Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- execve("/usr/sbin/useradd", ["useradd", "itaig"], [/* 34 vars */]) = 0
- brk(0) = 0xd3d000
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e43000
- access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- open("/etc/ld.so.cache", O_RDONLY) = 3
- fstat(3, {st_mode=S_IFREG|0644, st_size=59951, ...}) = 0
- mmap(NULL, 59951, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5bf5e34000
- close(3) = 0
- open("/lib64/libaudit.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0%\240\3069\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=95016, ...}) = 0
- mmap(0x39c6a00000, 2187792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x39c6a00000
- mprotect(0x39c6a16000, 2093056, PROT_NONE) = 0
- mmap(0x39c6c15000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x39c6c15000
- close(3) = 0
- open("/lib64/libselinux.so.1", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20V\340\2719\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=124592, ...}) = 0
- mmap(0x39b9e00000, 2221872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x39b9e00000
- mprotect(0x39b9e1d000, 2093056, PROT_NONE) = 0
- mmap(0x39ba01c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x39ba01c000
- mmap(0x39ba01e000, 1840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x39ba01e000
- close(3) = 0
- open("/lib64/libc.so.6", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\355a\2709\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=1838296, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e33000
- mmap(0x39b8600000, 3664040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x39b8600000
- mprotect(0x39b8775000, 2097152, PROT_NONE) = 0
- mmap(0x39b8975000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x175000) = 0x39b8975000
- mmap(0x39b897a000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x39b897a000
- close(3) = 0
- open("/lib64/libdl.so.2", O_RDONLY) = 3
- read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\240\2709\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
- mmap(0x39b8a00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x39b8a00000
- mprotect(0x39b8a02000, 2097152, PROT_NONE) = 0
- mmap(0x39b8c02000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x39b8c02000
- close(3) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e32000
- mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e30000
- arch_prctl(ARCH_SET_FS, 0x7f5bf5e307a0) = 0
- mprotect(0x39c6c15000, 4096, PROT_READ) = 0
- mprotect(0x39ba01c000, 4096, PROT_READ) = 0
- mprotect(0x39b8975000, 16384, PROT_READ) = 0
- mprotect(0x39b8c02000, 4096, PROT_READ) = 0
- mprotect(0x39b841e000, 4096, PROT_READ) = 0
- munmap(0x7f5bf5e34000, 59951) = 0
- statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=12901535, f_bfree=6482979, f_bavail=5827619, f_files=3276800, f_ffree=2742284, f_fsid={849892595, 268085410}, f_namelen=255, f_frsize=4096}) = 0
- brk(0) = 0xd3d000
- brk(0xd5e000) = 0xd5e000
- open("/proc/filesystems", O_RDONLY) = 3
- fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e42000
- read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 1024) = 376
- read(3, "", 1024) = 0
- close(3) = 0
- munmap(0x7f5bf5e42000, 4096) = 0
- socket(PF_NETLINK, SOCK_RAW, 9) = 3
- fcntl(3, F_SETFD, FD_CLOEXEC) = 0
- open("/usr/lib/locale/locale-archive", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=99158752, ...}) = 0
- mmap(NULL, 99158752, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f5beff9f000
- close(4) = 0
- open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
- read(4, "65536\n", 31) = 6
- close(4) = 0
- mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5beff1e000
- access("/etc/shadow", F_OK) = 0
- access("/etc/gshadow", F_OK) = 0
- open("/etc/default/useradd", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0600, st_size=119, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5beff1d000
- read(4, "# useradd defaults file\nGROUP=10"..., 4096) = 119
- socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
- connect(5, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(5) = 0
- socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
- connect(5, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(5) = 0
- open("/etc/nsswitch.conf", O_RDONLY) = 5
- fstat(5, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5beff1c000
- read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1704
- read(5, "", 4096) = 0
- close(5) = 0
- munmap(0x7f5beff1c000, 4096) = 0
- open("/etc/ld.so.cache", O_RDONLY) = 5
- fstat(5, {st_mode=S_IFREG|0644, st_size=59951, ...}) = 0
- mmap(NULL, 59951, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f5beff0e000
- close(5) = 0
- open("/lib64/libnss_files.so.2", O_RDONLY) = 5
- read(5, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20!\0\0\0\0\0\0"..., 832) = 832
- fstat(5, {st_mode=S_IFREG|0755, st_size=61624, ...}) = 0
- mmap(NULL, 2147728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f5befd01000
- mprotect(0x7f5befd0d000, 2093056, PROT_NONE) = 0
- mmap(0x7f5beff0c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xb000) = 0x7f5beff0c000
- close(5) = 0
- mprotect(0x7f5beff0c000, 4096, PROT_READ) = 0
- munmap(0x7f5beff0e000, 59951) = 0
- open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
- fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
- fstat(5, {st_mode=S_IFREG|0644, st_size=957, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5beff1c000
- read(5, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 957
- close(5) = 0
- munmap(0x7f5beff1c000, 4096) = 0
- read(4, "", 4096) = 0
- close(4) = 0
- munmap(0x7f5beff1d000, 4096) = 0
- open("/etc/login.defs", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=1475, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5beff1d000
- read(4, "# *REQUIRED*\n# Directory where"..., 4096) = 1475
- read(4, "", 4096) = 0
- close(4) = 0
- munmap(0x7f5beff1d000, 4096) = 0
- socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
- connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(4) = 0
- socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
- connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
- close(4) = 0
- open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=2136, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5beff1d000
- read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2136
- read(4, "", 4096) = 0
- close(4) = 0
- munmap(0x7f5beff1d000, 4096) = 0
- open("/etc/ld.so.cache", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=59951, ...}) = 0
- mmap(NULL, 59951, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f5beff0f000
- close(4) = 0
- open("/lib64/libnss_nis.so.2", O_RDONLY) = 4
- read(4, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\37\0\0\0\0\0\0"..., 832) = 832
- fstat(4, {st_mode=S_IFREG|0755, st_size=52488, ...}) = 0
- mmap(NULL, 2139320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f5befaf6000
- mprotect(0x7f5befb00000, 2093056, PROT_NONE) = 0
- mmap(0x7f5befcff000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x9000) = 0x7f5befcff000
- close(4) = 0
- open("/lib64/libnsl.so.1", O_RDONLY) = 4
- read(4, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360?`\3079\0\0\0"..., 832) = 832
- fstat(4, {st_mode=S_IFREG|0755, st_size=116136, ...}) = 0
- mmap(0x39c7600000, 2198192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x39c7600000
- mprotect(0x39c7616000, 2093056, PROT_NONE) = 0
- mmap(0x39c7815000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x15000) = 0x39c7815000
- mmap(0x39c7817000, 6832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x39c7817000
- close(4) = 0
- mprotect(0x39c7815000, 4096, PROT_READ) = 0
- mprotect(0x7f5befcff000, 4096, PROT_READ) = 0
- munmap(0x7f5beff0f000, 59951) = 0
- uname({sys="Linux", node="ab2c1", ...}) = 0
- socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 4
- bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
- connect(4, {sa_family=AF_INET, sin_port=htons(111), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
- getpid() = 30608
- gettimeofday({1374050767, 367041}, NULL) = 0
- write(4, "\200\0\0008t(B\221\0\0\0\0\0\0\0\2\0\1\206\240\0\0\0\2\0\0\0\3\0\0\0\0"..., 60) = 60
- poll([{fd=4, events=POLLIN}], 1, 60000) = 1 ([{fd=4, revents=POLLIN}])
- read(4, "\200\0\0\34t(B\221\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\277", 400) = 32
- close(4) = 0
- socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 4
- bind(4, {sa_family=AF_INET, sin_port=htons(680), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
- connect(4, {sa_family=AF_INET, sin_port=htons(959), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
- write(4, "\200\0\0@\26f\7\247\0\0\0\0\0\0\0\2\0\1\206\247\0\0\0\2\0\0\0\1\0\0\0\0"..., 68) = 68
- poll([{fd=4, events=POLLIN}], 1, 25000) = 1 ([{fd=4, revents=POLLIN}])
- read(4, "\200\0\0$\26f\7\247\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1"..., 4000) = 40
- close(4) = 0
- socket(PF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_UDP) = 4
- bind(4, {sa_family=AF_INET, sin_port=htons(681), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
- setsockopt(4, SOL_IP, IP_RECVERR, [1], 4) = 0
- sendto(4, "\25\266\315e\0\0\0\0\0\0\0\2\0\1\206\244\0\0\0\2\0\0\0\3\0\0\0\0\0\0\0\0"..., 96, 0, {sa_family=AF_INET, sin_port=htons(737), sin_addr=inet_addr("10.1.2.112")}, 16) = 96
- poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
- recvfrom(4, "\25\266\315e\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\207"..., 8800, MSG_DONTWAIT, {sa_family=AF_INET, sin_port=htons(737), sin_addr=inet_addr("10.1.2.112")}, [16]) = 168
- close(4) = 0
- open("/etc/default/nss", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=1756, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e42000
- read(4, "# /etc/default/nss\n# This file c"..., 4096) = 1756
- read(4, "", 4096) = 0
- close(4) = 0
- munmap(0x7f5bf5e42000, 4096) = 0
- open("/usr/share/locale/locale.alias", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e42000
- read(4, "# Locale name alias data base.\n#"..., 4096) = 2512
- read(4, "", 4096) = 0
- close(4) = 0
- munmap(0x7f5bf5e42000, 4096) = 0
- open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
- write(2, "useradd: user 'itaig' already ex"..., 37useradd: user 'itaig' already exists
- ) = 37
- readlink("/proc/self/exe", "/usr/sbin/useradd", 4095) = 17
- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
- readlink("/proc/self/fd/0", "/dev/pts/2"..., 31) = 10
- lstat("/dev/pts/2", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
- sendto(3, "p\0\0\0Z\4\5\0\1\0\0\0\0\0\0\0op=adding user a"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112
- poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}])
- recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0\220w\0\0\0\0\0\0p\0\0\0Z\4\5\0\1\0\0\0"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
- recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0\220w\0\0\0\0\0\0p\0\0\0Z\4\5\0\1\0\0\0"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
- readlink("/proc/self/exe", "/usr/sbin/useradd", 4095) = 17
- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
- readlink("/proc/self/fd/0", "/dev/pts/2"..., 31) = 10
- lstat("/dev/pts/2", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
- sendto(3, "p\0\0\0Z\4\5\0\2\0\0\0\0\0\0\0op=adding user a"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112
- poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}])
- recvfrom(3, "$\0\0\0\2\0\0\0\2\0\0\0\220w\0\0\0\0\0\0p\0\0\0Z\4\5\0\2\0\0\0"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
- recvfrom(3, "$\0\0\0\2\0\0\0\2\0\0\0\220w\0\0\0\0\0\0p\0\0\0Z\4\5\0\2\0\0\0"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
- gettimeofday({1374050767, 376736}, NULL) = 0
- open("/etc/localtime", O_RDONLY) = 4
- fstat(4, {st_mode=S_IFREG|0644, st_size=2197, ...}) = 0
- fstat(4, {st_mode=S_IFREG|0644, st_size=2197, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5bf5e42000
- read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2197
- lseek(4, -1394, SEEK_CUR) = 803
- read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 1394
- close(4) = 0
- munmap(0x7f5bf5e42000, 4096) = 0
- socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
- connect(4, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
- sendto(4, "<86>Jul 17 11:46:07 useradd[3060"..., 76, MSG_NOSIGNAL, NULL, 0) = 76
- exit_group(9) = ?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement