Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NESSUS root@server:/var/www/webXX/htdocs/shops/kunde/tbtest # strace -e trace=%file -tfq -s 255 $(for i in $(ps auxf | grep webXX | awk '{ print $2 }'); do echo -n "-p $i "; done)
- strace: attach: ptrace(PTRACE_SEIZE, 25686): No such process
- [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops/kunde/tbtest/tb.php", {st_mode=S_IFREG|0644, st_size=634, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops/kunde/tbtest", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops/kunde", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www/webXX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 stat("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 getcwd("/var/www/webXX/conf/php56", 4096) = 26
- [pid 32631] 14:26:16 lstat("/var/www/webXX/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www/webXX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 32631] 14:26:16 openat(AT_FDCWD, "/var/www/webXX/tmp/phpZ4qi9c", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
- [pid 32631] 14:26:16 stat("/usr/lib/liveconfig/uploadscan.sh", {st_mode=S_IFREG|0755, st_size=1614, ...}) = 0
- [pid 32631] 14:26:16 access("/usr/lib/liveconfig/uploadscan.sh", R_OK|X_OK) = 0
- [pid 25691] 14:26:16 execve("/bin/sh", ["sh", "-c", "/usr/lib/liveconfig/uploadscan.sh /var/www/webXX/tmp/phpZ4qi9c 2>&1"], 0x7ffd4db7ad08 /* 6 vars */) = 0
- [pid 25691] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- [pid 25691] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
- [pid 25691] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
- [pid 25691] 14:26:16 stat("/var/www/webXX/conf/php56", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 25691] 14:26:16 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 25692] 14:26:16 execve("/usr/lib/liveconfig/uploadscan.sh", ["/usr/lib/liveconfig/uploadscan.sh", "/var/www/webXX/tmp/phpZ4qi9c"], 0x560a95492c70 /* 6 vars */) = 0
- [pid 25692] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- [pid 25692] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
- [pid 25692] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
- [pid 25692] 14:26:16 stat("/var/www/webXX/conf/php56", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 25692] 14:26:16 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 25692] 14:26:16 openat(AT_FDCWD, "/usr/lib/liveconfig/uploadscan.sh", O_RDONLY) = 3
- [pid 25693] 14:26:16 openat(AT_FDCWD, "/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
- [pid 25693] 14:26:16 stat("/usr/bin/pidof", 0x7ffc6200f0e0) = -1 ENOENT (No such file or directory)
- [pid 25693] 14:26:16 stat("/bin/pidof", {st_mode=S_IFREG|0755, st_size=27248, ...}) = 0
- [pid 25693] 14:26:16 execve("/bin/pidof", ["pidof", "clamd"], 0x55f4b1d4ec88 /* 6 vars */) = 0
- [pid 25693] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- [pid 25693] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
- [pid 25693] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
- ....
- [pid 25695] 14:26:16 openat(AT_FDCWD, "/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
- [pid 25695] 14:26:16 stat("/usr/bin/which", {st_mode=S_IFREG|0755, st_size=946, ...}) = 0
- [pid 25695] 14:26:16 execve("/usr/bin/which", ["which", "clamdscan"], 0x55f4b28b5b80 /* 6 vars */) = 0
- [pid 25695] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- [pid 25695] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
- [pid 25695] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
- [pid 25695] 14:26:16 stat("/var/www/webXX/conf/php56", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 25695] 14:26:16 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
- [pid 25695] 14:26:16 openat(AT_FDCWD, "/usr/bin/which", O_RDONLY) = 3
- [pid 25695] 14:26:16 stat("/usr/bin/clamdscan", {st_mode=S_IFREG|0755, st_size=233424, ...}) = 0
- [pid 25695] 14:26:16 faccessat(AT_FDCWD, "/usr/bin/clamdscan", X_OK) = 0
- [pid 25695] 14:26:16 +++ exited with 0 +++
- [pid 25692] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25695, si_uid=20080, si_status=0, si_utime=0, si_stime=0} ---
- [pid 25692] 14:26:16 faccessat(AT_FDCWD, "/usr/bin/clamdscan", X_OK) = 0
- [pid 25696] 14:26:16 execve("/usr/bin/clamdscan", ["/usr/bin/clamdscan", "--fdpass", "--infected", "--no-summary", "/var/www/webXX/tmp/phpZ4qi9c"], 0x55f4b28b5c18 /* 6 vars */) = 0
- [pid 25696] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/etc/clamav/clamd.conf", O_RDONLY) = 3
- [pid 25696] 14:26:16 lstat("/var/www/webXX/tmp/phpZ4qi9c", {st_mode=S_IFREG|0600, st_size=78317, ...}) = 0
- [pid 25696] 14:26:16 openat(AT_FDCWD, "/var/www/webXX/tmp/phpZ4qi9c", O_RDONLY) = 5
- [pid 25696] 14:26:16 +++ exited with 2 +++
- [pid 25692] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25696, si_uid=20080, si_status=2, si_utime=0, si_stime=0} ---
- [pid 25692] 14:26:16 +++ exited with 0 +++
- [pid 25691] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25692, si_uid=20080, si_status=0, si_utime=0, si_stime=0} ---
- [pid 25691] 14:26:16 +++ exited with 0 +++
- [pid 32631] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25691, si_uid=20080, si_status=0, si_utime=0, si_stime=0} ---
- [pid 32631] 14:26:16 unlink("/var/www/webXX/tmp/phpZ4qi9c") = 0
- [pid 32631] 14:26:16 getcwd("/var/www/webXX/conf/php56", 4095) = 26
- [pid 32631] 14:26:16 chdir("/var/www/webXX/htdocs/shops/kunde/tbtest") = 0
- [pid 32631] 14:26:16 stat("/var/www/webXX/htdocs/shops/kunde/tbtest/tb.php", {st_mode=S_IFREG|0644, st_size=634, ...}) = 0
- [pid 32631] 14:26:16 chdir("/var/www/webXX/conf/php56") = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement