Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- execve("/sbin/auditd", ["/sbin/auditd", "-s", "enable"], [/* 34 vars */]) = 0
- brk(0) = 0x7fd4000ee000
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb71000
- access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
- open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
- fstat(3, {st_mode=S_IFREG|0644, st_size=60969, ...}) = 0
- mmap(NULL, 60969, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd3feb62000
- close(3) = 0
- open("/lib64/libauparse.so.0", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 ,\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=96856, ...}) = 0
- mmap(NULL, 2192248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fe51e000
- mprotect(0x7fd3fe534000, 2097152, PROT_NONE) = 0
- mmap(0x7fd3fe734000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7fd3fe734000
- close(3) = 0
- open("/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`0\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=145936, ...}) = 0
- mmap(NULL, 2241336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fe2fa000
- mprotect(0x7fd3fe313000, 2093056, PROT_NONE) = 0
- mmap(0x7fd3fe512000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7fd3fe512000
- close(3) = 0
- open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000p\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=125529, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb61000
- mmap(NULL, 2204784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fe0df000
- mprotect(0x7fd3fe0f5000, 2093056, PROT_NONE) = 0
- mmap(0x7fd3fe2f4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7fd3fe2f4000
- mmap(0x7fd3fe2f6000, 13424, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd3fe2f6000
- close(3) = 0
- open("/lib64/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`#\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=31536, ...}) = 0
- mmap(NULL, 2128920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fded7000
- mprotect(0x7fd3fdede000, 2093056, PROT_NONE) = 0
- mmap(0x7fd3fe0dd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fd3fe0dd000
- close(3) = 0
- open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220U\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=1050808, ...}) = 0
- mmap(NULL, 3146072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fdbd6000
- mprotect(0x7fd3fdcd5000, 2097152, PROT_NONE) = 0
- mmap(0x7fd3fded5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xff000) = 0x7fd3fded5000
- close(3) = 0
- open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\34\2\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=1664416, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb60000
- mmap(NULL, 3771584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fd83d000
- mprotect(0x7fd3fd9cd000, 2093056, PROT_NONE) = 0
- mmap(0x7fd3fdbcc000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18f000) = 0x7fd3fdbcc000
- mmap(0x7fd3fdbd2000, 15552, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd3fdbd2000
- close(3) = 0
- open("/usr/lib64/libcap-ng.so.0", O_RDONLY|O_CLOEXEC) = 3
- read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\23\0\0\0\0\0\0"..., 832) = 832
- fstat(3, {st_mode=S_IFREG|0755, st_size=18512, ...}) = 0
- mmap(NULL, 2113864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd3fd638000
- mprotect(0x7fd3fd63c000, 2093056, PROT_NONE) = 0
- mmap(0x7fd3fd83b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fd3fd83b000
- close(3) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb5f000
- mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb5d000
- arch_prctl(ARCH_SET_FS, 0x7fd3feb5d740) = 0
- mprotect(0x7fd3fdbcc000, 16384, PROT_READ) = 0
- mprotect(0x7fd3fd83b000, 4096, PROT_READ) = 0
- mprotect(0x7fd3fded5000, 4096, PROT_READ) = 0
- mprotect(0x7fd3fe2f4000, 4096, PROT_READ) = 0
- mprotect(0x7fd3fe0dd000, 4096, PROT_READ) = 0
- mprotect(0x7fd3fe512000, 4096, PROT_READ) = 0
- mprotect(0x7fd3fe734000, 4096, PROT_READ) = 0
- mprotect(0x7fd3feb72000, 4096, PROT_READ) = 0
- mprotect(0x7fd3fe956000, 4096, PROT_READ) = 0
- munmap(0x7fd3feb62000, 60969) = 0
- set_tid_address(0x7fd3feb5da10) = 4320
- set_robust_list(0x7fd3feb5da20, 24) = 0
- rt_sigaction(SIGRTMIN, {0x7fd3fe0e5b10, [], SA_RESTORER|SA_SIGINFO, 0x7fd3fe0eef20}, NULL, 8) = 0
- rt_sigaction(SIGRT_1, {0x7fd3fe0e5b90, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7fd3fe0eef20}, NULL, 8) = 0
- rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
- getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
- umask(077) = 02
- umask(022) = 077
- brk(0) = 0x7fd4000ee000
- brk(0x7fd40010f000) = 0x7fd40010f000
- capget({0 /* _LINUX_CAPABILITY_VERSION_??? */, 0}, NULL) = 0
- gettid() = 4320
- capget({_LINUX_CAPABILITY_VERSION_3, 4320}, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, 0}) = 0
- open("/proc/4320/status", O_RDONLY|O_CLOEXEC) = 3
- fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb70000
- read(3, "Name:\tauditd\nState:\tR (running)\n"..., 1024) = 809
- close(3) = 0
- munmap(0x7fd3feb70000, 4096) = 0
- capget({0 /* _LINUX_CAPABILITY_VERSION_??? */, 0}, NULL) = 0
- gettid() = 4320
- capget({_LINUX_CAPABILITY_VERSION_3, 4320}, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, 0}) = 0
- open("/proc/4320/status", O_RDONLY|O_CLOEXEC) = 3
- fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
- mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3feb70000
- read(3, "Name:\tauditd\nState:\tR (running)\n"..., 1024) = 809
- close(3) = 0
- munmap(0x7fd3feb70000, 4096) = 0
- write(2, "You must be root or have capabil"..., 59You must be root or have capabilities to run this program.
- ) = 59
- exit_group(4) = ?
- +++ exited with 4 +++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement