/sbin/unhide-tcp [05:46:08] Current hash: 92a492bda0c9277e0481ad1f3efc71eceb9a4ee3b04b897564c79402c8a143ce [05:46:08] Stored hash : 67d8f617e9e067c235e53d591f6ce64a7b65ab00 [05:46:08] /usr/bin/awk [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/bin/awk [05:46:08] Current hash: 91c3e9551264fc2b8a46a104715d51c13d717460f460e5d0d97295c69196ed1c [05:46:08] Stored hash : 3462fce89f3e37f0419cf118d90d6c36887e1609 [05:46:08] /usr/bin/basename [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/bin/basename [05:46:08] Current hash: 0d173084775292059489a60ebd9978fd5202e58ff8d4c08a4a77e4148c9fc339 [05:46:08] Stored hash : ce119e2c0d99b8d0fede01cbd565f16472b6f6c4 [05:46:08] /usr/bin/chattr [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/bin/chattr [05:46:08] Current hash: 8bed510f9778a9b9350ea811230f56f2389ffa1bbda595b1f1d31c328d174b8a [05:46:08] Stored hash : 2d34b4c7aa564c82c8e6f98c1ffb6db783a841b2 [05:46:08] /usr/bin/curl [ Warning ] [05:46:08] Warning: The file properties have changed: [05:46:08] File: /usr/bin/curl [05:46:08] Current hash: be7fc9358c59203365c697aa690c199e3b82a4f434f0fc17645adef2943a3999 [05:46:08] Stored hash : ebdfdee34ae05e35ce7e14f2850b53aa3d5f11cf [05:46:08] /usr/bin/cut [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/cut [05:46:09] Current hash: c3dabc16adbc435346c16c27a93da2f594e8a2b1a997d635316dbe6c722453e6 [05:46:09] Stored hash : 7b896a784f3251a73ae95ea3edc7517252b956a5 [05:46:09] /usr/bin/diff [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/diff [05:46:09] Current hash: cd61d2739c43aba7bacc478e1ab790d53bab55802ca662e6b1aac98e90f0bd4e [05:46:09] Stored hash : 907ea004a7830cc53fe53db52c26b16fdf17d5ee [05:46:09] /usr/bin/dirname [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/dirname [05:46:09] Current hash: b3b8d2b9675c0fc522387e7cd7b871bf1fb006b26536a097a66fb828ee42ad4c [05:46:09] Stored hash : d9f380f1216303d7db1af6538db4561a90537e53 [05:46:09] /usr/bin/dpkg [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/dpkg [05:46:09] Current hash: 75869329a6e4836540f6668faa742b7924d0dbabe124251184e538e3b360fffa [05:46:09] Stored hash : cd56737010133a0c5b85b060d33b1cd21d63050a [05:46:09] /usr/bin/dpkg-query [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/dpkg-query [05:46:09] Current hash: 4b52d7f69c86b7ef392e6207edfa44f11fed9b3487114ecaa7dedb8255cf31cd [05:46:09] Stored hash : a7aaa69d65a03133c55eceb5d388ada61ec30272 [05:46:09] /usr/bin/du [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/du [05:46:09] Current hash: 9a77c3b4e2859c9a1d3e31cda513964ce1602132fb994a8ba59e82e64a138f43 [05:46:09] Stored hash : fc798299cdaf4243b70f7cced589f808457328a2 [05:46:09] /usr/bin/env [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/env [05:46:09] Current hash: 6e7eb2d4f3c12afc67e9cd64db7c38b9994626893e1a5cb394bbf32d02852ba2 [05:46:09] Stored hash : 14996bf223a4f47c02505c2eb82996b31127e322 [05:46:09] /usr/bin/file [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/file [05:46:09] Current hash: 2749099cfeb3834bd6a255dd9cc26d0e6796254a8fa93be1cb922af463a8d50d [05:46:09] Stored hash : a796fca1bea54b05cea8a88be0f51a9f9e1f6f40 [05:46:09] /usr/bin/find [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/find [05:46:09] Current hash: f547b976f28c2edcb5fbe1f1c2969ed5123cf7af1ff2802b7355b2acd6959d33 [05:46:09] Stored hash : 0976ef2017360581ede6489c04723dc9d8e630d7 [05:46:09] /usr/bin/GET [ Warning ] [05:46:09] Warning: The file properties have changed: [05:46:09] File: /usr/bin/GET [05:46:09] Current hash: b38bbacb975fd69981a8bd41d866c9af75ededd2c5a4d6118b4b41aeb328ac72 [05:46:09] Stored hash : e6e5247e0710669383e14160d54396fca4a1ede2 [05:46:10] /usr/bin/groups [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/groups [05:46:10] Current hash: 199a3b5d0772072dc1abb92c279b49e255e7fa4cc51eb59ecaa44550d52acc15 [05:46:10] Stored hash : ac12db00ed48f79ee94535a483c0a199ab517e02 [05:46:10] /usr/bin/head [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/head [05:46:10] Current hash: fc22d2def2c4603c202e0ac66f979dc2ad3c9fea075e6941ab78f74a8cfebe02 [05:46:10] Stored hash : 26cad14006da2c88c8c0c9b67c6bd9beec0517a8 [05:46:10] /usr/bin/id [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/id [05:46:10] Current hash: f425012c7175a97fb6829634ead4d58a9449f25ac3f8307dac9a6c4ccd0873cb [05:46:10] Stored hash : e1177f196b86a87da25bd6b3dace2e7874ef055a [05:46:10] /usr/bin/killall [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/killall [05:46:10] Current hash: 2641776193b7a6d0ee4931bfdca253b3f1ebad0c74c2eec871fc6e453439cbc3 [05:46:10] Stored hash : 1034dea61785a938d0f468006319ebf140640201 [05:46:10] /usr/bin/last [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/last [05:46:10] Current hash: 988a6fe34da3d00dd7aa89112d6b38cfaa5ec4ca9e3dd525138b69927f7d20e3 [05:46:10] Stored hash : 52d5bf4d24fb66a71cea6758419d27f59ff2b491 [05:46:10] /usr/bin/lastlog [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/lastlog [05:46:10] Current hash: 43fff3bb733fbfae76c26724d54c8ae11c1ae921d90bc57b75e12d858175d3f2 [05:46:10] Stored hash : 6d3371aa78bf864657dfd4df06177476db1162e8 [05:46:10] /usr/bin/ldd [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/ldd [05:46:10] Current hash: 7b253d20dcc8c0d57e1e15bdae100f57e1a3a80e6e5c7b5940f695a2dba5c622 [05:46:10] Stored hash : 5d8d12cb912aae4d6bbce8d38d0ea73ddd76c7de [05:46:10] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check. [05:46:10] /usr/bin/less [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/less [05:46:10] Current hash: 9d5de353eac7bbb6266e84b0ad7766216a6e65e6538a36360a0ea00d2287e054 [05:46:10] Stored hash : 77ba0b7718b53ac019808400592d7c7f1a736e5d [05:46:10] /usr/bin/locate [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/locate [05:46:10] Current hash: af93ee08472682d0b305071af17ddceca819b067f4b748cb3280d0a0cc8c8f23 [05:46:10] Stored hash : 1e1017d8cc4ec3fec5de286391d288889679da98 [05:46:10] /usr/bin/logger [ Warning ] [05:46:10] Warning: The file properties have changed: [05:46:10] File: /usr/bin/logger [05:46:10] Current hash: fd0dc190a2f44b4d1e5024aa9313879832524a0279031eead78224747886788c [05:46:10] Stored hash : cfdc862738d9740dc424e6efc9ee9a4f9d19383a [05:46:11] /usr/bin/lsattr [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/lsattr [05:46:11] Current hash: 12562937b0c0ce92cc9e50348a4a184939e8516e3af8d958508aad1346d0d2be [05:46:11] Stored hash : 54faffe2cf9e65b88babb971b9e17b46d4af8bf4 [05:46:11] /usr/bin/lsof [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/lsof [05:46:11] Current hash: dd8553477e01410b5f8e955603510ee70c48b679bef6a611b135049bb1cd2080 [05:46:11] Stored hash : a09e74f493b075c6febaa4fbeb0a59445f404937 [05:46:11] /usr/bin/mail [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/mail [05:46:11] Current hash: 760699dbec6e9ab1f6fdda9a9373a7bc5b8708fe60ce39fba58f952e3d099444 [05:46:11] Stored hash : ae529220b04d2551a08d0ab4b7d13d1c6a4a2830 [05:46:11] /usr/bin/md5sum [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/md5sum [05:46:11] Current hash: d2feabf9a41ac50c7bfc7d3060997a4f927f0b0c339daa8fbe8a55d2f943b979 [05:46:11] Stored hash : 3a37187f60dc9259e7e1f648b5291ca7b1e389e0 [05:46:11] /usr/bin/mlocate [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/mlocate [05:46:11] Current hash: af93ee08472682d0b305071af17ddceca819b067f4b748cb3280d0a0cc8c8f23 [05:46:11] Stored hash : 1e1017d8cc4ec3fec5de286391d288889679da98 [05:46:11] /usr/bin/newgrp [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/newgrp [05:46:11] Current hash: 7f34d2c65c974696b4f9bf74460fd4ae24063d6bcec6533b62c89cf5bfa082f6 [05:46:11] Stored hash : f53350f9a469b43997bc7ee663045bdaf646d62c [05:46:11] /usr/bin/passwd [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/passwd [05:46:11] Current hash: ed0d7e84c0f1e56c092c4939de549ec67968a252257d9d90c369a8bb207809b3 [05:46:11] Stored hash : 6b1f0bea85a7585914d78621ff205854d01acc08 [05:46:11] /usr/bin/perl [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/perl [05:46:11] Current hash: c980066b572f250b51f59ccdd75b8321a8e164523e9edfa6ea876d45d832e91c [05:46:11] Stored hash : db619fc87b82c399c83cb672a19588774f0b0f9b [05:46:11] /usr/bin/pgrep [ Warning ] [05:46:11] Warning: The file properties have changed: [05:46:11] File: /usr/bin/pgrep [05:46:11] Current hash: fc7d8bb813af089fbe9d2badcb6caff1f600c8b62ee33ff64ac7f4529bf4a855 [05:46:12] Stored hash : 0fd5048e0acf92556960ac173fa4471c9e573b4c [05:46:12] /usr/bin/pkill [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/pkill [05:46:12] Current hash: fc7d8bb813af089fbe9d2badcb6caff1f600c8b62ee33ff64ac7f4529bf4a855 [05:46:12] Stored hash : 0fd5048e0acf92556960ac173fa4471c9e573b4c [05:46:12] /usr/bin/pstree [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/pstree [05:46:12] Current hash: f5f9af545b0cd9a104187b728e94509ca42ca7d19f6c1e92107f58ac89907b74 [05:46:12] Stored hash : 4e21b8ea426b1e10f7df78e9bf445a84cee36c66 [05:46:12] /usr/bin/rkhunter [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/rkhunter [05:46:12] Current hash: 522f8c9953f068b9f4d9b861ff3c162751ffc3324963b17617d0bbbc22227bba [05:46:12] Stored hash : be0db8f6e638164cc6abcaebc34f90cb9a832182 [05:46:12] /usr/bin/runcon [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/runcon [05:46:12] Current hash: 6ef25abf93a863881ba78c476f3e5859b84459447e41d7b2c9f52a635fcc749c [05:46:12] Stored hash : f52469f966b0f662a0b2d0b24b6c692a299ef600 [05:46:12] /usr/bin/sha1sum [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/sha1sum [05:46:12] Current hash: e510792a4ececb78e32e2d07f1cebc8a8649438d86dd5400704f3b5937a627c1 [05:46:12] Stored hash : e36cc1b35ba13f163c8481ec9b196a0e51a725d0 [05:46:12] /usr/bin/sha224sum [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/sha224sum [05:46:12] Current hash: 69fa215cb61af5d45f773fbb939635f33a859d44e41dad6f9c08761b401e9e78 [05:46:12] Stored hash : bc2abe93e0e7749c9d1261c4ce5d0649187fea7e [05:46:12] /usr/bin/sha256sum [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/sha256sum [05:46:12] Current hash: f855e9d7453561022df38f695ad7daba93c8fd1a3c6dae534ad665265232120f [05:46:12] Stored hash : 48cc1aee4a00d85ccaa885cec994ef4bece90593 [05:46:12] /usr/bin/sha384sum [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/sha384sum [05:46:12] Current hash: fa6df178ac6cc70cabd2ec9ab2de4efe5cb6e2eced25413d0c6cba347e892c63 [05:46:12] Stored hash : cb6d6e6fc9d236fc12946add2620d7aafe42d373 [05:46:12] /usr/bin/sha512sum [ Warning ] [05:46:12] Warning: The file properties have changed: [05:46:12] File: /usr/bin/sha512sum [05:46:12] Current hash: 69ee6b50010f6a5a09cc2a2daa3836ed31d4e4f7a277490e759f81e81401464f [05:46:12] Stored hash : 4240d540620baa729899a3b942d18891199025e8 [05:46:13] /usr/bin/size [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/size [05:46:13] Current hash: fd068f1b22fd74204858cff7f3b3e3a493a1971c0c70802582ae39362f7ff705 [05:46:13] Stored hash : 06111baaed602204a5ee1c5051e98bc9076860f5 [05:46:13] /usr/bin/sort [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/sort [05:46:13] Current hash: b2ab7b5c56c363bbadef4f0a75345917ea53fe9015cc64908d18773eaabf0c93 [05:46:13] Stored hash : a6a9fbf310ec415544bef74993d16896186dee9e [05:46:13] /usr/bin/ssh [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/ssh [05:46:13] Current hash: 2b5d0118c7b5401b8466683564662e0799752952b8f537b18fae638a491c45af [05:46:13] Stored hash : 8a13fbb97c609d2dff08150a8e11870e3da3c984 [05:46:13] /usr/bin/stat [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/stat [05:46:13] Current hash: 7dd1ba73896e9e6f76bce7fea951086f3f6aefd416d21f891070611ef84f8871 [05:46:13] Stored hash : 1a3e07652ca5227bbe9b7c88f529bcedf21c2843 [05:46:13] /usr/bin/strace [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/strace [05:46:13] Current hash: 2d20afd0ae46abb8ef442bd39bf602b1ad6dd8bc8be4bd6cb9fc69ba9afd8f55 [05:46:13] Stored hash : 01bb37ec082045f3d4d39c5f48df607e09f9882e [05:46:13] /usr/bin/strings [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/strings [05:46:13] Current hash: d021a5d313adc2edbb7e5baaa8b75a6db8b888ede9a784679642b0e060719e02 [05:46:13] Stored hash : 9641523123f6abbef34a36bd995457f319482404 [05:46:13] /usr/bin/sudo [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/sudo [05:46:13] Current hash: 2ad491f3dbdac3ff40b46565d253e5e84e653af7c05d5cca2fa8848f46e49ee8 [05:46:13] Stored hash : a0dac5cc4b520e4cd45e9cfed381ac66960f40a2 [05:46:13] /usr/bin/tail [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/tail [05:46:13] Current hash: 82bd160a5ce7246f0951793940319e690a95ec2aa59a9a42f8b91e5150358696 [05:46:13] Stored hash : 7e4988299aee8129cd129f06fef6688cbf8fe0f7 [05:46:13] /usr/bin/telnet [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/telnet [05:46:13] Current hash: d3379c3587823675a2324fefe702c25f52776bc47cab73d7c128e82426887583 [05:46:13] Stored hash : 6bda2713e3bb0d48c4919606e0c24e132175d855 [05:46:13] /usr/bin/test [ Warning ] [05:46:13] Warning: The file properties have changed: [05:46:13] File: /usr/bin/test [05:46:13] Current hash: e6e8a3610ff040c8e75eb2dd3e4aace7e2181caf13a36a9fddc66df6d9aed407 [05:46:13] Stored hash : 367e4e59dfe36b96dcf34bae9a2c5d2e5b0acd40 [05:46:14] /usr/bin/top [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/top [05:46:14] Current hash: 3b9a065ac4a781ca70052c8b09cb11a4b519cd4a486872209156f2fa89c3c672 [05:46:14] Stored hash : 3dbd0cad6dcda87f1ee81597fbe9d4472ffaa28c [05:46:14] /usr/bin/touch [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/touch [05:46:14] Current hash: 592bf9c6a1204f9a2adc782d410677c7eca3af1b8134caf85c54e1e9b75c39b9 [05:46:14] Stored hash : 3d11398da75dcee8dc34204a5a4624e5ee45b5ea [05:46:14] /usr/bin/tr [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/tr [05:46:14] Current hash: 5281bd37d76657804dabf24e534659e0f5801825981ddbc85e6a8e3464c090dc [05:46:14] Stored hash : a99a52338eb13d36873116a7734d83dda5f3ceea [05:46:14] /usr/bin/uniq [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/uniq [05:46:14] Current hash: 962b6401f2e0ef8ee8da90c7b2927b9149f613d118413aff6f68bd81443654b3 [05:46:14] Stored hash : 98e5d7cb9890667d210f4b37df6ff25c0fa2e177 [05:46:14] /usr/bin/users [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/users [05:46:14] Current hash: 0cf97082d0dcb5939212b73f991f6ab11790dcd4ed1d490865a4b92583af19ac [05:46:14] Stored hash : 7a4f62fae74b51fcb8290beae14f3778df2b8663 [05:46:14] /usr/bin/vmstat [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/vmstat [05:46:14] Current hash: 955360adb7fa8a69f2d67371540da272d2f3a5e2d14e77fa8ea7d3412fe7ea78 [05:46:14] Stored hash : a5fa50efebb7282c80e807c00c0776a4f5233c20 [05:46:14] /usr/bin/w [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/w [05:46:14] Current hash: 4acf846dd7c29c028a9453804b98483778390053011c132d7dec96e07d9149be [05:46:14] Stored hash : 84b1649d3c541fd2d81d361c24b7338588865c68 [05:46:14] /usr/bin/watch [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/watch [05:46:14] Current hash: b484860d2bd3ad2371974778a0662b806101b4102fd5ea69664d058571ff1cbb [05:46:14] Stored hash : 22e384388a0bf9ea1d01ff3970391318985bb8bb [05:46:14] /usr/bin/wc [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/wc [05:46:14] Current hash: 23c06d7658ae3f4f11d9a71da847ee7e27c1d18efdcdf22719f133e7977f9e63 [05:46:14] Stored hash : 7a1f65b4bc0f15bdf68409d8897552b7da393b2e [05:46:14] /usr/bin/wget [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/wget [05:46:14] Current hash: 6c72ef6959f9be21b4693d4a0d3cf2f0706f24ca5e9a451ba5a291db9f1dd469 [05:46:14] Stored hash : 24c983093f5ff807650b7582934012eed64812d8 [05:46:14] /usr/bin/whatis [ Warning ] [05:46:14] Warning: The file properties have changed: [05:46:14] File: /usr/bin/whatis [05:46:14] Current hash: 7c8ca90f64b33c15f9a8a7983952b59742b7f8d5063a3c41b7bb27cb7565c93d [05:46:15] Stored hash : 5f5903825c61b0c7b9e1cb0f291c3ddb8e327609 [05:46:15] /usr/bin/whereis [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/whereis [05:46:15] Current hash: 7c0758c09b3148c54492977a342f8c532a438c59a7fd512eacf29b0767994968 [05:46:15] Stored hash : cbf487a9a88566d15dc1bdab9be9eb315e636c2d [05:46:15] /usr/bin/which [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/which [05:46:15] Current hash: 7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b [05:46:15] Stored hash : cd2cdf42c04fba4123f4b8f12bca9bbd76552c95 [05:46:15] /usr/bin/who [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/who [05:46:15] Current hash: f1dd6dc503c8a7a868285c41509f6f457f8143668b4f89629c4bb6f96369b3db [05:46:15] Stored hash : 2376e2db78736e8b4663840e26e947bef0c51286 [05:46:15] /usr/bin/whoami [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/whoami [05:46:15] Current hash: 3277d2ecc82f7fa37e906929615ab464be685986388755ed709c8406ede8e250 [05:46:15] Stored hash : ee9517192f8434384c3956f18a49b507bd00bbff [05:46:15] /usr/bin/unhide [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/unhide [05:46:15] Current hash: a41da60d4325d0805899b019f13ece793a2d9554cd667380bab8bb93a41b8332 [05:46:15] Stored hash : b0a4f70f4284f3a0839f1ed33d15ec01b7ec8083 [05:46:15] /usr/bin/mawk [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/mawk [05:46:15] Current hash: 91c3e9551264fc2b8a46a104715d51c13d717460f460e5d0d97295c69196ed1c [05:46:15] Stored hash : 3462fce89f3e37f0419cf118d90d6c36887e1609 [05:46:15] /usr/bin/lwp-request [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/lwp-request [05:46:15] Current hash: b38bbacb975fd69981a8bd41d866c9af75ededd2c5a4d6118b4b41aeb328ac72 [05:46:15] Stored hash : e6e5247e0710669383e14160d54396fca4a1ede2 [05:46:15] /usr/bin/bsd-mailx [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/bsd-mailx [05:46:15] Current hash: 760699dbec6e9ab1f6fdda9a9373a7bc5b8708fe60ce39fba58f952e3d099444 [05:46:15] Stored hash : ae529220b04d2551a08d0ab4b7d13d1c6a4a2830 [05:46:15] /usr/bin/telnet.netkit [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/telnet.netkit [05:46:15] Current hash: d3379c3587823675a2324fefe702c25f52776bc47cab73d7c128e82426887583 [05:46:15] Stored hash : 6bda2713e3bb0d48c4919606e0c24e132175d855 [05:46:15] /usr/bin/w.procps [ Warning ] [05:46:15] Warning: The file properties have changed: [05:46:15] File: /usr/bin/w.procps [05:46:15] Current hash: 4acf846dd7c29c028a9453804b98483778390053011c132d7dec96e07d9149be [05:46:15] Stored hash : 84b1649d3c541fd2d81d361c24b7338588865c68 [05:46:16] /sbin/depmod [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/depmod [05:46:16] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:16] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:16] /sbin/fsck [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/fsck [05:46:16] Current hash: f2fe40a64cd998f49ca36918410559243eab39cb417b661eeaf1864aa8f07e36 [05:46:16] Stored hash : 8850b196d1ae72ecb933d16a73d6b2ed3c4907d0 [05:46:16] /sbin/ifconfig [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/ifconfig [05:46:16] Current hash: 44731bbb6523d8bbfdcc09e2eb6f8341524c0656ef8ab6c62ed758afac95140c [05:46:16] Stored hash : add07092b8f96e5c0d36be45d53692ace3a8d34b [05:46:16] /sbin/ifdown [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/ifdown [05:46:16] Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2 [05:46:16] Stored hash : 284790aec5ad6cee524b309788f039348ee85a51 [05:46:16] /sbin/ifup [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/ifup [05:46:16] Current hash: 651db729c5f8677f4c8827bb24c712892b2d7c8becc763e49d98b5232f1452e2 [05:46:16] Stored hash : 284790aec5ad6cee524b309788f039348ee85a51 [05:46:16] /sbin/init [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/init [05:46:16] Current hash: 97089b739ae4727d312eff88901d5c088f29f72f878c8213112e41559e46bcf9 [05:46:16] Stored hash : f27f7f1a84e12120e587148aa6e97c5545c7f909 [05:46:16] /sbin/insmod [ Warning ] [05:46:16] Warning: The file properties have changed: [05:46:16] File: /sbin/insmod [05:46:16] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:17] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:17] /sbin/ip [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/ip [05:46:17] Current hash: d1a0a23a3a2686957237b350516569184af7d5a494b6b4443510fa1ae4784891 [05:46:17] Stored hash : ce5da9e0fb5f58ce574c6bf5dcc6781a8a36e5d3 [05:46:17] /sbin/lsmod [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/lsmod [05:46:17] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:17] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:17] /sbin/modinfo [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/modinfo [05:46:17] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:17] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:17] /sbin/modprobe [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/modprobe [05:46:17] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:17] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:17] /sbin/rmmod [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/rmmod [05:46:17] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:17] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:17] /sbin/route [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/route [05:46:17] Current hash: bcec0906e2f49b98182a810fd751735efb02192dbfb8d5e3d3787cfa63843af5 [05:46:17] Stored hash : 7fa0d95fec023b2db88162e7b4f554552e6510d1 [05:46:17] /sbin/runlevel [ Warning ] [05:46:17] Warning: The file properties have changed: [05:46:17] File: /sbin/runlevel [05:46:17] Current hash: 0cb19a37bc96d70bcdabae8f7723a6c74c376e367f91531a82254878759b9e9c [05:46:17] Stored hash : ff23fef9209eb18843944a2a68bccaecaeadbaf1 [05:46:18] /sbin/sulogin [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /sbin/sulogin [05:46:18] Current hash: ab0e37346995372da64001067970dbcef03b871b459ba889ba09f60f68768119 [05:46:18] Stored hash : 42581c8b311666b697f699559c1210513b826fb3 [05:46:18] /sbin/sysctl [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /sbin/sysctl [05:46:18] Current hash: fcbe69441937ec7453715cd8a35a356ca26f2ecf00df8a50d00570d17bb1cd5a [05:46:18] Stored hash : a0232e153465a4b70fa78b1ece2b39b7e976d61c [05:46:18] /bin/bash [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /bin/bash [05:46:18] Current hash: 2b607f16148bcd2c95cc1069df4ca6c0ac60f1c049451f6d323c0b0b657f9206 [05:46:18] Stored hash : a6cabb20a54bba91d925d8d97d079ffc6437c6d8 [05:46:18] /bin/cat [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /bin/cat [05:46:18] Current hash: 8d6da6a751b66c3cdfebb56cc89a72b9a64a42f4c4e7dc8e198698bba280008a [05:46:18] Stored hash : 53d12746d7abba6d23d807ed01bcea0c824d3a9c [05:46:18] /bin/chmod [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /bin/chmod [05:46:18] Current hash: 28be01cf30115c49d511f92161455538c4fd44775e46a390ea8cce4eeb7ec63b [05:46:18] Stored hash : ed933bb26ded3ea2c815a45778f54d33284e97c7 [05:46:18] /bin/chown [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /bin/chown [05:46:18] Current hash: b2c06da3a417737602d9b486c6c3105ac52c8f9c0e019b58c7297bd7e266db91 [05:46:18] Stored hash : 17074822f5a9c0ebc275b247f6ea6a1d0338c3ce [05:46:18] /bin/cp [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:18] File: /bin/cp [05:46:18] Current hash: 43ee5f18dd9cdaff7c5ab8842cd6341c0e29be905b8195f24c9b069cc49ac196 [05:46:18] Stored hash : 6b94202b1885ec2c00dfb537d94e6ab15db00214 [05:46:18] /bin/date [ Warning ] [05:46:18] Warning: The file properties have changed: [05:46:19] File: /bin/date [05:46:19] Current hash: 6127e7afa1338ff0f031a31c5b8282b3515fe35a94ec9ab83bf7026a410ddec2 [05:46:19] Stored hash : 0806310d3e00e4e20d9bb09306501f270bc1fae5 [05:46:19] /bin/df [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/df [05:46:19] Current hash: a421040f5aa9236a92148b98edc6b62e5ccae197aa788f488990f68509132151 [05:46:19] Stored hash : 50c5921d20a679e8762c08af1ecaabfb1a05b24b [05:46:19] /bin/dmesg [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/dmesg [05:46:19] Current hash: 338db6578e6129ecc9e9ca4bd4641cab88bc8ae528a3a238b7f4d422ea2a6a91 [05:46:19] Stored hash : 8687790451d286e4f643872c67bf09fcf9a2e7ec [05:46:19] /bin/echo [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/echo [05:46:19] Current hash: 44c212c3828eb931b4b45d2ac672fd49dcd4b7ee50f52e8460f473c3c2758d87 [05:46:19] Stored hash : a72d805016b81f76182968836c692cb1eced8087 [05:46:19] /bin/ed [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/ed [05:46:19] Current hash: c00c78fa172ac82d126ae0df152a2b72f252e7c5d19f14d592af0d39fea9f20b [05:46:19] Stored hash : 0d509cbe4531ea3ecf1455552fdc222335019390 [05:46:19] /bin/egrep [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/egrep [05:46:19] Current hash: 3c4178db943e4e8e667e32d9ac5992110f17dffdc0dfd3863d6184d693be2376 [05:46:19] Stored hash : 79c712245588e086b95ad5375fcf4a32d7312485 [05:46:19] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check. [05:46:19] /bin/fgrep [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/fgrep [05:46:19] Current hash: f364bd304ababe3b2dd9149fbbf816fdf6e55c093ca3b1121859dd934e5dde2c [05:46:19] Stored hash : a52df03b928b802bf86780a4a411519c4bfc7c14 [05:46:19] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check. [05:46:19] /bin/fuser [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/fuser [05:46:19] Current hash: 9c7eb7b89bbff88a1ba80b4f068c5eba00436407c8f4494aa851de9934ec0b29 [05:46:19] Stored hash : ce27b62c83648b9022fde65c2a2f9b2ea38d347d [05:46:19] /bin/grep [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/grep [05:46:19] Current hash: 5be890e64503dc898b9406378b95bb7d3487f1bfebb458ee49502e486e5fc921 [05:46:19] Stored hash : 3995b06c261e13c69a2ebd8bb51fe45f01a02b32 [05:46:19] /bin/ip [ Warning ] [05:46:19] Warning: The file properties have changed: [05:46:19] File: /bin/ip [05:46:19] Current hash: d1a0a23a3a2686957237b350516569184af7d5a494b6b4443510fa1ae4784891 [05:46:19] Stored hash : ce5da9e0fb5f58ce574c6bf5dcc6781a8a36e5d3 [05:46:20] /bin/kill [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/kill [05:46:20] Current hash: b566730c421725ab09f29ae8cdcda7aa83295fdb24d9bb246bae7f8ec7fdff5a [05:46:20] Stored hash : f06668807a4e6c103bdc70913b122c3a026e37dd [05:46:20] /bin/less [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/less [05:46:20] Current hash: 9d5de353eac7bbb6266e84b0ad7766216a6e65e6538a36360a0ea00d2287e054 [05:46:20] Stored hash : 77ba0b7718b53ac019808400592d7c7f1a736e5d [05:46:20] /bin/login [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/login [05:46:20] Current hash: cf692e9dbea54d1228ce9ec890ecb6d3c86e540b0100c0dcdf33895cd37901d9 [05:46:20] Stored hash : 71f5bd17224e3e8b53bbfac5e263b0624823a66c [05:46:20] /bin/ls [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/ls [05:46:20] Current hash: 0b786b336b0391b56dabb7b078a23ec4295115628cfd4b635f4d8ae5ae0cfafc [05:46:20] Stored hash : 68837276277029c9ca14c262b01d28512226bff7 [05:46:20] /bin/lsmod [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/lsmod [05:46:20] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:20] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:20] /bin/mktemp [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/mktemp [05:46:20] Current hash: cab2a03368627e01d9f5c7aba32b42a0657321b306a8133a4de4cfd68eda7976 [05:46:20] Stored hash : f4dca855e85a092e113d16227789e98516fbeb50 [05:46:20] /bin/more [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/more [05:46:20] Current hash: f52b8e3f464873032cc2e393fa2fa5d4f678fe17eb89b1398adebb7f826f91ff [05:46:20] Stored hash : 228bcdd7f34eea6f8ed7b9c2bc2920664d15c42b [05:46:20] /bin/mount [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/mount [05:46:20] Current hash: 37165d647b40243d219b947c060b3cecb91d8a8bb529afb7c8fdf5b00abffdef [05:46:20] Stored hash : 81d572586ffa44094a816c1a661a42aaf2be2507 [05:46:20] /bin/mv [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/mv [05:46:20] Current hash: 7457f616b3eab7910f7ed006e4f7145442a9d8e24126247556e8180222ff8d62 [05:46:20] Stored hash : d97fa1490fc424d5b0d6afdcb63096d013bd4465 [05:46:20] /bin/netstat [ Warning ] [05:46:20] Warning: The file properties have changed: [05:46:20] File: /bin/netstat [05:46:20] Current hash: b013c213d8c408e72d4bebcb471c9ed2a76f976c6c2ff5c90b396332928b78f1 [05:46:21] Stored hash : 8a0165cb4bf34d083ee755efee338dd9b8e1ccbe [05:46:21] /bin/ping [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/ping [05:46:21] Current hash: 5249815d2afc2011df86ad95cb2990e4f225990c37372d5e0d6019085df7dee6 [05:46:21] Stored hash : b78428f497b6ee2ebcfcde9dadbaeb78b71e8add [05:46:21] /bin/ps [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/ps [05:46:21] Current hash: 7ba7fbc891e831b58e3267d74237a06dd9701501c36515dff74153b9b2a64a92 [05:46:21] Stored hash : cf40ccb422af5a4a720866a07cdd393816f1f6e1 [05:46:21] /bin/pwd [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/pwd [05:46:21] Current hash: 8ad543e044f77020f4a8aeed95cd91a1bed4c759cc14cb1a517041ee8a6b0bc4 [05:46:21] Stored hash : 53b3304ac61ae0e0dfc57e176bb09e0feded87f0 [05:46:21] /bin/readlink [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/readlink [05:46:21] Current hash: 61359b5a4dfa37408032b8903e80110c0ee163b3f563c770a7031c6a9f22066f [05:46:21] Stored hash : 05773d2729050a42bced99f2568564b24c88820f [05:46:21] /bin/sed [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/sed [05:46:21] Current hash: e80ef105ffd7e023f685a6480e8cc72c60b0528ed3a9abe0ad74976669c9e265 [05:46:21] Stored hash : 98f0ce777f57ddf69110600ca863286d15ff19e6 [05:46:21] /bin/sh [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/sh [05:46:21] Current hash: e865a4ff01b0df1afec7b5fd7b3a8906baa57d77daaa4888a31dccbf004d011b [05:46:21] Stored hash : 1f20b39898c7cf4768a2023276b419bcea142c34 [05:46:21] /bin/su [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/su [05:46:21] Current hash: bf143b29fbd67da0feb885a328d243bfc3c31c861ff71d74dab0608e41080007 [05:46:21] Stored hash : 7e1f29a968867f2f61c60f6536454c8b2bc156f1 [05:46:21] /bin/touch [ Warning ] [05:46:21] Warning: The file properties have changed: [05:46:21] File: /bin/touch [05:46:21] Current hash: 592bf9c6a1204f9a2adc782d410677c7eca3af1b8134caf85c54e1e9b75c39b9 [05:46:21] Stored hash : 3d11398da75dcee8dc34204a5a4624e5ee45b5ea [05:46:22] /bin/uname [ Warning ] [05:46:22] Warning: The file properties have changed: [05:46:22] File: /bin/uname [05:46:22] Current hash: 20cfebd591ce1d3d2b78c55fd022ea1a94d0aac6675b0f75c9ade9567274e1ec [05:46:22] Stored hash : 7e862cc56ef28f118c477f3a4937927be0b8de6a [05:46:22] /bin/which [ Warning ] [05:46:22] Warning: The file properties have changed: [05:46:22] File: /bin/which [05:46:22] Current hash: 7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b [05:46:22] Stored hash : cd2cdf42c04fba4123f4b8f12bca9bbd76552c95 [05:46:22] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check. [05:46:22] /bin/kmod [ Warning ] [05:46:22] Warning: The file properties have changed: [05:46:22] File: /bin/kmod [05:46:22] Current hash: d5e40d5b77530f3053e7539f4704da5f38f52d79d3857070fc6a6c82fa0d4a3c [05:46:22] Stored hash : acc69ad1870f7d10c71886dd4b2602fbfb553d3e [05:46:22] /bin/systemd [ Warning ] [05:46:22] Warning: The file properties have changed: [05:46:22] File: /bin/systemd [05:46:22] Current hash: 97089b739ae4727d312eff88901d5c088f29f72f878c8213112e41559e46bcf9 [05:46:22] Stored hash : f27f7f1a84e12120e587148aa6e97c5545c7f909 [05:46:22] /bin/systemctl [ Warning ] [05:46:22] Warning: The file properties have changed: [05:46:22] File: /bin/systemctl [05:46:22] Current hash: 0cb19a37bc96d70bcdabae8f7723a6c74c376e367f91531a82254878759b9e9c [05:46:22] Stored hash : ff23fef9209eb18843944a2a68bccaecaeadbaf1 [05:46:22] /bin/dash [ Warning ] [05:46:22] Warning: The file properties have changed: [05:46:22] File: /bin/dash [05:46:22] Current hash: e865a4ff01b0df1afec7b5fd7b3a8906baa57d77daaa4888a31dccbf004d011b [05:46:22] Stored hash : 1f20b39898c7cf4768a2023276b419bcea142c34 [05:46:23] /lib/systemd/systemd [ Warning ] [05:46:23] Warning: The file properties have changed: [05:46:23] File: /lib/systemd/systemd [05:46:23] Current hash: 97089b739ae4727d312eff88901d5c088f29f72f878c8213112e41559e46bcf9 [05:46:23] Stored hash : f27f7f1a84e12120e587148aa6e97c5545c7f909 [05:46:24] [05:46:24] Info: Starting test name 'rootkits' [05:46:24] Checking for rootkits... [05:46:24] [05:46:24] Info: Starting test name 'known_rkts' [05:46:24] Performing check of known rootkit files and directories [05:46:24] [05:46:24] Checking for 55808 Trojan - Variant A... [05:46:24] Checking for file '/tmp/.../r' [ Not found ] [05:46:24] Checking for file '/tmp/.../a' [ Not found ] [05:46:24] 55808 Trojan - Variant A [ Not found ] [05:46:24] [05:46:24] Checking for ADM Worm... [05:46:24] Checking for string 'w0rm' [ Not found ] [05:46:24] ADM Worm [ Not found ] [05:46:24] [05:46:24] Checking for AjaKit Rootkit... [05:46:24] Checking for file '/dev/tux/.addr' [ Not found ] [05:46:24] Checking for file '/dev/tux/.proc' [ Not found ] [05:46:24] Checking for file '/dev/tux/.file' [ Not found ] [05:46:24] Checking for file '/lib/.libgh-gh/cleaner' [ Not found ] [05:46:24] Checking for file '/lib/.libgh-gh/Patch/patch' [ Not found ] [05:46:24] Checking for file '/lib/.libgh-gh/sb0k' [ Not found ] [05:46:24] Checking for directory '/dev/tux' [ Not found ] [05:46:24] Checking for directory '/lib/.libgh-gh' [ Not found ] [05:46:24] AjaKit Rootkit [ Not found ] [05:46:24] [05:46:24] Checking for Adore Rootkit... [05:46:24] Checking for file '/usr/secure' [ Not found ] [05:46:24] Checking for file '/usr/doc/sys/qrt' [ Not found ] [05:46:24] Checking for file '/usr/doc/sys/run' [ Not found ] [05:46:24] Checking for file '/usr/doc/sys/crond' [ Not found ] [05:46:24] Checking for file '/usr/sbin/kfd' [ Not found ] [05:46:24] Checking for file '/usr/doc/kern/var' [ Not found ] [05:46:24] Checking for file '/usr/doc/kern/string.o' [ Not found ] [05:46:24] Checking for file '/usr/doc/kern/ava' [ Not found ] [05:46:24] Checking for file '/usr/doc/kern/adore.o' [ Not found ] [05:46:24] Checking for file '/var/log/ssh/old' [ Not found ] [05:46:24] Checking for directory '/lib/security/.config/ssh' [ Not found ] [05:46:24] Checking for directory '/usr/doc/kern' [ Not found ] [05:46:24] Checking for directory '/usr/doc/backup' [ Not found ] [05:46:24] Checking for directory '/usr/doc/backup/txt' [ Not found ] [05:46:24] Checking for directory '/lib/backup' [ Not found ] [05:46:24] Checking for directory '/lib/backup/txt' [ Not found ] [05:46:24] Checking for directory '/usr/doc/work' [ Not found ] [05:46:24] Checking for directory '/usr/doc/sys' [ Not found ] [05:46:24] Checking for directory '/var/log/ssh' [ Not found ] [05:46:24] Checking for directory '/usr/doc/.spool' [ Not found ] [05:46:24] Checking for directory '/usr/lib/kterm' [ Not found ] [05:46:24] Adore Rootkit [ Not found ] [05:46:24] [05:46:24] Checking for aPa Kit... [05:46:24] Checking for file '/usr/share/.aPa' [ Not found ] [05:46:24] aPa Kit [ Not found ] [05:46:24] [05:46:24] Checking for Apache Worm... [05:46:24] Checking for file '/bin/.log' [ Not found ] [05:46:24] Apache Worm [ Not found ] [05:46:24] [05:46:24] Checking for Ambient (ark) Rootkit... [05:46:24] Checking for file '/usr/lib/.ark?' [ Not found ] [05:46:24] Checking for file '/dev/ptyxx/.log' [ Not found ] [05:46:24] Checking for file '/dev/ptyxx/.file' [ Not found ] [05:46:24] Checking for file '/dev/ptyxx/.proc' [ Not found ] [05:46:24] Checking for file '/dev/ptyxx/.addr' [ Not found ] [05:46:24] Checking for directory '/dev/ptyxx' [ Not found ] [05:46:24] Ambient (ark) Rootkit [ Not found ] [05:46:24] [05:46:24] Checking for Balaur Rootkit... [05:46:24] Checking for file '/usr/lib/liblog.o' [ Not found ] [05:46:24] Checking for directory '/usr/lib/.kinetic' [ Not found ] [05:46:24] Checking for directory '/usr/lib/.egcs' [ Not found ] [05:46:24] Checking for directory '/usr/lib/.wormie' [ Not found ] [05:46:24] Balaur Rootkit [ Not found ] [05:46:24] [05:46:24] Checking for BeastKit Rootkit... [05:46:24] Checking for file '/usr/sbin/arobia' [ Not found ] [05:46:24] Checking for file '/usr/sbin/idrun' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm/hk' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm/sc' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ] [05:46:24] Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ] [05:46:24] Checking for directory '/lib/ldd.so/bktools' [ Not found ] [05:46:24] BeastKit Rootkit [ Not found ] [05:46:25] [05:46:25] Checking for beX2 Rootkit... [05:46:25] Checking for file '/usr/info/termcap.info-5.gz' [ Not found ] [05:46:25] Checking for file '/usr/bin/sshd2' [ Not found ] [05:46:25] Checking for directory '/usr/include/bex' [ Not found ] [05:46:25] beX2 Rootkit [ Not found ] [05:46:25] [05:46:25] Checking for BOBKit Rootkit... [05:46:25] Checking for file '/usr/sbin/ntpsx' [ Not found ] [05:46:25] Checking for file '/usr/sbin/.../bkit-ava' [ Not found ] [05:46:25] Checking for file '/usr/sbin/.../bkit-d' [ Not found ] [05:46:25] Checking for file '/usr/sbin/.../bkit-shd' [ Not found ] [05:46:25] Checking for file '/usr/sbin/.../bkit-f' [ Not found ] [05:46:25] Checking for file '/usr/include/.../proc.h' [ Not found ] [05:46:25] Checking for file '/usr/include/.../.bash_history' [ Not found ] [05:46:25] Checking for file '/usr/include/.../bkit-get' [ Not found ] [05:46:25] Checking for file '/usr/include/.../bkit-dl' [ Not found ] [05:46:25] Checking for file '/usr/include/.../bkit-screen' [ Not found ] [05:46:25] Checking for file '/usr/include/.../bkit-sleep' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../bkit-adore.o' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../ls' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../netstat' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../lsof' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../bkit-ssh/bkit-mots' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../uconf.inv' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../psr' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../find' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../pstree' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../slocate' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../du' [ Not found ] [05:46:25] Checking for file '/usr/lib/.../top' [ Not found ] [05:46:25] Checking for directory '/usr/sbin/...' [ Not found ] [05:46:25] Checking for directory '/usr/include/...' [ Not found ] [05:46:25] Checking for directory '/usr/include/.../.tmp' [ Not found ] [05:46:25] Checking for directory '/usr/lib/...' [ Not found ] [05:46:25] Checking for directory '/usr/lib/.../.ssh' [ Not found ] [05:46:25] Checking for directory '/usr/lib/.../bkit-ssh' [ Not found ] [05:46:25] Checking for directory '/usr/lib/.bkit-' [ Not found ] [05:46:25] Checking for directory '/tmp/.bkp' [ Not found ] [05:46:25] BOBKit Rootkit [ Not found ] [05:46:25] [05:46:25] Checking for cb Rootkit... [05:46:25] Checking for file '/dev/srd0' [ Not found ] [05:46:25] Checking for file '/lib/libproc.so.2.0.6' [ Not found ] [05:46:25] Checking for file '/dev/mounnt' [ Not found ] [05:46:25] Checking for file '/etc/rc.d/init.d/init' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/cl' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/.x.tgz' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/statdx' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/wted' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/write' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/scan' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/sc' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/sl2' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/wroot' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/wscan' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/wu' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/v' [ Not found ] [05:46:25] Checking for file '/usr/bin/.zeen/..<SP>/read' [ Not found ] [05:46:25] Checking for file '/usr/lib/sshrc' [ Not found ] [05:46:25] Checking for file '/usr/lib/ssh_host_key' [ Not found ] [05:46:25] Checking for file '/usr/lib/ssh_host_key.pub' [ Not found ] [05:46:25] Checking for file '/usr/lib/ssh_random_seed' [ Not found ] [05:46:26] Checking for file '/usr/lib/sshd_config' [ Not found ] [05:46:26] Checking for file '/usr/lib/shosts.equiv' [ Not found ] [05:46:26] Checking for file '/usr/lib/ssh_known_hosts' [ Not found ] [05:46:26] Checking for file '/u/zappa/.ssh/pid' [ Not found ] [05:46:26] Checking for file '/usr/bin/.system/..<SP>/tcp.log' [ Not found ] [05:46:26] Checking for file '/usr/bin/.zeen/..<SP>/curatare/attrib' [ Not found ] [05:46:26] Checking for file '/usr/bin/.zeen/..<SP>/curatare/chattr' [ Not found ] [05:46:26] Checking for file '/usr/bin/.zeen/..<SP>/curatare/ps' [ Not found ] [05:46:26] Checking for file '/usr/bin/.zeen/..<SP>/curatare/pstree' [ Not found ] [05:46:26] Checking for file '/usr/bin/.system/..<SP>/.x/xC.o' [ Not found ] [05:46:26] Checking for directory '/usr/bin/.zeen' [ Not found ] [05:46:26] Checking for directory '/usr/bin/.zeen/..<SP>/curatare' [ Not found ] [05:46:26] Checking for directory '/usr/bin/.zeen/..<SP>/scan' [ Not found ] [05:46:26] Checking for directory '/usr/bin/.system/..<SP>' [ Not found ] [05:46:26] cb Rootkit [ Not found ] [05:46:26] [05:46:26] Checking for CiNIK Worm (Slapper.B variant)... [05:46:26] Checking for file '/tmp/.cinik' [ Not found ] [05:46:26] Checking for directory '/tmp/.font-unix/.cinik' [ Not found ] [05:46:26] CiNIK Worm (Slapper.B variant) [ Not found ] [05:46:26] [05:46:26] Checking for Danny-Boy's Abuse Kit... [05:46:26] Checking for file '/dev/mdev' [ Not found ] [05:46:26] Checking for file '/usr/lib/libX.a' [ Not found ] [05:46:26] Danny-Boy's Abuse Kit [ Not found ] [05:46:26] [05:46:26] Checking for Devil RootKit... [05:46:26] Checking for file '/var/lib/games/.src' [ Not found ] [05:46:26] Checking for file '/dev/dsx' [ Not found ] [05:46:26] Checking for file '/dev/caca' [ Not found ] [05:46:26] Checking for file '/dev/pro' [ Not found ] [05:46:26] Checking for file '/bin/bye' [ Not found ] [05:46:26] Checking for file '/bin/homedir' [ Not found ] [05:46:26] Checking for file '/usr/bin/xfss' [ Not found ] [05:46:26] Checking for file '/usr/sbin/tzava' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/holber' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/sense' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/clear' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/tzava' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/citeste' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/killrk' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/searchlog' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/gaoaza' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/cleaner' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/shk' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/srs' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/utile.tgz' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/webpage' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/getpsy' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/getbnc' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/getemech' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/localroot.sh' [ Not found ] [05:46:26] Checking for file '/usr/doc/tar/.../.dracusor/stuff/old/sense' [ Not found ] [05:46:26] Checking for directory '/usr/doc/tar/.../.dracusor' [ Not found ] [05:46:26] Devil RootKit [ Not found ] [05:46:26] [05:46:26] Checking for Dica-Kit Rootkit... [05:46:26] Checking for file '/lib/.sso' [ Not found ] [05:46:26] Checking for file '/lib/.so' [ Not found ] [05:46:26] Checking for file '/var/run/...dica/clean' [ Not found ] [05:46:26] Checking for file '/var/run/...dica/dxr' [ Not found ] [05:46:26] Checking for file '/var/run/...dica/read' [ Not found ] [05:46:26] Checking for file '/var/run/...dica/write' [ Not found ] [05:46:26] Checking for file '/var/run/...dica/lf' [ Not found ] [05:46:26] Checking for file '/var/run/...dica/xl' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/xdr' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/psg' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/secure' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/rdx' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/va' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/cl.sh' [ Not found ] [05:46:27] Checking for file '/var/run/...dica/last.log' [ Not found ] [05:46:27] Checking for file '/usr/bin/.etc' [ Not found ] [05:46:27] Checking for file '/etc/sshd_config' [ Not found ] [05:46:27] Checking for file '/etc/ssh_host_key' [ Not found ] [05:46:27] Checking for file '/etc/ssh_random_seed' [ Not found ] [05:46:27] Checking for directory '/var/run/...dica' [ Not found ] [05:46:27] Checking for directory '/var/run/...dica/mh' [ Not found ] [05:46:27] Checking for directory '/var/run/...dica/scan' [ Not found ] [05:46:27] Dica-Kit Rootkit [ Not found ] [05:46:27] [05:46:27] Checking for Dreams Rootkit... [05:46:27] Checking for file '/dev/ttyoa' [ Not found ] [05:46:27] Checking for file '/dev/ttyof' [ Not found ] [05:46:27] Checking for file '/dev/ttyop' [ Not found ] [05:46:27] Checking for file '/usr/bin/sense' [ Not found ] [05:46:27] Checking for file '/usr/bin/sl2' [ Not found ] [05:46:27] Checking for file '/usr/bin/logclear' [ Not found ] [05:46:27] Checking for file '/usr/bin/(swapd)' [ Not found ] [05:46:27] Checking for file '/usr/bin/initrd' [ Not found ] [05:46:27] Checking for file '/usr/bin/crontabs' [ Not found ] [05:46:27] Checking for file '/usr/bin/snfs' [ Not found ] [05:46:27] Checking for file '/usr/lib/libsss' [ Not found ] [05:46:27] Checking for file '/usr/lib/libsnf.log' [ Not found ] [05:46:27] Checking for file '/usr/lib/libshtift/top' [ Not found ] [05:46:27] Checking for file '/usr/lib/libshtift/ps' [ Not found ] [05:46:27] Checking for file '/usr/lib/libshtift/netstat' [ Not found ] [05:46:27] Checking for file '/usr/lib/libshtift/ls' [ Not found ] [05:46:27] Checking for file '/usr/lib/libshtift/ifconfig' [ Not found ] [05:46:27] Checking for file '/usr/include/linseed.h' [ Not found ] [05:46:27] Checking for file '/usr/include/linpid.h' [ Not found ] [05:46:27] Checking for file '/usr/include/linkey.h' [ Not found ] [05:46:27] Checking for file '/usr/include/linconf.h' [ Not found ] [05:46:27] Checking for file '/usr/include/iceseed.h' [ Not found ] [05:46:27] Checking for file '/usr/include/icepid.h' [ Not found ] [05:46:27] Checking for file '/usr/include/icekey.h' [ Not found ] [05:46:27] Checking for file '/usr/include/iceconf.h' [ Not found ] [05:46:27] Checking for directory '/dev/ida/.hpd' [ Not found ] [05:46:27] Checking for directory '/usr/lib/libshtift' [ Not found ] [05:46:27] Dreams Rootkit [ Not found ] [05:46:27] [05:46:27] Checking for Duarawkz Rootkit... [05:46:27] Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ] [05:46:27] Checking for directory '/usr/bin/duarawkz' [ Not found ] [05:46:27] Duarawkz Rootkit [ Not found ] [05:46:27] [05:46:27] Checking for Enye LKM... [05:46:27] Checking for file '/etc/.enyelkmHIDE^IT.ko' [ Not found ] [05:46:27] Checking for file '/etc/.enyelkmOCULTAR.ko' [ Not found ] [05:46:27] Enye LKM [ Not found ] [05:46:27] [05:46:27] Checking for Flea Linux Rootkit... [05:46:27] Checking for file '/etc/ld.so.hash' [ Not found ] [05:46:27] Checking for file '/lib/security/.config/ssh/sshd_config' [ Not found ] [05:46:27] Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ] [05:46:27] Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ] [05:46:27] Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ] [05:46:27] Checking for file '/usr/bin/ssh2d' [ Not found ] [05:46:27] Checking for file '/usr/lib/ldlibns.so' [ Not found ] [05:46:27] Checking for file '/usr/lib/ldlibps.so' [ Not found ] [05:46:27] Checking for file '/usr/lib/ldlibpst.so' [ Not found ] [05:46:27] Checking for file '/usr/lib/ldlibdu.so' [ Not found ] [05:46:27] Checking for file '/usr/lib/ldlibct.so' [ Not found ] [05:46:27] Checking for directory '/lib/security/.config/ssh' [ Not found ] [05:46:27] Checking for directory '/dev/..0' [ Not found ] [05:46:27] Checking for directory '/dev/..0/backup' [ Not found ] [05:46:27] Flea Linux Rootkit [ Not found ] [05:46:27] [05:46:27] Checking for Fu Rootkit... [05:46:27] Checking for file '/sbin/xc' [ Not found ] [05:46:27] Checking for file '/usr/include/ivtype.h' [ Not found ] [05:46:27] Checking for file '/bin/.lib' [ Not found ] [05:46:27] Fu Rootkit [ Not found ] [05:46:28] [05:46:28] Checking for Fuck`it Rootkit... [05:46:28] Checking for file '/lib/libproc.so.2.0.7' [ Not found ] [05:46:28] Checking for file '/dev/proc/.bash_profile' [ Not found ] [05:46:28] Checking for file '/dev/proc/.bashrc' [ Not found ] [05:46:28] Checking for file '/dev/proc/.cshrc' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/hax0r' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/hax0rshell' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/config/lports' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/config/rports' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/config/rkconf' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/config/password' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/config/progs' [ Not found ] [05:46:28] Checking for file '/dev/proc/fuckit/system-bins/init' [ Not found ] [05:46:28] Checking for file '/usr/lib/libcps.a' [ Not found ] [05:46:28] Checking for file '/usr/lib/libtty.a' [ Not found ] [05:46:28] Checking for directory '/dev/proc' [ Not found ] [05:46:28] Checking for directory '/dev/proc/fuckit' [ Not found ] [05:46:28] Checking for directory '/dev/proc/fuckit/system-bins' [ Not found ] [05:46:28] Checking for directory '/dev/proc/toolz' [ Not found ] [05:46:28] Fuck`it Rootkit [ Not found ] [05:46:28] [05:46:28] Checking for GasKit Rootkit... [05:46:28] Checking for file '/dev/dev/gaskit/sshd/sshdd' [ Not found ] [05:46:28] Checking for directory '/dev/dev' [ Not found ] [05:46:28] Checking for directory '/dev/dev/gaskit' [ Not found ] [05:46:28] Checking for directory '/dev/dev/gaskit/sshd' [ Not found ] [05:46:28] GasKit Rootkit [ Not found ] [05:46:28] [05:46:28] Checking for Heroin LKM... [05:46:28] Checking for kernel symbol 'heroin' [ Not found ] [05:46:28] Heroin LKM [ Not found ] [05:46:28] [05:46:28] Checking for HjC Kit... [05:46:28] Checking for directory '/dev/.hijackerz' [ Not found ] [05:46:28] HjC Kit [ Not found ] [05:46:28] [05:46:28] Checking for ignoKit Rootkit... [05:46:28] Checking for file '/lib/defs/p' [ Not found ] [05:46:28] Checking for file '/lib/defs/q' [ Not found ] [05:46:28] Checking for file '/lib/defs/r' [ Not found ] [05:46:28] Checking for file '/lib/defs/s' [ Not found ] [05:46:28] Checking for file '/lib/defs/t' [ Not found ] [05:46:28] Checking for file '/usr/lib/defs/p' [ Not found ] [05:46:28] Checking for file '/usr/lib/defs/q' [ Not found ] [05:46:28] Checking for file '/usr/lib/defs/r' [ Not found ] [05:46:28] Checking for file '/usr/lib/defs/s' [ Not found ] [05:46:28] Checking for file '/usr/lib/defs/t' [ Not found ] [05:46:28] Checking for file '/usr/lib/.libigno/pkunsec' [ Not found ] [05:46:28] Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ] [05:46:28] Checking for directory '/usr/lib/.libigno' [ Not found ] [05:46:28] Checking for directory '/usr/lib/.libigno/.igno' [ Not found ] [05:46:28] ignoKit Rootkit [ Not found ] [05:46:28] [05:46:28] Checking for IntoXonia-NG Rootkit... [05:46:28] Checking for kernel symbol 'funces' [ Not found ] [05:46:29] Checking for kernel symbol 'ixinit' [ Not found ] [05:46:29] Checking for kernel symbol 'tricks' [ Not found ] [05:46:29] Checking for kernel symbol 'kernel_unlink' [ Not found ] [05:46:29] Checking for kernel symbol 'rootme' [ Not found ] [05:46:29] Checking for kernel symbol 'hide_module' [ Not found ] [05:46:29] Checking for kernel symbol 'find_sys_call_tbl' [ Not found ] [05:46:29] IntoXonia-NG Rootkit [ Not found ] [05:46:29] [05:46:29] Checking for Irix Rootkit... [05:46:29] Checking for directory '/dev/pts/01' [ Not found ] [05:46:29] Checking for directory '/dev/pts/01/backup' [ Not found ] [05:46:29] Checking for directory '/dev/pts/01/etc' [ Not found ] [05:46:29] Checking for directory '/dev/pts/01/tmp' [ Not found ] [05:46:29] Irix Rootkit [ Not found ] [05:46:29] [05:46:29] Checking for Jynx Rootkit... [05:46:29] Checking for file '/xochikit/bc' [ Not found ] [05:46:29] Checking for file '/xochikit/ld_poison.so' [ Not found ] [05:46:29] Checking for file '/omgxochi/bc' [ Not found ] [05:46:29] Checking for file '/omgxochi/ld_poison.so' [ Not found ] [05:46:29] Checking for file '/var/local/^^/bc' [ Not found ] [05:46:29] Checking for file '/var/local/^^/ld_poison.so' [ Not found ] [05:46:29] Checking for directory '/xochikit' [ Not found ] [05:46:29] Checking for directory '/omgxochi' [ Not found ] [05:46:29] Checking for directory '/var/local/^^' [ Not found ] [05:46:29] Jynx Rootkit [ Not found ] [05:46:29] [05:46:29] Checking for KBeast Rootkit... [05:46:29] Checking for file '/usr/_h4x_/ipsecs-kbeast-v1.ko' [ Not found ] [05:46:29] Checking for file '/usr/_h4x_/_h4x_bd' [ Not found ] [05:46:29] Checking for file '/usr/_h4x_/acctlog' [ Not found ] [05:46:29] Checking for directory '/usr/_h4x_' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_delete_module' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_getdents64' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_kill' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_open' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_read' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_rename' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_rmdir' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_tcp4_seq_show' [ Not found ] [05:46:30] Checking for kernel symbol 'h4x_write' [ Not found ] [05:46:30] KBeast Rootkit [ Not found ] [05:46:30] [05:46:30] Checking for Kitko Rootkit... [05:46:30] Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ] [05:46:30] Kitko Rootkit [ Not found ] [05:46:30] [05:46:30] Checking for Knark Rootkit... [05:46:30] Checking for file '/proc/knark/pids' [ Not found ] [05:46:30] Checking for directory '/proc/knark' [ Not found ] [05:46:30] Knark Rootkit [ Not found ] [05:46:30] [05:46:30] Checking for ld-linuxv.so Rootkit... [05:46:30] Checking for file '/lib/ld-linuxv.so.1' [ Not found ] [05:46:30] Checking for directory '/var/opt/_so_cache' [ Not found ] [05:46:30] Checking for directory '/var/opt/_so_cache/ld' [ Not found ] [05:46:30] Checking for directory '/var/opt/_so_cache/lc' [ Not found ] [05:46:30] ld-linuxv.so Rootkit [ Not found ] [05:46:30] [05:46:30] Checking for Li0n Worm... [05:46:30] Checking for file '/bin/in.telnetd' [ Not found ] [05:46:30] Checking for file '/bin/mjy' [ Not found ] [05:46:30] Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ] [05:46:30] Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ] [05:46:30] Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/1i0n.sh' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/hack.sh' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/bind' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/randb' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/scan.sh' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/pscan' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/star.sh' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/1i0n.sh' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/lib/netstat' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ] [05:46:30] Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ] [05:46:30] Li0n Worm [ Not found ] [05:46:30] [05:46:30] Checking for Lockit / LJK2 Rootkit... [05:46:30] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ] [05:46:30] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ] [05:46:30] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ] [05:46:30] Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ] [05:46:30] Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ] [05:46:30] Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parse' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ] [05:46:31] Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ] [05:46:31] Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ] [05:46:31] Lockit / LJK2 Rootkit [ Not found ] [05:46:31] [05:46:31] Checking for Mood-NT Rootkit... [05:46:31] Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ] [05:46:31] Checking for file '/_cthulhu/mood-nt.init' [ Not found ] [05:46:31] Checking for file '/_cthulhu/mood-nt.conf' [ Not found ] [05:46:31] Checking for file '/_cthulhu/mood-nt.sniff' [ Not found ] [05:46:31] Checking for directory '/_cthulhu' [ Not found ] [05:46:31] Mood-NT Rootkit [ Not found ] [05:46:31] [05:46:31] Checking for MRK Rootkit... [05:46:31] Checking for file '/dev/ida/.inet/pid' [ Not found ] [05:46:31] Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ] [05:46:31] Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ] [05:46:31] Checking for file '/dev/ida/.inet/tcp.log' [ Not found ] [05:46:31] Checking for directory '/dev/ida/.inet' [ Not found ] [05:46:31] Checking for directory '/var/spool/cron/.sh' [ Not found ] [05:46:31] MRK Rootkit [ Not found ] |
16.04.2016, 02:23 | #66 |
| Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR RKHunter Teil 2 Code:
ATTFilter [05:46:31] [05:46:31] Checking for Ni0 Rootkit... [05:46:31] Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ] [05:46:31] Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ] [05:46:31] Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ] [05:46:31] Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ] [05:46:31] Checking for directory '/tmp/waza' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ] [05:46:31] Checking for directory '/usr/sbin/es' [ Not found ] [05:46:31] Ni0 Rootkit [ Not found ] [05:46:31] [05:46:31] Checking for Ohhara Rootkit... [05:46:31] Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile...' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ] [05:46:31] Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ] [05:46:31] Ohhara Rootkit [ Not found ] [05:46:31] [05:46:31] Checking for Optic Kit (Tux) Worm... [05:46:31] Checking for directory '/dev/tux' [ Not found ] [05:46:31] Checking for directory '/usr/bin/xchk' [ Not found ] [05:46:31] Checking for directory '/usr/bin/xsf' [ Not found ] [05:46:31] Checking for directory '/usr/bin/ssh2d' [ Not found ] [05:46:31] Optic Kit (Tux) Worm [ Not found ] [05:46:31] [05:46:31] Checking for Oz Rootkit... [05:46:31] Checking for file '/dev/.oz/.nap/rkit/terror' [ Not found ] [05:46:31] Checking for directory '/dev/.oz' [ Not found ] [05:46:31] Oz Rootkit [ Not found ] [05:46:31] [05:46:31] Checking for Phalanx Rootkit... [05:46:31] Checking for file '/uNFuNF' [ Not found ] [05:46:31] Checking for file '/etc/host.ph1' [ Not found ] [05:46:31] Checking for file '/bin/host.ph1' [ Not found ] [05:46:31] Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ] [05:46:31] Checking for file '/usr/share/.home.ph1/cb' [ Not found ] [05:46:31] Checking for file '/usr/share/.home.ph1/kebab' [ Not found ] [05:46:31] Checking for directory '/usr/share/.home.ph1' [ Not found ] [05:46:31] Checking for directory '/usr/share/.home.ph1/tty' [ Not found ] [05:46:31] Phalanx Rootkit [ Not found ] [05:46:31] [05:46:31] Checking for Phalanx2 Rootkit... [05:46:31] Checking for file '/etc/khubd.p2/.p2rc' [ Not found ] [05:46:32] Checking for file '/etc/khubd.p2/.phalanx2' [ Not found ] [05:46:32] Checking for file '/etc/khubd.p2/.sniff' [ Not found ] [05:46:32] Checking for file '/etc/khubd.p2/sshgrab.py' [ Not found ] [05:46:32] Checking for file '/etc/lolzz.p2/.p2rc' [ Not found ] [05:46:32] Checking for file '/etc/lolzz.p2/.phalanx2' [ Not found ] [05:46:32] Checking for file '/etc/lolzz.p2/.sniff' [ Not found ] [05:46:32] Checking for file '/etc/lolzz.p2/sshgrab.py' [ Not found ] [05:46:32] Checking for file '/etc/cron.d/zupzzplaceholder' [ Not found ] [05:46:32] Checking for file '/usr/lib/zupzz.p2/.p-2.3d' [ Not found ] [05:46:32] Checking for file '/usr/lib/zupzz.p2/.p2rc' [ Not found ] [05:46:32] Checking for directory '/etc/khubd.p2' [ Not found ] [05:46:32] Checking for directory '/etc/lolzz.p2' [ Not found ] [05:46:32] Checking for directory '/usr/lib/zupzz.p2' [ Not found ] [05:46:32] Phalanx2 Rootkit [ Not found ] [05:46:32] [05:46:32] Checking for Phalanx2 Rootkit (extended tests)... [05:46:32] Checking for directory '/etc/khubd.p2' [ Not found ] [05:46:32] Checking for directory '/etc/lolzz.p2' [ Not found ] [05:46:32] Checking for directory '/usr/lib/zupzz.p2' [ Not found ] [05:46:32] Phalanx2 Rootkit (extended tests) [ Not found ] [05:46:32] [05:46:32] Checking for Portacelo Rootkit... [05:46:32] Checking for file '/var/lib/.../.ak' [ Not found ] [05:46:32] Checking for file '/var/lib/.../.hk' [ Not found ] [05:46:32] Checking for file '/var/lib/.../.rs' [ Not found ] [05:46:32] Checking for file '/var/lib/.../.p' [ Not found ] [05:46:32] Checking for file '/var/lib/.../getty' [ Not found ] [05:46:32] Checking for file '/var/lib/.../lkt.o' [ Not found ] [05:46:32] Checking for file '/var/lib/.../show' [ Not found ] [05:46:32] Checking for file '/var/lib/.../nlkt.o' [ Not found ] [05:46:32] Checking for file '/var/lib/.../ssshrc' [ Not found ] [05:46:32] Checking for file '/var/lib/.../sssh_equiv' [ Not found ] [05:46:32] Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ] [05:46:32] Checking for file '/var/lib/.../sssh_pid' [ Not found ] [05:46:32] Checking for file '~/.sssh/known_hosts' [ Not found ] [05:46:32] Portacelo Rootkit [ Not found ] [05:46:32] [05:46:32] Checking for R3dstorm Toolkit... [05:46:32] Checking for file '/var/log/tk02/see_all' [ Not found ] [05:46:32] Checking for file '/var/log/tk02/.scris' [ Not found ] [05:46:32] Checking for file '/bin/.../sshd/sbin/sshd1' [ Not found ] [05:46:32] Checking for file '/bin/.../hate/sk' [ Not found ] [05:46:32] Checking for file '/bin/.../see_all' [ Not found ] [05:46:32] Checking for directory '/var/log/tk02' [ Not found ] [05:46:32] Checking for directory '/var/log/tk02/old' [ Not found ] [05:46:32] Checking for directory '/bin/...' [ Not found ] [05:46:32] R3dstorm Toolkit [ Not found ] [05:46:32] [05:46:32] Checking for RH-Sharpe's Rootkit... [05:46:32] Checking for file '/bin/lps' [ Not found ] [05:46:32] Checking for file '/usr/bin/lpstree' [ Not found ] [05:46:32] Checking for file '/usr/bin/ltop' [ Not found ] [05:46:32] Checking for file '/usr/bin/lkillall' [ Not found ] [05:46:32] Checking for file '/usr/bin/ldu' [ Not found ] [05:46:32] Checking for file '/usr/bin/lnetstat' [ Not found ] [05:46:32] Checking for file '/usr/bin/wp' [ Not found ] [05:46:32] Checking for file '/usr/bin/shad' [ Not found ] [05:46:32] Checking for file '/usr/bin/vadim' [ Not found ] [05:46:32] Checking for file '/usr/bin/slice' [ Not found ] [05:46:32] Checking for file '/usr/bin/cleaner' [ Not found ] [05:46:32] Checking for file '/usr/include/rpcsvc/du' [ Not found ] [05:46:32] RH-Sharpe's Rootkit [ Not found ] [05:46:32] [05:46:32] Checking for RSHA's Rootkit... [05:46:32] Checking for file '/bin/kr4p' [ Not found ] [05:46:32] Checking for file '/usr/bin/n3tstat' [ Not found ] [05:46:32] Checking for file '/usr/bin/chsh2' [ Not found ] [05:46:32] Checking for file '/usr/bin/slice2' [ Not found ] [05:46:32] Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ] [05:46:32] Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ] [05:46:32] Checking for directory '/etc/rc.d/rsha' [ Not found ] [05:46:32] Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ] [05:46:32] RSHA's Rootkit [ Not found ] [05:46:32] [05:46:32] Checking for Scalper Worm... [05:46:32] Checking for file '/tmp/.a' [ Not found ] [05:46:32] Checking for file '/tmp/.uua' [ Not found ] [05:46:32] Scalper Worm [ Not found ] [05:46:32] [05:46:32] Checking for Sebek LKM... [05:46:32] Checking for kernel symbol 'adore or sebek' [ Not found ] [05:46:32] Sebek LKM [ Not found ] [05:46:32] [05:46:32] Checking for Shutdown Rootkit... [05:46:32] Checking for file '/usr/man/man5/..<SP>/.dir/scannah/asus' [ Not found ] [05:46:33] Checking for file '/usr/man/man5/..<SP>/.dir/see' [ Not found ] [05:46:33] Checking for file '/usr/man/man5/..<SP>/.dir/nscd' [ Not found ] [05:46:33] Checking for file '/usr/man/man5/..<SP>/.dir/alpd' [ Not found ] [05:46:33] Checking for file '/etc/rc.d/rc.local<SP>' [ Not found ] [05:46:33] Checking for directory '/usr/man/man5/..<SP>/.dir' [ Not found ] [05:46:33] Checking for directory '/usr/man/man5/..<SP>/.dir/scannah' [ Not found ] [05:46:33] Checking for directory '/etc/rc.d/rc0.d/..<SP>/.dir' [ Not found ] [05:46:33] Shutdown Rootkit [ Not found ] [05:46:33] [05:46:33] Checking for SHV4 Rootkit... [05:46:33] Checking for file '/etc/ld.so.hash' [ Not found ] [05:46:33] Checking for file '/lib/libext-2.so.7' [ Not found ] [05:46:33] Checking for file '/lib/lidps1.so' [ Not found ] [05:46:33] Checking for file '/lib/libproc.a' [ Not found ] [05:46:33] Checking for file '/lib/libproc.so.2.0.6' [ Not found ] [05:46:33] Checking for file '/lib/ldd.so/tks' [ Not found ] [05:46:33] Checking for file '/lib/ldd.so/tkp' [ Not found ] [05:46:33] Checking for file '/lib/ldd.so/tksb' [ Not found ] [05:46:33] Checking for file '/lib/security/.config/sshd' [ Not found ] [05:46:33] Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ] [05:46:33] Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ] [05:46:33] Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ] [05:46:33] Checking for file '/usr/include/file.h' [ Not found ] [05:46:33] Checking for file '/usr/include/hosts.h' [ Not found ] [05:46:33] Checking for file '/usr/include/lidps1.so' [ Not found ] [05:46:33] Checking for file '/usr/include/log.h' [ Not found ] [05:46:33] Checking for file '/usr/include/proc.h' [ Not found ] [05:46:33] Checking for file '/usr/sbin/xntps' [ Not found ] [05:46:33] Checking for file '/dev/srd0' [ Not found ] [05:46:33] Checking for directory '/lib/ldd.so' [ Not found ] [05:46:33] Checking for directory '/lib/security/.config' [ Not found ] [05:46:33] Checking for directory '/lib/security/.config/ssh' [ Not found ] [05:46:33] SHV4 Rootkit [ Not found ] [05:46:33] [05:46:33] Checking for SHV5 Rootkit... [05:46:33] Checking for file '/etc/sh.conf' [ Not found ] [05:46:33] Checking for file '/lib/libproc.a' [ Not found ] [05:46:33] Checking for file '/lib/libproc.so.2.0.6' [ Not found ] [05:46:33] Checking for file '/lib/lidps1.so' [ Not found ] [05:46:33] Checking for file '/lib/libsh.so/bash' [ Not found ] [05:46:33] Checking for file '/usr/include/file.h' [ Not found ] [05:46:33] Checking for file '/usr/include/hosts.h' [ Not found ] [05:46:33] Checking for file '/usr/include/log.h' [ Not found ] [05:46:33] Checking for file '/usr/include/proc.h' [ Not found ] [05:46:33] Checking for file '/lib/libsh.so/shdcf2' [ Not found ] [05:46:33] Checking for file '/lib/libsh.so/shhk' [ Not found ] [05:46:33] Checking for file '/lib/libsh.so/shhk.pub' [ Not found ] [05:46:33] Checking for file '/lib/libsh.so/shrs' [ Not found ] [05:46:33] Checking for file '/usr/lib/libsh/.bashrc' [ Not found ] [05:46:33] Checking for file '/usr/lib/libsh/shsb' [ Not found ] [05:46:33] Checking for file '/usr/lib/libsh/hide' [ Not found ] [05:46:33] Checking for file '/usr/lib/libsh/.sniff/shsniff' [ Not found ] [05:46:33] Checking for file '/usr/lib/libsh/.sniff/shp' [ Not found ] [05:46:33] Checking for file '/dev/srd0' [ Not found ] [05:46:33] Checking for directory '/lib/libsh.so' [ Not found ] [05:46:33] Checking for directory '/usr/lib/libsh' [ Not found ] [05:46:33] Checking for directory '/usr/lib/libsh/utilz' [ Not found ] [05:46:33] Checking for directory '/usr/lib/libsh/.backup' [ Not found ] [05:46:33] SHV5 Rootkit [ Not found ] [05:46:33] [05:46:33] Checking for Sin Rootkit... [05:46:33] Checking for file '/dev/.haos/haos1/.f/Denyed' [ Not found ] [05:46:33] Checking for file '/dev/ttyoa' [ Not found ] [05:46:33] Checking for file '/dev/ttyof' [ Not found ] [05:46:33] Checking for file '/dev/ttyop' [ Not found ] [05:46:33] Checking for file '/dev/ttyos' [ Not found ] [05:46:33] Checking for file '/usr/lib/.lib' [ Not found ] [05:46:33] Checking for file '/usr/lib/sn/.X' [ Not found ] [05:46:33] Checking for file '/usr/lib/sn/.sys' [ Not found ] [05:46:33] Checking for file '/usr/lib/ld/.X' [ Not found ] [05:46:33] Checking for file '/usr/man/man1/...' [ Not found ] [05:46:33] Checking for file '/usr/man/man1/.../.m' [ Not found ] [05:46:33] Checking for file '/usr/man/man1/.../.w' [ Not found ] [05:46:33] Checking for directory '/usr/lib/sn' [ Not found ] [05:46:33] Checking for directory '/usr/lib/man1/...' [ Not found ] [05:46:33] Checking for directory '/dev/.haos' [ Not found ] [05:46:33] Sin Rootkit [ Not found ] [05:46:33] [05:46:33] Checking for Slapper Worm... [05:46:33] Checking for file '/tmp/.bugtraq' [ Not found ] [05:46:33] Checking for file '/tmp/.uubugtraq' [ Not found ] [05:46:33] Checking for file '/tmp/.bugtraq.c' [ Not found ] [05:46:33] Checking for file '/tmp/httpd' [ Not found ] [05:46:33] Checking for file '/tmp/.unlock' [ Not found ] [05:46:33] Checking for file '/tmp/update' [ Not found ] [05:46:33] Checking for file '/tmp/.cinik' [ Not found ] [05:46:33] Checking for file '/tmp/.b' [ Not found ] [05:46:34] Slapper Worm [ Not found ] [05:46:34] [05:46:34] Checking for Sneakin Rootkit... [05:46:34] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ] [05:46:34] Sneakin Rootkit [ Not found ] [05:46:34] [05:46:34] Checking for 'Spanish' Rootkit... [05:46:34] Checking for file '/dev/ptyq' [ Not found ] [05:46:34] Checking for file '/bin/ad' [ Not found ] [05:46:34] Checking for file '/bin/ava' [ Not found ] [05:46:34] Checking for file '/bin/server' [ Not found ] [05:46:34] Checking for file '/usr/sbin/rescue' [ Not found ] [05:46:34] Checking for file '/usr/share/.../chrps' [ Not found ] [05:46:34] Checking for file '/usr/share/.../chrifconfig' [ Not found ] [05:46:34] Checking for file '/usr/share/.../netstat' [ Not found ] [05:46:34] Checking for file '/usr/share/.../linsniffer' [ Not found ] [05:46:34] Checking for file '/usr/share/.../charbd' [ Not found ] [05:46:34] Checking for file '/usr/share/.../charbd2' [ Not found ] [05:46:34] Checking for file '/usr/share/.../charbd3' [ Not found ] [05:46:34] Checking for file '/usr/share/.../charbd4' [ Not found ] [05:46:34] Checking for file '/usr/man/tmp/update.tgz' [ Not found ] [05:46:34] Checking for file '/var/lib/rpm/db.rpm' [ Not found ] [05:46:34] Checking for file '/var/cache/man/.cat' [ Not found ] [05:46:34] Checking for file '/var/spool/lpd/remote/.lpq' [ Not found ] [05:46:34] Checking for directory '/usr/share/...' [ Not found ] [05:46:34] 'Spanish' Rootkit [ Not found ] [05:46:34] [05:46:34] Checking for Suckit Rootkit... [05:46:34] Checking for file '/sbin/initsk12' [ Not found ] [05:46:34] Checking for file '/sbin/initxrk' [ Not found ] [05:46:34] Checking for file '/usr/bin/null' [ Not found ] [05:46:34] Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc0.d/S23kmdac' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc1.d/S23kmdac' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc2.d/S23kmdac' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc3.d/S23kmdac' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc4.d/S23kmdac' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc5.d/S23kmdac' [ Not found ] [05:46:34] Checking for file '/etc/rc.d/rc6.d/S23kmdac' [ Not found ] [05:46:34] Checking for directory '/dev/sdhu0/tehdrakg' [ Not found ] [05:46:34] Checking for directory '/etc/.MG' [ Not found ] [05:46:34] Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ] [05:46:34] Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ] [05:46:34] Suckit Rootkit [ Not found ] [05:46:34] [05:46:34] Checking for Superkit Rootkit... [05:46:34] Checking for file '/usr/man/.sman/sk/backsh' [ Not found ] [05:46:34] Checking for file '/usr/man/.sman/sk/izbtrag' [ Not found ] [05:46:34] Checking for file '/usr/man/.sman/sk/sksniff' [ Not found ] [05:46:34] Checking for file '/var/www/cgi-bin/cgiback.cgi' [ Not found ] [05:46:34] Checking for directory '/usr/man/.sman/sk' [ Not found ] [05:46:34] Superkit Rootkit [ Not found ] [05:46:34] [05:46:34] Checking for TBD (Telnet BackDoor)... [05:46:34] Checking for file '/usr/lib/.tbd' [ Not found ] [05:46:34] TBD (Telnet BackDoor) [ Not found ] [05:46:34] [05:46:34] Checking for TeLeKiT Rootkit... [05:46:34] Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ] [05:46:34] Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ] [05:46:34] Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ] [05:46:34] Checking for file '/usr/man/man3/.../cl' [ Not found ] [05:46:34] Checking for file '/dev/ptyr' [ Not found ] [05:46:34] Checking for file '/dev/ptyp' [ Not found ] [05:46:34] Checking for file '/dev/ptyq' [ Not found ] [05:46:34] Checking for file '/dev/hda06' [ Not found ] [05:46:34] Checking for file '/usr/info/libc1.so' [ Not found ] [05:46:34] Checking for directory '/usr/man/man3/...' [ Not found ] [05:46:34] Checking for directory '/usr/man/man3/.../lsniff' [ Not found ] [05:46:34] Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ] [05:46:34] TeLeKiT Rootkit [ Not found ] [05:46:34] [05:46:34] Checking for T0rn Rootkit... [05:46:34] Checking for file '/dev/.lib/lib/lib/t0rns' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/du' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/ls' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/t0rnsb' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/ps' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/t0rnp' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/find' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/ifconfig' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/pg' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/ssh.tgz' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/top' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/sz' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/login' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/1i0n.sh' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/pstree' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ] [05:46:34] Checking for file '/dev/.lib/lib/lib/mjy' [ Not found ] [05:46:35] Checking for file '/dev/.lib/lib/lib/sush' [ Not found ] [05:46:35] Checking for file '/dev/.lib/lib/lib/tfn' [ Not found ] [05:46:35] Checking for file '/dev/.lib/lib/lib/name' [ Not found ] [05:46:35] Checking for file '/dev/.lib/lib/lib/getip.sh' [ Not found ] [05:46:35] Checking for file '/usr/info/.torn/sh*' [ Not found ] [05:46:35] Checking for file '/usr/src/.puta/.1addr' [ Not found ] [05:46:35] Checking for file '/usr/src/.puta/.1file' [ Not found ] [05:46:35] Checking for file '/usr/src/.puta/.1proc' [ Not found ] [05:46:35] Checking for file '/usr/src/.puta/.1logz' [ Not found ] [05:46:35] Checking for file '/usr/info/.t0rn' [ Not found ] [05:46:35] Checking for directory '/dev/.lib' [ Not found ] [05:46:35] Checking for directory '/dev/.lib/lib' [ Not found ] [05:46:35] Checking for directory '/dev/.lib/lib/lib' [ Not found ] [05:46:35] Checking for directory '/dev/.lib/lib/lib/dev' [ Not found ] [05:46:35] Checking for directory '/dev/.lib/lib/scan' [ Not found ] [05:46:35] Checking for directory '/usr/src/.puta' [ Not found ] [05:46:35] Checking for directory '/usr/man/man1/man1' [ Not found ] [05:46:35] Checking for directory '/usr/man/man1/man1/lib' [ Not found ] [05:46:35] Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ] [05:46:35] Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ] [05:46:35] T0rn Rootkit [ Not found ] [05:46:35] [05:46:35] Checking for trNkit Rootkit... [05:46:35] Checking for file '/usr/lib/libbins.la' [ Not found ] [05:46:35] Checking for file '/usr/lib/libtcs.so' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/ulogin.sh' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/tcpshell.sh' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/bupdu' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/buloc' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/buloc1' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/buloc2' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/stat' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/backps' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/tree' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/topk' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/wold' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/whoold' [ Not found ] [05:46:35] Checking for file '/dev/.ttpy/backdoors' [ Not found ] [05:46:35] trNkit Rootkit [ Not found ] [05:46:35] [05:46:35] Checking for Trojanit Kit... [05:46:35] Checking for file '/bin/.ls' [ Not found ] [05:46:35] Checking for file '/bin/.ps' [ Not found ] [05:46:35] Checking for file '/bin/.netstat' [ Not found ] [05:46:35] Checking for file '/usr/bin/.nop' [ Not found ] [05:46:35] Checking for file '/usr/bin/.who' [ Not found ] [05:46:35] Trojanit Kit [ Not found ] [05:46:35] [05:46:35] Checking for Tuxtendo Rootkit... [05:46:35] Checking for file '/lib/libproc.so.2.0.7' [ Not found ] [05:46:35] Checking for file '/usr/bin/xchk' [ Not found ] [05:46:35] Checking for file '/usr/bin/xsf' [ Not found ] [05:46:35] Checking for file '/dev/tux/suidsh' [ Not found ] [05:46:35] Checking for file '/dev/tux/.addr' [ Not found ] [05:46:35] Checking for file '/dev/tux/.cron' [ Not found ] [05:46:35] Checking for file '/dev/tux/.file' [ Not found ] [05:46:35] Checking for file '/dev/tux/.log' [ Not found ] [05:46:35] Checking for file '/dev/tux/.proc' [ Not found ] [05:46:35] Checking for file '/dev/tux/.iface' [ Not found ] [05:46:35] Checking for file '/dev/tux/.pw' [ Not found ] [05:46:35] Checking for file '/dev/tux/.df' [ Not found ] [05:46:35] Checking for file '/dev/tux/.ssh' [ Not found ] [05:46:35] Checking for file '/dev/tux/.tux' [ Not found ] [05:46:35] Checking for file '/dev/tux/ssh2/sshd2_config' [ Not found ] [05:46:35] Checking for file '/dev/tux/ssh2/hostkey' [ Not found ] [05:46:35] Checking for file '/dev/tux/ssh2/hostkey.pub' [ Not found ] [05:46:35] Checking for file '/dev/tux/ssh2/logo' [ Not found ] [05:46:35] Checking for file '/dev/tux/ssh2/random_seed' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/crontab' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/df' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/dir' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/find' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/ifconfig' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/locate' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/netstat' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/ps' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/pstree' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/syslogd' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/tcpd' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/top' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/updatedb' [ Not found ] [05:46:35] Checking for file '/dev/tux/backup/vdir' [ Not found ] [05:46:36] Checking for directory '/dev/tux' [ Not found ] [05:46:36] Checking for directory '/dev/tux/ssh2' [ Not found ] [05:46:36] Checking for directory '/dev/tux/backup' [ Not found ] [05:46:36] Tuxtendo Rootkit [ Not found ] [05:46:36] [05:46:36] Checking for URK Rootkit... [05:46:36] Checking for file '/dev/prom/sn.l' [ Not found ] [05:46:36] Checking for file '/usr/lib/ldlibps.so' [ Not found ] [05:46:36] Checking for file '/usr/lib/ldlibnet.so' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/uconf.inv' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/cleaner' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/psniff' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/du' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/ls' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/passwd' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/ps' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/psr' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/su' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/find' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/netstat' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/ping' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/strings' [ Not found ] [05:46:36] Checking for file '/dev/pts/01/bin/bash' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/du' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/ls' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/passwd' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/ps' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/psr' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/su' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/netstat' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/ping' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/strings' [ Not found ] [05:46:36] Checking for file '/usr/man/man1/xxxxxxbin/bash' [ Not found ] [05:46:36] Checking for file '/tmp/conf.inv' [ Not found ] [05:46:36] Checking for directory '/dev/prom' [ Not found ] [05:46:36] Checking for directory '/dev/pts/01' [ Not found ] [05:46:36] Checking for directory '/dev/pts/01/bin' [ Not found ] [05:46:36] Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ] [05:46:36] URK Rootkit [ Not found ] [05:46:36] [05:46:36] Checking for Vampire Rootkit... [05:46:36] Checking for kernel symbol 'new_getdents' [ Not found ] [05:46:36] Checking for kernel symbol 'old_getdents' [ Not found ] [05:46:36] Checking for kernel symbol 'should_hide_file_name' [ Not found ] [05:46:36] Checking for kernel symbol 'should_hide_task_name' [ Not found ] [05:46:36] Vampire Rootkit [ Not found ] [05:46:36] [05:46:36] Checking for VcKit Rootkit... [05:46:36] Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ] [05:46:36] Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ] [05:46:36] VcKit Rootkit [ Not found ] [05:46:36] [05:46:36] Checking for Volc Rootkit... [05:46:36] Checking for file '/usr/bin/volc' [ Not found ] [05:46:36] Checking for file '/usr/lib/volc/backdoor/divine' [ Not found ] [05:46:36] Checking for file '/usr/lib/volc/linsniff' [ Not found ] [05:46:36] Checking for file '/etc/rc.d/rc1.d/S25sysconf' [ Not found ] [05:46:36] Checking for file '/etc/rc.d/rc2.d/S25sysconf' [ Not found ] [05:46:36] Checking for file '/etc/rc.d/rc3.d/S25sysconf' [ Not found ] [05:46:36] Checking for file '/etc/rc.d/rc4.d/S25sysconf' [ Not found ] [05:46:36] Checking for file '/etc/rc.d/rc5.d/S25sysconf' [ Not found ] [05:46:36] Checking for directory '/var/spool/.recent' [ Not found ] [05:46:36] Checking for directory '/var/spool/.recent/.files' [ Not found ] [05:46:36] Checking for directory '/usr/lib/volc' [ Not found ] [05:46:36] Checking for directory '/usr/lib/volc/backup' [ Not found ] [05:46:36] Volc Rootkit [ Not found ] [05:46:36] [05:46:36] Checking for Xzibit Rootkit... [05:46:36] Checking for file '/dev/dsx' [ Not found ] [05:46:36] Checking for file '/dev/caca' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/linsniffer' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/logclear' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/sense' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/sl2' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/sshdu' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/s' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/sl2new.c' [ Not found ] [05:46:37] Checking for file '/dev/ida/.inet/tcp.log' [ Not found ] [05:46:37] Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not found ] [05:46:37] Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [ Not found ] [05:46:37] Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [ Not found ] [05:46:37] Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not found ] [05:46:37] Checking for file '/www/cgi-bin/becys.cgi' [ Not found ] [05:46:37] Checking for directory '/dev/ida/.inet' [ Not found ] [05:46:37] Xzibit Rootkit [ Not found ] [05:46:37] [05:46:37] Checking for zaRwT.KiT Rootkit... [05:46:37] Checking for file '/dev/rd/s/sendmeil' [ Not found ] [05:46:37] Checking for file '/dev/ttyf' [ Not found ] [05:46:37] Checking for file '/dev/ttyp' [ Not found ] [05:46:37] Checking for file '/dev/ttyn' [ Not found ] [05:46:37] Checking for file '/rk/tulz' [ Not found ] [05:46:37] Checking for directory '/rk' [ Not found ] [05:46:37] Checking for directory '/dev/rd/s' [ Not found ] [05:46:37] zaRwT.KiT Rootkit [ Not found ] [05:46:37] [05:46:37] Checking for ZK Rootkit... [05:46:37] Checking for file '/usr/share/.zk/zk' [ Not found ] [05:46:37] Checking for file '/usr/X11R6/.zk/xfs' [ Not found ] [05:46:37] Checking for file '/usr/X11R6/.zk/echo' [ Not found ] [05:46:37] Checking for file '/etc/1ssue.net' [ Not found ] [05:46:37] Checking for file '/etc/sysconfig/console/load.zk' [ Not found ] [05:46:37] Checking for directory '/usr/share/.zk' [ Not found ] [05:46:37] Checking for directory '/usr/X11R6/.zk' [ Not found ] [05:46:37] ZK Rootkit [ Not found ] [05:47:55] [05:47:55] Info: Starting test name 'additional_rkts' [05:47:55] Performing additional rootkit checks [05:47:55] [05:47:55] Performing Suckit Rookit additional checks [05:47:55] Checking hard link count on '/sbin/init' [ OK ] [05:47:55] Checking for hidden file extensions [ None found ] [05:47:55] Running skdet command [ Skipped ] [05:47:55] Info: Unable to find the 'skdet' command [05:47:55] Suckit Rookit additional checks [ OK ] [05:47:55] [05:47:55] Info: Starting test name 'possible_rkt_files' [05:47:55] Performing check of possible rootkit files and directories [05:47:55] Checking for file '/dev/sdr0' [ Not found ] [05:47:55] Checking for file '/dev/pisu' [ Not found ] [05:47:55] Checking for file '/dev/xdta' [ Not found ] [05:47:55] Checking for file '/dev/saux' [ Not found ] [05:47:55] Checking for file '/dev/hdx' [ Not found ] [05:47:55] Checking for file '/dev/hdx1' [ Not found ] [05:47:55] Checking for file '/dev/hdx2' [ Not found ] [05:47:55] Checking for file '/dev/ptyy' [ Not found ] [05:47:55] Checking for file '/dev/ptyu' [ Not found ] [05:47:55] Checking for file '/dev/ptyv' [ Not found ] [05:47:55] Checking for file '/dev/hdbb' [ Not found ] [05:47:55] Checking for file '/tmp/.syshackfile' [ Not found ] [05:47:55] Checking for file '/tmp/.bash_history' [ Not found ] [05:47:55] Checking for file '/usr/info/.clib' [ Not found ] [05:47:55] Checking for file '/usr/sbin/tcp.log' [ Not found ] [05:47:55] Checking for file '/usr/bin/take/pid' [ Not found ] [05:47:55] Checking for file '/sbin/create' [ Not found ] [05:47:55] Checking for file '/dev/ttypz' [ Not found ] [05:47:55] Checking for file '/var/log/tcp.log' [ Not found ] [05:47:55] Checking for file '/usr/include/audit.h' [ Not found ] [05:47:55] Checking for file '/usr/bin/sourcemask' [ Not found ] [05:47:55] Checking for file '/usr/bin/ras2xm' [ Not found ] [05:47:55] Checking for file '/dev/xmx' [ Not found ] [05:47:55] Checking for file '/usr/sbin/gpm.root' [ Not found ] [05:47:55] Checking for file '/bin/vobiscum' [ Not found ] [05:47:55] Checking for file '/bin/psr' [ Not found ] [05:47:55] Checking for file '/dev/kdx' [ Not found ] [05:47:55] Checking for file '/dev/dkx' [ Not found ] [05:47:55] Checking for file '/usr/sbin/sshd3' [ Not found ] [05:47:55] Checking for file '/usr/sbin/jcd' [ Not found ] [05:47:55] Checking for file '/etc/rc.d/init.d/jcd' [ Not found ] [05:47:55] Checking for file '/usr/sbin/atd2' [ Not found ] [05:47:55] Checking for file '/home/httpd/cgi-bin/linux.cgi' [ Not found ] [05:47:55] Checking for file '/home/httpd/cgi-bin/psid' [ Not found ] [05:47:55] Checking for file '/home/httpd/cgi-bin/void.cgi' [ Not found ] [05:47:55] Checking for file '/etc/rc.d/init.d/system' [ Not found ] [05:47:55] Checking for file '/etc/rc.d/rc3.d/S93users' [ Not found ] [05:47:55] Checking for file '/tmp/.ush' [ Not found ] [05:47:55] Checking for file '/usr/lib/libhidefile.so' [ Not found ] [05:47:55] Checking for file '/etc/cron.d/kmod' [ Not found ] [05:47:55] Checking for file '/usr/lib/dmis/dmisd' [ Not found ] [05:47:55] Checking for file '/lib/secure/libhij.so' [ Not found ] [05:47:55] Checking for file '/usr/sbin/sshd3' [ Not found ] [05:47:55] Checking for file '/etc/rc.d/init.d/crontab' [ Not found ] [05:47:55] Checking for file '/etc/rc.d/init.d/jcd' [ Not found ] [05:47:55] Checking for file '/usr/sbin/atd2' [ Not found ] [05:47:55] Checking for file '/etc/rc.d/rc5.d/S93users' [ Not found ] [05:47:55] Checking for file '/usr/include/mysql/mysql.hh1' [ Not found ] [05:47:55] Checking for file '/etc/init.d/xfs3' [ Not found ] [05:47:55] Checking for file '/usr/sbin/t.txt' [ Not found ] [05:47:55] Checking for file '/usr/sbin/change' [ Not found ] [05:47:55] Checking for file '/usr/sbin/s' [ Not found ] [05:47:55] Checking for file '/bin/f' [ Not found ] [05:47:55] Checking for file '/bin/i' [ Not found ] [05:47:55] Checking for file '/lib/libncom.so.4.0.1' [ Not found ] [05:47:55] Checking for file '/sbin/zinit' [ Not found ] [05:47:55] Checking for file '/tmp/pass_ssh.log' [ Not found ] [05:47:56] Checking for file '/usr/include/gpm2.h' [ Not found ] [05:47:56] Checking for file '/etc/ssh/.sshd_auth' [ Not found ] [05:47:56] Checking for file '/usr/lib/.sshd.h' [ Not found ] [05:47:56] Checking for file '/var/run/.defunct' [ Not found ] [05:47:56] Checking for file '/etc/httpd/run/.defunct' [ Not found ] [05:47:56] Checking for file '/usr/share/pci.r' [ Not found ] [05:47:56] Checking for file '/etc/cron.daily/dnsquery' [ Not found ] [05:47:56] Checking for file '/usr/lib/libutil1.2.1.2.so' [ Not found ] [05:47:56] Checking for file '/bin/ceva' [ Not found ] [05:47:56] Checking for file '/sbin/syslogd<SP>' [ Not found ] [05:47:56] Checking for file '/usr/include/shup.h' [ Not found ] [05:47:56] Checking for file '/etc/rpm/sshdOLD' [ Not found ] [05:47:56] Checking for file '/etc/rpm/sshOLD' [ Not found ] [05:47:56] Checking for file '/usr/share/passwd.h' [ Not found ] [05:47:56] Checking for file '/lib/.xsyslog' [ Not found ] [05:47:56] Checking for file '/etc/.xsyslog' [ Not found ] [05:47:56] Checking for file '/lib/.ssyslog' [ Not found ] [05:47:56] Checking for file '/tmp/.sendmail' [ Not found ] [05:47:56] Checking for file '/usr/share/sshd.sync' [ Not found ] [05:47:56] Checking for file '/bin/zcut' [ Not found ] [05:47:56] Checking for file '/usr/bin/zmuie' [ Not found ] [05:47:56] Checking for file '/lib/libkeyutils.so.1.9' [ Not found ] [05:47:56] Checking for file '/lib64/libkeyutils.so.1.9' [ Not found ] [05:47:56] Checking for file '/usr/lib/libkeyutils.so.1.9' [ Not found ] [05:47:56] Checking for file '/usr/lib64/libkeyutils.so.1.9' [ Not found ] [05:47:56] Checking for directory '/dev/ptyas' [ Not found ] [05:47:56] Checking for directory '/usr/bin/take' [ Not found ] [05:47:56] Checking for directory '/usr/src/.lib' [ Not found ] [05:47:56] Checking for directory '/usr/share/man/man1/.1c' [ Not found ] [05:47:56] Checking for directory '/lib/lblip.tk' [ Not found ] [05:47:56] Checking for directory '/usr/sbin/...' [ Not found ] [05:47:56] Checking for directory '/usr/share/.gun' [ Not found ] [05:47:56] Checking for directory '/unde/vrei/tu/sa/te/ascunzi/in/server' [ Not found ] [05:47:56] Checking for directory '/usr/man/man1/..<SP><SP>/.dir' [ Not found ] [05:47:56] Checking for directory '/usr/X11R6/include/X11/...' [ Not found ] [05:47:56] Checking for directory '/usr/X11R6/lib/X11/.fonts/misc/...' [ Not found ] [05:47:56] Checking for directory '/tmp/.sys' [ Not found ] [05:47:56] Checking for directory '/tmp/'' [ Not found ] [05:47:56] Checking for directory '/tmp/.,' [ Not found ] [05:47:56] Checking for directory '/tmp/,.,' [ Not found ] [05:47:56] Checking for directory '/dev/shm/emilien' [ Not found ] [05:47:56] Checking for directory '/var/tmp/.log' [ Not found ] [05:47:56] Checking for directory '/tmp/zmeu/...<SP>' [ Not found ] [05:47:56] Checking for directory '/var/log/ssh' [ Not found ] [05:47:56] Checking for directory '/dev/ida' [ Not found ] [05:47:56] Checking for directory '/var/lib/games/.src/ssk/shit' [ Not found ] [05:47:56] Checking for directory '/usr/lib/libshtift' [ Not found ] [05:47:56] Checking for directory '/usr/src/.poop' [ Not found ] [05:47:56] Checking for directory '/dev/wd4' [ Not found ] [05:47:56] Checking for directory '/var/run/.tmp' [ Not found ] [05:47:56] Checking for directory '/usr/man/man1/lib/.lib' [ Not found ] [05:47:56] Checking for directory '/dev/portd' [ Not found ] [05:47:56] Checking for directory '/dev/...' [ Not found ] [05:47:56] Checking for directory '/usr/share/man/mansps' [ Not found ] [05:47:56] Checking for directory '/lib/.so' [ Not found ] [05:47:56] Checking for directory '/lib/.sso' [ Not found ] [05:47:56] Checking for directory '/usr/include/sslv3' [ Not found ] [05:47:56] Checking for directory '/dev/shm/sshd' [ Not found ] [05:47:56] Checking for directory '/usr/share/locale/mk/.dev/sk' [ Not found ] [05:47:56] Checking for directory '/usr/share/locale/mk/.dev' [ Not found ] [05:47:56] Checking for directory '/usr/include/netda.h' [ Not found ] [05:47:56] Checking for directory '/usr/include/.ssh' [ Not found ] [05:47:57] Checking for directory '/usr/share/locale/jp/.<SP>' [ Not found ] [05:47:57] Checking for directory '/usr/share/.sqe' [ Not found ] [05:47:57] Checking for possible rootkit files and directories [ None found ] [05:47:57] [05:47:57] Info: Starting test name 'possible_rkt_strings' [05:47:57] Performing check for possible rootkit strings [05:47:57] Info: Using system startup paths: /etc/rc.local /etc/init.d [05:47:57] Checking for string 'phalanx' [ Not found ] [05:47:57] Checking for string '/dev/proc/fuckit' [ Not found ] [05:47:57] Checking for string 'FUCK' [ Not found ] [05:47:57] Checking for string 'backdoor' [ Not found ] [05:47:57] Checking for string '/usr/bin/rcpc' [ Not found ] [05:47:57] Checking for string '/usr/sbin/login' [ Not found ] [05:47:57] Checking for string '/dev/ptyxx/.proc' [ Not found ] [05:47:57] Checking for string 'vt200' [ Not found ] [05:47:57] Checking for string '/usr/bin/xstat' [ Not found ] [05:47:57] Checking for string '/bin/envpc' [ Not found ] [05:47:57] Checking for string 'L4m3r0x' [ Not found ] [05:47:57] Checking for string '/lib/libext' [ Not found ] [05:47:57] Checking for string '/usr/sbin/login' [ Not found ] [05:47:57] Checking for string '/usr/lib/.tbd' [ Not found ] [05:47:57] Checking for string 'sendmail' [ Not found ] [05:47:57] Checking for string 'cocacola' [ Not found ] [05:47:57] Checking for string 'joao' [ Not found ] [05:47:57] Checking for string '/dev/ptyxx/.file' [ Not found ] [05:47:57] Checking for string '/dev/ptyxx/.file' [ Not found ] [05:47:57] Checking for string '/dev/sgk' [ Not found ] [05:47:57] Checking for string '/var/lock/subsys/...datafile...' [ Not found ] [05:47:57] Checking for string '/usr/lib/.tbd' [ Not found ] [05:47:57] Checking for string '/dev/proc/fuckit' [ Not found ] [05:47:57] Checking for string '/lib/.sso' [ Not found ] [05:47:57] Checking for string '/var/lock/subsys/...datafile...' [ Not found ] [05:47:57] Checking for string '/dev/caca' [ Not found ] [05:47:57] Checking for string '/dev/ttyoa' [ Not found ] [05:47:57] Checking for string '/usr/lib/ldlibns.so' [ Not found ] [05:47:57] Checking for string '/dev/ptyxx/.addr' [ Not found ] [05:47:57] Checking for string 'syg' [ Not found ] [05:47:57] Checking for string '/var/lock/subsys/...datafile...' [ Not found ] [05:47:57] Checking for string '/dev/pts/01' [ Not found ] [05:47:57] Checking for string 'tw33dl3' [ Not found ] [05:47:57] Checking for string 'psniff' [ Not found ] [05:47:57] Checking for string 'uconf.inv' [ Not found ] [05:47:57] Checking for string 'lib/ldlibps.so' [ Not found ] [05:47:57] Checking for string '/usr/lib/ldlibpst.so' [ Not found ] [05:47:57] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:47:57] Checking for string '/dev/ptyxx/.proc' [ Not found ] [05:47:57] Checking for string '/dev/ptyxx/.proc' [ Not found ] [05:47:57] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:47:57] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:47:57] Checking for string '/bin/bash' [ Not found ] [05:47:57] Checking for string '/dev/xdta' [ Not found ] [05:47:57] Checking for string '/usr/lib/.tbd' [ Not found ] [05:47:58] Checking for string '/dev/ptyxx/.proc' [ Not found ] [05:47:58] Checking for string 'in.inetd' [ Not found ] [05:47:58] Checking for string '#<HIDE_.*>' [ Not found ] [05:47:58] Checking for string 'bin/xchk' [ Not found ] [05:47:59] Checking for string 'bin/xsf' [ Not found ] [05:47:59] Checking for string '/usr/bin/ssh2d' [ Not found ] [05:47:59] Checking for string '/usr/sbin/xntps' [ Not found ] [05:47:59] Checking for string 'ttyload' [ Not found ] [05:47:59] Checking for string '/etc/rc.d/init.d/init' [ Not found ] [05:48:00] Checking for string 'usr/bin/xfss' [ Not found ] [05:48:00] Checking for string '/usr/sbin/rpc.netinet' [ Not found ] [05:48:00] Checking for string '/usr/lib/.fx/cons.saver' [ Not found ] [05:48:00] Checking for string '/usr/lib/.fx/xs' [ Not found ] [05:48:00] Checking for string '/ssh2d' [ Not found ] [05:48:01] Checking for string '/dev/kmod' [ Not found ] [05:48:01] Checking for string '/crth.o' [ Not found ] [05:48:01] Checking for string '/crtz.o' [ Not found ] [05:48:01] Checking for string '/dev/dos' [ Not found ] [05:48:01] Checking for string '/lpq' [ Not found ] [05:48:02] Checking for string '/usr/sbin/rescue' [ Not found ] [05:48:02] Checking for string '/usr/lib/lpstart' [ Not found ] [05:48:02] Checking for string '/volc' [ Not found ] [05:48:02] Checking for string 'sourcemask' [ Not found ] [05:48:03] Checking for string '/bin/vobiscum' [ Not found ] [05:48:03] Checking for string '/usr/sbin/in.telnet' [ Not found ] [05:48:03] Checking for string '/usr/bin/hdparm?-t1?-X53?-p' [ Not found ] [05:48:03] Checking for string '/lib/.xsyslog' [ Not found ] [05:48:03] Checking for string '/etc/.xsyslog' [ Not found ] [05:48:04] Checking for string '/lib/.ssyslog' [ Not found ] [05:48:04] Checking for string '/tmp/.sendmail' [ Not found ] [05:48:04] Checking for string '/lib/ldd.so/tkps' [ Not found ] [05:48:04] Checking for string 't0rnkit' [ Not found ] [05:48:04] Checking for string '/dev/proc/fuckit' [ Not found ] [05:48:04] Checking for string 'backdoor.h' [ Not found ] [05:48:04] Checking for string 'backdoor_active' [ Not found ] [05:48:04] Checking for string 'magic_pass_active' [ Not found ] [05:48:04] Checking for string '/usr/include/gpm2.h' [ Not found ] [05:48:04] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:48:04] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:48:04] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:48:04] Checking for string '/usr/lib/ldlibct.so' [ Not found ] [05:48:04] Checking for string '/usr/lib/ldlibdu.so' [ Not found ] [05:48:04] Checking for string '/dev/ptyxx/.file' [ Not found ] [05:48:04] Checking for string 'libproc.so.2.0.7' [ Not found ] [05:48:04] Checking for string '/dev/ida/.inet' [ Not found ] [05:48:04] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ] [05:48:04] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ] [05:48:04] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ] [05:48:04] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ] [05:48:04] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ] [05:48:04] Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ] [05:48:05] Checking for string 'backconnect' [ Not found ] [05:48:05] Checking for string 'magic?packet?received' [ Not found ] [05:48:05] Checking for possible rootkit strings [ None found ] [05:48:05] [05:48:05] Info: Starting test name 'malware' [05:48:05] Performing malware checks [05:48:05] [05:48:05] Info: Test 'deleted_files' disabled at users request. [05:48:05] [05:48:05] Info: Starting test name 'running_procs' [05:48:06] Checking running processes for suspicious files [ None found ] [05:48:06] [05:48:06] Info: Test 'hidden_procs' disabled at users request. [05:48:06] [05:48:06] Info: Test 'suspscan' disabled at users request. [05:48:06] [05:48:06] Info: Starting test name 'other_malware' [05:48:06] Performing check for login backdoors [05:48:06] Checking for '/bin/.login' [ Not found ] [05:48:06] Checking for '/sbin/.login' [ Not found ] [05:48:06] Checking for login backdoors [ None found ] [05:48:06] [05:48:06] Performing check for suspicious directories [05:48:06] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ] [05:48:06] Checking for directory '/dev/rd/cdb' [ Not found ] [05:48:06] Checking for suspicious directories [ None found ] [05:48:06] [05:48:06] Checking for software intrusions [ Skipped ] [05:48:06] Info: Check skipped - tripwire not installed [05:48:06] [05:48:06] Performing check for sniffer log files [05:48:06] Checking for file '/usr/lib/libice.log' [ Not found ] [05:48:06] Checking for file '/dev/prom/sn.l' [ Not found ] [05:48:06] Checking for file '/dev/fd/.88/zxsniff.log' [ Not found ] [05:48:06] Checking for sniffer log files [ None found ] [05:48:06] [05:48:06] Suspicious Shared Memory segments [05:48:06] Suspicious Shared Memory segments [ None found ] [05:48:06] [05:48:06] Info: Starting test name 'trojans' [05:48:06] Performing trojan specific checks [05:48:06] Checking for enabled inetd services [ Skipped ] [05:48:06] Info: Check skipped - file '/etc/inetd.conf' does not exist. [05:48:06] [05:48:06] Performing check for enabled xinetd services [05:48:06] Checking for enabled xinetd services [ Skipped ] [05:48:06] Info: Check skipped - file '/etc/xinetd.conf' does not exist. [05:48:06] Checking for Apache backdoor [ Not found ] [05:48:06] [05:48:06] Info: Starting test name 'os_specific' [05:48:06] Performing Linux specific checks [05:48:07] Checking loaded kernel modules [ OK ] [05:48:07] Info: Using modules pathname of '/lib/modules/4.2.0-35-generic' [05:48:09] Checking kernel module names [ OK ] [05:48:11] [05:48:11] Info: Starting test name 'network' [05:48:11] Checking the network... [05:48:11] [05:48:11] Performing checks on the network ports [05:48:11] Info: Starting test name 'ports' [05:48:11] Performing check for backdoor ports [05:48:11] Checking for TCP port 1524 [ Not found ] [05:48:11] Checking for TCP port 1984 [ Not found ] [05:48:11] Checking for UDP port 2001 [ Not found ] [05:48:11] Checking for TCP port 2006 [ Not found ] [05:48:11] Checking for TCP port 2128 [ Not found ] [05:48:11] Checking for TCP port 6666 [ Not found ] [05:48:11] Checking for TCP port 6667 [ Not found ] [05:48:11] Checking for TCP port 6668 [ Not found ] [05:48:11] Checking for TCP port 6669 [ Not found ] [05:48:11] Checking for TCP port 7000 [ Not found ] [05:48:11] Checking for TCP port 13000 [ Not found ] [05:48:11] Checking for TCP port 14856 [ Not found ] [05:48:11] Checking for TCP port 25000 [ Not found ] [05:48:11] Checking for TCP port 29812 [ Not found ] [05:48:11] Checking for TCP port 31337 [ Not found ] [05:48:11] Checking for TCP port 32982 [ Not found ] [05:48:11] Checking for TCP port 33369 [ Not found ] [05:48:11] Checking for TCP port 47107 [ Not found ] [05:48:11] Checking for TCP port 47018 [ Not found ] [05:48:11] Checking for TCP port 60922 [ Not found ] [05:48:12] Checking for TCP port 62883 [ Not found ] [05:48:12] Checking for TCP port 65535 [ Not found ] [05:48:12] Checking for backdoor ports [ None found ] [05:48:12] [05:48:12] Info: Starting test name 'hidden_ports' [05:48:12] Info: Found the 'unhide-tcp' command: /usr/sbin/unhide-tcp [05:48:12] Checking for hidden ports [ None found ] [05:48:12] [05:48:12] Performing checks on the network interfaces [05:48:12] Info: Starting test name 'promisc' [05:48:12] Checking for promiscuous interfaces [ None found ] [05:48:12] [05:48:12] Info: Test 'packet_cap_apps' disabled at users request. [05:48:12] [05:48:12] Info: Starting test name 'local_host' [05:48:12] Checking the local host... [05:48:12] [05:48:12] Info: Starting test name 'startup_files' [05:48:12] Performing system boot checks [05:48:12] Checking for local host name [ Found ] [05:48:12] [05:48:12] Info: Starting test name 'startup_malware' [05:48:12] Checking for system startup files [ Found ] [05:48:13] Checking system startup files for malware [ None found ] [05:48:13] [05:48:13] Info: Starting test name 'group_accounts' [05:48:13] Performing group and account checks [05:48:13] Checking for passwd file [ Found ] [05:48:13] Info: Found password file: /etc/passwd [05:48:13] Checking for root equivalent (UID 0) accounts [ None found ] [05:48:13] Info: Found shadow file: /etc/shadow [05:48:13] Checking for passwordless accounts [ None found ] [05:48:13] [05:48:13] Info: Starting test name 'passwd_changes' [05:48:13] Checking for passwd file changes [ Warning ] [05:48:13] Warning: User 'havp' has been added to the passwd file. [05:48:13] Warning: User 'clamav' has been added to the passwd file. [05:48:13] Warning: User 'clamsmtp' has been added to the passwd file. [05:48:13] Warning: User 'amavis' has been added to the passwd file. [05:48:13] Warning: User 'clickpkg' has been added to the passwd file. [05:48:13] Warning: User 'dirmngr' has been added to the passwd file. [05:48:13] [05:48:13] Info: Starting test name 'group_changes' [05:48:13] Checking for group file changes [ Warning ] [05:48:13] Warning: Group 'vboxusers' has been added to the group file. [05:48:13] Warning: Group 'havp' has been added to the group file. [05:48:13] Warning: Group 'clamav' has been added to the group file. [05:48:13] Warning: Group 'clamsmtp' has been added to the group file. [05:48:13] Warning: Group 'amavis' has been added to the group file. [05:48:13] Warning: Group 'autopilot' has been added to the group file. [05:48:13] Warning: Group 'clickpkg' has been added to the group file. [05:48:13] Warning: Group 'dirmngr' has been added to the group file. [05:48:13] Checking root account shell history files [ None found ] [05:48:13] [05:48:13] Info: Starting test name 'system_configs' [05:48:13] Performing system configuration file checks [05:48:13] Checking for an SSH configuration file [ Not found ] [05:48:14] Checking for a running system logging daemon [ Found ] [05:48:14] Info: A running 'rsyslog' daemon has been found. [05:48:14] Info: A running 'systemd-journald' daemon has been found. [05:48:14] Info: Found an rsyslog configuration file: /etc/rsyslog.conf [05:48:14] Info: Found a systemd configuration file: /etc/systemd/journald.conf [05:48:14] Checking for a system logging configuration file [ Found ] [05:48:14] Checking if syslog remote logging is allowed [ Not allowed ] [05:48:14] [05:48:14] Info: Starting test name 'filesystem' [05:48:14] Performing filesystem checks [05:48:14] Info: SCAN_MODE_DEV set to 'THOROUGH' [05:48:15] Checking /dev for suspicious file types [ Warning ] [05:48:15] Warning: Suspicious file types found in /dev: [05:48:15] /dev/shm/pulse-shm-4209799112: data [05:48:15] /dev/shm/pulse-shm-2804304956: data [05:48:15] /dev/shm/pulse-shm-314701331: data [05:48:15] /dev/shm/pulse-shm-2251038954: data [05:48:15] /dev/shm/pulse-shm-1056751454: data [05:48:15] /dev/shm/pulse-shm-4207284760: data [05:48:15] /dev/shm/pulse-shm-4133351312: data [05:48:15] /dev/shm/ecryptfs-bbs-Private: ASCII text [05:48:15] /dev/shm/pulse-shm-1962024324: data [05:48:15] /dev/shm/pulse-shm-995775837: data [05:48:15] Checking for hidden files and directories [ Warning ] [05:48:15] Warning: Hidden file found: /etc/.oinkmaster.conf.swp: data [05:48:15] Checking for missing log files [ Skipped ] [05:48:15] Checking for empty log files [ Skipped ] [05:48:20] [05:48:20] Info: Test 'apps' disabled at users request. [05:48:21] [05:48:21] System checks summary [05:48:21] ===================== [05:48:21] [05:48:21] File properties checks... [05:48:21] Files checked: 147 [05:48:21] Suspect files: 147 [05:48:21] [05:48:21] Rootkit checks... [05:48:21] Rootkits checked : 365 [05:48:21] Possible rootkits: 0 [05:48:21] [05:48:21] Applications checks... [05:48:21] All checks skipped [05:48:21] [05:48:21] The system checks took: 2 minutes and 19 seconds [05:48:21] [05:48:21] Info: End date is Sa 16. Apr 05:48:21 CEST 2016 |
16.04.2016, 04:39 | #67 |
| Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Authlog Teil 1 Code:
ATTFilter Apr 14 20:53:00 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22342:284322 (system bus name :1.225 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:00 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22342:284322 (system bus name :1.225, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22355:284357 (system bus name :1.227 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22355:284357 (system bus name :1.227, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22378:284392 (system bus name :1.228 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22378:284392 (system bus name :1.228, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22395:284403 (system bus name :1.229 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22395:284403 (system bus name :1.229, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22511:284870 (system bus name :1.230 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22511:284870 (system bus name :1.230, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22548:284889 (system bus name :1.231 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22548:284889 (system bus name :1.231, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22568:284905 (system bus name :1.232 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:53:06 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22568:284905 (system bus name :1.232, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 14 20:56:19 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 14 20:56:19 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 14 20:56:19 bbs-sophos pkexec[24529]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked] Apr 14 21:12:54 bbs-sophos systemd-logind[785]: System is rebooting. Apr 15 02:04:15 bbs-sophos systemd-logind[766]: New seat seat0. Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event2 (Power Button) Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event3 (Video Bus) Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event0 (Power Button) Apr 15 02:04:15 bbs-sophos systemd-logind[766]: Watching system buttons on /dev/input/event1 (Sleep Button) Apr 15 02:04:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 15 02:04:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 15 02:04:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 15 02:04:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 15 02:04:27 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Apr 15 02:04:27 bbs-sophos systemd-logind[766]: New session c1 of user lightdm. Apr 15 02:04:27 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0) Apr 15 02:04:33 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 15 02:04:33 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 15 02:04:33 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 15 02:04:33 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 15 02:04:33 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs" Apr 15 02:04:51 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Apr 15 02:04:51 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0) Apr 15 02:04:51 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0) Apr 15 02:04:51 bbs-sophos systemd-logind[766]: New session c2 of user bbs. Apr 15 02:04:59 bbs-sophos dbus[767]: [system] Failed to activate service 'org.bluez': timed out Apr 15 02:05:00 bbs-sophos gnome-keyring-daemon[1118]: The PKCS#11 component was already initialized Apr 15 02:05:00 bbs-sophos gnome-keyring-daemon[1118]: The Secret Service was already initialized Apr 15 02:05:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.72 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:06:27 bbs-sophos systemd-logind[766]: Removed session c1. Apr 15 02:06:27 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm Apr 15 02:17:01 bbs-sophos CRON[2290]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 02:17:01 bbs-sophos CRON[2290]: pam_unix(cron:session): session closed for user root Apr 15 02:25:12 bbs-sophos dbus[767]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.103" (uid=0 pid=2365 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.12" (uid=0 pid=783 comm="/usr/sbin/NetworkManager --no-daemon ") Apr 15 02:26:19 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install tiger Apr 15 02:26:19 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:27:42 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:3784:145618 (system bus name :1.106 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:42 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:3784:145618 (system bus name :1.106, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:27:49 bbs-sophos groupadd[3857]: group added to /etc/group: name=smmta, GID=129 Apr 15 02:27:49 bbs-sophos groupadd[3857]: group added to /etc/gshadow: name=smmta Apr 15 02:27:50 bbs-sophos groupadd[3857]: new group: name=smmta, GID=129 Apr 15 02:27:50 bbs-sophos useradd[3863]: new user: name=smmta, UID=120, GID=129, home=/var/lib/sendmail, shell=/bin/false Apr 15 02:27:50 bbs-sophos usermod[3879]: change user 'smmta' password Apr 15 02:27:50 bbs-sophos chage[3886]: changed password expiry for smmta Apr 15 02:27:50 bbs-sophos chfn[3889]: changed user 'smmta' information Apr 15 02:27:51 bbs-sophos groupadd[3909]: group added to /etc/group: name=smmsp, GID=130 Apr 15 02:27:51 bbs-sophos groupadd[3909]: group added to /etc/gshadow: name=smmsp Apr 15 02:27:51 bbs-sophos groupadd[3909]: new group: name=smmsp, GID=130 Apr 15 02:27:51 bbs-sophos useradd[3919]: new user: name=smmsp, UID=121, GID=130, home=/var/lib/sendmail, shell=/bin/false Apr 15 02:27:51 bbs-sophos usermod[3927]: change user 'smmsp' password Apr 15 02:27:51 bbs-sophos chage[3934]: changed password expiry for smmsp Apr 15 02:27:51 bbs-sophos chfn[3975]: changed user 'smmsp' information Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4105:146727 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4105:146727 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:27:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4147:146745 (system bus name :1.108 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4147:146745 (system bus name :1.108, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4195:146798 (system bus name :1.109 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4195:146798 (system bus name :1.109, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:4214:146810 (system bus name :1.110 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:4214:146810 (system bus name :1.110, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:5008:147057 (system bus name :1.111 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:5008:147057 (system bus name :1.111, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:27:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:5068:147074 (system bus name :1.112 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:27:59 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:5068:147074 (system bus name :1.112, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:28:55 bbs-sophos polkit-agent-helper-1[11903]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 02:28:55 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.84 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 15 02:29:02 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:12018:153632 (system bus name :1.114 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:29:02 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:12018:153632 (system bus name :1.114, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:29:04 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:29:22 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/tiger Apr 15 02:29:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:30:00 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install chkrootkit Apr 15 02:30:00 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:30:00 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:30:42 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1125:8533 [/sbin/upstart --user] (owned by unix-user:bbs) Apr 15 02:30:42 bbs-sophos pkexec[30463]: bbs: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/share/apport/apport-gtk] Apr 15 02:31:09 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:32:23 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu Apr 15 02:32:23 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:32:23 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:33:37 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu Apr 15 02:33:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:33:37 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:37:00 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21024:201360 (system bus name :1.120 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:37:00 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21024:201360 (system bus name :1.120, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21570:213007 (system bus name :1.122 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21570:213007 (system bus name :1.122, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:38:56 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21607:213042 (system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:38:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21607:213042 (system bus name :1.123, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:38:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:21630:213053 (system bus name :1.124 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:38:58 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:21630:213053 (system bus name :1.124, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:40:01 bbs-sophos CRON[22238]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 02:40:01 bbs-sophos CRON[22238]: pam_unix(cron:session): session closed for user smmsp Apr 15 02:40:11 bbs-sophos su[22440]: Successful su for www-data by root Apr 15 02:40:11 bbs-sophos su[22440]: + ??? root:www-data Apr 15 02:40:11 bbs-sophos su[22440]: pam_unix(su:session): session opened for user www-data by (uid=0) Apr 15 02:40:11 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user www-data by (uid=0) Apr 15 02:40:11 bbs-sophos systemd-logind[766]: New session c3 of user www-data. Apr 15 02:40:11 bbs-sophos su[22440]: pam_unix(su:session): session closed for user www-data Apr 15 02:40:11 bbs-sophos systemd-logind[766]: Removed session c3. Apr 15 02:40:21 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22745:221480 (system bus name :1.135 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 02:40:21 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22745:221480 (system bus name :1.135, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 02:41:41 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu Apr 15 02:41:41 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:41:42 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:42:00 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get autoremove Apr 15 02:42:00 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:42:07 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:42:20 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install gksu Apr 15 02:42:20 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:42:20 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:42:42 bbs-sophos sudo: bbs : TTY=unknown ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/geany /var/log/tiger/security.report.bbs-sophos.160415-02:29 Apr 15 02:42:42 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Apr 15 02:44:29 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install chkrootkit Apr 15 02:44:29 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:44:29 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:44:53 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit --update Apr 15 02:44:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:44:53 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:45:22 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit -V Apr 15 02:45:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:45:22 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:46:10 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit -r Apr 15 02:46:10 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:46:10 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:46:18 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/chkrootkit Apr 15 02:46:18 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:46:20 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:51:17 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:54:04 bbs-sophos sudo: bbs : TTY=unknown ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/geany /var/log/tiger/security.report.bbs-sophos.160415-02:29 Apr 15 02:54:04 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Apr 15 02:54:29 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install rkhunter Apr 15 02:54:29 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:54:59 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 02:55:11 bbs-sophos sudo: bbs : TTY=pts/5 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter -c Apr 15 02:55:11 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 02:55:12 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2) Apr 15 02:55:52 bbs-sophos Rootkit Hunter: Scanning took 40 seconds Apr 15 02:55:52 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected. Apr 15 02:55:52 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:00:01 bbs-sophos CRON[29922]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 03:00:01 bbs-sophos CRON[29923]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 03:00:01 bbs-sophos CRON[29922]: pam_unix(cron:session): session closed for user smmsp Apr 15 03:00:02 bbs-sophos CRON[29923]: pam_unix(cron:session): session closed for user root Apr 15 03:01:21 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --check Apr 15 03:01:21 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:01:22 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2) Apr 15 03:02:02 bbs-sophos Rootkit Hunter: Scanning took 40 seconds Apr 15 03:02:02 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected. Apr 15 03:02:02 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:02:14 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --update Apr 15 03:02:14 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:02:16 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:02:37 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --versioncheck Apr 15 03:02:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:02:38 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:03:03 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --config-check Apr 15 03:03:03 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:03:04 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:07:49 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash {SHA1 Apr 15 03:07:49 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:07:49 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:08:07 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash {SHA1} Apr 15 03:08:07 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:08:07 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:08:15 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --propupd / --hash SHA1 Apr 15 03:08:15 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:08:18 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:09:56 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --hash SHA1 --vl Apr 15 03:09:56 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:09:57 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:12:11 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/rkhunter --enable all --vl Apr 15 03:12:11 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:12:12 bbs-sophos Rootkit Hunter: Rootkit hunter check started (version 1.4.2) Apr 15 03:12:54 bbs-sophos Rootkit Hunter: Scanning took 41 seconds Apr 15 03:12:54 bbs-sophos Rootkit Hunter: Please inspect this machine, because it may be infected. Apr 15 03:12:54 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:16:06 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install lynis Apr 15 03:16:06 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:16:12 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:16:30 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/lynis Apr 15 03:16:30 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:16:30 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:17:01 bbs-sophos CRON[29663]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 03:17:01 bbs-sophos CRON[29663]: pam_unix(cron:session): session closed for user root Apr 15 03:17:53 bbs-sophos sudo: bbs : TTY=pts/19 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/lynis audit system Apr 15 03:17:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 15 03:20:01 bbs-sophos CRON[28945]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 03:20:01 bbs-sophos CRON[28945]: pam_unix(cron:session): session closed for user smmsp Apr 15 03:20:21 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:24:50 bbs-sophos polkit-agent-helper-1[30829]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 03:24:50 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 15 03:30:34 bbs-sophos polkit-agent-helper-1[31196]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 03:30:34 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.change-repository for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 15 03:40:01 bbs-sophos CRON[31324]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 03:40:02 bbs-sophos CRON[31324]: pam_unix(cron:session): session closed for user smmsp Apr 15 03:41:27 bbs-sophos polkit-agent-helper-1[31408]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 03:41:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 15 03:41:55 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.pkexec.synaptic for unix-process:31416:590511 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs) Apr 15 03:41:55 bbs-sophos pkexec[31419]: bbs: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic] Apr 15 03:42:10 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:32336:592386 (system bus name :1.156 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 03:42:11 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:32336:592386 (system bus name :1.156, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 03:43:39 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 15 03:44:53 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2486:608728 (system bus name :1.157 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2486:608728 (system bus name :1.157, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2503:608754 (system bus name :1.158 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 03:44:54 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2503:608754 (system bus name :1.158, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 03:44:54 bbs-sophos groupadd[2525]: group added to /etc/group: name=vboxusers, GID=131 Apr 15 03:44:54 bbs-sophos groupadd[2525]: group added to /etc/gshadow: name=vboxusers Apr 15 03:44:54 bbs-sophos groupadd[2525]: new group: name=vboxusers, GID=131 Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2666:608851 (system bus name :1.159 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2666:608851 (system bus name :1.159, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2691:608871 (system bus name :1.160 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 03:44:55 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2691:608871 (system bus name :1.160, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 03:44:57 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:2735:609119 (system bus name :1.161 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 03:44:57 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:2735:609119 (system bus name :1.161, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 03:49:31 bbs-sophos polkit-agent-helper-1[3638]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 03:49:31 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.137 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 15 04:00:02 bbs-sophos CRON[4461]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 04:00:02 bbs-sophos CRON[4460]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 04:00:03 bbs-sophos CRON[4460]: pam_unix(cron:session): session closed for user smmsp Apr 15 04:00:03 bbs-sophos CRON[4461]: pam_unix(cron:session): session closed for user root Apr 15 04:08:35 bbs-sophos systemd-logind[766]: Power key pressed. Apr 15 13:00:32 bbs-sophos systemd-logind[869]: New seat seat0. Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event2 (Power Button) Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event3 (Video Bus) Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event0 (Power Button) Apr 15 13:00:32 bbs-sophos systemd-logind[869]: Watching system buttons on /dev/input/event1 (Sleep Button) Apr 15 13:00:43 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 15 13:00:43 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 15 13:00:43 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 15 13:00:43 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 15 13:00:44 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Apr 15 13:00:44 bbs-sophos systemd-logind[869]: New session c1 of user lightdm. Apr 15 13:00:44 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0) Apr 15 13:00:50 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 15 13:00:50 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 15 13:00:50 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 15 13:00:50 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 15 13:00:50 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs" Apr 15 13:01:16 bbs-sophos dbus[829]: [system] Failed to activate service 'org.bluez': timed out Apr 15 13:01:26 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Apr 15 13:01:26 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0) Apr 15 13:01:26 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0) Apr 15 13:01:26 bbs-sophos systemd-logind[869]: New session c2 of user bbs. Apr 15 13:01:29 bbs-sophos dbus[829]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.52" (uid=0 pid=1363 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=817 comm="/usr/sbin/NetworkManager --no-daemon ") Apr 15 13:01:38 bbs-sophos gnome-keyring-daemon[1339]: The PKCS#11 component was already initialized Apr 15 13:01:38 bbs-sophos gnome-keyring-daemon[1339]: The Secret Service was already initialized Apr 15 13:01:39 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.76 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 13:02:00 bbs-sophos dbus[829]: [system] Failed to activate service 'org.bluez': timed out Apr 15 13:02:12 bbs-sophos polkit-agent-helper-1[2145]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 13:02:12 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.apport.apport-gtk-root for unix-process:1346:11851 [/sbin/upstart --user] (owned by unix-user:bbs) Apr 15 13:02:12 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 13:02:12 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 13:02:12 bbs-sophos pkexec[2135]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/share/apport/apport-gtk] Apr 15 13:02:44 bbs-sophos systemd-logind[869]: Removed session c1. Apr 15 13:02:44 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm Apr 15 13:04:01 bbs-sophos sudo: root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/ubuntu/+source/dpkg/+filebug/98e9837a-02e0-11e6-9c18-002481e7f48a?field.title=package+liblockfile1%3Aamd64+1.09-6ubuntu1+failed+to+install%2Fupgrade%3A+package+liblockfile1%3Aamd64+is+already+installed+and+configured Apr 15 13:04:01 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0) Apr 15 13:04:01 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs Apr 15 13:14:09 bbs-sophos sudo: root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/bugs/1384986 Apr 15 13:14:09 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0) Apr 15 13:14:12 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs Apr 15 13:15:04 bbs-sophos sudo: root : TTY=unknown ; PWD=/root ; USER=bbs ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Lu3JvWNTAc,guid=c644bfa494c68dfe2b09f5125710ca0a ; COMMAND=/usr/bin/xdg-open https://bugs.launchpad.net/ubuntu/+source/dpkg/+filebug/218c1f3e-02e2-11e6-911c-d485646cd9a4?field.title=package+liblockfile-bin+1.09-6ubuntu1+failed+to+install%2Fupgrade%3A+package+liblockfile-bin+is+already+installed+and+configured Apr 15 13:15:04 bbs-sophos sudo: pam_unix(sudo:session): session opened for user bbs by (uid=0) Apr 15 13:15:06 bbs-sophos sudo: pam_unix(sudo:session): session closed for user bbs Apr 15 13:17:08 bbs-sophos CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 13:17:09 bbs-sophos CRON[3100]: pam_unix(cron:session): session closed for user root Apr 15 13:20:04 bbs-sophos CRON[3106]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 13:20:20 bbs-sophos CRON[3106]: pam_unix(cron:session): session closed for user smmsp Apr 15 13:40:03 bbs-sophos CRON[3247]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 13:40:09 bbs-sophos CRON[3247]: pam_unix(cron:session): session closed for user smmsp Apr 15 14:00:04 bbs-sophos CRON[3308]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 14:00:05 bbs-sophos CRON[3307]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 14:00:10 bbs-sophos CRON[3307]: pam_unix(cron:session): session closed for user smmsp Apr 15 14:00:22 bbs-sophos CRON[3308]: pam_unix(cron:session): session closed for user root Apr 15 14:17:05 bbs-sophos CRON[3474]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 14:17:06 bbs-sophos CRON[3474]: pam_unix(cron:session): session closed for user root Apr 15 14:20:01 bbs-sophos CRON[3479]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 14:20:06 bbs-sophos CRON[3479]: pam_unix(cron:session): session closed for user smmsp Apr 15 14:40:03 bbs-sophos CRON[3531]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 14:40:08 bbs-sophos CRON[3531]: pam_unix(cron:session): session closed for user smmsp Apr 15 15:00:05 bbs-sophos CRON[3655]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 15:00:07 bbs-sophos CRON[3654]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 15:00:13 bbs-sophos CRON[3654]: pam_unix(cron:session): session closed for user smmsp Apr 15 15:00:20 bbs-sophos CRON[3655]: pam_unix(cron:session): session closed for user root Apr 15 15:17:03 bbs-sophos CRON[3810]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 15:17:03 bbs-sophos CRON[3810]: pam_unix(cron:session): session closed for user root Apr 15 15:20:03 bbs-sophos CRON[3816]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 15:20:10 bbs-sophos CRON[3816]: pam_unix(cron:session): session closed for user smmsp Apr 15 15:40:03 bbs-sophos CRON[3860]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 15:40:05 bbs-sophos CRON[3860]: pam_unix(cron:session): session closed for user smmsp Apr 15 15:57:14 bbs-sophos systemd-logind[883]: New seat seat0. Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event2 (Power Button) Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event3 (Video Bus) Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event0 (Power Button) Apr 15 15:57:14 bbs-sophos systemd-logind[883]: Watching system buttons on /dev/input/event1 (Sleep Button) Apr 15 15:57:22 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 15 15:57:22 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 15 15:57:22 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 15 15:57:22 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 15 15:57:22 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Apr 15 15:57:22 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0) Apr 15 15:57:22 bbs-sophos systemd-logind[883]: New session c1 of user lightdm. Apr 15 15:57:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 15 15:57:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 15 15:57:27 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 15 15:57:27 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 15 15:57:27 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs" Apr 15 15:57:52 bbs-sophos dbus[851]: [system] Failed to activate service 'org.bluez': timed out Apr 15 15:58:08 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Apr 15 15:58:08 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0) Apr 15 15:58:08 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0) Apr 15 15:58:08 bbs-sophos systemd-logind[883]: New session c2 of user bbs. Apr 15 15:58:10 bbs-sophos dbus[851]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.54" (uid=0 pid=1379 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=848 comm="/usr/sbin/NetworkManager --no-daemon ") Apr 15 15:58:12 bbs-sophos gnome-keyring-daemon[1355]: The PKCS#11 component was already initialized Apr 15 15:58:12 bbs-sophos gnome-keyring-daemon[1355]: The Secret Service was already initialized Apr 15 15:58:14 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.80 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 15:58:38 bbs-sophos dbus[851]: [system] Failed to activate service 'org.bluez': timed out Apr 15 15:59:23 bbs-sophos systemd-logind[883]: Removed session c1. Apr 15 15:59:39 bbs-sophos polkit-agent-helper-1[2388]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 15:59:39 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 15 16:00:01 bbs-sophos CRON[2527]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 16:00:01 bbs-sophos CRON[2526]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 16:00:01 bbs-sophos CRON[2526]: pam_unix(cron:session): session closed for user smmsp Apr 15 16:00:04 bbs-sophos CRON[2527]: pam_unix(cron:session): session closed for user root Apr 15 16:00:12 bbs-sophos polkit-agent-helper-1[2669]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=bbs rhost= user=bbs Apr 15 16:00:20 bbs-sophos polkit-agent-helper-1[2939]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 16:00:20 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:2664:24913 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs) Apr 15 16:00:20 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:00:20 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:00:20 bbs-sophos pkexec[2666]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic] Apr 15 16:08:12 bbs-sophos polkit-agent-helper-1[3211]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 16:08:12 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gufw for unix-process:3204:72862 [/bin/sh /usr/bin/gufw] (owned by unix-user:bbs) Apr 15 16:08:12 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:08:12 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:08:12 bbs-sophos pkexec[3208]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/bin/gufw-pkexec bbs] Apr 15 16:10:10 bbs-sophos polkit-agent-helper-1[3949]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 16:10:10 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain ONE-SHOT authorization for action com.ubuntu.pkexec.synaptic for unix-process:3943:84889 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:bbs) Apr 15 16:10:10 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:10:10 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:10:10 bbs-sophos pkexec[3945]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/sbin/synaptic] Apr 15 16:15:01 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:8977:114390 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 16:15:01 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:8977:114390 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 16:15:19 bbs-sophos groupadd[9159]: group added to /etc/group: name=havp, GID=132 Apr 15 16:15:19 bbs-sophos groupadd[9159]: group added to /etc/gshadow: name=havp Apr 15 16:15:19 bbs-sophos groupadd[9159]: new group: name=havp, GID=132 Apr 15 16:15:19 bbs-sophos useradd[9165]: new user: name=havp, UID=122, GID=132, home=/var/run/havp, shell=/bin/false Apr 15 16:15:20 bbs-sophos usermod[9172]: change user 'havp' password Apr 15 16:15:20 bbs-sophos chage[9179]: changed password expiry for havp Apr 15 16:15:40 bbs-sophos groupadd[22432]: group added to /etc/group: name=clamav, GID=133 Apr 15 16:15:40 bbs-sophos groupadd[22432]: group added to /etc/gshadow: name=clamav Apr 15 16:15:40 bbs-sophos groupadd[22432]: new group: name=clamav, GID=133 Apr 15 16:15:40 bbs-sophos useradd[22436]: new user: name=clamav, UID=123, GID=133, home=/var/lib/clamav, shell=/bin/false Apr 15 16:15:41 bbs-sophos chage[22445]: changed password expiry for clamav Apr 15 16:15:41 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:22454:118362 (system bus name :1.108 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 16:15:41 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:22454:118362 (system bus name :1.108, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 16:15:51 bbs-sophos groupadd[23080]: group added to /etc/group: name=clamsmtp, GID=134 Apr 15 16:15:51 bbs-sophos groupadd[23080]: group added to /etc/gshadow: name=clamsmtp Apr 15 16:15:51 bbs-sophos groupadd[23080]: new group: name=clamsmtp, GID=134 Apr 15 16:15:51 bbs-sophos useradd[23084]: new user: name=clamsmtp, UID=124, GID=134, home=/var/spool/clamsmtp, shell=/bin/false Apr 15 16:15:52 bbs-sophos chage[23089]: changed password expiry for clamsmtp Apr 15 16:15:52 bbs-sophos gpasswd[23100]: user clamav added by root to group clamsmtp Apr 15 16:16:15 bbs-sophos groupadd[23307]: group added to /etc/group: name=amavis, GID=135 Apr 15 16:16:15 bbs-sophos groupadd[23307]: group added to /etc/gshadow: name=amavis Apr 15 16:16:15 bbs-sophos groupadd[23307]: new group: name=amavis, GID=135 Apr 15 16:16:15 bbs-sophos useradd[23313]: new user: name=amavis, UID=125, GID=135, home=/var/lib/amavis, shell=/bin/sh Apr 15 16:16:16 bbs-sophos usermod[23320]: change user 'amavis' password Apr 15 16:16:16 bbs-sophos chage[23325]: changed password expiry for amavis Apr 15 16:16:16 bbs-sophos chfn[23328]: changed user 'amavis' information Apr 15 16:16:21 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:23491:122404 (system bus name :1.109 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 15 16:16:21 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:23491:122404 (system bus name :1.109, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Apr 15 16:17:01 bbs-sophos CRON[23573]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 15 16:17:01 bbs-sophos CRON[23573]: pam_unix(cron:session): session closed for user root Apr 15 16:20:01 bbs-sophos CRON[23798]: pam_unix(cron:session): session opened for user smmsp by (uid=0) Apr 15 16:20:01 bbs-sophos CRON[23798]: pam_unix(cron:session): session closed for user smmsp Apr 15 16:22:47 bbs-sophos polkit-agent-helper-1[24424]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 16:22:47 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.gnome.gnome-system-monitor.renice for unix-process:24400:159101 [gnome-system-monitor] (owned by unix-user:bbs) Apr 15 16:22:47 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:22:47 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:22:47 bbs-sophos pkexec[24421]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23698] Apr 15 16:22:54 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:22:54 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:22:54 bbs-sophos pkexec[24436]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23785] Apr 15 16:23:02 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:23:02 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:23:02 bbs-sophos pkexec[24443]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 3204] Apr 15 16:23:11 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:23:11 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:23:11 bbs-sophos pkexec[24452]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2487] Apr 15 16:23:15 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:23:15 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:23:15 bbs-sophos pkexec[24457]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2183] Apr 15 16:23:43 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:23:43 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:23:43 bbs-sophos pkexec[24479]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 23241] Apr 15 16:24:25 bbs-sophos polkit-agent-helper-1[24507]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 15 16:24:25 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.gnome.gnome-system-monitor.kill for unix-process:24400:159101 [gnome-system-monitor] (owned by unix-user:bbs) Apr 15 16:24:25 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:24:25 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:24:25 bbs-sophos pkexec[24504]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-kill -s 18 1194] Apr 15 16:24:29 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:24:29 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:24:29 bbs-sophos pkexec[24517]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-kill -s 18 1024] Apr 15 16:24:53 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:24:53 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:24:53 bbs-sophos pkexec[24534]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2205] Apr 15 16:24:57 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:24:57 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:24:57 bbs-sophos pkexec[24541]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice -20 2200] Apr 15 16:25:34 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:25:34 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:25:34 bbs-sophos pkexec[24566]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 19 888] Apr 15 16:25:44 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:25:44 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:25:44 bbs-sophos pkexec[24575]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 0 888] Apr 15 16:26:00 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:26:00 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 15 16:26:00 bbs-sophos pkexec[24590]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/gnome-system-monitor/gnome-system-monitor/gsm-renice 19 837] Apr 15 16:26:24 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 15 16:26:24 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Code:
ATTFilter /run/lvm/lvmetad.socket: connect failed: No such file or directory WARNING: Failed to connect to lvmetad. Falling back to internal scanning. Reading all physical volumes. This may take a while... Found volume group "ubuntu-vg" using metadata type lvm2 /run/lvm/lvmetad.socket: connect failed: No such file or directory WARNING: Failed to connect to lvmetad. Falling back to internal scanning. 2 logical volume(s) in volume group "ubuntu-vg" now active device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy device-mapper: remove ioctl on sda5_crypt failed: Device or resource busy Device sda5_crypt is still in use. fsck from util-linux 2.26.2 /dev/mapper/ubuntu--vg-root: recovering journal /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512645 (uid=1000, gid=1000, mode=0100664, size=40960) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512614 (uid=1000, gid=1000, mode=0100600, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512510 (uid=1000, gid=1000, mode=0100664, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512615 (uid=1000, gid=1000, mode=0100664, size=40960) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511684 (uid=1000, gid=1000, mode=0100600, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512613 (uid=1000, gid=1000, mode=0100664, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512535 (uid=1000, gid=1000, mode=0100664, size=40960) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512507 (uid=1000, gid=1000, mode=0100600, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512633 (uid=1000, gid=1000, mode=0100664, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597670 (uid=1000, gid=1000, mode=0100600, size=1024) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597666 (uid=1000, gid=1000, mode=0100600, size=1024) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597665 (uid=1000, gid=1000, mode=0100600, size=1024) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597664 (uid=1000, gid=1000, mode=0100600, size=1024) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597660 (uid=1000, gid=1000, mode=0100600, size=1024) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597659 (uid=1000, gid=1000, mode=0100600, size=1024) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512554 (uid=1000, gid=1000, mode=0100664, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597663 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597662 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597661 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512655 (uid=1000, gid=1000, mode=0100664, size=40960) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512646 (uid=1000, gid=1000, mode=0100600, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511850 (uid=1000, gid=1000, mode=0100664, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512561 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597658 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597657 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597656 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26084606 (uid=0, gid=0, mode=0100644, size=231956) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597653 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597652 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597651 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512628 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597650 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597649 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597648 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26745989 (uid=0, gid=0, mode=0100644, size=20852) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 25429002 (uid=0, gid=0, mode=0100644, size=134664) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597644 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597643 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597642 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597629 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597620 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597619 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511834 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512542 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26088132 (uid=0, gid=0, mode=0100644, size=230159) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597628 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597627 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597626 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597625 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597623 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597622 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512546 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511799 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 26746549 (uid=0, gid=0, mode=0100644, size=20796) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 25429045 (uid=0, gid=0, mode=0100644, size=134348) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597612 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597611 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597608 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597607 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597606 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597605 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512547 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597602 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597601 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597600 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512524 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512540 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24511624 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512538 (uid=1000, gid=1000, mode=040700, size=4096) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512578 (uid=1000, gid=1000, mode=0100664, size=8192) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512573 (uid=1000, gid=1000, mode=0100664, size=8192) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512543 (uid=1000, gid=1000, mode=0100664, size=8192) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597599 (uid=1000, gid=1000, mode=0100600, size=16384) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597598 (uid=1000, gid=1000, mode=0100600, size=16384) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597595 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597594 (uid=1000, gid=1000, mode=0100600, size=32768) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597593 (uid=1000, gid=1000, mode=0100600, size=65536) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597592 (uid=1000, gid=1000, mode=0100600, size=1048576) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 15597591 (uid=1000, gid=1000, mode=0100600, size=1048576) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510628 (uid=1000, gid=1000, mode=0100640, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510672 (uid=1000, gid=1000, mode=0100640, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510905 (uid=1000, gid=1000, mode=0100640, size=12288) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510911 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24510921 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: Clearing orphaned inode 24512549 (uid=1000, gid=1000, mode=0100664, size=28672) /dev/mapper/ubuntu--vg-root: clean, 270789/30253056 files, 7305684/120991744 blocks [[0m[31m* [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (41s / 5min 33s) [K[[1;31m*[0m[31m* [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (41s / 5min 33s) [K[[31m*[1;31m*[0m[31m* [0m] (1 of 8) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (42s / 5min 33s) [K[ [31m*[1;31m*[0m[31m* [0m] (2 of 8) A start job is running for Wait for Plymouth Boot Screen to Quit (42s / no limit) [K[[32m OK [0m] Started LSB: Apache2 web server. [ [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (48s / no limit) [K[ [31m*[1;31m*[0m[31m*[0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (48s / no limit) [K[ [31m*[1;31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (49s / 5min 33s) [K[ [31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (49s / 5min 33s) [K[ [31m*[1;31m*[0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (50s / 5min 33s) [K[ [31m*[1;31m*[0m[31m*[0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (50s / 5min 33s) [K[ [31m*[1;31m*[0m[31m* [0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (51s / 5min 33s) [K[ [31m*[1;31m*[0m[31m* [0m] (4 of 7) A start job is running for LSB: Starts amavisd-new mailfilter (51s / 5min 33s) [K[[31m*[1;31m*[0m[31m* [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (52s / no limit) [K[[1;31m*[0m[31m* [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (52s / no limit) [K[[0m[31m* [0m] (5 of 7) A start job is running for Detect the available GPUs and deal with any system changes (53s / no limit) [K[[1;31m*[0m[31m* [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (53s / 5min 33s) [K[[31m*[1;31m*[0m[31m* [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (54s / 5min 33s) [K[ [31m*[1;31m*[0m[31m* [0m] (6 of 7) A start job is running for LSB: start Samba daemons for the AD DC (54s / 5min 33s) [K[ [31m*[1;31m*[0m[31m* [0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (55s / 5min 33s) [K[ [31m*[1;31m*[0m[31m*[0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (55s / 5min 33s) [K[ [31m*[1;31m*[0m] (7 of 7) A start job is running for LSB: powerful, efficient, and scalable Mail Transport Agent (56s / 5min 33s) [K[ [31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (56s / 5min 33s) [K[ [31m*[1;31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (57s / 5min 33s) [K[ [31m*[1;31m*[0m[31m*[0m] (1 of 7) A start job is running for LSB: start Samba NetBIOS nameserver (nmbd) (57s / 5min 33s) [K[ [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (58s / no limit) [K[ [31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (58s / no limit) [K[[31m*[1;31m*[0m[31m* [0m] (2 of 7) A start job is running for Wait for Plymouth Boot Screen to Quit (59s / no limit) [K[[1;31m*[0m[31m* [0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (59s / 5min 33s) [K[[0m[31m* [0m] (3 of 7) A start job is running for LSB: HAVP virus-scanning HTTP proxy (1min / 5min 33s) [K[[1;31mFAILED[0m] Failed to start LSB: Starts amavisd-new mailfilter. See 'systemctl status amavis.service' for details. [[32m OK [0m] Started LSB: start Samba daemons for the AD DC. [[32m OK [0m] Started LSB: start Samba NetBIOS nameserver (nmbd). Starting LSB: start Samba SMB/CIFS daemon (smbd)... [[32m OK [0m] Started LSB: start Samba SMB/CIFS daemon (smbd). [[32m OK [0m] Started Detect the available GPUs and deal with any system changes. Starting Light Display Manager... Code:
ATTFilter Apr 14 19:33:47 bbs-sophos polkit-agent-helper-1[2617]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 19:33:47 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 14 19:39:36 bbs-sophos polkit-agent-helper-1[6132]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 19:39:36 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.89 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 14 19:48:22 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny ipp14 Apr 14 19:48:22 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 19:48:22 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 19:48:32 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny ipps Apr 14 19:48:32 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 19:48:32 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 19:48:44 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny LDP Apr 14 19:48:44 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 19:48:44 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 19:48:53 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny lpd Apr 14 19:48:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 19:48:54 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 19:49:13 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny 9100 Apr 14 19:49:13 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 19:49:13 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 19:49:53 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/sbin/ufw deny CUPS Apr 14 19:49:53 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 19:49:53 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 19:52:27 bbs-sophos polkit-agent-helper-1[10706]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 19:52:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.115 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:bbs) Apr 14 19:58:34 bbs-sophos polkit-agent-helper-1[11476]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 19:58:34 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.119 [/usr/bin/python3 /usr/bin/gnome-language-selector] (owned by unix-user:bbs) Apr 14 20:00:04 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 14 20:00:04 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 14 20:00:04 bbs-sophos pkexec[12385]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked] Apr 14 20:02:21 bbs-sophos dbus[693]: [system] Failed to activate service 'org.bluez': timed out Apr 14 20:05:10 bbs-sophos polkit-agent-helper-1[12717]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 20:05:10 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for system-bus-name::1.134 [/usr/bin/python3 /usr/bin/software-properties-gtk --open-tab 2 --toplevel 62914567] (owned by unix-user:bbs) Apr 14 20:05:22 bbs-sophos systemd-logind[745]: System is rebooting. Apr 14 20:09:35 bbs-sophos systemd-logind[785]: New seat seat0. Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event2 (Power Button) Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event3 (Video Bus) Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event0 (Power Button) Apr 14 20:09:35 bbs-sophos systemd-logind[785]: Watching system buttons on /dev/input/event1 (Sleep Button) Apr 14 20:09:40 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 14 20:09:40 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 14 20:09:40 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 14 20:09:40 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 14 20:09:40 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Apr 14 20:09:40 bbs-sophos systemd-logind[785]: New session c1 of user lightdm. Apr 14 20:09:40 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user lightdm by (uid=0) Apr 14 20:09:44 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory Apr 14 20:09:44 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet.so Apr 14 20:09:44 bbs-sophos lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory Apr 14 20:09:44 bbs-sophos lightdm: PAM adding faulty module: pam_kwallet5.so Apr 14 20:09:44 bbs-sophos lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bbs" Apr 14 20:10:09 bbs-sophos dbus[789]: [system] Failed to activate service 'org.bluez': timed out Apr 14 20:10:14 bbs-sophos lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Apr 14 20:10:14 bbs-sophos lightdm: pam_unix(lightdm:session): session opened for user bbs by (uid=0) Apr 14 20:10:14 bbs-sophos systemd-logind[785]: New session c2 of user bbs. Apr 14 20:10:14 bbs-sophos systemd: pam_unix(systemd-user:session): session opened for user bbs by (uid=0) Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The Secret Service was already initialized Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The SSH agent was already initialized Apr 14 20:10:16 bbs-sophos gnome-keyring-daemon[1094]: The PKCS#11 component was already initialized Apr 14 20:10:17 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.63 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:10:41 bbs-sophos dbus[789]: [system] Failed to activate service 'org.bluez': timed out Apr 14 20:11:31 bbs-sophos dbus[789]: [system] Rejected send message, 7 matched rules; type="method_call", sender=":1.90" (uid=1000 pid=1896 comm="/usr/bin/python /usr/lib/ubuntu-sso-client/ubuntu-") interface="(unset)" member="Get" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ") Apr 14 20:11:41 bbs-sophos systemd-logind[785]: Removed session c1. Apr 14 20:11:41 bbs-sophos systemd: pam_unix(systemd-user:session): session closed for user lightdm Apr 14 20:14:30 bbs-sophos polkit-agent-helper-1[1996]: pam_unix(polkit-1:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser=bbs rhost= user=bbs Apr 14 20:14:37 bbs-sophos polkit-agent-helper-1[1997]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 20:14:37 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.change-repository for system-bus-name::1.86 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 14 20:14:48 bbs-sophos dbus[789]: [system] Rejected send message, 7 matched rules; type="method_call", sender=":1.94" (uid=1000 pid=2042 comm="/usr/bin/python /usr/lib/ubuntu-sso-client/ubuntu-") interface="(unset)" member="Get" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ") Apr 14 20:17:01 bbs-sophos CRON[2464]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 14 20:17:01 bbs-sophos CRON[2464]: pam_unix(cron:session): session closed for user root Apr 14 20:18:56 bbs-sophos dbus[789]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.110" (uid=0 pid=2526 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=821 comm="/usr/sbin/NetworkManager --no-daemon ") Apr 14 20:22:27 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.debian.apt.change-repository for system-bus-name::1.86 [/usr/bin/python /usr/bin/software-center] (owned by unix-user:bbs) Apr 14 20:28:01 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de Apr 14 20:28:01 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 20:28:01 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 20:30:48 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install apturl Apr 14 20:30:48 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 20:30:48 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 20:31:19 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de Apr 14 20:31:19 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 20:31:19 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 20:31:37 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get autoremove Apr 14 20:31:37 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 20:34:02 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 20:36:15 bbs-sophos sudo: bbs : TTY=pts/1 ; PWD=/home/bbs ; USER=root ; COMMAND=/usr/bin/apt-get install language-pack-de Apr 14 20:36:15 bbs-sophos sudo: pam_unix(sudo:session): session opened for user root by bbs(uid=0) Apr 14 20:36:15 bbs-sophos sudo: pam_unix(sudo:session): session closed for user root Apr 14 20:39:39 bbs-sophos polkit-agent-helper-1[5760]: pam_ecryptfs: pam_sm_authenticate: /home/bbs is already mounted Apr 14 20:39:39 bbs-sophos polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:bbs to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.119 [/usr/bin/python3 /usr/bin/update-manager] (owned by unix-user:bbs) Apr 14 20:41:19 bbs-sophos pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Apr 14 20:41:19 bbs-sophos pkexec: pam_systemd(polkit-1:session): Cannot create session: Already running in a session Apr 14 20:41:19 bbs-sophos pkexec[5784]: bbs: Executing command [USER=root] [TTY=unknown] [CWD=/home/bbs] [COMMAND=/usr/lib/update-notifier/package-system-locked] Apr 14 20:43:40 bbs-sophos polkitd(authority=local): Registered Authentication Agent for unix-process:14682:228282 (system bus name :1.127 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Apr 14 20:43:40 bbs-sophos polkitd(authority=local): Unregistered Authentication Agent for unix-process:14682:228282 (system bus name :1.127, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) Clam läuft überhaupt nicht, logs werden meist nicht erstellt, obwohl in config aktiviert und neuste version, dann werden ordner einfach ausgelassen, die ich zum scannen gewählt habe, Infizierte Datein kann ich nicht löschen oder in Quarantäne verschieben. Trotzdem hier ein Log mit möglichen Infekten (fett) Code:
ATTFilter ------------------------------------------------------------------------------- ----------- SCAN SUMMARY ----------- Known viruses: 4303757 Engine version: 0.98.7 Scanned directories: 475 Scanned files: 1711 Infected files: 0 Total errors: 3 Data scanned: 271.81 MB Data read: 14823.12 MB (ratio 0.02:1) Time: 48.963 sec (0 m 48 s) ClamTk, v5.19 Sat Apr 16 01:38:46 2016 ClamAV-Signaturen: 4304101 Untersuchte Verzeichnisse: /etc/suricata/rules /lib/firmware/vxge /usr/lib/mono/4.0 /usr/lib/mono/4.5 /usr/share/clamav-testfiles /usr/share/mime 47 wahrscheinlich infizierte Bedrohungen gefunden (163333 Dateien untersucht). /usr/share/clamav-testfiles/clam.sis PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ea05.exe PUA.Win.Packer.Upx-48 /usr/share/clamav-testfiles/clam.newc.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ppt PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.bin-be.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-pespin.exe PUA.Win.Packer.PESpin-1 /usr/share/clamav-testfiles/clam.pdf PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.binhex PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.tar.gz PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam_IScab_int.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-aspack.exe PUA.Win.Packer.Asprotect-3 /usr/share/clamav-testfiles/clam-nsis.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.szdd PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam_cache_emax.tgz Clamav.Test.File-6 /usr/share/clamav-testfiles/clam_ISmsi_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-yc.exe PUA.Win.Packer.ExeshieldCrypto-1 /usr/share/clamav-testfiles/clam-upack.exe PUA.Win.Packer.UPack-3 /usr/share/clamav-testfiles/clam.cab PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ole.doc PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ea06.exe PUA.Win.Packer.Upx-48 /usr/share/clamav-testfiles/clam.zip PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.bz2 PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-fsg.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.7z PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.rtf PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-upx.exe PUA.Win.Packer.Upx-29 /usr/share/clamav-testfiles/clam.impl.zip PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.chm PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-petite.exe PUA.Win.Packer.Petite-1 /usr/share/clamav-testfiles/clam.bin-le.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.bz2.zip PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.arj PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-v2.rar PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam_ISmsi_int.exe PUA.Win.Packer.SetupExeSection-1 /usr/share/clamav-testfiles/clam_IScab_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1 /usr/lib/mono/4.5/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8 /usr/lib/mono/4.0/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8 /etc/suricata/rules/emerging-web_server.rules PUA.Html.Trojan.Crypt-355 /etc/suricata/rules/emerging-deleted.rules Html.Trojan.Blackhole-65 /etc/suricata/rules/emerging-activex.rules PUA.Win.Tool.ActiveX_CVE_2009_1671-1 /usr/share/clamav-testfiles/clam-v3.rar PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-wwpack.exe PUA.Win.Packer.Mslrh-35 /usr/share/clamav-testfiles/clam.odc.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-mew.exe PUA.Win.Packer.MEW-1 /usr/share/clamav-testfiles/clam.d64.zip PUA.Win.Packer.AcprotectUltraprotect-1 ---------------------------------------------------------------------------------------------------- ClamTk, v5.19 Sat Apr 16 03:48:31 2016 ClamAV-Signaturen: 4304101 Untersuchte Verzeichnisse: 0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht). Keine Bedrohungen gefunden. --------------------------------------------- ClamTk, v5.19 Sat Apr 16 04:42:42 2016 ClamAV-Signaturen: 4304101 Untersuchte Verzeichnisse: /media/bbs/WIN/2/Neuer Ordner /media/bbs/WIN/7 /media/bbs/WIN/8 0 wahrscheinlich infizierte Bedrohungen gefunden (2446 Dateien untersucht). Keine Bedrohungen gefunden. --------------------------------------------- ClamTk, v5.19 Sat Apr 16 04:45:04 2016 ClamAV-Signaturen: 4304101 Untersuchte Verzeichnisse: 0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht). Keine Bedrohungen gefunden. --------------------------------------------- ClamTk, v5.19 Sat Apr 16 04:46:50 2016 ClamAV-Signaturen: 4304101 Untersuchte Verzeichnisse: 0 wahrscheinlich infizierte Bedrohungen gefunden (1 Datei untersucht). Keine Bedrohungen gefunden. --------------------------------------------- ClamTk, v5.19 Sat Apr 16 06:52:13 2016 ClamAV-Signaturen: 4304101 Untersuchte Verzeichnisse: /etc/suricata/rules /lib/firmware/vxge /usr/lib/mono/4.0 /usr/lib/mono/4.5 /usr/share/clamav-testfiles /usr/share/mime 47 wahrscheinlich infizierte Bedrohungen gefunden (181162 Dateien untersucht). /usr/share/clamav-testfiles/clam.sis PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ea05.exe PUA.Win.Packer.Upx-48 /usr/share/clamav-testfiles/clam.newc.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ppt PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.bin-be.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-pespin.exe PUA.Win.Packer.PESpin-1 /usr/share/clamav-testfiles/clam.pdf PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.binhex PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.tar.gz PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam_IScab_int.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-aspack.exe PUA.Win.Packer.Asprotect-3 /usr/share/clamav-testfiles/clam-nsis.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.szdd PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam_cache_emax.tgz Clamav.Test.File-6 /usr/share/clamav-testfiles/clam_ISmsi_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-yc.exe PUA.Win.Packer.ExeshieldCrypto-1 /usr/share/clamav-testfiles/clam-upack.exe PUA.Win.Packer.UPack-3 /usr/share/clamav-testfiles/clam.cab PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ole.doc PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.ea06.exe PUA.Win.Packer.Upx-48 /usr/share/clamav-testfiles/clam.zip PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.bz2 PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-fsg.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.7z PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.exe.rtf PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-upx.exe PUA.Win.Packer.Upx-29 /usr/share/clamav-testfiles/clam.impl.zip PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.chm PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-petite.exe PUA.Win.Packer.Petite-1 /usr/share/clamav-testfiles/clam.bin-le.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.bz2.zip PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam.arj PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-v2.rar PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam_ISmsi_int.exe PUA.Win.Packer.SetupExeSection-1 /usr/share/clamav-testfiles/clam_IScab_ext.exe PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/mime/mime.cache PUA.Win.Exploit.CVE_2012_0110-1 /usr/lib/mono/4.5/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8 /usr/lib/mono/4.0/mscorlib.dll PUA.Win.Packer.PrivateExeProte-8 /etc/suricata/rules/emerging-web_server.rules PUA.Html.Trojan.Crypt-355 /etc/suricata/rules/emerging-deleted.rules Html.Trojan.Blackhole-65 /etc/suricata/rules/emerging-activex.rules PUA.Win.Tool.ActiveX_CVE_2009_1671-1 /usr/share/clamav-testfiles/clam-v3.rar PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-wwpack.exe PUA.Win.Packer.Mslrh-35 /usr/share/clamav-testfiles/clam.odc.cpio PUA.Win.Packer.AcprotectUltraprotect-1 /usr/share/clamav-testfiles/clam-mew.exe PUA.Win.Packer.MEW-1 /usr/share/clamav-testfiles/clam.d64.zip PUA.Win.Packer.AcprotectUltraprotect-1 ---------------------------------------------------------------------------------------------------- chkrootkit Code:
ATTFilter bbs@bbs-sophos:~$ sudo chkrootkit [sudo] Passwort für bbs: ROOTDIR is `/' Checking `amd'... not found Checking `basename'... not infected Checking `biff'... not found Checking `chfn'... not infected Checking `chsh'... not infected Checking `cron'... not infected Checking `crontab'... not infected Checking `date'... not infected Checking `du'... not infected Checking `dirname'... not infected Checking `echo'... not infected Checking `egrep'... not infected Checking `env'... not infected Checking `find'... not infected Checking `fingerd'... not found Checking `gpm'... not found Checking `grep'... not infected Checking `hdparm'... not infected Checking `su'... not infected Checking `ifconfig'... not infected Checking `inetd'... not infected Checking `inetdconf'... not found Checking `identd'... not found Checking `init'... not infected Checking `killall'... not infected Checking `ldsopreload'... not infected Checking `login'... not infected Checking `ls'... not infected Checking `lsof'... not infected Checking `mail'... not infected Checking `mingetty'... not found Checking `netstat'... not infected Checking `named'... not found Checking `passwd'... not infected Checking `pidof'... not infected Checking `pop2'... not found Checking `pop3'... not found Checking `ps'... not infected Checking `pstree'... not infected Checking `rpcinfo'... not found Checking `rlogind'... not found Checking `rshd'... not found Checking `slogin'... not infected Checking `sendmail'... not infected Checking `sshd'... not found Checking `syslogd'... not tested Checking `tar'... not infected Checking `tcpd'... not infected Checking `tcpdump'... not infected Checking `top'... not infected Checking `telnetd'... not found Checking `timed'... not found Checking `traceroute'... not found Checking `vdir'... not infected Checking `w'... not infected Checking `write'... not infected Checking `aliens'... no suspect files Searching for sniffer's logs, it may take a while... nothing found Searching for rootkit HiDrootkit's default files... nothing found Searching for rootkit t0rn's default files... nothing found Searching for t0rn's v8 defaults... nothing found Searching for rootkit Lion's default files... nothing found Searching for rootkit RSHA's default files... nothing found Searching for rootkit RH-Sharpe's default files... nothing found Searching for Ambient's rootkit (ark) default files and dirs... nothing found Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id /lib/modules/4.2.0-35-generic/vdso/.build-id /lib/modules/4.2.0-16-generic/vdso/.build-id Searching for LPD Worm files and dirs... nothing found Searching for Ramen Worm files and dirs... nothing found Searching for Maniac files and dirs... nothing found Searching for RK17 files and dirs... nothing found Searching for Ducoci rootkit... nothing found Searching for Adore Worm... nothing found Searching for ShitC Worm... nothing found Searching for Omega Worm... nothing found Searching for Sadmind/IIS Worm... nothing found Searching for MonKit... nothing found Searching for Showtee... nothing found Searching for OpticKit... nothing found Searching for T.R.K... nothing found Searching for Mithra... nothing found Searching for LOC rootkit... nothing found Searching for Romanian rootkit... nothing found Searching for Suckit rootkit... nothing found Searching for Volc rootkit... nothing found Searching for Gold2 rootkit... nothing found Searching for TC2 Worm default files and dirs... nothing found Searching for Anonoying rootkit default files and dirs... nothing found Searching for ZK rootkit default files and dirs... nothing found Searching for ShKit rootkit default files and dirs... nothing found Searching for AjaKit rootkit default files and dirs... nothing found Searching for zaRwT rootkit default files and dirs... nothing found Searching for Madalin rootkit default files... nothing found Searching for Fu rootkit default files... nothing found Searching for ESRK rootkit default files... nothing found Searching for rootedoor... nothing found Searching for ENYELKM rootkit default files... nothing found Searching for common ssh-scanners default files... nothing found Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd Searching for 64-bit Linux Rootkit ... nothing found Searching for 64-bit Linux Rootkit modules... nothing found Searching for suspect PHP files... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... You have 3 process hidden for readdir command You have 3 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed chkdirs: nothing detected Checking `rexedcs'... not found Checking `sniffer'... lo: not promisc and no packet sniffer sockets enp3s0: PACKET SNIFFER(/sbin/dhclient[6636]) Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... user bbs deleted or never logged from lastlog! user root deleted or never logged from lastlog! Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 1164 tty7 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected Zudem: keine Software aus dritten Quellen installiert (Außnahme: Cryptkeeper/ Clam von offiziellen Quellen), keine neuen Benutzer angelegt oder bestehende konfiguriert, kein ssh, cups, samba, VNC, rdp, bluetooth, filesharing oder sonstigen Schnickschnack konfiguriert oder genutzt. Sufen und VirtualBox waren die Hauptaktivitären (Win10 Iso direkt von Mircosoft). |
16.04.2016, 09:55 | #68 | ||||||
/// Mac Expert | Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Du verwendest tools die nachweislich Fehlalarme erzeugen. Alle Dateien die du dort aufgelistet hast sind nicht infiziert. Zitat:
https://wiki.ubuntuusers.de/MIME-Typ/ ... sind Bestandteile von Mono. Das einzige was du damit bewirkst wenn du sie löscht ist, dass du mono neu Aufsetzen musst. Die PUA-Funktion von ClamAV ist fehlerhaft und ist Standardmässig deaktiviert. Ich nehme mal an das du es selbst aktiviert hast? Zitat:
Zitat:
Zitat:
Zitat:
...und das ist das beste Zitat:
Ubuntu Manpage: dhclient - Dynamic Host Configuration Protocol Client Bevor du also weiterhin mit panischen Attacken nach Infektionen suchst die gar keine sind, solltest du dich mal hinsetzen und ein wenig über forensische Analyse bei Malware und Reverse Engineering in Erfahrung bringen. Denn dieses wilde posten von Logs ohne selbst eine konkrete Vermutung oder Untersuchung anzustellen -oder zumindest selbst aktiv zu werden - postest du munter weiter. PS: ...und mehr über die Sicherheit von Unix/Linux Systemen in Erfahrung bringen. Denn wären diese wirklich so Anfällig wie es deine Logs beschreiben würden, dann wären sie nicht Weltweit die Standards für Server-Applikationen.
__________________ ----------------- -Gruß dante12 ----------------- Lob, Kritik, Wünsche? Spende fürs trojaner-board? Geändert von Dante12 (16.04.2016 um 10:02 Uhr) |
16.04.2016, 18:32 | #69 |
| Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR Kurzfassung: du verwendest die Tools falsch und bist panikartig auf Gespensterjagd. Ein Ubuntu in der Standardinstallation ist schonmal ziemlich sicher, lehn dich zurück und arbeite dich erst in Linux, dann in diese Tools ein bevor du weiter Panik schiebst. |
Themen zu Linux: Bootkit Nemesis- Bios/Firmware Malware im VBR |
required |