API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 11th, 2017
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.62 KB | None | 0 0
raw download clone embed print report
  1. execve("/sbin/auditd", ["/sbin/auditd", "-s", "enable"], [/* 34 vars */]) = 0
  2. brk(0) = 0x7fd4000ee000
  3. mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb71000
  4. access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  5. open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  6. fstat(3, {st_mode=S_IFREG|0644, st_size=60969, ...}) = 0
  7. mmap(NULL, 60969, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd3feb62000
  8. close(3) = 0
  9. open("/lib64/libauparse.so.0", O_RDONLY|O_CLOEXEC) = 3
  10. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 ,\0\0\0\0\0\0"..., 832) = 832
  11. fstat(3, {st_mode=S_IFREG|0755, st_size=96856, ...}) = 0
  12. mmap(NULL, 2192248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fe51e000
  13. mprotect(0x7fd3fe534000, 2097152, PROT_NONE) = 0
  14. mmap(0x7fd3fe734000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7fd3fe734000
  15. close(3) = 0
  16. open("/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3
  17. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`0\0\0\0\0\0\0"..., 832) = 832
  18. fstat(3, {st_mode=S_IFREG|0755, st_size=145936, ...}) = 0
  19. mmap(NULL, 2241336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fe2fa000
  20. mprotect(0x7fd3fe313000, 2093056, PROT_NONE) = 0
  21. mmap(0x7fd3fe512000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7fd3fe512000
  22. close(3) = 0
  23. open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
  24. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000p\0\0\0\0\0\0"..., 832) = 832
  25. fstat(3, {st_mode=S_IFREG|0755, st_size=125529, ...}) = 0
  26. mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb61000
  27. mmap(NULL, 2204784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fe0df000
  28. mprotect(0x7fd3fe0f5000, 2093056, PROT_NONE) = 0
  29. mmap(0x7fd3fe2f4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7fd3fe2f4000
  30. mmap(0x7fd3fe2f6000, 13424, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd3fe2f6000
  31. close(3) = 0
  32. open("/lib64/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
  33. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`#\0\0\0\0\0\0"..., 832) = 832
  34. fstat(3, {st_mode=S_IFREG|0755, st_size=31536, ...}) = 0
  35. mmap(NULL, 2128920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fded7000
  36. mprotect(0x7fd3fdede000, 2093056, PROT_NONE) = 0
  37. mmap(0x7fd3fe0dd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fd3fe0dd000
  38. close(3) = 0
  39. open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
  40. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220U\0\0\0\0\0\0"..., 832) = 832
  41. fstat(3, {st_mode=S_IFREG|0755, st_size=1050808, ...}) = 0
  42. mmap(NULL, 3146072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fdbd6000
  43. mprotect(0x7fd3fdcd5000, 2097152, PROT_NONE) = 0
  44. mmap(0x7fd3fded5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xff000) = 0x7fd3fded5000
  45. close(3) = 0
  46. open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  47. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\34\2\0\0\0\0\0"..., 832) = 832
  48. fstat(3, {st_mode=S_IFREG|0755, st_size=1664416, ...}) = 0
  49. mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb60000
  50. mmap(NULL, 3771584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fd83d000
  51. mprotect(0x7fd3fd9cd000, 2093056, PROT_NONE) = 0
  52. mmap(0x7fd3fdbcc000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18f000) = 0x7fd3fdbcc000
  53. mmap(0x7fd3fdbd2000, 15552, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd3fdbd2000
  54. close(3) = 0
  55. open("/usr/lib64/libcap-ng.so.0", O_RDONLY|O_CLOEXEC) = 3
  56. read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\23\0\0\0\0\0\0"..., 832) = 832
  57. fstat(3, {st_mode=S_IFREG|0755, st_size=18512, ...}) = 0
  58. mmap(NULL, 2113864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fd638000
  59. mprotect(0x7fd3fd63c000, 2093056, PROT_NONE) = 0
  60. mmap(0x7fd3fd83b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fd3fd83b000
  61. close(3) = 0
  62. mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb5f000
  63. mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb5d000
  64. arch_prctl(ARCH_SET_FS, 0x7fd3feb5d740) = 0
  65. mprotect(0x7fd3fdbcc000, 16384, PROT_READ) = 0
  66. mprotect(0x7fd3fd83b000, 4096, PROT_READ) = 0
  67. mprotect(0x7fd3fded5000, 4096, PROT_READ) = 0
  68. mprotect(0x7fd3fe2f4000, 4096, PROT_READ) = 0
  69. mprotect(0x7fd3fe0dd000, 4096, PROT_READ) = 0
  70. mprotect(0x7fd3fe512000, 4096, PROT_READ) = 0
  71. mprotect(0x7fd3fe734000, 4096, PROT_READ) = 0
  72. mprotect(0x7fd3feb72000, 4096, PROT_READ) = 0
  73. mprotect(0x7fd3fe956000, 4096, PROT_READ) = 0
  74. munmap(0x7fd3feb62000, 60969) = 0
  75. set_tid_address(0x7fd3feb5da10) = 4320
  76. set_robust_list(0x7fd3feb5da20, 24) = 0
  77. rt_sigaction(SIGRTMIN, {0x7fd3fe0e5b10, [], SA_RESTORER|SA_SIGINFO, 0x7fd3fe0eef20}, NULL, 8) = 0
  78. rt_sigaction(SIGRT_1, {0x7fd3fe0e5b90, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7fd3fe0eef20}, NULL, 8) = 0
  79. rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
  80. getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
  81. umask(077) = 02
  82. umask(022) = 077
  83. brk(0) = 0x7fd4000ee000
  84. brk(0x7fd40010f000) = 0x7fd40010f000
  85. capget({0 /* _LINUX_CAPABILITY_VERSION_??? */, 0}, NULL) = 0
  86. gettid() = 4320
  87. capget({_LINUX_CAPABILITY_VERSION_3, 4320}, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, 0}) = 0
  88. open("/proc/4320/status", O_RDONLY|O_CLOEXEC) = 3
  89. fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
  90. mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb70000
  91. read(3, "Name:\tauditd\nState:\tR (running)\n"..., 1024) = 809
  92. close(3) = 0
  93. munmap(0x7fd3feb70000, 4096) = 0
  94. capget({0 /* _LINUX_CAPABILITY_VERSION_??? */, 0}, NULL) = 0
  95. gettid() = 4320
  96. capget({_LINUX_CAPABILITY_VERSION_3, 4320}, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, 0}) = 0
  97. open("/proc/4320/status", O_RDONLY|O_CLOEXEC) = 3
  98. fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
  99. mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb70000
  100. read(3, "Name:\tauditd\nState:\tR (running)\n"..., 1024) = 809
  101. close(3) = 0
  102. munmap(0x7fd3feb70000, 4096) = 0
  103. write(2, "You must be root or have capabil"..., 59You must be root or have capabilities to run this program.
  104. ) = 59
  105. exit_group(4) = ?
  106. +++ exited with 4 +++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!