Forum Linux.mandriva Sécurité et intrusion sur ma mandrake autopsie du crime

Posté par (page perso) .
Tags : aucun
0
14
jan.
2005
Je suis parti d'un incident.
J'ai entendu une chanson (je sais il y en a qui entende des voix et cela les conduit au bûcher) qui était sur mon bureau de travail.
Ce qui m'a surpris c'est que j'étais tranquillement dans mon lit et je ne touchais pas mon ordinateur.

J'ai tout de suite pensé à une blague de mon frère et j'ai fait un "who".
Et j'étais tout seul.

Donc à priori, si je me suis fait "rootquité" la commande who doit être changé.

Donc (je commence dans la sécurité et je ne suis pas encore un pro) je fais un "ldd /usr/bin/who"
qui me donne cela

linux-gate.so.1 => (0xffffe000)
libc.so.6 => /lib/tls/libc.so.6 (0x40030000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

ici rien d'anormale.

Puis je fais un
"cd ~ludovic"
"lstrace -S -f -s 100 -o test /usr/bin/who"

qui me donne ce qui suit en bas.

Je sais qu'un tel test sur un système compromis est peut etre inutile mais ce qui me choc c'est de voir des appels à des librairies dans un dossier de l'un de mes comptes utilisateurs :
/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/mmx/libc.so.6
Noté que le répertoire /home/ludovic/GNUstep/ n'existe pas et j'ai pu le créer puis l'effacer.

J'ai installé dernièrement Snort et Acid comme interface mais là si Snort marche Acid n'est pas encore opérationnelle (je dois configuré snort pour qu'il utilise une base de donné MYQSL); Par contres j'ai des logs de snort.

Si vous voyez quelque chose d'anormale dans mes logs.
Si vous y connaissez un peu en sécurité.

Pourtant je maintiens bien mon système urmpi chaque semaine sur ma mandrake.
Une malchance sans doute, je ne suis même pas sur de mettre fait "rootquité".

On conclue à une intrusion ?

31867 SYS_uname(0xbfffed24) = 0
31867 SYS_brk(NULL) = 0x804e000
31867 SYS_mmap(0xbfffea78, 1600, 0x400146bc, 0x40014b58, 4096) = 0x40015000
31867 SYS_open("/etc/ld.so.preload", 0, 037777777777) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/mmx/libc.so.6", 0, 00) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/gnu-gnu-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/home/ludovic/GNUstep/Libraries/ix86/linux-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/gnu-gnu-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Local/Libraries/ix86/linux-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/gnu-gnu-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/Network/Libraries/ix86/linux-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/gnu-gnu-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = 0
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/tls/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/i686/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/i686/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/i686/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/i686/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/sse/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/sse/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/mmx/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = -2
31867 SYS_open("/usr/GNUstep/System/Libraries/ix86/linux-gnu/libc.so.6", 0, 010000171516) = -2
31867 SYS_stat64(0xbfffe590, 0xbfffe610, 0x400146bc, 0x4001482c, 2) = 0
31867 SYS_open("/etc/ld.so.cache", 0, 037777777777) = 3
31867 SYS_fstat64(3, 0xbfffe5b8, 0x400146bc, 0x4001482c, 2) = 0
31867 SYS_mmap(0xbfffe598, 0xbfffe5b8, 0x400146bc, 3, 0x400147b0) = 0x40016000
31867 SYS_close(3) = 0
31867 SYS_open("/lib/tls/libc.so.6", 0, 00) = 3
31867 SYS_read(3, "\177ELF\001\001\001", 512) = 512
31867 SYS_fstat64(3, 0xbfffe608, 0x400146bc, 0x4001482c, 0) = 0
31867 SYS_mmap(0xbfffe494, 5, 0x400146bc, 0xbfffe4b0, 0xbfffe4e0) = 0x40030000
31867 SYS_mmap(0xbfffe494, 0x00119000, 0x400146bc, 0xbfffe4c8, 0x40030000) = 0x40149000
31867 SYS_mmap(0xbfffe494, 8108, 0x400146bc, 0xbfffe4c8, 0x4014d000) = 0x4014d000
31867 SYS_close(3) = 0
31867 SYS_mmap(0xbfffea9c, 1232, 0x400146bc, 0x40015fe0, 4096) = 0x4014f000
31867 SYS_set_thread_area(0xbfffec30, 81, -7168, 0x400146bc, 0x4014f080) = 0
31867 SYS_munmap(0x40016000, 105041) = 0
31867 SYS_open("/usr/share/locale/locale-archive", 32768, 00) = -2
31867 SYS_brk(NULL) = 0x804e000
31867 SYS_brk(0x806f000) = 0x806f000
31867 SYS_open("/usr/share/locale/locale.alias", 0, 0666) = 3
31867 SYS_fstat64(3, 0xbfffe988, 0x4014c218, 0x0804e008, 8192) = 0
31867 SYS_mmap2(0, 4096, 3, 34, -1) = 0x40016000
31867 SYS_read(3, "# Locale name alias data base.\n# Copyright (C) 1996-2001,2003 Free Software Foundation, Inc.\n#\n# Thi"..., 4096) = 2586
31867 SYS_read(3, "", 4096) = 0
31867 SYS_close(3) = 0
31867 SYS_munmap(0x40016000, 4096) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_IDENTIFICATION", 0, 01001160060) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 352, 1, 2, 3) = 0x40016000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_MEASUREMENT", 0, 01001166230) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 29, 1, 2, 3) = 0x40017000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_TELEPHONE", 0, 01001166560) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 62, 1, 2, 3) = 0x40018000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_ADDRESS", 0, 01001167140) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 133, 1, 2, 3) = 0x40019000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_NAME", 0, 01001167560) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 68, 1, 2, 3) = 0x4001a000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_PAPER", 0, 01001170150) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 40, 1, 2, 3) = 0x4001b000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_MESSAGES", 0, 01001170520) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_MESSAGES/SYS_LC_MESSAGES", 0, 014) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffec50) = 0
31867 SYS_mmap2(0, 60, 1, 2, 3) = 0x4001c000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_MONETARY", 0, 01001171100) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 292, 1, 2, 3) = 0x4001d000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_COLLATE", 0, 01001171720) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 22592, 1, 2, 3) = 0x4001e000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_TIME", 0, 01001172370) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 2353, 1, 2, 3) = 0x40024000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_NUMERIC", 0, 01001173620) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 60, 1, 2, 3) = 0x40025000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/share/locale/fr_FR/LC_CTYPE", 0, 01001174200) = 3
31867 SYS_fstat64(3, 0xbfffecb4, 0x4014c218, 3, 0xbfffecb4) = 0
31867 SYS_mmap2(0, 207972, 1, 2, 3) = 0x40150000
31867 SYS_close(3) = 0
31867 SYS_access(0x401405af, 0, 0x4014c218, 0x401405af, 0x401405a1) = -2
31867 SYS_open("/var/run/utmp", 2, 010000124704) = 3
31867 SYS_fcntl64(3, 1, 0, 0, 0x4014c218) = 0
31867 SYS_fcntl64(3, 2, 1, 0, 0x4014c218) = 0
31867 SYS__llseek(3, 0, 0, 0xbfffedd4, 0) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x401511e0, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\b", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\002", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\001", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\b", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\007", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\006", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\006", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\006", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\006", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\006", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\007", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\007", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\007", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\007", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "\b", 384) = 384
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 384) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_alarm(0, 0x0804fad8, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_rt_sigaction(14, 0xbfffec18, 0xbfffeb88, 8, 0x4014c218) = 0
31867 SYS_alarm(1, 0x4014c218, 0x4014c218, 0xbfffedf0, 0xbfffedf0) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_read(3, "", 384) = 0
31867 SYS_fcntl64(3, 7, 0xbfffedf0, 0xbfffedf0, 0x4014c218) = 0
31867 SYS_alarm(0, 7, 0x4014c218, 0xbfffedf0, 0) = 1
31867 SYS_rt_sigaction(14, 0xbfffec18, 0, 8, 0x4014c218) = 0
31867 SYS_close(3) = 0
31867 SYS_stat64(0xbfffed90, 0xbfffede0, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_time(0x0804d950, 0xbfffede0, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0x41e70f8c
31867 SYS_open("/usr/share/locale/fr_FR/LC_MESSAGES/coreutils.mo", 0, 05) = -2
31867 SYS_open("/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", 0, 05) = 3
31867 SYS_fstat64(3, 0xbfffea38, 0x4014c218, 0, 0xbfffea38) = 0
31867 SYS_mmap2(0, 257074, 1, 2, 3) = 0x40183000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/lib/gconv/gconv-modules.cache", 0, 00) = 3
31867 SYS_fstat64(3, 0xbfffe70c, 0x4014c218, 3, -1) = 0
31867 SYS_close(3) = 0
31867 SYS_open("/usr/lib/gconv/gconv-modules", 0, 0666) = 3
31867 SYS_fstat64(3, 0xbfffe600, 0x4014c218, 0x08051410, 8192) = 0
31867 SYS_mmap2(0, 4096, 3, 34, -1) = 0x401c2000
31867 SYS_read(3, "# GNU libc iconv configuration.\n# Copyright (C) 1997-2003, 2004 Free Software Foundation, Inc.\n# Thi"..., 4096) = 4096
31867 SYS_read(3, "lias\tJS//\t\t\tJUS_I.B1.002//\nalias\tYU//\t\t\tJUS_I.B1.002//\nalias\tCSISO141JUSIB1002//\tJUS_I.B1.002//\nmodu"..., 4096) = 4096
31867 SYS_read(3, "ule\tINTERNAL\t\tISO-8859-3//\t\tISO8859-3\t1\n\n#\tfrom\t\t\tto\t\t\tmodule\t\tcost\nalias\tISO-IR-110//\t\tISO-8859-4//"..., 4096) = 4096
31867 SYS_read(3, "lias\tISO-IR-199//\t\tISO-8859-14//\nalias\tLATIN8//\t\tISO-8859-14//\nalias\tL8//\t\t\tISO-8859-14//\nalias\tISO_"..., 4096) = 4096
31867 SYS_read(3, "\t\tto\t\t\tmodule\t\tcost\nalias\tCSEBCDICES//\t\tEBCDIC-ES//\nalias\tEBCDICES//\t\tEBCDIC-ES//\nmodule\tEBCDIC-ES//"..., 4096) = 4096
31867 SYS_read(3, "ule\t\tcost\nalias\tCP284//\t\t\tIBM284//\nalias\tEBCDIC-CP-ES//\t\tIBM284//\nalias\tCSIBM284//\t\tIBM284//\nalias\tO"..., 4096) = 4096
31867 SYS_read(3, "lias\tCP864//\t\t\tIBM864//\nalias\t864//\t\t\tIBM864//\nalias\tCSIBM864//\t\tIBM864//\nalias\tOSF10020360//\t\tIBM86"..., 4096) = 4096
31867 SYS_read(3, "module\tIBM937//\t\tINTERNAL\t\tIBM937\t\t1\nmodule\tINTERNAL\t\tIBM937//\t\tIBM937\t\t1\n\n#\tfrom\t\t\tto\t\t\tmodule\t\tcos"..., 4096) = 4096
31867 SYS_read(3, "\tEUC-JP//\nalias\tUJIS//\t\t\tEUC-JP//\nmodule\tEUC-JP//\t\tINTERNAL\t\tEUC-JP\t\t1\nmodule\tINTERNAL\t\tEUC-JP//\t\tEU"..., 4096) = 4096
31867 SYS_read(3, "module\t\tcost\nalias\tISO-IR-143//\t\tIEC_P27-1//\nalias\tCSISO143IECP271//\tIEC_P27-1//\nalias\tIEC_P271//\t\tI"..., 4096) = 4096
31867 SYS_read(3, "-BOX//\nmodule\tISO_10367-BOX//\t\tINTERNAL\t\tISO_10367-BOX\t1\nmodule\tINTERNAL\t\tISO_10367-BOX//\t\tISO_10367"..., 4096) = 4096
31867 SYS_read(3, "dule\tTCVN5712-1//\t\tINTERNAL\t\tTCVN5712-1\t1\nmodule\tINTERNAL\t\tTCVN5712-1//\t\tTCVN5712-1\t1\n\n#\tfrom\t\t\tto\t\t"..., 4096) = 1687
31867 SYS_read(3, "", 4096) = 0
31867 SYS_close(3) = 0
31867 SYS_munmap(0x401c2001, 4096) = 0
31867 SYS_open("/usr/lib/gconv/ISO8859-15.so", 0, 00) = 3
31867 SYS_read(3, "\177ELF\001\001\001", 512) = 512
31867 SYS_fstat64(3, 0xbfffd948, 0x400146bc, 0x4001482c, 0) = 0
31867 SYS_mmap(0xbfffd834, 5, 0x400146bc, 0xbfffd850, 0xbfffd880) = 0x401c2000
31867 SYS_mmap(0xbfffd834, 8192, 0x400146bc, 0xbfffd868, 0x401c2000) = 0x401c4000
31867 SYS_close(3) = 0
31867 SYS_open("/usr/lib/gconv/ISO8859-1.so", 0, 00) = 3
31867 SYS_read(3, "\177ELF\001\001\001", 512) = 512
31867 SYS_fstat64(3, 0xbfffd948, 0x400146bc, 0x4001482c, 0) = 0
31867 SYS_mmap(0xbfffd834, 5, 0x400146bc, 0xbfffd850, 0xbfffd880) = 0x401c5000
31867 SYS_mmap(0xbfffd834, 4096, 0x400146bc, 0xbfffd868, 0x401c5000) = 0x401c6000
31867 SYS_close(3) = 0
31867 SYS_brk(0x8090000) = 0x8090000
31867 SYS_open("/etc/localtime", 0, 0666) = 3
31867 SYS_fstat64(3, 0xbfffeabc, 0x4014c218, 0, 0x4013f4bb) = 0
31867 SYS_fstat64(3, 0xbfffe964, 0x4014c218, 0x080709f8, 8192) = 0
31867 SYS_mmap2(0, 4096, 3, 34, -1) = 0x401c7000
31867 SYS_read(3, "TZif", 4096) = 1082
31867 SYS_close(3) = 0
31867 SYS_munmap(0x401c7000, 4096) = 0
31867 SYS_fstat64(1, 0xbfffeacc, 0x4014c218, 0x4014a080, 8192) = 0
31867 SYS_mmap2(0, 4096, 3, 34, -1) = 0x401c7000
31867 SYS_write(1, "root tty1 Dec 23 23:37\n", 35) = 35
31867 SYS_stat64(0xbfffed90, 0xbfffede0, 0x4014c218, 0xbfffef64, 0xbfffeef0) = -2
31867 SYS_write(1, "ludovic :0 Jan 6 05:56\n", 35) = 35
31867 SYS_stat64(0xbfffed90, 0xbfffede0, 0x4014c218, 0xbfffef64, 0xbfffeef0) = 0
31867 SYS_write(1, "ludovic pts/3 Dec 23 23:39\n", 35) = 35
31867 SYS_stat64(0xbfffed90, 0xbfffede0, 0x4014c218, 0xbfffef64, 0xbfffeef0) = -2
31867 SYS_write(1, "ludovic pts/4 Dec 23 23:39\n", 35) = 35
31867 SYS_stat64(0xbfffed90, 0xbfffede0, 0x4014c218, 0xbfffef64, 0xbfffeef0) = -2
31867 SYS_write(1, "ludovic pts/5 Dec 24 17:38\n", 35) = 35
31867 SYS_munmap(0x401c7000, 4096) = 0
31867 SYS_exit_group(0 <unfinished ...>
31867 +++ exited (status 0) +++
  • # Pour voir si ...

    Posté par . Évalué à 2.

    des fichiers ont été modifiés, tu peux utiliser une option de la commande RPM qui vérifie que les fichiers installés n'ont pas été modifiés.
    • [^] # Re: Pour voir si ...

      Posté par (page perso) . Évalué à 3.

      Non, dans le cas d'une intrusion il faut supposer que rpm a été modifiée. La méthode la plus fiable pour tester serait de lancer chkrootkit (http://www.chkrootkit.org/(...)) depuis un livecd pour voir si rootkit il y a...
      • [^] # Re: Pour voir si ...

        Posté par . Évalué à 2.

        Ca ne peut pas faire de mal de vérifier avec rpm. Si rpm n'a pas été modifié, il trouvera la liste des fichiers modifiés. Sinon, il pourra ensuite utilise chkrootkit.
      • [^] # Re: Pour voir si ...

        Posté par (page perso) . Évalué à 1.

        Je l'essayes aussi.
        Par contre j'ai essayer aussi un "rpm -Va" commande que je n'avait jamais encore fait et la lecture n'est pas facile.
        Bon la je pars au travail, je mis remet ce soir.
        • [^] # Re: Pour voir si ...

          Posté par (page perso) . Évalué à 1.

          Voila l'antirootkit a fonctionner, voila sa sortir.
          Il faudra refaire le test depuis la mandrake move que je viens de graver pour être en environnement extérieur.

          ./chkrootkit
          ROOTDIR is `/'
          Checking `amd'... not found
          Checking `basename'... not infected
          Checking `biff'... not found
          Checking `chfn'... not infected
          Checking `chsh'... not infected
          Checking `cron'... not infected
          Checking `date'... not infected
          Checking `du'... not infected
          Checking `dirname'... not infected
          Checking `echo'... not infected
          Checking `egrep'... not infected
          Checking `env'... not infected
          Checking `find'... not infected
          Checking `fingerd'... not found
          Checking `gpm'... not found
          Checking `grep'... not infected
          Checking `hdparm'... not infected
          Checking `su'... not infected
          Checking `ifconfig'... not infected
          Checking `inetd'... not tested
          Checking `inetdconf'... not found
          Checking `identd'... not found
          Checking `init'... not infected
          Checking `killall'... not infected
          Checking `ldsopreload'... not infected
          Checking `login'... not infected
          Checking `ls'... not infected
          Checking `lsof'... not infected
          Checking `mail'... not infected
          Checking `mingetty'... not infected
          Checking `netstat'... not infected
          Checking `named'... not infected
          Checking `passwd'... not infected
          Checking `pidof'... not infected
          Checking `pop2'... not found
          Checking `pop3'... not found
          Checking `ps'... not infected
          Checking `pstree'... not infected
          Checking `rpcinfo'... not infected
          Checking `rlogind'... not infected
          Checking `rshd'... not infected
          Checking `slogin'... not infected
          Checking `sendmail'... not infected
          Checking `sshd'... not infected
          Checking `syslogd'... not infected
          Checking `tar'... not infected
          Checking `tcpd'... not infected
          Checking `tcpdump'... not infected
          Checking `top'... not infected
          Checking `telnetd'... not infected
          Checking `timed'... not found
          Checking `traceroute'... not infected
          Checking `vdir'... not infected
          Checking `w'... not infected
          Checking `write'... not infected
          Checking `aliens'... no suspect files
          Searching for sniffer's logs, it may take a while... nothing found
          Searching for HiDrootkit's default dir... nothing found
          Searching for t0rn's default files and dirs... nothing found
          Searching for t0rn's v8 defaults... nothing found
          Searching for Lion Worm default files and dirs... nothing found
          Searching for RSHA's default files and dir... nothing found
          Searching for RH-Sharpe's default files... nothing found
          Searching for Ambient's rootkit (ark) default files and dirs... nothing found
          Searching for suspicious files and dirs, it may take a while...
          /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi/auto/VRML/VRMLFunc/.packlist /usr/lib/pear/.registry /usr/lib/pear/.lock /usr/lib/pear/.filemap
          /usr/lib/pear/.registry
          Searching for LPD Worm files and dirs... nothing found
          Searching for Ramen Worm files and dirs... nothing found
          Searching for Maniac files and dirs... nothing found
          Searching for RK17 files and dirs... nothing found
          Searching for Ducoci rootkit... nothing found
          Searching for Adore Worm... nothing found
          Searching for ShitC Worm... nothing found
          Searching for Omega Worm... nothing found
          Searching for Sadmind/IIS Worm... nothing found
          Searching for MonKit... nothing found
          Searching for Showtee... nothing found
          Searching for OpticKit... nothing found
          Searching for T.R.K... nothing found
          Searching for Mithra... nothing found
          Searching for OBSD rk v1... nothing found
          Searching for LOC rootkit... nothing found
          Searching for Romanian rootkit... nothing found
          Searching for HKRK rootkit... nothing found
          Searching for Suckit rootkit... nothing found
          Searching for Volc rootkit... nothing found
          Searching for Gold2 rootkit... nothing found
          Searching for TC2 Worm default files and dirs... nothing found
          Searching for Anonoying rootkit default files and dirs... nothing found
          Searching for ZK rootkit default files and dirs... nothing found
          Searching for ShKit rootkit default files and dirs... nothing found
          Searching for AjaKit rootkit default files and dirs... nothing found
          Searching for zaRwT rootkit default files and dirs... nothing found
          Searching for Madalin rootkit default files... nothing found
          Searching for anomalies in shell history files... nothing found
          Checking `asp'... not infected
          Checking `bindshell'... not infected
          Checking `lkm'... You have 14 process hidden for readdir command
          You have 14 process hidden for ps command
          Warning: Possible LKM Trojan installed
          Checking `rexedcs'... not found
          Checking `sniffer'... eth1: PF_PACKET(/sbin/dhclient)
          Checking `w55808'... not infected
          Checking `wted'... nothing deleted
          Checking `scalper'... not infected
          Checking `slapper'... not infected
          Checking `z2'... nothing deleted


          Et la sortie de la commande rpm -Va
          Ce qui est surprenant c'est le nombre de dépendance non satisfaite.
          N ayant jamais valider un packtage sans ses dépendances.

          j'imagine que le "c" signifie "change" en gros le fichier à été changer.
          Par contre pour cela il va me falloir lire "man rpm"
          S.5....T
          ....L...
          .......T
          .M......
          manquant Simple à comprendre.
          ..5....T
          ......G.
          .M....G.
          .....UG.
          .M...UG.
          SM5....T
          S.5.. . .T

          Donc c'est un code SM5..UGT et chaque lettre veut dire quelquechose.

          dépendances non satisfaites pour libgnucash0-devel-1.8.8-2mdk: libgnucash0 = 1.8.8-2mdk
          dépendances non satisfaites pour libgdk_pixbuf2.0_0-devel-2.2.4-10.1.100mdk: libgdk_pixbuf2.0_0 = 2.2.4-10.1.100mdk
          S.5....T /usr/share/fonts/ttf/latex/fonts.cache-1
          dépendances non satisfaites pour libkdegames1-devel-3.2-9mdk: libkdegames1 = 1:3.2-9mdk
          S.5....T /usr/share/lyx/doc/LaTeXConfig.lyx
          S.5....T /usr/share/lyx/lyxrc.defaults
          .......T /usr/share/lyx/packages.lst
          S.5....T /usr/share/lyx/textclass.lst
          .......T /usr/share/lyx/xfonts/PSres.upr
          ....L... /usr/share/lyx/xfonts/cmex10.pfb
          ....L... /usr/share/lyx/xfonts/cmmi10.pfb
          ....L... /usr/share/lyx/xfonts/cmr10.pfb
          ....L... /usr/share/lyx/xfonts/cmsy10.pfb
          ....L... /usr/share/lyx/xfonts/eufm10.pfb
          .......T /usr/share/lyx/xfonts/fonts.dir
          .......T /usr/share/lyx/xfonts/fonts.scale
          ....L... /usr/share/lyx/xfonts/msam10.pfb
          ....L... /usr/share/lyx/xfonts/msbm10.pfb
          ....L... /usr/share/lyx/xfonts/wasy10.pfb
          dépendances non satisfaites pour libltdl3-devel-1.4.3-10mdk: libtool = 1.4.3-10mdk, libltdl3 = 1.4.3-10mdk
          .......T /usr/share/libtool/libltdl/COPYING.LIB
          S.5....T /usr/share/libtool/libltdl/Makefile.am
          S.5....T /usr/share/libtool/libltdl/Makefile.in
          S.5....T /usr/share/libtool/libltdl/README
          S.5....T /usr/share/libtool/libltdl/acinclude.m4
          S.5....T /usr/share/libtool/libltdl/aclocal.m4
          S.5....T /usr/share/libtool/libltdl/config-h.in
          S.5....T /usr/share/libtool/libltdl/configure
          S.5....T /usr/share/libtool/libltdl/ltdl.c
          S.5....T /usr/share/libtool/libltdl/ltdl.h
          .M...... c /etc/rc.d/init.d/syslog
          S.5....T c /etc/sysconfig/syslog
          S.5....T c /etc/syslog.conf
          .M...... /etc/X11/wmsession.d
          ....L... /usr/lib/libdb.so.3
          .M...... c /etc/rc.d/init.d/mtink
          manquant /boot/kernel.h-2.6.8
          .M...... c /etc/rc.d/init.d/nfslock
          dépendances non satisfaites pour gcc-objc-3.3.2-6mdk: gcc = 3.3.2-6mdk
          dépendances non satisfaites pour libglib2.0_0-devel-2.2.3-1mdk: libglib2.0_0 = 2.2.3-1mdk
          S.5....T /lib/modules/2.4.22-10mdk/modules.dep
          .......T /lib/modules/2.4.22-10mdk/modules.generic_string
          .......T /lib/modules/2.4.22-10mdk/modules.ieee1394map
          .......T /lib/modules/2.4.22-10mdk/modules.isapnpmap
          .......T /lib/modules/2.4.22-10mdk/modules.parportmap
          S.5....T /lib/modules/2.4.22-10mdk/modules.pcimap
          .......T /lib/modules/2.4.22-10mdk/modules.pnpbiosmap
          .......T /lib/modules/2.4.22-10mdk/modules.usbmap
          dépendances non satisfaites pour python-docs-2.3.3-2mdk: python = 2.3.3-2mdk
          S.5....T /usr/share/fonts/ttf/tamil/fonts.cache-1
          dépendances non satisfaites pour libvorbis0-devel-1.0.1-4mdk: libvorbis0 = 1.0.1-4mdk, libvorbisenc2 = 1.0.1-4mdk, libvorbisfile3 = 1.0.1-4mdk
          .......T c /etc/crontab
          ..5....T c /etc/inittab
          S.5....T c /etc/modules
          ......G. /etc/ppp/peers
          .M...... c /etc/rc.d/init.d/dm
          .M...... c /etc/rc.d/init.d/functions
          .M...... c /etc/rc.d/init.d/halt
          .M...... c /etc/rc.d/init.d/killall
          .M...... c /etc/rc.d/init.d/mandrake_consmap
          .M...... c /etc/rc.d/init.d/mandrake_everytime
          .M...... c /etc/rc.d/init.d/mandrake_firstime
          .M...... c /etc/rc.d/init.d/netfs
          .M...... c /etc/rc.d/init.d/network
          .M...... c /etc/rc.d/init.d/partmon
          .M...... c /etc/rc.d/init.d/rawdevices
          .M...... c /etc/rc.d/init.d/single
          .M...... c /etc/rc.d/init.d/usb
          S.5....T c /etc/sysconfig/usb
          S.5....T c /etc/sysctl.conf
          S.5....T c /etc/modprobe.conf
          S.5....T c /etc/modprobe.preload
          .M...... c /etc/rc.d/init.d/netplugd
          S.5....T d /usr/share/doc/HTML/index.html
          .M...... /var/log/ppp
          .M...... /var/log/ppp/connect-errors
          manquant /var/run/ppp/resolv.conf
          S.5....T c /etc/sysconfig/firstboot
          .M...... c /etc/rc.d/init.d/devfsd
          ..5....T /usr/share/fonts/type1/hebrew/fonts.cache-1
          .M...... c /etc/rc.d/init.d/vncserver
          .M...... c /etc/rc.d/init.d/mysql
          manquant /usr/X11R6/lib/X11/fonts/Speedo/encodings.dir
          manquant /usr/X11R6/lib/X11/fonts/TTF/encodings.dir
          ..5....T /usr/X11R6/lib/X11/fonts/TTF/fonts.cache-1
          manquant /usr/X11R6/lib/X11/fonts/Type1/encodings.dir
          ..5....T /usr/X11R6/lib/X11/fonts/Type1/fonts.cache-1
          .M....G. c /etc/rc.d/init.d/squid
          S.5....T /usr/share/texmf/ls-R
          dépendances non satisfaites pour php-domxml-4.3.2-3mdk: libxsltbreakpoint.so.1
          dépendances non satisfaites pour libghttp1-devel-1.0.9-6mdk: libghttp1 = 1.0.9-6mdk
          dépendances non satisfaites pour libtermcap2-devel-2.0.8-35mdk: libtermcap2 = 2.0.8-35mdk
          dépendances non satisfaites pour libesound0-devel-0.2.32-2mdk: esound = 0.2.32-2mdk, libesound0 = 0.2.32-2mdk
          dépendances non satisfaites pour libpython2.3-devel-2.3.3-2mdk: python = 2.3.3-2mdk, libpython2.3 = 2.3.3-2mdk
          .M...... /etc/rc.d/init.d/zope
          S.5....T c /etc/sysconfig/bootsplash
          .M...... c /etc/rc.d/init.d/keytable
          dépendances non satisfaites pour libungif4-devel-4.1.0-23mdk: libungif4 = 4.1.0-23mdk
          S.5....T c /etc/exports
          S.5....T c /etc/printcap
          ..5....T c /etc/securetty
          S.5....T c /etc/shells
          .M....G. /var/log/lastlog
          dépendances non satisfaites pour gettext-devel-0.13.1-1mdk: gettext = 0.13.1-1mdk
          .M...... c /etc/rc.d/init.d/named
          S.5....T /usr/share/fonts/ttf/bengali/fonts.cache-1
          ..5....T c /etc/login.defs
          .......T c /etc/xinetd.d/telnet
          .M...... c /etc/rc.d/init.d/harddrake
          S.5....T c /etc/sysconfig/harddrake2/previous_hw
          .M...... c /etc/rc.d/init.d/postgresql
          .....UG. /etc/cups/certs
          .M....GT c /etc/cups/classes.conf
          .M....G. c /etc/cups/cupsd.conf
          ......G. /etc/cups/ppd
          SM5...GT c /etc/cups/printers.conf
          .M....G. /etc/cups/ssl
          .M...... c /etc/rc.d/init.d/cups
          .M...UG. /var/spool/cups
          .M...UG. /var/spool/cups/tmp
          .M...... c /etc/rc.d/init.d/udev
          .......T /usr/include/wx/app.h
          .......T /usr/include/wx/arrimpl.cpp
          .......T /usr/include/wx/buffer.h
          .......T /usr/include/wx/build.h
          .......T /usr/include/wx/chkconf.h
          .......T /usr/include/wx/clntdata.h
          .......T /usr/include/wx/cmdline.h
          .......T /usr/include/wx/confbase.h
          .......T /usr/include/wx/config.h
          .......T /usr/include/wx/date.h
          .......T /usr/include/wx/datetime.h
          .......T /usr/include/wx/datetime.inl
          .......T /usr/include/wx/datstrm.h
          .......T /usr/include/wx/db.h
          .......T /usr/include/wx/dbkeyg.h
          .......T /usr/include/wx/dbtable.h
          .......T /usr/include/wx/dde.h
          .......T /usr/include/wx/debug.h
          .......T /usr/include/wx/defs.h
          .......T /usr/include/wx/dir.h
          .......T /usr/include/wx/dynarray.h
          .......T /usr/include/wx/dynlib.h
          .......T /usr/include/wx/dynload.h
          .......T /usr/include/wx/encconv.h
          .......T /usr/include/wx/event.h
          .......T /usr/include/wx/features.h
          .......T /usr/include/wx/ffile.h
          .......T /usr/include/wx/file.h
          .......T /usr/include/wx/fileconf.h
          .......T /usr/include/wx/filefn.h
          .......T /usr/include/wx/filename.h
          .......T /usr/include/wx/filesys.h
          .......T /usr/include/wx/fontenc.h
          .......T /usr/include/wx/fontmap.h
          .......T /usr/include/wx/fs_inet.h
          .......T /usr/include/wx/fs_mem.h
          .......T /usr/include/wx/fs_zip.h
          .......T /usr/include/wx/gsocket.h
          .......T /usr/include/wx/hash.h
          .......T /usr/include/wx/hashmap.h
          .......T /usr/include/wx/intl.h
          .......T /usr/include/wx/ioswrap.h
          .......T /usr/include/wx/ipc.h
          .......T /usr/include/wx/ipcbase.h
          .......T /usr/include/wx/isql.h
          .......T /usr/include/wx/isqlext.h
          .......T /usr/include/wx/list.h
          .......T /usr/include/wx/listimpl.cpp
          .......T /usr/include/wx/log.h
          .......T /usr/include/wx/longlong.h
          .......T /usr/include/wx/memconf.h
          .......T /usr/include/wx/memory.h
          .......T /usr/include/wx/memtext.h
          .......T /usr/include/wx/mimetype.h
          .......T /usr/include/wx/module.h
          .......T /usr/include/wx/msgout.h
          .......T /usr/include/wx/mstream.h
          .......T /usr/include/wx/object.h
          .......T /usr/include/wx/platform.h
          .......T /usr/include/wx/process.h
          .......T /usr/include/wx/protocol/file.h
          .......T /usr/include/wx/protocol/ftp.h
          .......T /usr/include/wx/protocol/http.h
          .......T /usr/include/wx/protocol/protocol.h
          .......T /usr/include/wx/regex.h
          .......T /usr/include/wx/sckaddr.h
          .......T /usr/include/wx/sckipc.h
          .......T /usr/include/wx/sckstrm.h
          .......T /usr/include/wx/snglinst.h
          .......T /usr/include/wx/socket.h
          .......T /usr/include/wx/strconv.h
          .......T /usr/include/wx/stream.h
          .......T /usr/include/wx/string.h
          .......T /usr/include/wx/sysopt.h
          .......T /usr/include/wx/textbuf.h
          .......T /usr/include/wx/textfile.h
          .......T /usr/include/wx/thread.h
          .......T /usr/include/wx/thrimpl.cpp
          .......T /usr/include/wx/time.h
          .......T /usr/include/wx/timer.h
          .......T /usr/include/wx/tokenzr.h
          .......T /usr/include/wx/txtstrm.h
          .......T /usr/include/wx/unix/gsockunx.h
          .......T /usr/include/wx/unix/mimetype.h
          .......T /usr/include/wx/url.h
          .......T /usr/include/wx/utils.h
          .......T /usr/include/wx/variant.h
          .......T /usr/include/wx/vector.h
          .......T /usr/include/wx/version.h
          .......T /usr/include/wx/volume.h
          .......T /usr/include/wx/wfstream.h
          .......T /usr/include/wx/wx.h
          .......T /usr/include/wx/wxchar.h
          .......T /usr/include/wx/wxprec.h
          .......T /usr/include/wx/zipstrm.h
          .......T /usr/include/wx/zstream.h
          .......T /usr/share/aclocal/wxwin.m4
          S.5....T /usr/share/locale/de/LC_MESSAGES/wxstd.mo
          S.5....T /usr/share/locale/es/LC_MESSAGES/wxstd.mo
          S.5....T /usr/share/locale/fr/LC_MESSAGES/wxstd.mo
          S.5....T /usr/share/locale/it/LC_MESSAGES/wxstd.mo
          dépendances non satisfaites pour libgnome32-devel-1.4.2-7mdk: libgnome32 = 1.4.2-7mdk
          .M...... c /etc/rc.d/init.d/portmap
          dépendances non satisfaites pour libnas2-devel-1.6b-1mdk: libnas2 = 1.6b
          S.5....T /usr/share/fonts/ttf/ethiopic/fonts.cache-1
          dépendances non satisfaites pour libart_lgpl2-devel-2.3.16-1mdk: libart_lgpl2 = 2.3.16-1mdk
          dépendances non satisfaites pour acl-2.2.22-1mdk: libacl1 = 2.2.22-1mdk
          dépendances non satisfaites pour pcre-4.3-5mdk: libpcre0 = 4.3
          dépendances non satisfaites pour libMesaGLU1-devel-5.0.2-2mdk: libMesaGLU1 = 5.0.2-2mdk
          manquant /usr/X11R6/lib/libGL.la
          S.5....T c /etc/sysconfig/msec
          SM5....T c /etc/security/console.apps/halt
          SM5....T c /etc/security/console.apps/poweroff
          SM5....T c /etc/security/console.apps/reboot
          .......T /usr/share/fonts/ttf/japanese/fonts.cache-1
          .M...... c /etc/rc.d/init.d/messagebus
          .......T /usr/share/eazel-engine/arrow_down-spinner.png
          .......T /usr/share/eazel-engine/arrow_down.png
          .......T /usr/share/eazel-engine/arrow_left.png
          .......T /usr/share/eazel-engine/arrow_right.png
          .......T /usr/share/eazel-engine/arrow_up-spinner.png
          .......T /usr/share/eazel-engine/arrow_up.png
          .......T /usr/share/eazel-engine/check-active-default-focus.png
          .......T /usr/share/eazel-engine/check-active-default.png
          .......T /usr/share/eazel-engine/check-active-hilight-focus.png
          .......T /usr/share/eazel-engine/check-active-hilight.png
          .......T /usr/share/eazel-engine/check-active-insensitive.png
          .......T /usr/share/eazel-engine/check-active-pressed-focus.png
          .......T /usr/share/eazel-engine/check-active-pressed.png
          .......T /usr/share/eazel-engine/check-default-focus.png
          .......T /usr/share/eazel-engine/check-default.png
          .......T /usr/share/eazel-engine/check-hilight-focus.png
          .......T /usr/share/eazel-engine/check-hilight.png
          .......T /usr/share/eazel-engine/check-insensitive.png
          .......T /usr/share/eazel-engine/check-pressed-focus.png
          .......T /usr/share/eazel-engine/check-pressed.png
          .......T /usr/share/eazel-engine/progressbar-left.png
          .......T /usr/share/eazel-engine/progressbar-right.png
          .......T /usr/share/eazel-engine/progressbar.png
          .......T /usr/share/eazel-engine/progressbar_trough.png
          .......T /usr/share/eazel-engine/radio-active-default-focus.png
          .......T /usr/share/eazel-engine/radio-active-default.png
          .......T /usr/share/eazel-engine/radio-active-hilight-focus.png
          .......T /usr/share/eazel-engine/radio-active-hilight.png
          .......T /usr/share/eazel-engine/radio-active-insensitive.png
          .......T /usr/share/eazel-engine/radio-active-pressed-focus.png
          .......T /usr/share/eazel-engine/radio-active-pressed.png
          .......T /usr/share/eazel-engine/radio-default-focus.png
          .......T /usr/share/eazel-engine/radio-default.png
          .......T /usr/share/eazel-engine/radio-hilight-focus.png
          .......T /usr/share/eazel-engine/radio-hilight.png
          .......T /usr/share/eazel-engine/radio-insensitive.png
          .......T /usr/share/eazel-engine/radio-pressed-focus.png
          .......T /usr/share/eazel-engine/radio-pressed.png
          .......T /usr/share/eazel-engine/scroller-arrow-down-hilight.png
          .......T /usr/share/eazel-engine/scroller-arrow-down-pressed.png
          .......T /usr/share/eazel-engine/scroller-arrow-down.png
          .......T /usr/share/eazel-engine/scroller-arrow-left-hilight.png
          .......T /usr/share/eazel-engine/scroller-arrow-left-pressed.png
          .......T /usr/share/eazel-engine/scroller-arrow-left.png
          .......T /usr/share/eazel-engine/scroller-arrow-right-hilight.png
          .......T /usr/share/eazel-engine/scroller-arrow-right-pressed.png
          .......T /usr/share/eazel-engine/scroller-arrow-right.png
          .......T /usr/share/eazel-engine/scroller-arrow-up-hilight.png
          .......T /usr/share/eazel-engine/scroller-arrow-up-pressed.png
          .......T /usr/share/eazel-engine/scroller-arrow-up.png
          .......T /usr/share/eazel-engine/scroller-h-hilight.png
          .......T /usr/share/eazel-engine/scroller-h-thumb-hilight.png
          .......T /usr/share/eazel-engine/scroller-h-thumb.png
          .......T /usr/share/eazel-engine/scroller-h-trough.png
          .......T /usr/share/eazel-engine/scroller-h.png
          .......T /usr/share/eazel-engine/scroller-v-hilight.png
          .......T /usr/share/eazel-engine/scroller-v-thumb-hilight.png
          .......T /usr/share/eazel-engine/scroller-v-thumb.png
          .......T /usr/share/eazel-engine/scroller-v-trough.png
          .......T /usr/share/eazel-engine/scroller-v.png
          .......T /usr/share/eazel-engine/slider_h_thumb.png
          .......T /usr/share/eazel-engine/slider_h_trough.png
          .......T /usr/share/eazel-engine/slider_h_trough_focus.png
          .......T /usr/share/eazel-engine/slider_v_thumb.png
          .......T /usr/share/eazel-engine/slider_v_trough.png
          .......T /usr/share/eazel-engine/slider_v_trough_focus.png
          .......T /usr/share/eazel-engine/tab_left-unsel.png
          .......T /usr/share/eazel-engine/tab_left.png
          .......T /usr/share/eazel-engine/tab_right.png
          .......T /usr/share/eazel-engine/tab_sel-bottom.png
          .......T /usr/share/eazel-engine/tab_sel.png
          .......T /usr/share/eazel-engine/tab_usel-bottom-left.png
          .......T /usr/share/eazel-engine/tab_usel-bottom.png
          .......T /usr/share/eazel-engine/tab_usel-left.png
          .......T /usr/share/eazel-engine/tab_usel.png
          dépendances non satisfaites pour kdeedu-3.1.3-9mdk: libkdeedu1 = 3.1.3-9mdk, kiten.so
          dépendances non satisfaites pour libexpat0-devel-1.95.6-4mdk: libexpat0 = 1.95.6
          SM5....T c /etc/nessus/nessusd.conf
          .M...... c /etc/rc.d/init.d/nessusd
          dépendances non satisfaites pour rpm-build-4.2.2-7mdk: rpm = 4.2.2-7mdk
          .......T d /usr/share/man/man8/rpmbuild.8.bz2
          .......T d /usr/share/man/man8/rpmdeps.8.bz2
          S.5....T /lib/modules/2.6.3-7mdk/modules.alias
          .......T /lib/modules/2.6.3-7mdk/modules.ccwmap
          S.5....T /lib/modules/2.6.3-7mdk/modules.dep
          ..5....T /lib/modules/2.6.3-7mdk/modules.ieee1394map
          ..5....T /lib/modules/2.6.3-7mdk/modules.inputmap
          ..5....T /lib/modules/2.6.3-7mdk/modules.isapnpmap
          S.5....T /lib/modules/2.6.3-7mdk/modules.pcimap
          ..5....T /lib/modules/2.6.3-7mdk/modules.symbols
          ..5....T /lib/modules/2.6.3-7mdk/modules.usbmap
          dépendances non satisfaites pour libgmp3-devel-4.1.2-4mdk: libgmp3 = 4.1.2-4mdk
          dépendances non satisfaites pour libgtk+2.0_0-devel-2.2.4-10.1.100mdk: libgtk+2.0_0 = 2.2.4-10.1.100mdk, libgtk+-x11-2.0_0 = 2.2.4-10.1.100mdk
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdk_web.desktop
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdkbizcase_web.desktop
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdkcampus_web.desktop
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdkexpert_web.desktop
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdkforum_web.desktop
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdkonline_web.desktop
          .......T /usr/share/apps/konqsidebartng/virtual_folders/remote/web/mdkstore_web.desktop
          S.5....T /usr/X11R6/lib/X11/icewm/menu
          .M...... c /etc/rc.d/init.d/proftpd
          SM5....T c /etc/security/fileshare.conf
          S.5....T /usr/local/RealPlayer/realplay
          .M...... c /etc/rc.d/init.d/nfs
          ....L... /usr/share/config
          dépendances non satisfaites pour libalsa2-devel-1.0.2-3mdk: libalsa2 = 1:1.0.2
          .M...... c /etc/rc.d/init.d/radvd
          dépendances non satisfaites pour libaudiofile0-devel-0.2.5-1mdk: libaudiofile0 = 0.2.5
          S.5....T c /etc/mtools.conf
          dépendances non satisfaites pour libatk1.0_0-devel-1.4.1-1mdk: libatk1.0_0 = 1.4.1-1mdk
          dépendances non satisfaites pour libdb4.1-devel-4.1.25-4mdk: libdb4.1 = 4.1.25-4mdk
          S.5....T c /etc/modules.conf
          dépendances non satisfaites pour libSDL1.2-devel-1.2.5-12mdk: libSDL1.2 = 1.2.5
          dépendances non satisfaites pour libmng1-devel-1.0.5-5mdk: libmng1 = 1.0.5-5mdk
          dépendances non satisfaites pour zlib1-devel-1.2.1-2.1.100mdk: zlib1 = 1.2.1-2.1.100mdk
          dépendances non satisfaites pour libmikmod2-devel-3.1.10-8mdk: libmikmod2 = 3.1.10-8mdk
          .M...... c /etc/rc.d/init.d/alsa
          .M...... c /etc/rc.d/init.d/sound
          .......T c /usr/share/fonts/ttf/gb2312/fonts.cache-1
          S.5....T c /etc/httpd/conf/httpd2.conf
          .M...... c /etc/rc.d/init.d/httpd
          .M...U.. /var/cache/httpd
          .......T c /etc/postfix/master.cf
          .M...... c /etc/rc.d/init.d/postfix
          .M....G. /usr/sbin/sendmail.postfix
          .M...... c /etc/rc.d/init.d/bluetooth
          .M...... c /etc/rc.d/init.d/dund
          .M...... c /etc/rc.d/init.d/hidd
          .M...... c /etc/rc.d/init.d/pand
          SM5....T c /etc/sysconfig/userdrake
          .......T /usr/share/fonts/ttf/western/fonts.cache-1
          S.5..UGT c /etc/mailman
          .M...... c /etc/rc.d/init.d/mailman
          S.5....T /usr/lib/mailman/Mailman/mm_cfg.pyc
          .M...... c /etc/rc.d/init.d/kheader
          manquant /usr/X11R6/lib/X11/fonts/cyrillic/encodings.dir
          .......T c /usr/share/config/konsolerc
          ..5....T /usr/share/fonts/ttf/korean/fonts.cache-1
          .M...... c /etc/rc.d/init.d/freenet6
          .M...... c /etc/rc.d/init.d/apmd
          S.5....T c /etc/mime.types
          S.5....T c /etc/openldap/ldap.conf
          .M...... c /etc/rc.d/init.d/numlock
          .M...... c /etc/rc.d/init.d/xinetd
          dépendances non satisfaites pour libgdk-pixbuf2-devel-0.22.0-2.2.100mdk: libgdk-pixbuf-gnomecanvas1 = 0.22.0-2.2.100mdk, libgdk-pixbuf2 = 0.22.0-2.2.100mdk
          dépendances non satisfaites pour libsane1-devel-1.0.13-6mdk: libsane1 = 1.0.13-6mdk
          dépendances non satisfaites pour libpango1.0_0-devel-1.2.5-3mdk: pango = 1.2.5-3mdk, libpango1.0_0 = 1.2.5-3mdk
          S.5....T c /etc/info-dir
          .M...... c /etc/rc.d/init.d/atd
          S.5....T c /etc/X11/gdm/gdm.conf
          manquant /dev/ptal-mlcd
          ....L... /dev/ptal-printd
          .M...... /usr/sbin/ptal-init
          ....L... /usr/X11R6/lib/libGL.so.1
          .M...... c /etc/rc.d/init.d/webmin
          SM5....T c /etc/ssl/webmin/miniserv.pem
          .M....G. /etc/cups
          .M...U.. /usr/bin/lppasswd
          dépendances non satisfaites pour libglib1.2-devel-1.2.10-11mdk: libglib1.2 = 1.2.10-11mdk
          dépendances non satisfaites pour libgnomemm-1.2_9-devel-1.2.4-3mdk: libgnomemm-1.2_9 = 1.2.4-3mdk
          .M...... c /etc/rc.d/init.d/ldap
          S.5....T c /etc/sysconfig/ldap
          .M...UG. c /var/lib/ldap/DB_CONFIG
          .M...... /var/log/ldap
          .M...... c /etc/rc.d/init.d/snortd
          S.5....T c /etc/snort/snort.conf
          dépendances non satisfaites pour libmad0-devel-0.15.0b-3mdk: libmad0 = 0.15.0b
          .M...... /proc
          .M...... /root
          .M...... /var/spool/mail
          S.5....T c /etc/sane.d/dll.conf
          .M...... c /etc/rc.d/init.d/oki4daemon
          S.5....T /usr/share/fonts/ttf/kannada/fonts.cache-1
          S.5....T c /var/www/html/admin/phpMyAdmin/config.inc.php
          dépendances non satisfaites pour libarts1-devel-1.2-3mdk: libarts1 = 30000001:1.2-3mdk
          S.5....T c /etc/named.conf
          dépendances non satisfaites pour libfontconfig1-devel-2.2.1-7mdk: fontconfig = 2.2.1-7mdk, libfontconfig1 = 2.2.1-7mdk
          dépendances non satisfaites pour libgdk-pixbuf-xlib2-0.22.0-2.2.100mdk: gdk-pixbuf-loaders = 0.22.0-2.2.100mdk
          dépendances non satisfaites pour libusb0.1_4-devel-0.1.7-1mdk: libusb0.1_4 = 0.1.7-1mdk
          .......T /usr/share/pixmaps/gnome-default-dlg.png
          .......T /usr/share/pixmaps/gnome-error.png
          .......T /usr/share/pixmaps/gnome-info.png
          .......T /usr/share/pixmaps/gnome-question.png
          .......T /usr/share/pixmaps/gnome-warning.png
          S.5....T c /etc/hotplug/blacklist
          .M...... c /etc/init.d/hotplug
          S.5....T /usr/share/fonts/type1/greek/fonts.cache-1
          ....L... /lib/cpp
          .......T /usr/share/themes/Metal/README.html
          .......T /usr/share/themes/Redmond95/README.html
          .M...... c /etc/rc.d/init.d/winbind
          .......T /usr/share/locale/de/LC_MESSAGES/libgtkhx.mo
          .......T /usr/share/locale/es/LC_MESSAGES/libgtkhx.mo
          .......T /usr/share/locale/fr/LC_MESSAGES/libgtkhx.mo
          .......T /usr/share/locale/it/LC_MESSAGES/libgtkhx.mo
          S.5....T c /usr/share/config/kdeglobals
          S.5....T c /usr/share/config/kdesktoprc
          .......T c /usr/share/config/kickerrc
          S.5....T c /usr/share/config/konquerorrc
          .......T c /etc/httpd/conf/ssl/mod_ssl.conf
          .......T c /etc/httpd/conf/ssl/ssl.default-vhost.conf
          SM5....T c /etc/ssl/apache/server.crt
          SM5....T c /etc/ssl/apache/server.key
          S.5....T /usr/share/fonts/ttf/armenian/fonts.cache-1
          S.5....T /usr/share/fonts/ttf/tscii/fonts.cache-1
          dépendances non satisfaites pour rpm-python-4.2.2-7mdk: rpm = 4.2.2-7mdk
          S.5....T /usr/share/fonts/ttf/thai/fonts.cache-1
          dépendances non satisfaites pour libkdetoys1-devel-3.2-6mdk: libkdetoys1 = 1:3.2-6mdk
          dépendances non satisfaites pour libbeecrypt6-devel-3.1.0-2mdk: libbeecrypt6 = 3.1.0-2mdk
          dépendances non satisfaites pour libORBit0-devel-0.5.17-7mdk: ORBit = 0.5.17-7mdk, libORBit0 = 0.5.17-7mdk
          dépendances non satisfaites pour pam-doc-0.77-12mdk: pam = 0.77-12mdk
          .M...... c /etc/rc.d/init.d/crond
          dépendances non satisfaites pour popt-devel-1.8.2-7mdk: popt = 1.8.2-7mdk
          dépendances non satisfaites pour libfreetype6-devel-2.1.7-4mdk: libfreetype6 = 2.1.7-4mdk
          S.5....T c /etc/xml/catalog
          S.5....T c /usr/share/sgml/docbook/xmlcatalog
          .M...... c /etc/rc.d/init.d/sshd
          SM5....T c /etc/ssh/sshd_config
          manquant /usr/share/squidGuard-1.2.0/contrib/RobotUserAgent.pm
          manquant /usr/share/squidGuard-1.2.0/contrib/hostbyname
          manquant /usr/share/squidGuard-1.2.0/contrib/sgclean
          manquant /usr/share/squidGuard-1.2.0/contrib/squidGuardRobot
          manquant /usr/share/squidGuard-1.2.0/db/README
          manquant /usr/share/squidGuard-1.2.0/db/ads
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010825.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010918.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011008.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011113.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/domains.20011218.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011008.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011113.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/ads/urls.20011218.diff
          manquant /usr/share/squidGuard-1.2.0/db/adult
          manquant /usr/share/squidGuard-1.2.0/db/adult/domains
          manquant /usr/share/squidGuard-1.2.0/db/adult/expressions
          manquant /usr/share/squidGuard-1.2.0/db/adult/urls
          manquant /usr/share/squidGuard-1.2.0/db/advertising
          manquant /usr/share/squidGuard-1.2.0/db/advertising/domains
          manquant /usr/share/squidGuard-1.2.0/db/advertising/urls
          manquant /usr/share/squidGuard-1.2.0/db/aggressive
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010825.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011117.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/domains.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010818.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010825.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010918.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011008.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/aggressive/urls.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010825.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011008.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/audio-video/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/banneddestination
          manquant /usr/share/squidGuard-1.2.0/db/banneddestination/domains
          manquant /usr/share/squidGuard-1.2.0/db/banneddestination/expressions
          manquant /usr/share/squidGuard-1.2.0/db/banneddestination/urls
          manquant /usr/share/squidGuard-1.2.0/db/bannedsource
          manquant /usr/share/squidGuard-1.2.0/db/bannedsource/ips
          manquant /usr/share/squidGuard-1.2.0/db/drugs
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010825.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010918.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011008.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011117.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/domains.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010818.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010825.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011117.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/drugs/urls.20011217.diff
          manquant /usr/share/squidGuard-1.2.0/db/forums
          manquant /usr/share/squidGuard-1.2.0/db/forums/domains
          manquant /usr/share/squidGuard-1.2.0/db/forums/expressions
          manquant /usr/share/squidGuard-1.2.0/db/forums/urls
          manquant /usr/share/squidGuard-1.2.0/db/gambling
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010918.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/gambling/urls
          manquant /usr/share/squidGuard-1.2.0/db/gambling/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010816.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010818.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010901.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010908.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010915.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010922.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20010929.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011013.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011114.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011124.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011201.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/domains.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20010813.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20011006.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20011020.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20011027.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20011103.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20011110.diff
          manquant /usr/share/squidGuard-1.2.0/db/hacking/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/lansource
          manquant /usr/share/squidGuard-1.2.0/db/lansource/lan
          manquant /usr/share/squidGuard-1.2.0/db/mail
          manquant /usr/share/squidGuard-1.2.0/db/mail/domains
          manquant /usr/share/squidGuard-1.2.0/db/porn
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010814.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010817.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010818.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010902.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010909.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010916.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010918.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010919.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010923.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20010930.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011007.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011009.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011014.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011021.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011028.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011104.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011113.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011115.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011118.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011125.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011213.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/domains.20011217.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/expressions
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010814.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010817.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010818.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010902.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010909.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010916.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010917.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010919.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010923.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20010930.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011007.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011009.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011014.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011021.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011028.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011104.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011113.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011115.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011118.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011125.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011212.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011213.diff
          manquant /usr/share/squidGuard-1.2.0/db/porn/urls.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/privilegedsource
          manquant /usr/share/squidGuard-1.2.0/db/privilegedsource/ips
          manquant /usr/share/squidGuard-1.2.0/db/proxy
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains.20010918.diff
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains.20010923.diff
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains.20011021.diff
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains.20011213.diff
          manquant /usr/share/squidGuard-1.2.0/db/proxy/domains.20011218.diff
          manquant /usr/share/squidGuard-1.2.0/db/proxy/urls
          manquant /usr/share/squidGuard-1.2.0/db/publicite
          manquant /usr/share/squidGuard-1.2.0/db/publicite/domains
          manquant /usr/share/squidGuard-1.2.0/db/publicite/expressions
          manquant /usr/share/squidGuard-1.2.0/db/publicite/urls
          manquant /usr/share/squidGuard-1.2.0/db/redirector
          manquant /usr/share/squidGuard-1.2.0/db/redirector/domains
          manquant /usr/share/squidGuard-1.2.0/db/redirector/expressions
          manquant /usr/share/squidGuard-1.2.0/db/redirector/urls
          manquant /usr/share/squidGuard-1.2.0/db/timerestriction
          manquant /usr/share/squidGuard-1.2.0/db/timerestriction/lan
          manquant /usr/share/squidGuard-1.2.0/db/violence
          manquant /usr/share/squidGuard-1.2.0/db/violence/domains
          manquant /usr/share/squidGuard-1.2.0/db/violence/domains.20010814.diff
          manquant /usr/share/squidGuard-1.2.0/db/violence/domains.20011028.diff
          manquant /usr/share/squidGuard-1.2.0/db/violence/domains.20011213.diff
          manquant /usr/share/squidGuard-1.2.0/db/violence/expressions
          manquant /usr/share/squidGuard-1.2.0/db/violence/urls
          manquant /usr/share/squidGuard-1.2.0/db/warez
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010814.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010818.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010902.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010909.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010916.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010919.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010923.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20010930.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011007.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011014.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011021.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011028.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011112.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011118.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011125.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011213.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/domains.20011218.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/urls
          manquant /usr/share/squidGuard-1.2.0/db/warez/urls.20011125.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/urls.20011213.diff
          manquant /usr/share/squidGuard-1.2.0/db/warez/urls.20011215.diff
          manquant /usr/share/squidGuard-1.2.0/samples/sample.conf
          manquant /usr/share/squidGuard-1.2.0/samples/squidGuard-simple.cgi
          manquant /usr/share/squidGuard-1.2.0/samples/squidGuard.cgi
          .M...... /var/log/squidGuard/advertising.log
          .M...... /var/log/squidGuard/squidGuard.error
          .M.....T /var/log/squidGuard/squidGuard.log
          dépendances non satisfaites pour gcc-java-3.3.2-6mdk: gcc = 3.3.2-6mdk
          dépendances non satisfaites pour libfam0-devel-2.6.10-9mdk: fam = 2.6.10, libfam0 = 2.6.10-9mdk
          .M...... c /etc/rc.d/init.d/fetchmail
          dépendances non satisfaites pour rpm-devel-4.2.2-7mdk: rpm = 4.2.2-7mdk
          S.5....T c /etc/pam.d/system-auth
          S.5....T /usr/share/fonts/default/Type1/adobestd35/fonts.cache-1
          S.5....T /usr/share/fonts/default/Type1/fonts.cache-1
          .......T /usr/share/fonts/ttf/decoratives/fonts.cache-1
          S.5..UGT c /etc/X11/fs/config
          .M...... c /etc/rc.d/init.d/xfs
          S.5....T c /etc/samba/smb.conf
          .M...... c /etc/rc.d/init.d/smb
          S.5....T c /usr/share/config/kdm/kdmrc
          manquant /usr/X11R6/lib/X11/fonts/75dpi/encodings.dir
          .M...... c /etc/rc.d/init.d/yppasswdd
          .M...... c /etc/rc.d/init.d/ypserv
          .M...... c /etc/rc.d/init.d/ypxfrd
          manquant /usr/java/j2re1.4.2_04/javaws/javaws.pack
          manquant /usr/java/j2re1.4.2_04/lib/charsets.pack
          manquant /usr/java/j2re1.4.2_04/lib/ext/localedata.pack
          manquant /usr/java/j2re1.4.2_04/lib/jsse.pack
          manquant /usr/java/j2re1.4.2_04/lib/plugin.pack
          manquant /usr/java/j2re1.4.2_04/lib/rt.pack
          manquant /usr/java/j2re1.4.2_04/lib/unpack
          .M...... c /etc/rc.d/init.d/routed
          .M...... c /etc/rc.d/init.d/ipvsadm
          S.5....T /usr/share/fonts/ttf/arabic/fonts.cache-1
          .M...... c /etc/rc.d/init.d/wine
          .M...... c /etc/rc.d/init.d/iptables
          S.5....T /usr/share/fonts/bitmap/tscii/fonts.cache-1
          dépendances non satisfaites pour libgtk+1.2-devel-1.2.10-38mdk: libgtk+1.2 = 1.2.10-38mdk
          dépendances non satisfaites pour gcc-g77-3.3.2-6mdk: gcc = 3.3.2-6mdk
          .......T c /usr/share/fonts/ttf/big5/fonts.cache-1
          .M...... c /etc/rc.d/init.d/saslauthd
          manquant /usr/lib/mozilla-1.7.2/chrome/chrome.rdf
          manquant /usr/lib/mozilla-1.7.2/components/compreg.dat
          manquant /usr/lib/mozilla-1.7.2/components/xpti.dat
          manquant /usr/X11R6/lib/X11/fonts/100dpi/encodings.dir
          S.5....T /usr/share/locale/de/LC_MESSAGES/wxstd.mo
          S.5....T /usr/share/locale/es/LC_MESSAGES/wxstd.mo
          S.5....T /usr/share/locale/fr/LC_MESSAGES/wxstd.mo
          S.5....T /usr/share/locale/it/LC_MESSAGES/wxstd.mo
          • [^] # Re: Pour voir si ...

            Posté par (page perso) . Évalué à 1.

            Le format de sortie est constitué d'une chaîne de caractères de
            8 caractère, d'un "c" éventuel dénottant un fichier de configu-
            ration, et ensuite du nom du fichier. Chacun des 8 caractères
            dénote le résultat d'une comparaison d'un attribut du fichier
            avec la valeur de cet attribut enregistré dans la base de
            données rpm. Un simple "." (point) signifie que le test s'est
            bien passé. Les caractères suivants dénote l'échec à certains
            tests :

            5 Somme MD5

            S Taille du fichier

            L Lien symbolique

            T Mtime

            D Périphérique

            U Utilisateur

            G Groupe

            M Mode (inclut les permissions et le type de fichier)
  • # ... et pour être sûr ...

    Posté par . Évalué à 4.

    si tu penses vraiment avoir été "rootkité", le mieux c'est d'en être sûr.
    A cet effet, tu peux utiliser des outils de detection comme RootKit Hunter (c'est celui que j'utilise) qui possède une bibliothèque des rootkit et autre programmes malveillants. Il inclut également d'autres tests utiles.

    Tu peux aller voir là :
    http://www.rootkit.nl(...)
    et là pour télécharger la dernière version :
    http://downloads.rootkit.nl/rkhunter-1.1.9.tar.gz(...)

    Note que ce n'est certainement pas le seul outil de ce genre. Donc hésite pas à fouiller.
    • [^] # Re: ... et pour être sûr ...

      Posté par (page perso) . Évalué à 1.

      A la compilation j'ai eu l'incident suivant.

      gcc -static -o strings-static strings.c
      /usr//bin/ld: cannot find -lc
      collect2: ld returned 1 exit status
      make: *** [strings-static] Erreur 1

      Je comprend que "ld" n'as pas peu trouver "lc".

      Je vais me tourner vers le mainteneur du site français pour être aider. Je te remercie.
      • [^] # Re: ... et pour être sûr ...

        Posté par (page perso) . Évalué à 1.

        rkhunter-1.1.9.tar.gz(...)
        J'ai installer ce que tu m'as conseiller un test de plus ne me déplait pas.

        L'erreur dont je parlait venait de l autre logiciel chkrookit, une simple bibliothèque static qui manquait.

        Voila la sortie par contre j'avais une version d'un logiciel décrit comme vulnérable selon sa version, je l'ai enlever des logs. Le reste n'a pas été changer.

        Est ce que ce test doit etre à partir d'un système saint ou peut etre fait sur un système compromis ?


        [root@Samaty rkhunter]# rkhunter -c


        Rootkit Hunter 1.1.9 is running

        Determining OS... Warning: this operating system is not fully supported!
        Ready
        Warning: Cannot find md5_not_known
        All MD5 checks will be skipped!


        Checking binaries
        * Selftests
        Strings (command) [ OK ]


        * System tools
        Skipped!


        Check rootkits
        * Default files and directories
        Rootkit '55808 Trojan - Variant A'... [ OK ]
        ADM Worm... [ OK ]
        Rootkit 'AjaKit'... [ OK ]
        Rootkit 'aPa Kit'... [ OK ]
        Rootkit 'Apache Worm'... [ OK ]
        Rootkit 'Ambient (ark) Rootkit'... [ OK ]
        Rootkit 'Balaur Rootkit'... [ OK ]
        Rootkit 'BeastKit'... [ OK ]
        Rootkit 'BOBKit'... [ OK ]
        Rootkit 'CiNIK Worm (Slapper.B variant)'... [ OK ]
        Rootkit 'Danny-Boy's Abuse Kit'... [ OK ]
        Rootkit 'Devil RootKit'... [ OK ]
        Rootkit 'Dica'... [ OK ]
        Rootkit 'Dreams Rootkit'... [ OK ]
        Rootkit 'Duarawkz'... [ OK ]
        Rootkit 'Flea Linux Rootkit'... [ OK ]
        Rootkit 'FreeBSD Rootkit'... [ OK ]
        Rootkit 'Fuck`it Rootkit'... [ OK ]
        Rootkit 'GasKit'... [ OK ]
        Rootkit 'Heroin LKM'... [ OK ]
        Rootkit 'HjC Kit'... [ OK ]
        Rootkit 'ignoKit'... [ OK ]
        Rootkit 'ImperalsS-FBRK'... [ OK ]
        Rootkit 'Irix Rootkit'... [ OK ]
        Rootkit 'Kitko'... [ OK ]
        Rootkit 'Knark'... [ OK ]
        Rootkit 'Li0n Worm'... [ OK ]
        Rootkit 'Lockit / LJK2'... [ OK ]
        Rootkit 'MRK'... [ OK ]
        Rootkit 'Ni0 Rootkit'... [ OK ]
        Rootkit 'RootKit for SunOS / NSDAP'... [ OK ]
        Rootkit 'Optic Kit (Tux)'... [ OK ]
        Rootkit 'Oz Rootkit'... [ OK ]
        Rootkit 'Portacelo'... [ OK ]
        Rootkit 'R3dstorm Toolkit'... [ OK ]
        Rootkit 'RH-Sharpe's rootkit'... [ OK ]
        Rootkit 'RSHA's rootkit'... [ OK ]
        Sebek LKM [ OK ]
        Rootkit 'Scalper Worm'... [ OK ]
        Rootkit 'Shutdown'... [ OK ]
        Rootkit 'SHV4'... [ OK ]
        Rootkit 'SHV5'... [ OK ]
        Rootkit 'Sin Rootkit'... [ OK ]
        Rootkit 'Slapper'... [ OK ]
        Rootkit 'Sneakin Rootkit'... [ OK ]
        Rootkit 'Suckit Rootkit'... [ OK ]
        Rootkit 'SunOS Rootkit'... [ OK ]
        Rootkit 'Superkit'... [ OK ]
        Rootkit 'TBD (Telnet BackDoor)'... [ OK ]
        Rootkit 'TeLeKiT'... [ OK ]
        Rootkit 'T0rn Rootkit'... [ OK ]
        Rootkit 'Trojanit Kit'... [ OK ]
        Rootkit 'Tuxtendo'... [ OK ]
        Rootkit 'URK'... [ OK ]
        Rootkit 'VcKit'... [ OK ]
        Rootkit 'Volc Rootkit'... [ OK ]
        Rootkit 'X-Org SunOS Rootkit'... [ OK ]
        Rootkit 'zaRwT.KiT Rootkit'... [ OK ]

        * Suspicious files and malware
        Scanning for known rootkit strings [ OK ]
        Scanning for known rootkit files [ OK ]
        Testing running processes... [ OK ]
        Miscellaneous Login backdoors [ OK ]
        Miscellaneous directories [ OK ]
        Software related files [ OK ]
        Sniffer logs [ OK ]

        [Press to continue]


        * Trojan specific characteristics
        shv4
        Checking /etc/rc.d/rc.sysinit
        Test 1 [ Clean ]
        Test 2 [ Clean ]
        Test 3 [ Clean ]
        Checking /etc/inetd.conf [ Not found ]
        Checking /etc/xinetd.conf [ Clean ]

        * Suspicious file properties
        chmod properties
        Checking /bin/ps [ Clean ]
        Checking /bin/ls [ Clean ]
        Checking /usr/bin/w [ Clean ]
        Checking /usr/bin/who [ Clean ]
        Checking /bin/netstat [ Clean ]
        Checking /bin/login [ Clean ]
        Script replacements
        Checking /bin/ps [ Clean ]
        Checking /bin/ls [ Clean ]
        Checking /usr/bin/w [ Clean ]
        Checking /usr/bin/who [ Clean ]
        Checking /bin/netstat [ Clean ]
        Checking /bin/login [ Clean ]

        * OS dependant tests

        Linux
        Checking loaded kernel modules... [ OK ]
        Checking files attributes [ OK ]
        Checking LKM module path [ OK ]


        Networking
        * Check: frequently used backdoors
        Port 2001: Scalper Rootkit [ OK ]
        Port 2006: CB Rootkit [ OK ]
        Port 2128: MRK [ OK ]
        Port 14856: Optic Kit (Tux) [ OK ]
        Port 47107: T0rn Rootkit [ OK ]
        Port 60922: zaRwT.KiT [ OK ]

        * Interfaces
        Scanning for promiscuous interfaces [ OK ]

        [Press to continue]



        System checks
        * Allround tests
        Checking hostname... Found. Hostname is Samaty
        Checking for passwordless user accounts... OK
        Checking for differences in user accounts... [ NA ]
        Checking for differences in user groups... Creating file It seems this is your first time.
        Checking boot.local/rc.local file...
        - /etc/rc.local [ OK ]
        - /etc/rc.d/rc.local [ OK ]
        - /usr/local/etc/rc.local [ Not found ]
        - /usr/local/etc/rc.d/rc.local [ Not found ]
        - /etc/conf.d/local.start [ Not found ]
        - /etc/init.d/boot.local [ Not found ]
        Checking rc.d files...
        Processing........................................
        ........................................
        ........................................
        ........................................
        ........................................
        ........................................
        ........................................
        ........................................
        ........................................
        ........................................
        ........................................

        Result rc.d files check [ OK ]
        Checking history files
        Bourne Shell [ OK ]

        * Filesystem checks
        Checking /dev for suspicious files... [ OK ]
        Scanning for hidden files... [ Warning! ]
        ---------------
        /dev/.udev.tdb /etc/.pwd.lock
        /etc/.qt_plugins_3.1rc.lock
        /etc/.java
        /etc/.qtrc.lock
        /etc/.qt_plugins_3.2rc.lock
        /etc/.qt_plugins_3.3rc.lock
        ---------------
        Please inspect: /etc/.java (directory)

        [Press to continue]



        Application advisories
        * Application scan
        Checking Apache2 modules ... [ Not found ]
        Checking Apache configuration ... [ OK ]

        * Application version scan
        - GnuPG 1.2.4 [ OK ]
        - Bind DNS [unknown] [ OK ]
        - OpenSSL 0.9.7d [ OK ]
        - Procmail MTA 3.22 [ OK ]
        - ProFTPd 1.2.10 [ OK ]
        - OpenSSH 3.9p1 [ OK ]



        Security advisories
        * Check: Groups and Accounts
        Searching for /etc/passwd... [ Found ]
        Checking users with UID '0' (root)... [ OK ]

        * Check: SSH
        Searching for sshd_config...
        Found /etc/ssh/sshd_config
        Checking for allowed root login... Watch out Root login possible. Possible risk!
        Hint: see logfile for more information
        info: PermitRootLogin yes
        Hint: See logfile for more information about this issue
        Checking for allowed protocols... [ Warning ]
        info: Users can use SSH1-protocol (see logfile for more information).

        * Check: Events and Logging
        Search for syslog configuration... [ OK ]
        Checking for running syslog slave... [ OK ]
        Checking for logging to remote system... [ OK (no remote logging) ]

        [Press to continue]



        ---------------------------- Scan results ----------------------------

        MD5
        MD5 compared: 0
        Incorrect MD5 checksums: 0

        File scan
        Scanned files: 342
        Possible infected files: 0

        Application scan
        Vulnerable applications: 1

        Scanning took 212 seconds

        -----------------------------------------------------------------------

        Do you have some problems, undetected rootkits, false positives, ideas
        or suggestions?
        Please e-mail me by filling in the contact form (@http://www.rootkit.nl(...))

        -----------------------------------------------------------------------
  • # gnustep

    Posté par (page perso) . Évalué à 3.

    le truc avec GNUstep ressemble à une installation locale de GNUstep qui aurait positionné les variables d'environnement LD_PRELOAD et/ou LD_LIBRARY_PATH dans tes fichiers de démarrage ~/.bashrc ~/.bash_profile, et ne les aurait pas enlevé après son départ.
    • [^] # Re: gnustep

      Posté par (page perso) . Évalué à 2.

      D'autant plus que tous ces SYS_open() retournent -2, c'est à dire qu'ils ne fonctionnent pas.

      Question idiote sûrement, mais quelqu'un ne t'aurait pas fait une blague en local avec crontab, at, ou le plugin alarm de xmms?
      • [^] # Re: gnustep

        Posté par (page perso) . Évalué à 1.

        Merci pour l'information sur le "-2", c'était ma première lecture d'une sortie de "lstrace". Comme je le dis la sécurité et moi, on débute.

        A noter que sur une système compromis cela n'as pas valeur de preuves.

        Cela dis j'aurais bien voulue qu'une personne essaye la commande lstrace sur who de sa mandrake pour voir s'il est avait la même chose.

        Par contre at et la crontab sont vide et xmms était éteint.
        La question n'était pas idiote, en sécurité rien n'est idiot ;), à part donner son mot de passe. Ce que l'on m'as donné plus d'une fois au travail, sans que je leur demande, par mes très chers utilisateurs que je réprimendais.

Suivre le flux des commentaires

Note : les commentaires appartiennent à ceux qui les ont postés. Nous n'en sommes pas responsables.