stat64("/etc/monit/monitrc", {st_mode=S_IFREG|0644, st_size=204, ...}) = 0 rt_sigprocmask(SIG_BLOCK, [TERM], [RTMIN], 8) = 0 stat64("/var/run/sshd.pid", {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 stat64("/var/run/sshd.pid", {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 open("/var/run/sshd.pid", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4016a000 read(4, "23251\n", 4096) = 6 close(4) = 0 munmap(0x4016a000, 4096) = 0 kill(23251, SIG_0) = 0 rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 nanosleep({30, 0}, {30, 0}) = 0 stat64("/etc/monit/monitrc", {st_mode=S_IFREG|0644, st_size=204, ...}) = 0 rt_sigprocmask(SIG_BLOCK, [TERM], [RTMIN], 8) = 0 stat64("/var/run/sshd.pid", 0xbffff66c) = -1 ENOENT (No such file or directory) time([1027632764]) = 1027632764 getpid() = 23286 rt_sigaction(SIGPIPE, {0x40021e80, [], 0x4000000}, {SIG_IGN}, 8) = 0 send(3, "<11>Jul 25 14:32:44 monit[23286]"..., 57, 0) = 57 rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 stat64("/var/run/sshd.pid", 0xbffff60c) = -1 ENOENT (No such file or directory) time([1027632764]) = 1027632764 getpid() = 23286 rt_sigaction(SIGPIPE, {0x40021e80, [], 0x4000000}, {SIG_IGN}, 8) = 0 send(3, "<11>Jul 25 14:32:44 monit[23286]"..., 70, 0) = 70 rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [TERM RTMIN], 8) = 0 fork() = 23312 [pid 23312] getpid() = 23312 [pid 23312] getrlimit(0x3, 0xbffff614) = 0 [pid 23312] fork() = 23313 [pid 23286] wait4(23312, [pid 23312] _exit(0) = ? [pid 23286] <... wait4 resumed> NULL, 0, NULL) = 23312 [pid 23286] rt_sigprocmask(SIG_SETMASK, [TERM RTMIN], NULL, 8) = 0 [pid 23286] --- SIGCHLD (Child exited) --- [pid 23286] rt_sigprocmask(SIG_BLOCK, [CHLD], [TERM RTMIN], 8) = 0 [pid 23286] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 [pid 23286] rt_sigprocmask(SIG_SETMASK, [TERM RTMIN], NULL, 8) = 0 [pid 23286] nanosleep({3, 0}, [pid 23313] getpid() = 23313 [pid 23313] getrlimit(0x3, 0xbffff624) = 0 [pid 23313] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23313] rt_sigaction(SIGTERM, {SIG_DFL}, {0x40021e80, [], SA_RESTART|0x4000000}, 8) = 0 [pid 23313] rt_sigaction(SIGUSR1, {SIG_DFL}, {0x40021e80, [], SA_RESTART|0x4000000}, 8) = 0 [pid 23313] rt_sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}, 8) = 0 [pid 23313] close(0) = 0 [pid 23313] open("/dev/null", O_RDWR) = 0 [pid 23313] close(1) = 0 [pid 23313] open("/dev/null", O_RDWR) = 1 [pid 23313] close(2) = 0 [pid 23313] open("/dev/null", O_RDWR) = 2 [pid 23313] getpid() = 23313 [pid 23313] getrlimit(0x3, 0xbffff514) = 0 [pid 23313] rt_sigaction(SIGRTMIN, {SIG_DFL}, NULL, 8) = 0 [pid 23313] rt_sigaction(SIGRT_1, {SIG_DFL}, NULL, 8) = 0 [pid 23313] rt_sigaction(SIGRT_2, {SIG_DFL}, NULL, 8) = 0 [pid 23313] execve("/etc/init.d/ssh", ["/etc/init.d/ssh", "start"], [/* 1 var */]) = 0 [pid 23313] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23313] brk(0) = 0x80602c4 [pid 23313] open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 23313] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23313] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23313] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [pid 23313] close(3) = 0 [pid 23313] open("/lib/libc.so.6", O_RDONLY) = 3 [pid 23313] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) = 1024 [pid 23313] fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0 [pid 23313] old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40019000 [pid 23313] mprotect(0x4012c000, 40160, PROT_NONE) = 0 [pid 23313] old_mmap(0x4012c000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x113000) = 0x4012c000 [pid 23313] old_mmap(0x40132000, 15584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40132000 [pid 23313] close(3) = 0 [pid 23313] munmap(0x40014000, 20340) = 0 [pid 23313] rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0 [pid 23313] getpid() = 23313 [pid 23313] brk(0) = 0x80602c4 [pid 23313] brk(0x80602e4) = 0x80602e4 [pid 23313] brk(0x8061000) = 0x8061000 [pid 23313] geteuid32() = 0 [pid 23313] getppid() = 1 [pid 23313] getcwd("/", 256) = 2 [pid 23313] open("/etc/init.d/ssh", O_RDONLY) = 3 [pid 23313] fcntl64(3, F_DUPFD, 10) = 10 [pid 23313] close(3) = 0 [pid 23313] fcntl64(10, F_SETFD, FD_CLOEXEC) = 0 [pid 23313] rt_sigaction(SIGINT, NULL, {SIG_DFL}, 8) = 0 [pid 23313] rt_sigaction(SIGINT, {0x80553b8, [], 0x4000000}, NULL, 8) = 0 [pid 23313] rt_sigaction(SIGQUIT, NULL, {SIG_DFL}, 8) = 0 [pid 23313] rt_sigaction(SIGQUIT, {SIG_DFL}, NULL, 8) = 0 [pid 23313] rt_sigaction(SIGHUP, NULL, {SIG_IGN}, 8) = 0 [pid 23313] rt_sigaction(SIGTSTP, NULL, {SIG_DFL}, 8) = 0 [pid 23313] rt_sigaction(SIGTSTP, {SIG_DFL}, NULL, 8) = 0 [pid 23313] rt_sigaction(SIGPIPE, NULL, {SIG_DFL}, 8) = 0 [pid 23313] rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 [pid 23313] read(10, "#! /bin/sh\n\n# /etc/init.d/ssh: s"..., 8191) = 1699 [pid 23313] stat64("/usr/sbin/sshd", {st_mode=S_IFREG|0755, st_size=276200, ...}) = 0 [pid 23313] geteuid32() = 0 [pid 23313] stat64("/usr/sbin/sshd", {st_mode=S_IFREG|0755, st_size=276200, ...}) = 0 [pid 23313] fork() = 23314 [pid 23314] close(10) = 0 [pid 23314] open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 [pid 23314] close(2) = 0 [pid 23314] fcntl64(3, F_DUPFD, 2) = 2 [pid 23314] close(3) = 0 [pid 23314] pipe([3, 4]) = 0 [pid 23314] fork() = 23315 [pid 23314] close(4) = 0 [pid 23314] stat64("/bin/grep", {st_mode=S_IFREG|0755, st_size=46444, ...}) = 0 [pid 23314] fork() = 23316 [pid 23316] dup2(3, 0) = 0 [pid 23316] close(3) = 0 [pid 23316] execve("/bin/grep", ["grep", "-q", "OpenSSH"], [/* 2 vars */]) = 0 [pid 23316] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23316] brk(0) = 0x80548f4 [pid 23316] open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 23316] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23316] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23316] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [pid 23316] close(3) = 0 [pid 23316] open("/lib/libc.so.6", O_RDONLY) = 3 [pid 23316] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) = 1024 [pid 23316] fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0 [pid 23316] old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40019000 [pid 23316] mprotect(0x4012c000, 40160, PROT_NONE) = 0 [pid 23316] old_mmap(0x4012c000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x113000) = 0x4012c000 [pid 23316] old_mmap(0x40132000, 15584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40132000 [pid 23316] close(3) = 0 [pid 23316] munmap(0x40014000, 20340) = 0 [pid 23316] brk(0) = 0x80548f4 [pid 23316] brk(0x805491c) = 0x805491c [pid 23316] brk(0x8055000) = 0x8055000 [pid 23316] brk(0x8056000) = 0x8056000 [pid 23316] brk(0x8057000) = 0x8057000 [pid 23316] brk(0x8063000) = 0x8063000 [pid 23316] fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 [pid 23316] read(0, [pid 23315] close(3) = 0 [pid 23315] dup2(4, 1) = 1 [pid 23315] close(4) = 0 [pid 23315] close(2) = 0 [pid 23315] fcntl64(1, F_DUPFD, 2) = 2 [pid 23315] execve("/usr/sbin/sshd", ["/usr/sbin/sshd", "-?"], [/* 2 vars */]) = 0 [pid 23315] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23315] brk(0) = 0x8092660 [pid 23315] open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 23315] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23315] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libwrap.so.0", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@ \0\000"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=24328, ...}) = 0 [pid 23315] old_mmap(NULL, 29092, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40019000 [pid 23315] mprotect(0x4001f000, 4516, PROT_NONE) = 0 [pid 23315] old_mmap(0x4001f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x5000) = 0x4001f000 [pid 23315] old_mmap(0x40020000, 420, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40020000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libpam.so.0", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\24"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=29420, ...}) = 0 [pid 23315] old_mmap(NULL, 32428, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40021000 [pid 23315] mprotect(0x40028000, 3756, PROT_NONE) = 0 [pid 23315] old_mmap(0x40028000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0x40028000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libdl.so.2", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0T\27\0\000"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=8008, ...}) = 0 [pid 23315] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40029000 [pid 23315] old_mmap(NULL, 11004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4002a000 [pid 23315] mprotect(0x4002c000, 2812, PROT_NONE) = 0 [pid 23315] old_mmap(0x4002c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x4002c000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libutil.so.1", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\16"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=7600, ...}) = 0 [pid 23315] old_mmap(NULL, 10568, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4002d000 [pid 23315] mprotect(0x4002f000, 2376, PROT_NONE) = 0 [pid 23315] old_mmap(0x4002f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x4002f000 [pid 23315] close(3) = 0 [pid 23315] open("/usr/lib/libz.so.1", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\30"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=54632, ...}) = 0 [pid 23315] old_mmap(NULL, 57756, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40030000 [pid 23315] mprotect(0x4003c000, 8604, PROT_NONE) = 0 [pid 23315] old_mmap(0x4003c000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x4003c000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libnsl.so.1", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ;\0\000"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=69472, ...}) = 0 [pid 23315] old_mmap(NULL, 80988, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4003f000 [pid 23315] mprotect(0x40050000, 11356, PROT_NONE) = 0 [pid 23315] old_mmap(0x40050000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10000) = 0x40050000 [pid 23315] old_mmap(0x40051000, 7260, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40051000 [pid 23315] close(3) = 0 [pid 23315] open("/usr/lib/libcrypto.so.0.9.6", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\36\2\000"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=771088, ...}) = 0 [pid 23315] old_mmap(NULL, 787072, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40053000 [pid 23315] mprotect(0x40105000, 57984, PROT_NONE) = 0 [pid 23315] old_mmap(0x40105000, 45056, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb1000) = 0x40105000 [pid 23315] old_mmap(0x40110000, 12928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40110000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libc.so.6", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0 [pid 23315] old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40114000 [pid 23315] mprotect(0x40227000, 40160, PROT_NONE) = 0 [pid 23315] old_mmap(0x40227000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x113000) = 0x40227000 [pid 23315] old_mmap(0x4022d000, 15584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4022d000 [pid 23315] close(3) = 0 [pid 23315] open("/lib/libcrypt.so.1", O_RDONLY) = 3 [pid 23315] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\t\0"..., 1024) = 1024 [pid 23315] fstat64(3, {st_mode=S_IFREG|0644, st_size=19136, ...}) = 0 [pid 23315] old_mmap(NULL, 182044, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40231000 [pid 23315] mprotect(0x40236000, 161564, PROT_NONE) = 0 [pid 23315] old_mmap(0x40236000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x40236000 [pid 23315] old_mmap(0x40237000, 157468, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40237000 [pid 23315] close(3) = 0 [pid 23315] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4025e000 [pid 23315] munmap(0x40014000, 20340) = 0 [pid 23315] write(2, "sshd: illegal option -- ?\n", 26) = 26 [pid 23315] write(2, "sshd version OpenSSH_3.4p1 Debia"..., 44) = 44 [pid 23315] write(2, "Usage: sshd [options]\n", 22) = 22 [pid 23315] write(2, "Options:\n", 9) = 9 [pid 23315] write(2, " -f file Configuration file "..., 63) = 63 [pid 23315] write(2, " -d Debugging mode (mul"..., 63) = 63 [pid 23315] write(2, " -i Started from inetd\n", 32) = 32 [pid 23315] write(2, " -D Do not fork into da"..., 42) = 42 [pid 23315] write(2, " -t Only test configura"..., 51) = 51 [pid 23315] write(2, " -q Quiet (no logging)\n", 32) = 32 [pid 23315] write(2, " -p port Listen on the speci"..., 56) = 56 [pid 23315] write(2, " -k seconds Regenerate server k"..., 75) = 75 [pid 23315] write(2, " -g seconds Grace period for au"..., 60) = 60 [pid 23315] write(2, " -b bits Size of server RSA "..., 56) = 56 [pid 23315] write(2, " -h file File from which to "..., 79) = 79 [pid 23315] write(2, " -u len Maximum hostname le"..., 56) = 56 [pid 23315] write(2, " -4 Use IPv4 only\n", 27) = 27 [pid 23315] write(2, " -6 Use IPv6 only\n", 27) = 27 [pid 23315] write(2, " -o option Process the option "..., 77) = 77 [pid 23315] _exit(1) = ? [pid 23316] <... read resumed> "sshd: illegal option -- ?\nsshd v"..., 32768) = 897 [pid 23316] close(1) = 0 [pid 23316] _exit(0) = ? [pid 23313] getpgrp() = 23285 [pid 23313] wait4(-1, [pid 23314] --- SIGCHLD (Child exited) --- [pid 23314] close(3) = 0 [pid 23314] close(-1) = -1 EBADF (Bad file descriptor) [pid 23314] getpgrp() = 23285 [pid 23314] wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 23316 [pid 23314] wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 1], 0, NULL) = 23315 [pid 23314] _exit(0) = ? [pid 23313] <... wait4 resumed> [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 23314 [pid 23313] --- SIGCHLD (Child exited) --- [pid 23313] stat64("/etc/ssh/sshd_not_to_be_run", 0xbffff87c) = -1 ENOENT (No such file or directory) [pid 23313] brk(0x8062000) = 0x8062000 [pid 23313] stat64("/etc/ssh/sshd_not_to_be_run", 0xbffff41c) = -1 ENOENT (No such file or directory) [pid 23313] stat64("/var/run/sshd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23313] brk(0x8065000) = 0x8065000 [pid 23313] write(1, "Starting OpenBSD Secure Shell se"..., 42) = 42 [pid 23313] stat64("/bin/start-stop-daemon", 0xbffff76c) = -1 ENOENT (No such file or directory) [pid 23313] stat64("/usr/bin/start-stop-daemon", 0xbffff76c) = -1 ENOENT (No such file or directory) [pid 23313] stat64("/sbin/start-stop-daemon", {st_mode=S_IFREG|0755, st_size=18408, ...}) = 0 [pid 23313] fork() = 23317 [pid 23313] getpgrp() = 23285 [pid 23313] wait4(-1, [pid 23317] close(10) = 0 [pid 23317] execve("/sbin/start-stop-daemon", ["start-stop-daemon", "--start", "--quiet", "--pidfile", "/var/run/sshd.pid", "--exec", "/usr/sbin/sshd"], [/* 2 vars */]) = 0 [pid 23317] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23317] brk(0) = 0x804c840 [pid 23317] open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 23317] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23317] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libc.so.6", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0 [pid 23317] old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40019000 [pid 23317] mprotect(0x4012c000, 40160, PROT_NONE) = 0 [pid 23317] old_mmap(0x4012c000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x113000) = 0x4012c000 [pid 23317] old_mmap(0x40132000, 15584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40132000 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 20340) = 0 [pid 23317] stat64("/usr/sbin/sshd", {st_mode=S_IFREG|0755, st_size=276200, ...}) = 0 [pid 23317] brk(0) = 0x804c840 [pid 23317] brk(0x804c9c0) = 0x804c9c0 [pid 23317] brk(0x804d000) = 0x804d000 [pid 23317] open("/var/run/sshd.pid", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 23317] execve("/usr/sbin/sshd", ["/usr/sbin/sshd"], [/* 2 vars */]) = 0 [pid 23317] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23317] brk(0) = 0x8092660 [pid 23317] open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 23317] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23317] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libwrap.so.0", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@ \0\000"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=24328, ...}) = 0 [pid 23317] old_mmap(NULL, 29092, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40019000 [pid 23317] mprotect(0x4001f000, 4516, PROT_NONE) = 0 [pid 23317] old_mmap(0x4001f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x5000) = 0x4001f000 [pid 23317] old_mmap(0x40020000, 420, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40020000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libpam.so.0", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\24"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=29420, ...}) = 0 [pid 23317] old_mmap(NULL, 32428, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40021000 [pid 23317] mprotect(0x40028000, 3756, PROT_NONE) = 0 [pid 23317] old_mmap(0x40028000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0x40028000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libdl.so.2", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0T\27\0\000"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=8008, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40029000 [pid 23317] old_mmap(NULL, 11004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4002a000 [pid 23317] mprotect(0x4002c000, 2812, PROT_NONE) = 0 [pid 23317] old_mmap(0x4002c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x4002c000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libutil.so.1", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\16"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=7600, ...}) = 0 [pid 23317] old_mmap(NULL, 10568, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4002d000 [pid 23317] mprotect(0x4002f000, 2376, PROT_NONE) = 0 [pid 23317] old_mmap(0x4002f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x4002f000 [pid 23317] close(3) = 0 [pid 23317] open("/usr/lib/libz.so.1", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\30"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=54632, ...}) = 0 [pid 23317] old_mmap(NULL, 57756, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40030000 [pid 23317] mprotect(0x4003c000, 8604, PROT_NONE) = 0 [pid 23317] old_mmap(0x4003c000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x4003c000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libnsl.so.1", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ;\0\000"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=69472, ...}) = 0 [pid 23317] old_mmap(NULL, 80988, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4003f000 [pid 23317] mprotect(0x40050000, 11356, PROT_NONE) = 0 [pid 23317] old_mmap(0x40050000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10000) = 0x40050000 [pid 23317] old_mmap(0x40051000, 7260, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40051000 [pid 23317] close(3) = 0 [pid 23317] open("/usr/lib/libcrypto.so.0.9.6", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\36\2\000"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=771088, ...}) = 0 [pid 23317] old_mmap(NULL, 787072, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40053000 [pid 23317] mprotect(0x40105000, 57984, PROT_NONE) = 0 [pid 23317] old_mmap(0x40105000, 45056, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb1000) = 0x40105000 [pid 23317] old_mmap(0x40110000, 12928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40110000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libc.so.6", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0 [pid 23317] old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40114000 [pid 23317] mprotect(0x40227000, 40160, PROT_NONE) = 0 [pid 23317] old_mmap(0x40227000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x113000) = 0x40227000 [pid 23317] old_mmap(0x4022d000, 15584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4022d000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libcrypt.so.1", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\t\0"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=19136, ...}) = 0 [pid 23317] old_mmap(NULL, 182044, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40231000 [pid 23317] mprotect(0x40236000, 161564, PROT_NONE) = 0 [pid 23317] old_mmap(0x40236000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x40236000 [pid 23317] old_mmap(0x40237000, 157468, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40237000 [pid 23317] close(3) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4025e000 [pid 23317] munmap(0x40014000, 20340) = 0 [pid 23317] brk(0) = 0x8092660 [pid 23317] brk(0x80926d8) = 0x80926d8 [pid 23317] brk(0x8093000) = 0x8093000 [pid 23317] brk(0x8094000) = 0x8094000 [pid 23317] getpid() = 23317 [pid 23317] getpid() = 23317 [pid 23317] open("/dev/urandom", O_RDONLY) = 3 [pid 23317] read(3, "address@hidden"..., 20) = 20 [pid 23317] close(3) = 0 [pid 23317] getpid() = 23317 [pid 23317] getpid() = 23317 [pid 23317] getuid32() = 0 [pid 23317] getpid() = 23317 [pid 23317] time(NULL) = 1027632765 [pid 23317] getpid() = 23317 [pid 23317] open("/etc/ssh/sshd_config", O_RDONLY|O_LARGEFILE) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=880, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23317] read(3, "# /etc/ssh/sshd_config\n# Version"..., 4096) = 880 [pid 23317] getuid32() = 0 [pid 23317] getuid32() = 0 [pid 23317] read(3, "", 4096) = 0 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 4096) = 0 [pid 23317] gettimeofday({1027632765, 237347}, NULL) = 0 [pid 23317] getpid() = 23317 [pid 23317] open("/etc/resolv.conf", O_RDONLY) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=95, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23317] read(3, "search lindenlab.com\nnameserver "..., 4096) = 95 [pid 23317] read(3, "", 4096) = 0 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 4096) = 0 [pid 23317] open("/etc/ssh/ssh_host_rsa_key", O_RDONLY|O_LARGEFILE) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0600, st_size=887, ...}) = 0 [pid 23317] getuid32() = 0 [pid 23317] _llseek(3, 0, [887], SEEK_END) = 0 [pid 23317] _llseek(3, 0, [0], SEEK_SET) = 0 [pid 23317] brk(0x8096000) = 0x8096000 [pid 23317] read(3, "-----BEGIN RSA PRIVATE KEY-----\n"..., 887) = 887 [pid 23317] _llseek(3, 0, [0], SEEK_SET) = 0 [pid 23317] fcntl64(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) [pid 23317] fstat64(3, {st_mode=S_IFREG|0600, st_size=887, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23317] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23317] read(3, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 887 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 4096) = 0 [pid 23317] open("/etc/ssh/ssh_host_dsa_key", O_RDONLY|O_LARGEFILE) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0 [pid 23317] getuid32() = 0 [pid 23317] _llseek(3, 0, [672], SEEK_END) = 0 [pid 23317] _llseek(3, 0, [0], SEEK_SET) = 0 [pid 23317] read(3, "-----BEGIN DSA PRIVATE KEY-----\n"..., 672) = 672 [pid 23317] _llseek(3, 0, [0], SEEK_SET) = 0 [pid 23317] fcntl64(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) [pid 23317] fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23317] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23317] read(3, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 4096) = 0 [pid 23317] socket(PF_UNIX, SOCK_STREAM, 0) = 3 [pid 23317] connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) [pid 23317] close(3) = 0 [pid 23317] open("/etc/nsswitch.conf", O_RDONLY) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=465, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23317] read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 465 [pid 23317] read(3, "", 4096) = 0 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 4096) = 0 [pid 23317] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23317] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [pid 23317] close(3) = 0 [pid 23317] open("/lib/libnss_compat.so.2", O_RDONLY) = 3 [pid 23317] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\25"..., 1024) = 1024 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=40152, ...}) = 0 [pid 23317] old_mmap(NULL, 43256, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4025f000 [pid 23317] mprotect(0x40269000, 2296, PROT_NONE) = 0 [pid 23317] old_mmap(0x40269000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x9000) = 0x40269000 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 20340) = 0 [pid 23317] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23317] open("/etc/passwd", O_RDONLY) = 3 [pid 23317] fcntl64(3, F_GETFD) = 0 [pid 23317] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23317] fstat64(3, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23317] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23317] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23317] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23317] close(3) = 0 [pid 23317] munmap(0x40014000, 4096) = 0 [pid 23317] stat64("/var/run/sshd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23317] setgroups32(0, 0) = 0 [pid 23317] fork() = 23318 [pid 23318] setsid() = 23318 [pid 23318] chdir("/") = 0 [pid 23318] open("/dev/null", O_RDWR) = 3 [pid 23318] fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0 [pid 23318] dup2(3, 0) = 0 [pid 23318] dup2(3, 1) = 1 [pid 23318] dup2(3, 2) = 2 [pid 23318] close(3) = 0 [pid 23318] open("/dev/tty", O_RDWR|O_NOCTTY|O_LARGEFILE) = -1 ENXIO (No such device or address) [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] chdir("/") = 0 [pid 23318] rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0 [pid 23318] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 23318] fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 [pid 23318] setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 [pid 23318] setsockopt(3, SOL_SOCKET, SO_LINGER, [1], 8) = 0 [pid 23318] bind(3, {sin_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("0.0.0.0")}}, 16) = 0 [pid 23318] brk(0x8099000) = 0x8099000 [pid 23318] time([1027632765]) = 1027632765 [pid 23318] open("/etc/localtime", O_RDONLY) = 4 [pid 23318] fstat64(4, {st_mode=S_IFREG|0644, st_size=1017, ...}) = 0 [pid 23318] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23318] read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 4096) = 1017 [pid 23318] close(4) = 0 [pid 23318] munmap(0x40014000, 4096) = 0 [pid 23318] getpid() = 23318 [pid 23318] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23318] socket(PF_UNIX, SOCK_DGRAM, 0) = 4 [pid 23318] fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 [pid 23318] connect(4, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0 [pid 23318] send(4, "<38>Jul 25 14:32:45 sshd[23318]:"..., 69, 0) = 69 [pid 23318] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23318] close(4) = 0 [pid 23318] listen(3, 5) = 0 [pid 23318] rt_sigaction(SIGHUP, {0x804c090, [HUP], SA_RESTART|0x4000000}, {SIG_IGN}, 8) = 0 [pid 23318] rt_sigaction(SIGTERM, {0x804c128, [TERM], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 [pid 23318] rt_sigaction(SIGQUIT, {0x804c128, [QUIT], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 [pid 23318] rt_sigaction(SIGCHLD, {0x804c138, [CHLD], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 [pid 23318] open("/var/run/sshd.pid", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4 [pid 23318] getpid() = 23318 [pid 23318] fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 [pid 23318] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23318] write(4, "23318\n", 6) = 6 [pid 23318] close(4) = 0 [pid 23318] munmap(0x40014000, 4096) = 0 [pid 23318] select(4, [3], NULL, NULL, NULL [pid 23317] _exit(0) = ? [pid 23313] <... wait4 resumed> [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 23317 [pid 23313] --- SIGCHLD (Child exited) --- [pid 23313] write(1, ".\n", 2) = 2 [pid 23313] _exit(0) = ? [pid 23286] <... nanosleep resumed> {3, 0}) = 0 [pid 23286] rt_sigprocmask(SIG_BLOCK, [USR1], [TERM RTMIN], 8) = 0 [pid 23286] time([1027632767]) = 1027632767 [pid 23286] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23286] time([1027632767]) = 1027632767 [pid 23286] time([1027632767]) = 1027632767 [pid 23286] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23286] rt_sigaction(SIGALRM, {0x40021e80, [], 0x4000000}, NULL, 8) = 0 [pid 23286] alarm(30) = 0 [pid 23286] socket(PF_UNIX, SOCK_STREAM, 0) = 4 [pid 23286] connect(4, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) [pid 23286] close(4) = 0 [pid 23286] open("/etc/hosts", O_RDONLY) = 4 [pid 23286] fcntl64(4, F_GETFD) = 0 [pid 23286] fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 [pid 23286] fstat64(4, {st_mode=S_IFREG|0644, st_size=306, ...}) = 0 [pid 23286] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4016a000 [pid 23286] read(4, "127.0.0.1\tlocalhost\n192.168.0.32"..., 4096) = 306 [pid 23286] read(4, "", 4096) = 0 [pid 23286] close(4) = 0 [pid 23286] munmap(0x4016a000, 4096) = 0 [pid 23286] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 23286] connect(4, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.11")}}, 28) = 0 [pid 23286] send(4, "\26)\1\0\0\1\0\0\0\0\0\0\4mail\tlindenlab\3com\0"..., 36, 0) = 36 [pid 23286] gettimeofday({1027632767, 985078}, NULL) = 0 [pid 23286] poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 [pid 23286] recvfrom(4, "\26)\205\200\0\1\0\2\0\2\0\2\4mail\tlindenlab\3com\0"..., 1024, 0, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.11")}}, [16]) = 140 [pid 23286] close(4) = 0 [pid 23286] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4 [pid 23286] connect(4, {sin_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("63.211.139.13")}}, 16) = 0 [pid 23286] rt_sigprocmask(SIG_BLOCK, NULL, [USR1 TERM RTMIN], 8) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] recv(4, 0xbffff52c, 256, 0) = -1 EAGAIN (Resource temporarily unavailable) [pid 23286] select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {1, 870000}) [pid 23286] recv(4, "220 smtp0.lindenlab.com ESMTP Po"..., 256, 0) = 39 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "HELO protagonist\r\n", 18, 0) = 18 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] recv(4, 0xbffff51c, 256, 0) = -1 EAGAIN (Resource temporarily unavailable) [pid 23286] select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {4, 990000}) [pid 23286] recv(4, "250 smtp0.lindenlab.com\r\n", 256, 0) = 25 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "MAIL FROM: address@hidden", 30, 0) = 30 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] recv(4, 0xbffff51c, 256, 0) = -1 EAGAIN (Resource temporarily unavailable) [pid 23286] select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {4, 900000}) [pid 23286] recv(4, "250 Ok\r\n", 256, 0) = 8 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "RCPT TO: address@hidden", 29, 0) = 29 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] recv(4, 0xbffff52c, 256, 0) = -1 EAGAIN (Resource temporarily unavailable) [pid 23286] select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) [pid 23286] recv(4, "250 Ok\r\n", 256, 0) = 8 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "DATA\r\n", 6, 0) = 6 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] recv(4, 0xbffff51c, 256, 0) = -1 EAGAIN (Resource temporarily unavailable) [pid 23286] select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {5, 0}) [pid 23286] recv(4, "354 End data with .<"..., 256, 0) = 37 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "From: address@hidden", 25, 0) = 25 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "To: address@hidden", 24, 0) = 24 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "Subject: monit alert -- sshd res"..., 40, 0) = 40 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "Date: Thu, 25 Jul 2002 21:32:47 "..., 37, 0) = 37 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "X-Mailer: monit 2.5\r\n", 21, 0) = 21 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "Mime-Version: 1.0\r\n", 19, 0) = 19 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "Content-Type: text/plain; charse"..., 48, 0) = 48 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "Content-Transfer-Encoding: quote"..., 45, 0) = 45 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "\r\n", 2, 0) = 2 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "Program sshd restarted\r\n\r\n\tDate:"..., 115, 0) = 115 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, ".\r\n", 3, 0) = 3 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] recv(4, 0xbffff52c, 256, 0) = -1 EAGAIN (Resource temporarily unavailable) [pid 23286] select(5, [4], NULL, NULL, {5, 0}) = 1 (in [4], left {4, 840000}) [pid 23286] recv(4, "250 Ok: queued as 31D312403B\r\n", 256, 0) = 30 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] alarm(30) = 27 [pid 23286] ioctl(4, 0x5421, [1]) = 0 [pid 23286] send(4, "QUIT\r\n", 6, 0) = 6 [pid 23286] ioctl(4, 0x5421, [0]) = 0 [pid 23286] alarm(0) = 30 [pid 23286] shutdown(4, 2 /* send and receive */) = 0 [pid 23286] close(4) = 0 [pid 23286] rt_sigprocmask(SIG_SETMASK, [TERM RTMIN], NULL, 8) = 0 [pid 23286] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23286] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23286] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 [pid 23286] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23286] nanosleep({30, 0}, [pid 23318] <... select resumed> ) = 1 (in [3]) [pid 23318] accept(3, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 4 [pid 23318] fcntl64(4, F_SETFL, O_RDONLY) = 0 [pid 23318] pipe([5, 6]) = 0 [pid 23318] fork() = 23330 [pid 23330] close(5) = 0 [pid 23330] close(3) = 0 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {SIG_DFL}, {SIG_DFL}, 8) = 0 [pid 23330] rt_sigaction(SIGHUP, {SIG_DFL}, {0x804c090, [HUP], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] rt_sigaction(SIGTERM, {SIG_DFL}, {0x804c128, [TERM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] rt_sigaction(SIGQUIT, {SIG_DFL}, {0x804c128, [QUIT], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] rt_sigaction(SIGCHLD, {SIG_DFL}, {0x804c138, [CHLD], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0 [pid 23330] setsockopt(4, SOL_SOCKET, SO_LINGER, [1], 8) = 0 [pid 23330] brk(0x809b000) = 0x809b000 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] getpid() = 23330 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] getsockname(4, {sin_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] open("/etc/hosts.allow", O_RDONLY) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=603, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "# /etc/hosts.allow: list of host"..., 4096) = 603 [pid 23330] read(3, "", 4096) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] open("/etc/hosts.deny", O_RDONLY) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=898, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "# /etc/hosts.deny: list of hosts"..., 4096) = 898 [pid 23330] read(3, "", 4096) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 [pid 23330] alarm(600) = 0 [pid 23330] write(4, "SSH-2.0-OpenSSH_3.4p1 Debian 1:3"..., 39) = 39 [pid 23330] read(4, [pid 23318] close(6) = 0 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] close(4) = 0 [pid 23318] select(6, [3 5], NULL, NULL, NULL [pid 23330] <... read resumed> "S", 1) = 1 [pid 23330] read(4, "S", 1) = 1 [pid 23330] read(4, "H", 1) = 1 [pid 23330] read(4, "-", 1) = 1 [pid 23330] read(4, "2", 1) = 1 [pid 23330] read(4, ".", 1) = 1 [pid 23330] read(4, "0", 1) = 1 [pid 23330] read(4, "-", 1) = 1 [pid 23330] read(4, "O", 1) = 1 [pid 23330] read(4, "p", 1) = 1 [pid 23330] read(4, "e", 1) = 1 [pid 23330] read(4, "n", 1) = 1 [pid 23330] read(4, "S", 1) = 1 [pid 23330] read(4, "S", 1) = 1 [pid 23330] read(4, "H", 1) = 1 [pid 23330] read(4, "_", 1) = 1 [pid 23330] read(4, "3", 1) = 1 [pid 23330] read(4, ".", 1) = 1 [pid 23330] read(4, "4", 1) = 1 [pid 23330] read(4, "p", 1) = 1 [pid 23330] read(4, "1", 1) = 1 [pid 23330] read(4, " ", 1) = 1 [pid 23330] read(4, "D", 1) = 1 [pid 23330] read(4, "e", 1) = 1 [pid 23330] read(4, "b", 1) = 1 [pid 23330] read(4, "i", 1) = 1 [pid 23330] read(4, "a", 1) = 1 [pid 23330] read(4, "n", 1) = 1 [pid 23330] read(4, " ", 1) = 1 [pid 23330] read(4, "1", 1) = 1 [pid 23330] read(4, ":", 1) = 1 [pid 23330] read(4, "3", 1) = 1 [pid 23330] read(4, ".", 1) = 1 [pid 23330] read(4, "4", 1) = 1 [pid 23330] read(4, "p", 1) = 1 [pid 23330] read(4, "1", 1) = 1 [pid 23330] read(4, "-", 1) = 1 [pid 23330] read(4, "1", 1) = 1 [pid 23330] read(4, "\n", 1) = 1 [pid 23330] fcntl64(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 [pid 23330] socketpair(PF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0x4026a000 [pid 23330] mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0x4027a000 [pid 23330] fork() = 23331 [pid 23330] close(3) = 0 [pid 23330] read(5, [pid 23331] close(5) = 0 [pid 23331] getuid32() = 0 [pid 23331] open("/etc/passwd", O_RDONLY) = 5 [pid 23331] fcntl64(5, F_GETFD) = 0 [pid 23331] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23331] fstat64(5, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23331] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23331] _llseek(5, 0, [0], SEEK_CUR) = 0 [pid 23331] read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23331] close(5) = 0 [pid 23331] munmap(0x40014000, 4096) = 0 [pid 23331] chroot("/var/run/sshd") = 0 [pid 23331] chdir("/") = 0 [pid 23331] setgid32(0xfffe) = 0 [pid 23331] setgroups32(0x1, 0xbffff1d4) = 0 [pid 23331] setgid32(0xfffe) = 0 [pid 23331] setuid32(0x67) = 0 [pid 23331] brk(0x809d000) = 0x809d000 [pid 23331] write(4, "\0\0\2\34\t\24.\234\20ZM\331\311\254\23G\221\335\235\27"..., 544) = 544 [pid 23331] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23331] read(4, "\0\0\2\24\v\24Q\243!M/\267P2iVQ\271n\253Q\23\0\0\0=dif"..., 8192) = 560 [pid 23331] write(3, "\0\0\0\r\0", 5) = 5 [pid 23331] write(3, "\0\0\4\0\0\0\10\0\0\0 \0", 12) = 12 [pid 23331] read(3, [pid 23330] <... read resumed> "\0\0\0\r", 4) = 4 [pid 23330] read(5, "\0\0\0\4\0\0\0\10\0\0\0 \0", 13) = 13 [pid 23330] open("/etc/ssh/moduli", O_RDONLY|O_LARGEFILE) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=88039, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "#\t$OpenBSD: moduli,v 1.1 2001/06"..., 4096) = 4096 [pid 23330] read(3, "DEB1C49B0AE87A5DF544A6D54D7\n2001"..., 4096) = 4096 [pid 23330] read(3, "AB9A67E8D63E84FA491E5D3874978815"..., 4096) = 4096 [pid 23330] read(3, "DFD16D9669EDAF42EF5D4EED82AA84B0"..., 4096) = 4096 [pid 23330] read(3, "4B7B7C406613EC3471CF1B\n200103282"..., 4096) = 4096 [pid 23330] read(3, "F718837E16350982BF8A27728318EC02"..., 4096) = 4096 [pid 23330] read(3, "B92BE771D535B4EA9C5D14D84CD7649E"..., 4096) = 4096 [pid 23330] read(3, "604D44C7C6EA98D561294D4F7AB06143"..., 4096) = 4096 [pid 23330] read(3, "6CC2BFDE77C4C0DF1D6DDED65FEE2F53"..., 4096) = 4096 [pid 23330] read(3, "DE64F65265E6B9FC5F46879BB17CC349"..., 4096) = 4096 [pid 23330] read(3, "0C154FBAEFF935466B176CB0AED02458"..., 4096) = 4096 [pid 23330] read(3, "2AC3E3772709FC815B0AC56CFF\n20010"..., 4096) = 4096 [pid 23330] read(3, "0A2991A1FFE5B271FEDE54375896A29F"..., 4096) = 4096 [pid 23330] read(3, "3788956651919E26A315EAD1D26E7C98"..., 4096) = 4096 [pid 23330] read(3, "6E10BE7FA5B1A706AEB4C356F49807A2"..., 4096) = 4096 [pid 23330] read(3, "CC5074CD0C1B2538FBF956971BF39314"..., 4096) = 4096 [pid 23330] read(3, "D54C4D103C13D1C15CF8CCA67D5CB39F"..., 4096) = 4096 [pid 23330] read(3, "D1AAFE99014715A36800DBD9A6C51C02"..., 4096) = 4096 [pid 23330] read(3, "75E48EA37EE18B9E44E2D017D845C444"..., 4096) = 4096 [pid 23330] read(3, "16617DA3CCFF722BB82362606283D054"..., 4096) = 4096 [pid 23330] read(3, "AFF443B8BA1ACE1A3A7B16EA0713F625"..., 4096) = 4096 [pid 23330] read(3, "F98C1D3DA9F210857C784433DF32ADF9"..., 4096) = 2023 [pid 23330] read(3, "", 4096) = 0 [pid 23330] _llseek(3, 0, [0], SEEK_SET) = 0 [pid 23330] read(3, "#\t$OpenBSD: moduli,v 1.1 2001/06"..., 4096) = 4096 [pid 23330] read(3, "DEB1C49B0AE87A5DF544A6D54D7\n2001"..., 4096) = 4096 [pid 23330] read(3, "AB9A67E8D63E84FA491E5D3874978815"..., 4096) = 4096 [pid 23330] read(3, "DFD16D9669EDAF42EF5D4EED82AA84B0"..., 4096) = 4096 [pid 23330] read(3, "4B7B7C406613EC3471CF1B\n200103282"..., 4096) = 4096 [pid 23330] read(3, "F718837E16350982BF8A27728318EC02"..., 4096) = 4096 [pid 23330] read(3, "B92BE771D535B4EA9C5D14D84CD7649E"..., 4096) = 4096 [pid 23330] read(3, "604D44C7C6EA98D561294D4F7AB06143"..., 4096) = 4096 [pid 23330] read(3, "6CC2BFDE77C4C0DF1D6DDED65FEE2F53"..., 4096) = 4096 [pid 23330] read(3, "DE64F65265E6B9FC5F46879BB17CC349"..., 4096) = 4096 [pid 23330] read(3, "0C154FBAEFF935466B176CB0AED02458"..., 4096) = 4096 [pid 23330] read(3, "2AC3E3772709FC815B0AC56CFF\n20010"..., 4096) = 4096 [pid 23330] read(3, "0A2991A1FFE5B271FEDE54375896A29F"..., 4096) = 4096 [pid 23330] read(3, "3788956651919E26A315EAD1D26E7C98"..., 4096) = 4096 [pid 23330] read(3, "6E10BE7FA5B1A706AEB4C356F49807A2"..., 4096) = 4096 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] write(5, "\0\0\1\232\1", 5) = 5 [pid 23331] <... read resumed> "\0\0\1\232", 4) = 4 [pid 23331] read(3, "\1", 410) = 1 [pid 23331] read(3, [pid 23330] write(5, "\1\0\0\1\217f\233\243\355f\37\"j\t\v\345dJ+\264 \223q\267"..., 409) = 409 [pid 23331] <... read resumed> "\1\0\0\1\217f\233\243\355f\37\"j\t\v\345dJ+\264 \223q\267"..., 409) = 409 [pid 23331] write(4, "\0\0\1\244\n\37\0\0\1\217f\233\243\355f\37\"j\t\v\345d"..., 424) = 424 [pid 23331] time([1027632799]) = 1027632799 [pid 23331] getpid() = 23331 [pid 23331] getpid() = 23331 [pid 23331] brk(0x809e000) = 0x809e000 [pid 23330] read(5, [pid 23331] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23331] read(4, "\0\0\1\234\7 \0\0\1\21763\222\32\375\346no\250\254\250"..., 8192) = 416 [pid 23331] brk(0x809f000) = 0x809f000 [pid 23331] brk(0x80a0000) = 0x80a0000 [pid 23331] brk(0x80a1000) = 0x80a1000 [pid 23331] brk(0x80a2000) = 0x80a2000 [pid 23331] write(3, "\0\0\0\35\4", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\35", 4) = 4 [pid 23330] read(5, "\4", 29) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\0\0\0\0\24\234]#\3371\305o!\373p\376\36\225\177"..., 28) = 28 [pid 23330] <... read resumed> "\0\0\0\0\0\0\0\24\234]#\3371\305o!\373p\376\36\225\177"..., 28) = 28 [pid 23330] brk(0x809c000) = 0x809c000 [pid 23330] write(5, "\0\0\0\224\5", 5) = 5 [pid 23330] write(5, "\0\0\0\217\0\0\0\7ssh-rsa\0\0\0\200\r\3k\5\331d\317\327"..., 147) = 147 [pid 23330] read(5, [pid 23331] read(3, "\0\0\0\224", 4) = 4 [pid 23331] read(3, "\5\0\0\0\217\0\0\0\7ssh-rsa\0\0\0\200\r\3k\5\331d\317\327"..., 148) = 148 [pid 23331] write(4, "\0\0\2\314\v!\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0\201"..., 736) = 736 [pid 23331] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23331] read(4, "\0\0\0\f\n\25\0\0\0\0\0\0\0\0\0\0", 8192) = 16 [pid 23331] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23331] read(4, "\20\250\37\323\336\332\10h\10\240-\233K \v\221\374\300"..., 8192) = 48 [pid 23331] write(4, "-\247\340:1\234U\305R,\371\0236\353\251\375\270\313 \275"..., 48) = 48 [pid 23331] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23331] read(4, "\344!/\357`y/\235\2ee6|\20U\211U|\244\261\261\305\204\274"..., 8192) = 64 [pid 23331] write(3, "\0\0\0\t\6", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\t", 4) = 4 [pid 23330] read(5, "\6", 9) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\4mark", 8) = 8 [pid 23330] <... read resumed> "\0\0\0\4mark", 8) = 8 [pid 23330] open("/etc/passwd", O_RDONLY) = 3 [pid 23330] fcntl64(3, F_GETFD) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23330] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] stat64("/bin/bash", {st_mode=S_IFREG|0755, st_size=511400, ...}) = 0 [pid 23330] write(5, "\0\0\0^\7", 5) = 5 [pid 23330] write(5, "\1\0\0\0\34 \246\t\0100\246\t\10\350\3\0\0\350\3\0\0\30"..., 93) = 93 [pid 23330] read(5, [pid 23331] read(3, "\0\0\0^", 4) = 4 [pid 23331] read(3, "\7\1\0\0\0\34 \246\t\0100\246\t\10\350\3\0\0\350\3\0\0"..., 94) = 94 [pid 23331] write(3, "\0\0\0\t%", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\t", 4) = 4 [pid 23330] read(5, "%", 9) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\4mark", 8) = 8 [pid 23330] <... read resumed> "\0\0\0\4mark", 8) = 8 [pid 23330] stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] open("/etc/pam.d/ssh", O_RDONLY) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=771, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "#%PAM-1.0\nauth required "..., 4096) = 771 [pid 23330] open("/lib/security/pam_nologin.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\7\0"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=4248, ...}) = 0 [pid 23330] old_mmap(NULL, 7256, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x40015000 [pid 23330] mprotect(0x40016000, 3160, PROT_NONE) = 0 [pid 23330] old_mmap(0x40016000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40016000 [pid 23330] close(7) = 0 [pid 23330] open("/lib/security/pam_unix.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 $\0\000"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=41432, ...}) = 0 [pid 23330] old_mmap(NULL, 94176, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403ba000 [pid 23330] mprotect(0x403c4000, 53216, PROT_NONE) = 0 [pid 23330] old_mmap(0x403c4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x9000) = 0x403c4000 [pid 23330] old_mmap(0x403c5000, 49120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x403c5000 [pid 23330] close(7) = 0 [pid 23330] open("/lib/security/pam_env.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\v\0\000"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=10148, ...}) = 0 [pid 23330] old_mmap(NULL, 13156, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403d1000 [pid 23330] mprotect(0x403d4000, 868, PROT_NONE) = 0 [pid 23330] old_mmap(0x403d4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2000) = 0x403d4000 [pid 23330] close(7) = 0 [pid 23330] open("/lib/security/pam_lastlog.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\000"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=7580, ...}) = 0 [pid 23330] old_mmap(NULL, 10588, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403d5000 [pid 23330] mprotect(0x403d7000, 2396, PROT_NONE) = 0 [pid 23330] old_mmap(0x403d7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x1000) = 0x403d7000 [pid 23330] close(7) = 0 [pid 23330] open("/lib/security/pam_motd.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\10\0"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=4364, ...}) = 0 [pid 23330] old_mmap(NULL, 7372, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x40017000 [pid 23330] mprotect(0x40018000, 3276, PROT_NONE) = 0 [pid 23330] old_mmap(0x40018000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40018000 [pid 23330] close(7) = 0 [pid 23330] brk(0x809d000) = 0x809d000 [pid 23330] open("/lib/security/pam_mail.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\000"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=8472, ...}) = 0 [pid 23330] old_mmap(NULL, 11744, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403d8000 [pid 23330] mprotect(0x403da000, 3552, PROT_NONE) = 0 [pid 23330] old_mmap(0x403da000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x1000) = 0x403da000 [pid 23330] close(7) = 0 [pid 23330] open("/lib/security/pam_limits.so", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\16"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=19320, ...}) = 0 [pid 23330] old_mmap(NULL, 30752, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403db000 [pid 23330] mprotect(0x403de000, 18464, PROT_NONE) = 0 [pid 23330] old_mmap(0x403de000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2000) = 0x403de000 [pid 23330] old_mmap(0x403e1000, 6176, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x403e1000 [pid 23330] close(7) = 0 [pid 23330] open("/etc/ld.so.cache", O_RDONLY) = 7 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23330] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 7, 0) = 0x403e3000 [pid 23330] close(7) = 0 [pid 23330] open("/lib/libcap.so.1", O_RDONLY) = 7 [pid 23330] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\f\0"..., 1024) = 1024 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=11600, ...}) = 0 [pid 23330] old_mmap(NULL, 15264, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403e8000 [pid 23330] mprotect(0x403eb000, 2976, PROT_NONE) = 0 [pid 23330] old_mmap(0x403eb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2000) = 0x403eb000 [pid 23330] close(7) = 0 [pid 23330] munmap(0x403e3000, 20340) = 0 [pid 23330] read(3, "", 4096) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] open("/etc/pam.d/other", O_RDONLY) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=345, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "#\n# /etc/pam.d/other - specify t"..., 4096) = 345 [pid 23330] read(3, "", 4096) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] brk(0x809e000) = 0x809e000 [pid 23330] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23330] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x403e3000 [pid 23330] close(3) = 0 [pid 23330] open("/lib/libnss_db.so.2", O_RDONLY) = 3 [pid 23330] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\22"..., 1024) = 1024 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=16944, ...}) = 0 [pid 23330] old_mmap(NULL, 20336, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x403ec000 [pid 23330] mprotect(0x403f0000, 3952, PROT_NONE) = 0 [pid 23330] old_mmap(0x403f0000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x403f0000 [pid 23330] close(3) = 0 [pid 23330] open("/lib/libnss_files.so.2", O_RDONLY) = 3 [pid 23330] read(3, "address@hidden"..., 1024) = 1024 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=32668, ...}) = 0 [pid 23330] old_mmap(NULL, 36112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x403f1000 [pid 23330] mprotect(0x403f9000, 3344, PROT_NONE) = 0 [pid 23330] old_mmap(0x403f9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7000) = 0x403f9000 [pid 23330] close(3) = 0 [pid 23330] open("/usr/lib/libdb3.so.3", O_RDONLY) = 3 [pid 23330] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\311\0"..., 1024) = 1024 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=684092, ...}) = 0 [pid 23330] old_mmap(NULL, 687628, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x403fa000 [pid 23330] mprotect(0x404a1000, 3596, PROT_NONE) = 0 [pid 23330] old_mmap(0x404a1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xa6000) = 0x404a1000 [pid 23330] close(3) = 0 [pid 23330] munmap(0x403e3000, 20340) = 0 [pid 23330] open("/var/lib/misc/protocols.db", O_RDWR|O_LARGEFILE) = -1 ENOENT (No such file or directory) [pid 23330] open("/var/lib/misc/protocols.db", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) [pid 23330] open("/etc/protocols", O_RDONLY) = 3 [pid 23330] fcntl64(3, F_GETFD) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=1748, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "# /etc/protocols:\n# $Id: protoco"..., 4096) = 1748 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] getsockopt(4, SOL_IP, IP_OPTIONS, [0], [0]) = 0 [pid 23330] socket(PF_UNIX, SOCK_STREAM, 0) = 3 [pid 23330] connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) [pid 23330] close(3) = 0 [pid 23330] open("/etc/host.conf", O_RDONLY) = 3 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=26, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "order hosts,bind\nmulti on\n", 4096) = 26 [pid 23330] read(3, "", 4096) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] open("/etc/hosts", O_RDONLY) = 3 [pid 23330] fcntl64(3, F_GETFD) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=306, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "127.0.0.1\tlocalhost\n192.168.0.32"..., 4096) = 306 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\27\3", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\27", 4) = 4 [pid 23330] read(5, "\3", 23) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\16ssh-connection\0\0\0\0", 22) = 22 [pid 23330] <... read resumed> "\0\0\0\16ssh-connection\0\0\0\0", 22) = 22 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\5\n", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\5", 4) = 4 [pid 23330] read(5, "\n", 5) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\0", 4) = 4 [pid 23330] <... read resumed> "\0\0\0\0", 4) = 4 [pid 23330] write(5, "\0\0\0\5\v", 5) = 5 [pid 23330] write(5, "\0\0\0\0", 4) = 4 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] read(5, [pid 23331] read(3, "\0\0\0\5", 4) = 4 [pid 23331] read(3, "\v\0\0\0\0", 5) = 5 [pid 23331] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23331] write(4, "]\30\311\302\255\242\317;\242X\257\307\27_\237\10\f\376"..., 80) = 80 [pid 23331] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23331] read(4, "\302\33\1\331\202\34\264!\36\364p_\\!\203\3269\7\16.\221"..., 8192) = 240 [pid 23331] write(3, "\0\0\0\246\24", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\246", 4) = 4 [pid 23330] read(5, "\24", 166) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23330] <... read resumed> "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23330] brk(0x80a0000) = 0x80a0000 [pid 23330] geteuid32() = 0 [pid 23330] getegid32() = 0 [pid 23330] getgroups32(0x20, 0x808f280) = 0 [pid 23330] open("/etc/group", O_RDONLY) = 3 [pid 23330] fcntl64(3, F_GETFD) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23330] read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 502 [pid 23330] read(3, "", 4096) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] setgroups32(0x6, 0x809dc30) = 0 [pid 23330] getgroups32(0x20, 0x808f300) = 6 [pid 23330] setgroups32(0x6, 0x808f300) = 0 [pid 23330] setregid32(0xffffffff, 0x3e8) = 0 [pid 23330] setresuid32(0xffffffff, 0x3e8, 0xffffffff) = 0 [pid 23330] stat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] open("/home/mark/.ssh/authorized_keys", O_RDONLY|O_LARGEFILE) = 3 [pid 23330] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] stat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] stat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA"..., 4096) = 223 [pid 23330] brk(0x80a2000) = 0x80a2000 [pid 23330] setresuid32(0xffffffff, 0, 0xffffffff) = 0 [pid 23330] setregid32(0xffffffff, 0) = 0 [pid 23330] setgroups32(0, 0x808f280) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] write(5, "\0\0\0\5\25", 5) = 5 [pid 23330] write(5, "\0\0\0\1", 4) = 4 [pid 23330] read(5, [pid 23331] read(3, "\0\0\0\5", 4) = 4 [pid 23331] read(3, "\25\0\0\0\1", 5) = 5 [pid 23331] write(4, "\233 "\0\0\0\246", 4) = 4 [pid 23330] read(5, "\24", 166) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23330] <... read resumed> "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23330] geteuid32() = 0 [pid 23330] getegid32() = 0 [pid 23330] getgroups32(0x20, 0x808f280) = 0 [pid 23330] setgroups32(0x6, 0x808f300) = 0 [pid 23330] setregid32(0xffffffff, 0x3e8) = 0 [pid 23330] setresuid32(0xffffffff, 0x3e8, 0xffffffff) = 0 [pid 23330] stat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] open("/home/mark/.ssh/authorized_keys", O_RDONLY|O_LARGEFILE) = 3 [pid 23330] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23330] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] stat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] stat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] read(3, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA"..., 4096) = 223 [pid 23330] setresuid32(0xffffffff, 0, 0xffffffff) = 0 [pid 23330] setregid32(0xffffffff, 0) = 0 [pid 23330] setgroups32(0, 0x808f280) = 0 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] write(5, "\0\0\0\5\25", 5) = 5 [pid 23330] write(5, "\0\0\0\1", 4) = 4 [pid 23330] read(5, [pid 23331] read(3, "\0\0\0\5", 4) = 4 [pid 23331] read(3, "\25\0\0\0\1", 5) = 5 [pid 23331] write(3, "\0\0\2\26\26", 5) = 5 [pid 23330] <... read resumed> "\0\0\2\26", 4) = 4 [pid 23330] read(5, "\26", 534) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0\201\0\2635\207"..., 533) = 533 [pid 23330] <... read resumed> "\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0\201\0\2635\207"..., 533) = 533 [pid 23330] write(5, "\0\0\0\5\27", 5) = 5 [pid 23330] write(5, "\0\0\0\1", 4) = 4 [pid 23330] getuid32() = 0 [pid 23330] open("/etc/passwd", O_RDONLY) = 3 [pid 23330] fcntl64(3, F_GETFD) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23330] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] open("/etc/shadow", O_RDONLY) = 3 [pid 23330] fcntl64(3, F_GETFD) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(3, {st_mode=S_IFREG|0640, st_size=768, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23330] read(3, "root:$1$EZijlS7/$i6xbjINd9XkHK/a"..., 4096) = 768 [pid 23330] close(3) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] time(NULL) = 1027632799 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] brk(0x80a5000) = 0x80a5000 [pid 23330] time([1027632799]) = 1027632799 [pid 23330] getpid() = 23330 [pid 23330] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23330] socket(PF_UNIX, SOCK_DGRAM, 0) = 3 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0 [pid 23330] send(3, "<38>Jul 25 14:33:19 sshd[23330]:"..., 91, 0) = 91 [pid 23330] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23330] close(3) = 0 [pid 23330] read(5, [pid 23331] read(3, "\0\0\0\5", 4) = 4 [pid 23331] read(3, "\27\0\0\0\1", 5) = 5 [pid 23331] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23331] time([1027632799]) = 1027632799 [pid 23331] getpid() = 23331 [pid 23331] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23331] socket(PF_UNIX, SOCK_DGRAM, 0) = 5 [pid 23331] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23331] connect(5, {sin_family=AF_UNIX, path="/dev/log"}, 16) = -1 ENOENT (No such file or directory) [pid 23331] close(5) = 0 [pid 23331] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23331] write(4, "!\310\6\272\266\222Q\23\372\357\233\336\v}\26627\224}4"..., 32) = 32 [pid 23331] write(3, "\0\0\4\32\30", 5) = 5 [pid 23330] <... read resumed> "\0\0\4\32", 4) = 4 [pid 23330] read(5, "\30", 1050) = 1 [pid 23330] read(5, [pid 23331] write(3, "\0\0\0\24\234]#\3371\305o!\373p\376\36\225\177;\217M\362"..., 1049) = 1049 [pid 23330] <... read resumed> "\0\0\0\24\234]#\3371\305o!\373p\376\36\225\177;\217M\362"..., 1049) = 1049 [pid 23330] close(5) = 0 [pid 23330] mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0x404a2000 [pid 23330] munmap(0x4026a000, 65536) = 0 [pid 23330] wait4(23331, [pid 23331] _exit(0) = ? [pid 23330] <... wait4 resumed> [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 23331 [pid 23330] --- SIGCHLD (Child exited) --- [pid 23330] alarm(0) = 600 [pid 23330] close(6) = 0 [pid 23318] <... select resumed> ) = 1 (in [5]) [pid 23318] close(5) = 0 [pid 23318] select(6, [3], NULL, NULL, NULL [pid 23330] socketpair(PF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 [pid 23330] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fork() = 23332 [pid 23332] close(5) = 0 [pid 23332] getuid32() = 0 [pid 23332] setgid32(0x3e8) = 0 [pid 23332] open("/etc/group", O_RDONLY) = 5 [pid 23332] fcntl64(5, F_GETFD) = 0 [pid 23332] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23332] fstat64(5, {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 [pid 23332] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23332] _llseek(5, 0, [0], SEEK_CUR) = 0 [pid 23332] read(5, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 502 [pid 23332] read(5, "", 4096) = 0 [pid 23332] close(5) = 0 [pid 23332] munmap(0x40014000, 4096) = 0 [pid 23332] setgroups32(0x6, 0x8094ad8) = 0 [pid 23332] getuid32() = 0 [pid 23332] open("/etc/security/pam_env.conf", O_RDONLY) = 5 [pid 23332] fstat64(5, {st_mode=S_IFREG|0644, st_size=3101, ...}) = 0 [pid 23332] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23332] read(5, "# $Date: 1998/07/12 05:17:16 $\n#"..., 4096) = 3101 [pid 23332] read(5, "", 4096) = 0 [pid 23332] close(5) = 0 [pid 23332] munmap(0x40014000, 4096) = 0 [pid 23332] open("/etc/environment", O_RDONLY) = 5 [pid 23332] fstat64(5, {st_mode=S_IFREG|0644, st_size=7, ...}) = 0 [pid 23332] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23332] read(5, [pid 23330] close(3 [pid 23332] <... read resumed> "LANG=C\n", 4096) = 7 [pid 23332] read(5, "", 4096) = 0 [pid 23332] close(5) = 0 [pid 23332] munmap(0x40014000, 4096) = 0 [pid 23332] setgid32(0x3e8) = 0 [pid 23332] setuid32(0x3e8) = 0 [pid 23332] getuid32() = 1000 [pid 23332] geteuid32() = 1000 [pid 23332] alarm(0) = 0 [pid 23332] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 [pid 23332] rt_sigaction(SIGCHLD, {0x8056500, [], 0x4000000}, NULL, 8) = 0 [pid 23332] pipe([5, 6]) = 0 [pid 23332] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23332] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0 [pid 23332] fcntl64(5, F_GETFL) = 0 (flags O_RDONLY) [pid 23332] fcntl64(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 [pid 23332] fcntl64(6, F_GETFL) = 0x1 (flags O_WRONLY) [pid 23332] fcntl64(6, F_SETFL, O_WRONLY|O_NONBLOCK) = 0 [pid 23332] select(6, [4 5], [], NULL, {60, 0}) = 1 (in [4], left {60, 0}) [pid 23332] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23332] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23332] read(4, "b\212<\247\fXbJ9\240\7\257\335\325k\222\177\373\213I\f"..., 16384) = 64 [pid 23332] ioctl(-1, SNDCTL_TMR_TIMEBASE, 0xbffff378) = -1 EBADF (Bad file descriptor) [pid 23332] select(6, [4 5], [4], NULL, {60, 0}) = 1 (out [4], left {60, 0}) [pid 23332] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23332] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23332] write(4, "\376\247IP\371\3006!{~K\273\232\27\325\260\33H\0067\1\376"..., 48) = 48 [pid 23332] select(6, [4 5], [], NULL, {60, 0} [pid 23330] <... close resumed> ) = 0 [pid 23330] read(5, [pid 23332] <... select resumed> ) = 1 (in [4], left {59, 970000}) [pid 23332] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23332] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23332] read(4, "\266\271\213U\337: \220\253\263\332Omw\246\326V\353\244"..., 16384) = 560 [pid 23332] brk(0x80a7000) = 0x80a7000 [pid 23332] write(3, "\0\0\0\1\31", 5) = 5 [pid 23332] read(3, [pid 23330] <... read resumed> "\0\0\0\1", 4) = 4 [pid 23330] read(5, "\31", 1) = 1 [pid 23330] open("/dev/ptmx", O_RDWR) = 3 [pid 23330] statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=1024, f_blocks=0, f_bfree=0, f_files=0, f_ffree=0, f_namelen=255}) = 0 [pid 23330] ioctl(3, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23330] ioctl(3, TIOCGPTN, [8]) = 0 [pid 23330] stat64("/dev/pts/8", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 8), ...}) = 0 [pid 23330] statfs("/dev/pts/8", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=1024, f_blocks=0, f_bfree=0, f_files=0, f_ffree=0, f_namelen=255}) = 0 [pid 23330] ioctl(3, TIOCSPTLCK, [0]) = 0 [pid 23330] ioctl(3, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23330] ioctl(3, TIOCGPTN, [8]) = 0 [pid 23330] stat64("/dev/pts/8", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 8), ...}) = 0 [pid 23330] open("/dev/pts/8", O_RDWR|O_NOCTTY) = 6 [pid 23330] ioctl(6, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23330] readlink("/proc/self/fd/6", "/dev/pts/8", 4095) = 10 [pid 23330] open("/etc/group", O_RDONLY) = 7 [pid 23330] fcntl64(7, F_GETFD) = 0 [pid 23330] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(7, 0, [0], SEEK_CUR) = 0 [pid 23330] read(7, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 502 [pid 23330] close(7) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] stat64("/dev/pts/8", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 8), ...}) = 0 [pid 23330] chown32(0x80917d4, 0x3e8, 0x5) = 0 [pid 23330] write(5, "\0\0\0\23\32", 5) = 5 [pid 23330] write(5, "\0\0\0\1\0\0\0\n/dev/pts/8", 18) = 18 [pid 23330] sendmsg(5, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff4e0, , msg_flags=0}, 0) = 1 [pid 23330] sendmsg(5, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff4f0, , msg_flags=0}, 0) = 1 [pid 23330] dup2(6, 0) = 0 [pid 23330] getpeername(4, {sin_family=AF_INET, sin_port=htons(35267), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23330] open("/etc/passwd", O_RDONLY) = 7 [pid 23330] fcntl64(7, F_GETFD) = 0 [pid 23330] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(7, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(7, 0, [0], SEEK_CUR) = 0 [pid 23330] read(7, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23330] close(7) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] geteuid32() = 0 [pid 23330] gettimeofday({1027632799, 660432}, NULL) = 0 [pid 23330] getpid() = 23330 [pid 23330] ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23330] readlink("/proc/self/fd/0", "/dev/pts/8", 4127) = 10 [pid 23330] access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23330] open("/var/run/utmp", O_RDWR) = 7 [pid 23330] fcntl64(7, F_GETFD) = 0 [pid 23330] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] _llseek(7, 0, [0], SEEK_SET) = 0 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] alarm(1) = 0 [pid 23330] fcntl64(7, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] read(7, "\10\0\0\0\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\10\0\0\0003\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\6\0\0\0\322\1\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\6\0\0\0\323\1\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\6\0\0\0\324\1\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\6\0\0\0\325\1\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\6\0\0\0\326\1\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\6\0\0\0\327\1\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\10\0\0\0\300\22\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0\314W\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0jY\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0\374W\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0&X\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0\370Y\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0\204Z\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0\226Z\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\7\0\0\0\32[\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\10\0\0\0\204B\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\10\0\0\0\302 \0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\10\0\0\0\314D\0\0pts/9\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "\10\0\0\0\336Z\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(7, "", 384) = 0 [pid 23332] <... read resumed> "\0\0\0\23", 4) = 4 [pid 23332] read(3, "\32\0\0\0\1\0\0\0\n/dev/pts/8", 19) = 19 [pid 23332] recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff400, , msg_flags=0}, 0) = 1 [pid 23332] recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff3f0, , msg_flags=0}, 0) = 1 [pid 23332] ioctl(8, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23332] ioctl(8, SNDCTL_TMR_START, {B38400 opost isig icanon echo ...}) = 0 [pid 23332] ioctl(8, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23332] ioctl(7, 0x5414, {ws_row=24, ws_col=80, ws_xpixel=499, ws_ypixel=316}) = 0 [pid 23332] stat64("/usr/bin/X11/xauth", {st_mode=S_IFREG|0755, st_size=27944, ...}) = 0 [pid 23332] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 9 [pid 23332] bind(9, {sin_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}}, 16) = 0 [pid 23332] listen(9, 5) = 0 [pid 23332] brk(0x80a9000) = 0x80a9000 [pid 23332] ioctl(9, SNDCTL_TMR_TIMEBASE, 0xbfffedc8) = -1 EINVAL (Invalid argument) [pid 23332] fcntl64(9, F_GETFL) = 0x2 (flags O_RDWR) [pid 23332] fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 23332] fcntl64(9, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK) [pid 23332] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23332] geteuid32() = 1000 [pid 23332] getegid32() = 1000 [pid 23332] brk(0x80ab000) = 0x80ab000 [pid 23332] gettimeofday({1027632799, 672527}, NULL) = 0 [pid 23332] getpid() = 23332 [pid 23332] mkdir("/tmp/ssh-XXJ6demX", 0700) = 0 [pid 23330] fcntl64(7, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23330] alarm(0) = 1 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] alarm(1) = 0 [pid 23330] fcntl64(7, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] _llseek(7, 0, [8832], SEEK_END) = 0 [pid 23330] write(7, "\7\0\0\0\"[\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] fcntl64(7, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23330] alarm(0) = 1 [pid 23330] close(7) = 0 [pid 23330] access("/var/log/wtmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23330] open("/var/log/wtmp", O_WRONLY) = 7 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] alarm(1) = 0 [pid 23330] fcntl64(7, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] _llseek(7, 0, [55296], SEEK_END) = 0 [pid 23330] write(7, "\7\0\0\0\"[\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] fcntl64(7, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23330] alarm(0) = 1 [pid 23330] close(7) = 0 [pid 23330] stat64("/var/log/lastlog", {st_mode=S_IFREG|0664, st_size=292584, ...}) = 0 [pid 23330] open("/var/log/lastlog", O_RDWR|O_CREAT|O_LARGEFILE, 02000) = 7 [pid 23330] _llseek(7, 292000, [292000], SEEK_SET) = 0 [pid 23330] write(7, "address@hidden/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 292) = 292 [pid 23330] close(7) = 0 [pid 23330] close(0) = 0 [pid 23330] open("/dev/null", O_RDONLY|O_LARGEFILE) = 0 [pid 23330] close(6) = 0 [pid 23330] read(5, [pid 23332] getpid() = 23332 [pid 23332] socket(PF_UNIX, SOCK_STREAM, 0) = 10 [pid 23332] bind(10, {sin_family=AF_UNIX, path="/tmp/ssh-XXJ6demX/agent.23332"}, 110) = -1 EACCES (Permission denied) [pid 23332] write(4, "~\24H\4\271[\n\17\265C5X\230\225\341\362/P\371 \2601\317"..., 64) = 64 [pid 23332] close(9) = 0 [pid 23332] close(9) = -1 EBADF (Bad file descriptor) [pid 23332] close(9) = -1 EBADF (Bad file descriptor) [pid 23332] shutdown(4, 2 /* send and receive */) = 0 [pid 23332] close(4) = 0 [pid 23332] time([1027632799]) = 1027632799 [pid 23332] getpid() = 23332 [pid 23332] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23332] socket(PF_UNIX, SOCK_DGRAM, 0) = 4 [pid 23332] fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 [pid 23332] connect(4, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0 [pid 23332] send(4, "<38>Jul 25 14:33:19 sshd[23332]:"..., 71, 0) = 71 [pid 23332] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23332] close(4) = 0 [pid 23332] geteuid32() = 1000 [pid 23332] getegid32() = 1000 [pid 23332] unlink("/tmp/ssh-XXJ6demX/agent.23332") = -1 EACCES (Permission denied) [pid 23332] rmdir("/tmp/ssh-XXJ6demX") = 0 [pid 23332] write(3, "\0\0\0\17\33", 5) = 5 [pid 23330] <... read resumed> "\0\0\0\17", 4) = 4 [pid 23330] read(5, "\33", 15) = 1 [pid 23330] read(5, [pid 23332] write(3, "\0\0\0\n/dev/pts/8", 14) = 14 [pid 23330] <... read resumed> "\0\0\0\n/dev/pts/8", 14) = 14 [pid 23330] open("/etc/passwd", O_RDONLY) = 6 [pid 23330] fcntl64(6, F_GETFD) = 0 [pid 23330] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] fstat64(6, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23330] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23330] _llseek(6, 0, [0], SEEK_CUR) = 0 [pid 23330] read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23330] close(6) = 0 [pid 23330] munmap(0x40014000, 4096) = 0 [pid 23330] geteuid32() = 0 [pid 23330] gettimeofday({1027632799, 693372}, NULL) = 0 [pid 23330] access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23330] open("/var/run/utmp", O_RDWR) = 6 [pid 23330] fcntl64(6, F_GETFD) = 0 [pid 23330] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0 [pid 23330] _llseek(6, 0, [0], SEEK_SET) = 0 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] alarm(1) = 0 [pid 23330] fcntl64(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] read(6, "\10\0\0\0\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\10\0\0\0003\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\6\0\0\0\322\1\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\6\0\0\0\323\1\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\6\0\0\0\324\1\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\6\0\0\0\325\1\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\6\0\0\0\326\1\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\6\0\0\0\327\1\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\10\0\0\0\300\22\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0\314W\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0jY\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0\374W\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0&X\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0\370Y\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, [pid 23332] close(0 [pid 23330] <... read resumed> "\7\0\0\0\204Z\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0\226Z\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0\32[\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\10\0\0\0\204B\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\10\0\0\0\302 \0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\10\0\0\0\314D\0\0pts/9\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\10\0\0\0\336Z\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] read(6, "\7\0\0\0\"[\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23330] alarm(0) = 1 [pid 23330] gettimeofday({1027632799, 708236}, NULL) = 0 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] alarm(1) = 0 [pid 23330] fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] _llseek(6, 8832, [8832], SEEK_SET) = 0 [pid 23330] write(6, "\10\0\0\0\"[\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23330] alarm(0) = 1 [pid 23330] close(6) = 0 [pid 23330] getpid() = 23330 [pid 23330] gettimeofday({1027632799, 708765}, NULL) = 0 [pid 23330] access("/var/log/wtmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23330] open("/var/log/wtmp", O_WRONLY) = 6 [pid 23330] alarm(0) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23330] alarm(1) = 0 [pid 23330] fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] _llseek(6, 0, [55680], SEEK_END) = 0 [pid 23330] write(6, "\10\0\0\0\"[\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23330] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23330] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23330] alarm(0) = 1 [pid 23330] close(6) = 0 [pid 23330] getuid32() = 0 [pid 23330] chown32(0x80917d4, 0, 0) = 0 [pid 23330] chmod("/dev/pts/8", 0666) = 0 [pid 23330] close(3) = 0 [pid 23330] read(5, [pid 23332] <... close resumed> ) = 0 [pid 23332] getuid32() = 1000 [pid 23332] open("/etc/security/pam_env.conf", O_RDONLY) = 0 [pid 23332] fstat64(0, {st_mode=S_IFREG|0644, st_size=3101, ...}) = 0 [pid 23332] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23332] read(0, "# $Date: 1998/07/12 05:17:16 $\n#"..., 4096) = 3101 [pid 23332] read(0, "", 4096) = 0 [pid 23332] close(0) = 0 [pid 23332] munmap(0x40014000, 4096) = 0 [pid 23332] open("/etc/environment", O_RDONLY) = 0 [pid 23332] fstat64(0, {st_mode=S_IFREG|0644, st_size=7, ...}) = 0 [pid 23332] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23332] read(0, "LANG=C\n", 4096) = 7 [pid 23332] read(0, "", 4096) = 0 [pid 23332] close(0) = 0 [pid 23332] munmap(0x40014000, 4096) = 0 [pid 23332] munmap(0x40015000, 7256) = 0 [pid 23332] munmap(0x403ba000, 94176) = 0 [pid 23332] munmap(0x403d1000, 13156) = 0 [pid 23332] munmap(0x403d5000, 10588) = 0 [pid 23332] munmap(0x40017000, 7372) = 0 [pid 23332] munmap(0x403d8000, 11744) = 0 [pid 23332] munmap(0x403db000, 30752) = 0 [pid 23332] munmap(0x403e8000, 15264) = 0 [pid 23332] _exit(255) = ? [pid 23330] <... read resumed> 0xbffff538, 4) = ? ERESTARTSYS (To be restarted) [pid 23330] --- SIGCHLD (Child exited) --- [pid 23330] read(5, "", 4) = 0 [pid 23330] munmap(0x40015000, 7256) = 0 [pid 23330] munmap(0x403ba000, 94176) = 0 [pid 23330] munmap(0x403d1000, 13156) = 0 [pid 23330] munmap(0x403d5000, 10588) = 0 [pid 23330] munmap(0x40017000, 7372) = 0 [pid 23330] munmap(0x403d8000, 11744) = 0 [pid 23330] munmap(0x403db000, 30752) = 0 [pid 23330] munmap(0x403e8000, 15264) = 0 [pid 23330] shutdown(4, 2 /* send and receive */) = -1 ENOTCONN (Transport endpoint is not connected) [pid 23330] close(4) = 0 [pid 23330] _exit(255) = ? [pid 23318] <... select resumed> ) = ? ERESTARTNOHAND (To be restarted) [pid 23318] --- SIGCHLD (Child exited) --- [pid 23318] wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 255], WNOHANG, NULL) = 23330 [pid 23318] wait4(-1, 0xbffff2f0, WNOHANG, NULL) = -1 ECHILD (No child processes) [pid 23318] rt_sigaction(SIGCHLD, {0x804c138, [CHLD], SA_RESTART|0x4000000}, {0x804c138, [CHLD], SA_RESTART|0x4000000}, 8) = 0 [pid 23318] sigreturn() = ? (mask now [RTMIN]) [pid 23318] select(6, [3], NULL, NULL, NULL [pid 23286] <... nanosleep resumed> {30, 0}) = 0 [pid 23286] stat64("/etc/monit/monitrc", {st_mode=S_IFREG|0644, st_size=204, ...}) = 0 [pid 23286] rt_sigprocmask(SIG_BLOCK, [TERM], [RTMIN], 8) = 0 [pid 23286] stat64("/var/run/sshd.pid", {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 [pid 23286] stat64("/var/run/sshd.pid", {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 [pid 23286] open("/var/run/sshd.pid", O_RDONLY) = 4 [pid 23286] fstat64(4, {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 [pid 23286] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4016a000 [pid 23286] read(4, "23318\n", 4096) = 6 [pid 23286] close(4) = 0 [pid 23286] munmap(0x4016a000, 4096) = 0 [pid 23286] kill(23318, SIG_0) = 0 [pid 23286] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23286] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23286] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 [pid 23286] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23286] nanosleep({30, 0}, [pid 23318] <... select resumed> ) = 1 (in [3]) [pid 23318] accept(3, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 4 [pid 23318] fcntl64(4, F_SETFL, O_RDONLY) = 0 [pid 23318] pipe([5, 6]) = 0 [pid 23318] fork() = 23336 [pid 23336] close(5) = 0 [pid 23336] close(3) = 0 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {SIG_DFL}, {SIG_DFL}, 8) = 0 [pid 23336] rt_sigaction(SIGHUP, {SIG_DFL}, {0x804c090, [HUP], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] rt_sigaction(SIGTERM, {SIG_DFL}, {0x804c128, [TERM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] rt_sigaction(SIGQUIT, {SIG_DFL}, {0x804c128, [QUIT], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] rt_sigaction(SIGCHLD, {SIG_DFL}, {0x804c138, [CHLD], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0 [pid 23336] setsockopt(4, SOL_SOCKET, SO_LINGER, [1], 8) = 0 [pid 23336] brk(0x809b000) = 0x809b000 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] getpid() = 23336 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] getsockname(4, {sin_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] open("/etc/hosts.allow", O_RDONLY) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=603, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "# /etc/hosts.allow: list of host"..., 4096) = 603 [pid 23336] read(3, "", 4096) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] open("/etc/hosts.deny", O_RDONLY) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=898, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "# /etc/hosts.deny: list of hosts"..., 4096) = 898 [pid 23336] read(3, "", 4096) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 [pid 23336] alarm(600) = 0 [pid 23336] write(4, "SSH-2.0-OpenSSH_3.4p1 Debian 1:3"..., 39) = 39 [pid 23336] read(4, [pid 23318] close(6) = 0 [pid 23318] getpid() = 23318 [pid 23318] getpid() = 23318 [pid 23318] close(4) = 0 [pid 23318] select(6, [3 5], NULL, NULL, NULL [pid 23336] <... read resumed> "S", 1) = 1 [pid 23336] read(4, "S", 1) = 1 [pid 23336] read(4, "H", 1) = 1 [pid 23336] read(4, "-", 1) = 1 [pid 23336] read(4, "2", 1) = 1 [pid 23336] read(4, ".", 1) = 1 [pid 23336] read(4, "0", 1) = 1 [pid 23336] read(4, "-", 1) = 1 [pid 23336] read(4, "O", 1) = 1 [pid 23336] read(4, "p", 1) = 1 [pid 23336] read(4, "e", 1) = 1 [pid 23336] read(4, "n", 1) = 1 [pid 23336] read(4, "S", 1) = 1 [pid 23336] read(4, "S", 1) = 1 [pid 23336] read(4, "H", 1) = 1 [pid 23336] read(4, "_", 1) = 1 [pid 23336] read(4, "3", 1) = 1 [pid 23336] read(4, ".", 1) = 1 [pid 23336] read(4, "4", 1) = 1 [pid 23336] read(4, "p", 1) = 1 [pid 23336] read(4, "1", 1) = 1 [pid 23336] read(4, " ", 1) = 1 [pid 23336] read(4, "D", 1) = 1 [pid 23336] read(4, "e", 1) = 1 [pid 23336] read(4, "b", 1) = 1 [pid 23336] read(4, "i", 1) = 1 [pid 23336] read(4, "a", 1) = 1 [pid 23336] read(4, "n", 1) = 1 [pid 23336] read(4, " ", 1) = 1 [pid 23336] read(4, "1", 1) = 1 [pid 23336] read(4, ":", 1) = 1 [pid 23336] read(4, "3", 1) = 1 [pid 23336] read(4, ".", 1) = 1 [pid 23336] read(4, "4", 1) = 1 [pid 23336] read(4, "p", 1) = 1 [pid 23336] read(4, "1", 1) = 1 [pid 23336] read(4, "-", 1) = 1 [pid 23336] read(4, "1", 1) = 1 [pid 23336] read(4, "\n", 1) = 1 [pid 23336] fcntl64(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 [pid 23336] socketpair(PF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] mmap2(NULL, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0x4026a000 [pid 23336] mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0x4027a000 [pid 23336] fork() = 23337 [pid 23336] close(3) = 0 [pid 23336] read(5, [pid 23337] close(5) = 0 [pid 23337] getuid32() = 0 [pid 23337] open("/etc/passwd", O_RDONLY) = 5 [pid 23337] fcntl64(5, F_GETFD) = 0 [pid 23337] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23337] fstat64(5, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23337] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23337] _llseek(5, 0, [0], SEEK_CUR) = 0 [pid 23337] read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23337] close(5) = 0 [pid 23337] munmap(0x40014000, 4096) = 0 [pid 23337] chroot("/var/run/sshd") = 0 [pid 23337] chdir("/") = 0 [pid 23337] setgid32(0xfffe) = 0 [pid 23337] setgroups32(0x1, 0xbffff1d4) = 0 [pid 23337] setgid32(0xfffe) = 0 [pid 23337] setuid32(0x67) = 0 [pid 23337] brk(0x809d000) = 0x809d000 [pid 23337] write(4, "\0\0\2\34\t\24I "\0\0\0\r", 4) = 4 [pid 23336] read(5, "\0", 13) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\4\0\0\0\10\0\0\0 \0", 12) = 12 [pid 23336] <... read resumed> "\0\0\4\0\0\0\10\0\0\0 \0", 12) = 12 [pid 23336] open("/etc/ssh/moduli", O_RDONLY|O_LARGEFILE) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=88039, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "#\t$OpenBSD: moduli,v 1.1 2001/06"..., 4096) = 4096 [pid 23336] read(3, "DEB1C49B0AE87A5DF544A6D54D7\n2001"..., 4096) = 4096 [pid 23336] read(3, "AB9A67E8D63E84FA491E5D3874978815"..., 4096) = 4096 [pid 23336] read(3, "DFD16D9669EDAF42EF5D4EED82AA84B0"..., 4096) = 4096 [pid 23336] read(3, "4B7B7C406613EC3471CF1B\n200103282"..., 4096) = 4096 [pid 23336] read(3, "F718837E16350982BF8A27728318EC02"..., 4096) = 4096 [pid 23336] read(3, "B92BE771D535B4EA9C5D14D84CD7649E"..., 4096) = 4096 [pid 23336] read(3, "604D44C7C6EA98D561294D4F7AB06143"..., 4096) = 4096 [pid 23336] read(3, "6CC2BFDE77C4C0DF1D6DDED65FEE2F53"..., 4096) = 4096 [pid 23336] read(3, "DE64F65265E6B9FC5F46879BB17CC349"..., 4096) = 4096 [pid 23336] read(3, "0C154FBAEFF935466B176CB0AED02458"..., 4096) = 4096 [pid 23336] read(3, "2AC3E3772709FC815B0AC56CFF\n20010"..., 4096) = 4096 [pid 23336] read(3, "0A2991A1FFE5B271FEDE54375896A29F"..., 4096) = 4096 [pid 23336] read(3, "3788956651919E26A315EAD1D26E7C98"..., 4096) = 4096 [pid 23336] read(3, "6E10BE7FA5B1A706AEB4C356F49807A2"..., 4096) = 4096 [pid 23336] read(3, "CC5074CD0C1B2538FBF956971BF39314"..., 4096) = 4096 [pid 23336] read(3, "D54C4D103C13D1C15CF8CCA67D5CB39F"..., 4096) = 4096 [pid 23336] read(3, "D1AAFE99014715A36800DBD9A6C51C02"..., 4096) = 4096 [pid 23336] read(3, "75E48EA37EE18B9E44E2D017D845C444"..., 4096) = 4096 [pid 23336] read(3, "16617DA3CCFF722BB82362606283D054"..., 4096) = 4096 [pid 23336] read(3, "AFF443B8BA1ACE1A3A7B16EA0713F625"..., 4096) = 4096 [pid 23336] read(3, "F98C1D3DA9F210857C784433DF32ADF9"..., 4096) = 2023 [pid 23336] read(3, "", 4096) = 0 [pid 23336] _llseek(3, 0, [0], SEEK_SET) = 0 [pid 23336] read(3, "#\t$OpenBSD: moduli,v 1.1 2001/06"..., 4096) = 4096 [pid 23336] read(3, "DEB1C49B0AE87A5DF544A6D54D7\n2001"..., 4096) = 4096 [pid 23336] read(3, "AB9A67E8D63E84FA491E5D3874978815"..., 4096) = 4096 [pid 23336] read(3, "DFD16D9669EDAF42EF5D4EED82AA84B0"..., 4096) = 4096 [pid 23336] read(3, "4B7B7C406613EC3471CF1B\n200103282"..., 4096) = 4096 [pid 23336] read(3, "F718837E16350982BF8A27728318EC02"..., 4096) = 4096 [pid 23336] read(3, "B92BE771D535B4EA9C5D14D84CD7649E"..., 4096) = 4096 [pid 23336] read(3, "604D44C7C6EA98D561294D4F7AB06143"..., 4096) = 4096 [pid 23336] read(3, "6CC2BFDE77C4C0DF1D6DDED65FEE2F53"..., 4096) = 4096 [pid 23336] read(3, "DE64F65265E6B9FC5F46879BB17CC349"..., 4096) = 4096 [pid 23336] read(3, "0C154FBAEFF935466B176CB0AED02458"..., 4096) = 4096 [pid 23336] read(3, "2AC3E3772709FC815B0AC56CFF\n20010"..., 4096) = 4096 [pid 23336] read(3, "0A2991A1FFE5B271FEDE54375896A29F"..., 4096) = 4096 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] write(5, "\0\0\1\232\1", 5) = 5 [pid 23336] write(5, "\1\0\0\1\217f\233\243\355f\37\"j\t\v\345dJ+\264 \223q\267"..., 409) = 409 [pid 23336] read(5, [pid 23337] read(3, "\0\0\1\232", 4) = 4 [pid 23337] read(3, "\1\1\0\0\1\217f\233\243\355f\37\"j\t\v\345dJ+\264 \223"..., 410) = 410 [pid 23337] write(4, "\0\0\1\244\n\37\0\0\1\217f\233\243\355f\37\"j\t\v\345d"..., 424) = 424 [pid 23337] time([1027632811]) = 1027632811 [pid 23337] getpid() = 23337 [pid 23337] getpid() = 23337 [pid 23337] brk(0x809e000) = 0x809e000 [pid 23337] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23337] read(4, "\0\0\1\234\7 \0\0\1\217\16S\370H\254\313\206AIV;Z\365\312"..., 8192) = 416 [pid 23337] brk(0x809f000) = 0x809f000 [pid 23337] brk(0x80a0000) = 0x80a0000 [pid 23337] brk(0x80a1000) = 0x80a1000 [pid 23337] brk(0x80a2000) = 0x80a2000 [pid 23337] write(3, "\0\0\0\35\4", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\35", 4) = 4 [pid 23336] read(5, "\4", 29) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\0\0\0\0\24\7X\342\361\22\232\334\0214$\244\t\r>"..., 28) = 28 [pid 23336] <... read resumed> "\0\0\0\0\0\0\0\24\7X\342\361\22\232\334\0214$\244\t\r>"..., 28) = 28 [pid 23336] brk(0x809c000) = 0x809c000 [pid 23336] write(5, "\0\0\0\224\5", 5) = 5 [pid 23336] write(5, "\0\0\0\217\0\0\0\7ssh-rsa\0\0\0\200$\346\"\306\30\373\372"..., 147) = 147 [pid 23336] read(5, [pid 23337] read(3, "\0\0\0\224", 4) = 4 [pid 23337] read(3, "\5\0\0\0\217\0\0\0\7ssh-rsa\0\0\0\200$\346\"\306\30\373"..., 148) = 148 [pid 23337] write(4, "\0\0\2\314\v!\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0\201"..., 736) = 736 [pid 23337] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23337] read(4, "\0\0\0\f\n\25\0\0\0\0\0\0\0\0\0\0", 8192) = 16 [pid 23337] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23337] read(4, "address@hidden"..., 8192) = 48 [pid 23337] write(4, "u*r\2\334\245\317\326w\302\341hD\2\27\352w\361\341\256"..., 48) = 48 [pid 23337] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23337] read(4, "\344\316\240\266u\10\331\375Q\370!%\211\305\207\343\372"..., 8192) = 64 [pid 23337] write(3, "\0\0\0\t\6", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\t", 4) = 4 [pid 23336] read(5, "\6", 9) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\4mark", 8) = 8 [pid 23336] <... read resumed> "\0\0\0\4mark", 8) = 8 [pid 23336] open("/etc/passwd", O_RDONLY) = 3 [pid 23336] fcntl64(3, F_GETFD) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23336] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] stat64("/bin/bash", {st_mode=S_IFREG|0755, st_size=511400, ...}) = 0 [pid 23336] write(5, "\0\0\0^\7", 5) = 5 [pid 23336] write(5, "\1\0\0\0\34 \246\t\0100\246\t\10\350\3\0\0\350\3\0\0\30"..., 93) = 93 [pid 23336] read(5, [pid 23337] read(3, "\0\0\0^", 4) = 4 [pid 23337] read(3, "\7\1\0\0\0\34 \246\t\0100\246\t\10\350\3\0\0\350\3\0\0"..., 94) = 94 [pid 23337] write(3, "\0\0\0\t%", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\t", 4) = 4 [pid 23336] read(5, "%", 9) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\4mark", 8) = 8 [pid 23336] <... read resumed> "\0\0\0\4mark", 8) = 8 [pid 23336] stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] open("/etc/pam.d/ssh", O_RDONLY) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=771, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "#%PAM-1.0\nauth required "..., 4096) = 771 [pid 23336] open("/lib/security/pam_nologin.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\7\0"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=4248, ...}) = 0 [pid 23336] old_mmap(NULL, 7256, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x40015000 [pid 23336] mprotect(0x40016000, 3160, PROT_NONE) = 0 [pid 23336] old_mmap(0x40016000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40016000 [pid 23336] close(7) = 0 [pid 23336] open("/lib/security/pam_unix.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 $\0\000"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=41432, ...}) = 0 [pid 23336] old_mmap(NULL, 94176, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403ba000 [pid 23336] mprotect(0x403c4000, 53216, PROT_NONE) = 0 [pid 23336] old_mmap(0x403c4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x9000) = 0x403c4000 [pid 23336] old_mmap(0x403c5000, 49120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x403c5000 [pid 23336] close(7) = 0 [pid 23336] open("/lib/security/pam_env.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\v\0\000"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=10148, ...}) = 0 [pid 23336] old_mmap(NULL, 13156, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403d1000 [pid 23336] mprotect(0x403d4000, 868, PROT_NONE) = 0 [pid 23336] old_mmap(0x403d4000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2000) = 0x403d4000 [pid 23336] close(7) = 0 [pid 23336] open("/lib/security/pam_lastlog.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\000"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=7580, ...}) = 0 [pid 23336] old_mmap(NULL, 10588, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403d5000 [pid 23336] mprotect(0x403d7000, 2396, PROT_NONE) = 0 [pid 23336] old_mmap(0x403d7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x1000) = 0x403d7000 [pid 23336] close(7) = 0 [pid 23336] open("/lib/security/pam_motd.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\10\0"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=4364, ...}) = 0 [pid 23336] old_mmap(NULL, 7372, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x40017000 [pid 23336] mprotect(0x40018000, 3276, PROT_NONE) = 0 [pid 23336] old_mmap(0x40018000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40018000 [pid 23336] close(7) = 0 [pid 23336] brk(0x809d000) = 0x809d000 [pid 23336] open("/lib/security/pam_mail.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\000"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=8472, ...}) = 0 [pid 23336] old_mmap(NULL, 11744, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403d8000 [pid 23336] mprotect(0x403da000, 3552, PROT_NONE) = 0 [pid 23336] old_mmap(0x403da000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x1000) = 0x403da000 [pid 23336] close(7) = 0 [pid 23336] open("/lib/security/pam_limits.so", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\16"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=19320, ...}) = 0 [pid 23336] old_mmap(NULL, 30752, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403db000 [pid 23336] mprotect(0x403de000, 18464, PROT_NONE) = 0 [pid 23336] old_mmap(0x403de000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2000) = 0x403de000 [pid 23336] old_mmap(0x403e1000, 6176, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x403e1000 [pid 23336] close(7) = 0 [pid 23336] open("/etc/ld.so.cache", O_RDONLY) = 7 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23336] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 7, 0) = 0x403e3000 [pid 23336] close(7) = 0 [pid 23336] open("/lib/libcap.so.1", O_RDONLY) = 7 [pid 23336] read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\f\0"..., 1024) = 1024 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=11600, ...}) = 0 [pid 23336] old_mmap(NULL, 15264, PROT_READ|PROT_EXEC, MAP_PRIVATE, 7, 0) = 0x403e8000 [pid 23336] mprotect(0x403eb000, 2976, PROT_NONE) = 0 [pid 23336] old_mmap(0x403eb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2000) = 0x403eb000 [pid 23336] close(7) = 0 [pid 23336] munmap(0x403e3000, 20340) = 0 [pid 23336] read(3, "", 4096) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] open("/etc/pam.d/other", O_RDONLY) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=345, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "#\n# /etc/pam.d/other - specify t"..., 4096) = 345 [pid 23336] read(3, "", 4096) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] brk(0x809e000) = 0x809e000 [pid 23336] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=20340, ...}) = 0 [pid 23336] old_mmap(NULL, 20340, PROT_READ, MAP_PRIVATE, 3, 0) = 0x403e3000 [pid 23336] close(3) = 0 [pid 23336] open("/lib/libnss_db.so.2", O_RDONLY) = 3 [pid 23336] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\22"..., 1024) = 1024 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=16944, ...}) = 0 [pid 23336] old_mmap(NULL, 20336, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x403ec000 [pid 23336] mprotect(0x403f0000, 3952, PROT_NONE) = 0 [pid 23336] old_mmap(0x403f0000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x403f0000 [pid 23336] close(3) = 0 [pid 23336] open("/lib/libnss_files.so.2", O_RDONLY) = 3 [pid 23336] read(3, "address@hidden"..., 1024) = 1024 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=32668, ...}) = 0 [pid 23336] old_mmap(NULL, 36112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x403f1000 [pid 23336] mprotect(0x403f9000, 3344, PROT_NONE) = 0 [pid 23336] old_mmap(0x403f9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7000) = 0x403f9000 [pid 23336] close(3) = 0 [pid 23336] open("/usr/lib/libdb3.so.3", O_RDONLY) = 3 [pid 23336] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\311\0"..., 1024) = 1024 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=684092, ...}) = 0 [pid 23336] old_mmap(NULL, 687628, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x403fa000 [pid 23336] mprotect(0x404a1000, 3596, PROT_NONE) = 0 [pid 23336] old_mmap(0x404a1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xa6000) = 0x404a1000 [pid 23336] close(3) = 0 [pid 23336] munmap(0x403e3000, 20340) = 0 [pid 23336] open("/var/lib/misc/protocols.db", O_RDWR|O_LARGEFILE) = -1 ENOENT (No such file or directory) [pid 23336] open("/var/lib/misc/protocols.db", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) [pid 23336] open("/etc/protocols", O_RDONLY) = 3 [pid 23336] fcntl64(3, F_GETFD) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=1748, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "# /etc/protocols:\n# $Id: protoco"..., 4096) = 1748 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] getsockopt(4, SOL_IP, IP_OPTIONS, [0], [0]) = 0 [pid 23336] socket(PF_UNIX, SOCK_STREAM, 0) = 3 [pid 23336] connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) [pid 23336] close(3) = 0 [pid 23336] open("/etc/host.conf", O_RDONLY) = 3 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=26, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "order hosts,bind\nmulti on\n", 4096) = 26 [pid 23336] read(3, "", 4096) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] open("/etc/hosts", O_RDONLY) = 3 [pid 23336] fcntl64(3, F_GETFD) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=306, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "127.0.0.1\tlocalhost\n192.168.0.32"..., 4096) = 306 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\27\3", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\27", 4) = 4 [pid 23336] read(5, "\3", 23) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\16ssh-connection\0\0\0\0", 22) = 22 [pid 23336] <... read resumed> "\0\0\0\16ssh-connection\0\0\0\0", 22) = 22 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\5\n", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\5", 4) = 4 [pid 23336] read(5, "\n", 5) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\0", 4) = 4 [pid 23336] <... read resumed> "\0\0\0\0", 4) = 4 [pid 23336] write(5, "\0\0\0\5\v", 5) = 5 [pid 23336] write(5, "\0\0\0\0", 4) = 4 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] read(5, [pid 23337] read(3, "\0\0\0\5", 4) = 4 [pid 23337] read(3, "\v\0\0\0\0", 5) = 5 [pid 23337] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23337] write(4, "Jj&@\236\202|\275\21\242\316\33\3755\277D\25\241\343J]"..., 80) = 80 [pid 23337] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23337] read(4, "U\261\241\230\377{u\272\10u\0354\6\2765\5\201\251\370\212"..., 8192) = 240 [pid 23337] write(3, "\0\0\0\246\24", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\246", 4) = 4 [pid 23336] read(5, "\24", 166) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23336] <... read resumed> "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23336] brk(0x80a0000) = 0x80a0000 [pid 23336] geteuid32() = 0 [pid 23336] getegid32() = 0 [pid 23336] getgroups32(0x20, 0x808f280) = 0 [pid 23336] open("/etc/group", O_RDONLY) = 3 [pid 23336] fcntl64(3, F_GETFD) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23336] read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 502 [pid 23336] read(3, "", 4096) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] setgroups32(0x6, 0x809dc30) = 0 [pid 23336] getgroups32(0x20, 0x808f300) = 6 [pid 23336] setgroups32(0x6, 0x808f300) = 0 [pid 23336] setregid32(0xffffffff, 0x3e8) = 0 [pid 23336] setresuid32(0xffffffff, 0x3e8, 0xffffffff) = 0 [pid 23336] stat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] open("/home/mark/.ssh/authorized_keys", O_RDONLY|O_LARGEFILE) = 3 [pid 23336] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] stat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] stat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA"..., 4096) = 223 [pid 23336] brk(0x80a2000) = 0x80a2000 [pid 23336] setresuid32(0xffffffff, 0, 0xffffffff) = 0 [pid 23336] setregid32(0xffffffff, 0) = 0 [pid 23336] setgroups32(0, 0x808f280) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] write(5, "\0\0\0\5\25", 5) = 5 [pid 23336] write(5, "\0\0\0\1", 4) = 4 [pid 23336] read(5, [pid 23337] read(3, "\0\0\0\5", 4) = 4 [pid 23337] read(3, "\25\0\0\0\1", 5) = 5 [pid 23337] write(4, "\341;\305\311or\355\340\351e\30B5\237~\220/*\370\200\27"..., 192) = 192 [pid 23337] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23337] select(5, [4], NULL, NULL, NULL) = 1 (in [4]) [pid 23337] read(4, "\305\272\263A3\365\320\277Y\202\372\245\357\315\303_\204"..., 8192) = 384 [pid 23337] write(3, "\0\0\0\246\24", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\246", 4) = 4 [pid 23336] read(5, "\24", 166) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23336] <... read resumed> "\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0\225\0\0\0\7ssh-rsa\0\0\0"..., 165) = 165 [pid 23336] geteuid32() = 0 [pid 23336] getegid32() = 0 [pid 23336] getgroups32(0x20, 0x808f280) = 0 [pid 23336] setgroups32(0x6, 0x808f300) = 0 [pid 23336] setregid32(0xffffffff, 0x3e8) = 0 [pid 23336] setresuid32(0xffffffff, 0x3e8, 0xffffffff) = 0 [pid 23336] stat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] open("/home/mark/.ssh/authorized_keys", O_RDONLY|O_LARGEFILE) = 3 [pid 23336] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark/.ssh/authorized_keys", {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 [pid 23336] lstat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] stat64("/home/mark/.ssh", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] stat64("/home/mark", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=223, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] read(3, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA"..., 4096) = 223 [pid 23336] setresuid32(0xffffffff, 0, 0xffffffff) = 0 [pid 23336] setregid32(0xffffffff, 0) = 0 [pid 23336] setgroups32(0, 0x808f280) = 0 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] write(5, "\0\0\0\5\25", 5) = 5 [pid 23336] write(5, "\0\0\0\1", 4) = 4 [pid 23336] read(5, [pid 23337] read(3, "\0\0\0\5", 4) = 4 [pid 23337] read(3, "\25\0\0\0\1", 5) = 5 [pid 23337] write(3, "\0\0\2\26\26", 5) = 5 [pid 23336] <... read resumed> "\0\0\2\26", 4) = 4 [pid 23336] read(5, "\26", 534) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0\201\0\2635\207"..., 533) = 533 [pid 23336] <... read resumed> "\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0\201\0\2635\207"..., 533) = 533 [pid 23336] write(5, "\0\0\0\5\27", 5) = 5 [pid 23336] write(5, "\0\0\0\1", 4) = 4 [pid 23336] getuid32() = 0 [pid 23336] open("/etc/passwd", O_RDONLY) = 3 [pid 23336] fcntl64(3, F_GETFD) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23336] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] open("/etc/shadow", O_RDONLY) = 3 [pid 23336] fcntl64(3, F_GETFD) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(3, {st_mode=S_IFREG|0640, st_size=768, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(3, 0, [0], SEEK_CUR) = 0 [pid 23336] read(3, "root:$1$EZijlS7/$i6xbjINd9XkHK/a"..., 4096) = 768 [pid 23336] close(3) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] time(NULL) = 1027632811 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] brk(0x80a5000) = 0x80a5000 [pid 23336] time([1027632811]) = 1027632811 [pid 23336] getpid() = 23336 [pid 23336] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23336] socket(PF_UNIX, SOCK_DGRAM, 0) = 3 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] connect(3, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0 [pid 23336] send(3, "<38>Jul 25 14:33:31 sshd[23336]:"..., 91, 0) = 91 [pid 23336] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23336] close(3) = 0 [pid 23336] read(5, [pid 23337] read(3, "\0\0\0\5", 4) = 4 [pid 23337] read(3, "\27\0\0\0\1", 5) = 5 [pid 23337] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23337] time([1027632811]) = 1027632811 [pid 23337] getpid() = 23337 [pid 23337] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23337] socket(PF_UNIX, SOCK_DGRAM, 0) = 5 [pid 23337] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23337] connect(5, {sin_family=AF_UNIX, path="/dev/log"}, 16) = -1 ENOENT (No such file or directory) [pid 23337] close(5) = 0 [pid 23337] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23337] write(4, "\221\355/\31 \206K\352\266\274&?\364O\320\223\352p\22\33"..., 32) = 32 [pid 23337] write(3, "\0\0\4\32\30", 5) = 5 [pid 23336] <... read resumed> "\0\0\4\32", 4) = 4 [pid 23336] read(5, "\30", 1050) = 1 [pid 23336] read(5, [pid 23337] write(3, "\0\0\0\24\7X\342\361\22\232\334\0214$\244\t\r>\v\347\240"..., 1049) = 1049 [pid 23336] <... read resumed> "\0\0\0\24\7X\342\361\22\232\334\0214$\244\t\r>\v\347\240"..., 1049) = 1049 [pid 23336] close(5) = 0 [pid 23336] mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = 0x404a2000 [pid 23336] munmap(0x4026a000, 65536) = 0 [pid 23336] wait4(23337, [pid 23337] _exit(0) = ? [pid 23336] <... wait4 resumed> [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 23337 [pid 23336] --- SIGCHLD (Child exited) --- [pid 23336] alarm(0) = 600 [pid 23336] close(6) = 0 [pid 23336] socketpair(PF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 [pid 23336] fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fork() = 23338 [pid 23318] <... select resumed> ) = 1 (in [5]) [pid 23318] close(5) = 0 [pid 23318] select(6, [3], NULL, NULL, NULL [pid 23336] close(3) = 0 [pid 23336] read(5, [pid 23338] close(5) = 0 [pid 23338] getuid32() = 0 [pid 23338] setgid32(0x3e8) = 0 [pid 23338] open("/etc/group", O_RDONLY) = 5 [pid 23338] fcntl64(5, F_GETFD) = 0 [pid 23338] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23338] fstat64(5, {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 [pid 23338] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23338] _llseek(5, 0, [0], SEEK_CUR) = 0 [pid 23338] read(5, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 502 [pid 23338] read(5, "", 4096) = 0 [pid 23338] close(5) = 0 [pid 23338] munmap(0x40014000, 4096) = 0 [pid 23338] setgroups32(0x6, 0x8094ad8) = 0 [pid 23338] getuid32() = 0 [pid 23338] open("/etc/security/pam_env.conf", O_RDONLY) = 5 [pid 23338] fstat64(5, {st_mode=S_IFREG|0644, st_size=3101, ...}) = 0 [pid 23338] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23338] read(5, "# $Date: 1998/07/12 05:17:16 $\n#"..., 4096) = 3101 [pid 23338] read(5, "", 4096) = 0 [pid 23338] close(5) = 0 [pid 23338] munmap(0x40014000, 4096) = 0 [pid 23338] open("/etc/environment", O_RDONLY) = 5 [pid 23338] fstat64(5, {st_mode=S_IFREG|0644, st_size=7, ...}) = 0 [pid 23338] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23338] read(5, "LANG=C\n", 4096) = 7 [pid 23338] read(5, "", 4096) = 0 [pid 23338] close(5) = 0 [pid 23338] munmap(0x40014000, 4096) = 0 [pid 23338] setgid32(0x3e8) = 0 [pid 23338] setuid32(0x3e8) = 0 [pid 23338] getuid32() = 1000 [pid 23338] geteuid32() = 1000 [pid 23338] alarm(0) = 0 [pid 23338] rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 [pid 23338] rt_sigaction(SIGCHLD, {0x8056500, [], 0x4000000}, NULL, 8) = 0 [pid 23338] pipe([5, 6]) = 0 [pid 23338] fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 [pid 23338] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0 [pid 23338] fcntl64(5, F_GETFL) = 0 (flags O_RDONLY) [pid 23338] fcntl64(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 [pid 23338] fcntl64(6, F_GETFL) = 0x1 (flags O_WRONLY) [pid 23338] fcntl64(6, F_SETFL, O_WRONLY|O_NONBLOCK) = 0 [pid 23338] select(6, [4 5], [], NULL, {60, 0}) = 1 (in [4], left {59, 990000}) [pid 23338] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23338] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23338] read(4, "\307%\211\233\217\356\27T)9E\361\227\315d\367,\201\254"..., 16384) = 64 [pid 23338] ioctl(-1, SNDCTL_TMR_TIMEBASE, 0xbffff378) = -1 EBADF (Bad file descriptor) [pid 23338] select(6, [4 5], [4], NULL, {60, 0}) = 1 (out [4], left {60, 0}) [pid 23338] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23338] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23338] write(4, "Z\350\n\352\252\327\306/y\362\255\0217#/\366\241\243\372"..., 48) = 48 [pid 23338] select(6, [4 5], [], NULL, {60, 0}) = 1 (in [4], left {59, 990000}) [pid 23338] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23338] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23338] read(4, "address@hidden"..., 16384) = 448 [pid 23338] brk(0x80a7000) = 0x80a7000 [pid 23338] write(3, "\0\0\0\1\31", 5) = 5 [pid 23338] read(3, [pid 23336] <... read resumed> "\0\0\0\1", 4) = 4 [pid 23336] read(5, "\31", 1) = 1 [pid 23336] open("/dev/ptmx", O_RDWR) = 3 [pid 23336] statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=1024, f_blocks=0, f_bfree=0, f_files=0, f_ffree=0, f_namelen=255}) = 0 [pid 23336] ioctl(3, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23336] ioctl(3, TIOCGPTN, [8]) = 0 [pid 23336] stat64("/dev/pts/8", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 8), ...}) = 0 [pid 23336] statfs("/dev/pts/8", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=1024, f_blocks=0, f_bfree=0, f_files=0, f_ffree=0, f_namelen=255}) = 0 [pid 23336] ioctl(3, TIOCSPTLCK, [0]) = 0 [pid 23336] ioctl(3, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23336] ioctl(3, TIOCGPTN, [8]) = 0 [pid 23336] stat64("/dev/pts/8", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 8), ...}) = 0 [pid 23336] open("/dev/pts/8", O_RDWR|O_NOCTTY) = 6 [pid 23336] ioctl(6, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23336] readlink("/proc/self/fd/6", "/dev/pts/8", 4095) = 10 [pid 23336] open("/etc/group", O_RDONLY) = 7 [pid 23336] fcntl64(7, F_GETFD) = 0 [pid 23336] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=502, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(7, 0, [0], SEEK_CUR) = 0 [pid 23336] read(7, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 502 [pid 23336] close(7) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] stat64("/dev/pts/8", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 8), ...}) = 0 [pid 23336] chown32(0x80917d4, 0x3e8, 0x5) = 0 [pid 23336] write(5, "\0\0\0\23\32", 5) = 5 [pid 23336] write(5, "\0\0\0\1\0\0\0\n/dev/pts/8", 18) = 18 [pid 23336] sendmsg(5, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff4e0, , msg_flags=0}, 0) = 1 [pid 23336] sendmsg(5, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff4f0, , msg_flags=0}, 0) = 1 [pid 23336] dup2(6, 0) = 0 [pid 23336] getpeername(4, {sin_family=AF_INET, sin_port=htons(35268), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 0 [pid 23336] open("/etc/passwd", O_RDONLY) = 7 [pid 23336] fcntl64(7, F_GETFD) = 0 [pid 23336] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] fstat64(7, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(7, 0, [0], SEEK_CUR) = 0 [pid 23336] read(7, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23336] close(7) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] geteuid32() = 0 [pid 23336] gettimeofday({1027632811, 477339}, NULL) = 0 [pid 23336] getpid() = 23336 [pid 23336] ioctl(0, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23336] readlink("/proc/self/fd/0", "/dev/pts/8", 4127) = 10 [pid 23336] access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23336] open("/var/run/utmp", O_RDWR) = 7 [pid 23336] fcntl64(7, F_GETFD) = 0 [pid 23336] fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] _llseek(7, 0, [0], SEEK_SET) = 0 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] alarm(1) = 0 [pid 23336] fcntl64(7, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] read(7, "\10\0\0\0\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0003\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\6\0\0\0\322\1\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\6\0\0\0\323\1\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\6\0\0\0\324\1\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\6\0\0\0\325\1\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\6\0\0\0\326\1\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\6\0\0\0\327\1\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0\300\22\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0\314W\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0jY\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0\374W\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0&X\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0\370Y\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0\204Z\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0\226Z\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\7\0\0\0\32[\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0\204B\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0\302 \0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0\314D\0\0pts/9\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0\336Z\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(7, "\10\0\0\0\"[\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] fcntl64(7, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23336] alarm(0) = 1 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] alarm(1) = 0 [pid 23336] fcntl64(7, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] _llseek(7, 8832, [8832], SEEK_SET) = 0 [pid 23336] write(7, "\7\0\0\0([\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] fcntl64(7, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23336] alarm(0) = 1 [pid 23336] close(7) = 0 [pid 23336] access("/var/log/wtmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23336] open("/var/log/wtmp", O_WRONLY) = 7 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] alarm(1) = 0 [pid 23336] fcntl64(7, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] _llseek(7, 0, [56064], SEEK_END) = 0 [pid 23336] write(7, "\7\0\0\0([\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] fcntl64(7, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23336] alarm(0) = 1 [pid 23336] close(7) = 0 [pid 23336] stat64("/var/log/lastlog", {st_mode=S_IFREG|0664, st_size=292584, ...}) = 0 [pid 23336] open("/var/log/lastlog", O_RDWR|O_CREAT|O_LARGEFILE, 02000 [pid 23338] <... read resumed> "\0\0\0\23", 4) = 4 [pid 23338] read(3, "\32\0\0\0\1\0\0\0\n/dev/pts/8", 19) = 19 [pid 23338] recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff400, , msg_flags=0}, 0) = 1 [pid 23338] recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=16, msg_control=0xbffff3f0, , msg_flags=0}, 0) = 1 [pid 23338] ioctl(8, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23338] ioctl(8, SNDCTL_TMR_START, {B38400 opost isig icanon echo ...}) = 0 [pid 23338] ioctl(8, SNDCTL_TMR_TIMEBASE, {B38400 opost isig icanon echo ...}) = 0 [pid 23338] ioctl(7, 0x5414, {ws_row=24, ws_col=80, ws_xpixel=499, ws_ypixel=316}) = 0 [pid 23338] stat64("/usr/bin/X11/xauth", {st_mode=S_IFREG|0755, st_size=27944, ...}) = 0 [pid 23336] <... open resumed> ) = 7 [pid 23336] _llseek(7, 292000, [292000], SEEK_SET) = 0 [pid 23336] write(7, "address@hidden/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 292) = 292 [pid 23336] close(7) = 0 [pid 23336] close(0) = 0 [pid 23336] open("/dev/null", O_RDONLY|O_LARGEFILE) = 0 [pid 23336] close(6) = 0 [pid 23336] read(5, [pid 23338] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 9 [pid 23338] bind(9, {sin_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}}, 16) = 0 [pid 23338] listen(9, 5) = 0 [pid 23338] brk(0x80a9000) = 0x80a9000 [pid 23338] ioctl(9, SNDCTL_TMR_TIMEBASE, 0xbfffedc8) = -1 EINVAL (Invalid argument) [pid 23338] fcntl64(9, F_GETFL) = 0x2 (flags O_RDWR) [pid 23338] fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 23338] fcntl64(9, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK) [pid 23338] uname({sys="Linux", node="protagonist", ...}) = 0 [pid 23338] select(10, [4 5 9], [], NULL, {60, 0}) = 1 (in [4], left {60, 0}) [pid 23338] rt_sigprocmask(SIG_BLOCK, [CHLD], [RTMIN], 8) = 0 [pid 23338] rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 [pid 23338] read(4, "\"\265C\234A\20\315\305\341\30\212\272S\357j\206\341\256"..., 16384) = 112 [pid 23338] geteuid32() = 1000 [pid 23338] getegid32() = 1000 [pid 23338] brk(0x80ab000) = 0x80ab000 [pid 23338] gettimeofday({1027632811, 484453}, NULL) = 0 [pid 23338] getpid() = 23338 [pid 23338] mkdir("/tmp/ssh-XXHcj2BI", 0700) = 0 [pid 23338] getpid() = 23338 [pid 23338] socket(PF_UNIX, SOCK_STREAM, 0) = 10 [pid 23338] bind(10, {sin_family=AF_UNIX, path="/tmp/ssh-XXHcj2BI/agent.23338"}, 110) = -1 EACCES (Permission denied) [pid 23338] write(4, "K\271\232\222:\345y\373nI?\367eZ\301<\310\354\4\34\6\344"..., 64) = 64 [pid 23338] close(9) = 0 [pid 23338] close(9) = -1 EBADF (Bad file descriptor) [pid 23338] close(9) = -1 EBADF (Bad file descriptor) [pid 23338] shutdown(4, 2 /* send and receive */) = 0 [pid 23338] close(4) = 0 [pid 23338] time([1027632811]) = 1027632811 [pid 23338] getpid() = 23338 [pid 23338] rt_sigaction(SIGPIPE, {0x401e0f28, [], 0x4000000}, {SIG_IGN}, 8) = 0 [pid 23338] socket(PF_UNIX, SOCK_DGRAM, 0) = 4 [pid 23338] fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 [pid 23338] connect(4, {sin_family=AF_UNIX, path="/dev/log"}, 16) = 0 [pid 23338] send(4, "<38>Jul 25 14:33:31 sshd[23338]:"..., 71, 0) = 71 [pid 23338] rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 [pid 23338] close(4) = 0 [pid 23338] geteuid32() = 1000 [pid 23338] getegid32() = 1000 [pid 23338] unlink("/tmp/ssh-XXHcj2BI/agent.23338") = -1 EACCES (Permission denied) [pid 23338] rmdir("/tmp/ssh-XXHcj2BI") = 0 [pid 23338] write(3, "\0\0\0\17\33", 5) = 5 [pid 23336] <... read resumed> "\0\0\0\17", 4) = 4 [pid 23336] read(5, "\33", 15) = 1 [pid 23336] read(5, [pid 23338] write(3, "\0\0\0\n/dev/pts/8", 14) = 14 [pid 23336] <... read resumed> "\0\0\0\n/dev/pts/8", 14) = 14 [pid 23336] open("/etc/passwd", O_RDONLY) = 6 [pid 23336] fcntl64(6, F_GETFD) = 0 [pid 23336] fcntl64(6, F_SETFD, FD_CLOEXEC [pid 23338] close(0 [pid 23336] <... fcntl64 resumed> ) = 0 [pid 23336] fstat64(6, {st_mode=S_IFREG|0644, st_size=1040, ...}) = 0 [pid 23336] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23336] _llseek(6, 0, [0], SEEK_CUR) = 0 [pid 23336] read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1040 [pid 23336] close(6) = 0 [pid 23336] munmap(0x40014000, 4096) = 0 [pid 23336] geteuid32() = 0 [pid 23336] gettimeofday({1027632811, 503421}, NULL) = 0 [pid 23336] access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23336] open("/var/run/utmp", O_RDWR) = 6 [pid 23336] fcntl64(6, F_GETFD) = 0 [pid 23336] fcntl64(6, F_SETFD, FD_CLOEXEC) = 0 [pid 23336] _llseek(6, 0, [0], SEEK_SET) = 0 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] alarm(1) = 0 [pid 23336] fcntl64(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] read(6, "\10\0\0\0\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\10\0\0\0003\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\6\0\0\0\322\1\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\6\0\0\0\323\1\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\6\0\0\0\324\1\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\6\0\0\0\325\1\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\6\0\0\0\326\1\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\6\0\0\0\327\1\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\10\0\0\0\300\22\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0\314W\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0jY\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0\374W\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0&X\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0\370Y\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0\204Z\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0\226Z\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0\32[\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\10\0\0\0\204B\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\10\0\0\0\302 \0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\10\0\0\0\314D\0\0pts/9\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\10\0\0\0\336Z\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] read(6, "\7\0\0\0([\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23336] alarm(0) = 1 [pid 23336] gettimeofday({1027632811, 505594}, NULL) = 0 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] alarm(1) = 0 [pid 23336] fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] _llseek(6, 8832, [8832], SEEK_SET) = 0 [pid 23336] write(6, "\10\0\0\0([\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0} [pid 23338] <... close resumed> ) = 0 [pid 23336] <... fcntl64 resumed> ) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23336] alarm(0) = 1 [pid 23336] close(6) = 0 [pid 23336] getpid() = 23336 [pid 23336] gettimeofday({1027632811, 519329}, NULL) = 0 [pid 23336] access("/var/log/wtmpx", F_OK) = -1 ENOENT (No such file or directory) [pid 23336] open("/var/log/wtmp", O_WRONLY) = 6 [pid 23336] alarm(0) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x40208b70, [], 0x4000000}, {0x804c190, [ALRM], SA_RESTART|0x4000000}, 8) = 0 [pid 23336] alarm(1) = 0 [pid 23336] fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] _llseek(6, 0, [56448], SEEK_END) = 0 [pid 23336] write(6, "\10\0\0\0([\0\0pts/8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 [pid 23336] fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 [pid 23336] rt_sigaction(SIGALRM, {0x804c190, [ALRM], SA_RESTART|0x4000000}, NULL, 8) = 0 [pid 23336] alarm(0) = 1 [pid 23336] close(6) = 0 [pid 23336] getuid32() = 0 [pid 23336] chown32(0x80917d4, 0, 0) = 0 [pid 23336] chmod("/dev/pts/8", 0666) = 0 [pid 23336] close(3) = 0 [pid 23336] read(5, [pid 23338] getuid32() = 1000 [pid 23338] open("/etc/security/pam_env.conf", O_RDONLY) = 0 [pid 23338] fstat64(0, {st_mode=S_IFREG|0644, st_size=3101, ...}) = 0 [pid 23338] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23338] read(0, "# $Date: 1998/07/12 05:17:16 $\n#"..., 4096) = 3101 [pid 23338] read(0, "", 4096) = 0 [pid 23338] close(0) = 0 [pid 23338] munmap(0x40014000, 4096) = 0 [pid 23338] open("/etc/environment", O_RDONLY) = 0 [pid 23338] fstat64(0, {st_mode=S_IFREG|0644, st_size=7, ...}) = 0 [pid 23338] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 [pid 23338] read(0, "LANG=C\n", 4096) = 7 [pid 23338] read(0, "", 4096) = 0 [pid 23338] close(0) = 0 [pid 23338] munmap(0x40014000, 4096) = 0 [pid 23338] munmap(0x40015000, 7256) = 0 [pid 23338] munmap(0x403ba000, 94176) = 0 [pid 23338] munmap(0x403d1000, 13156) = 0 [pid 23338] munmap(0x403d5000, 10588) = 0 [pid 23338] munmap(0x40017000, 7372) = 0 [pid 23338] munmap(0x403d8000, 11744) = 0 [pid 23338] munmap(0x403db000, 30752) = 0 [pid 23338] munmap(0x403e8000, 15264) = 0 [pid 23338] _exit(255) = ? [pid 23336] <... read resumed> "", 4) = 0 [pid 23336] munmap(0x40015000, 7256) = 0 [pid 23336] munmap(0x403ba000, 94176) = 0 [pid 23336] munmap(0x403d1000, 13156) = 0 [pid 23336] munmap(0x403d5000, 10588) = 0 [pid 23336] munmap(0x40017000, 7372) = 0 [pid 23336] munmap(0x403d8000, 11744) = 0 [pid 23336] munmap(0x403db000, 30752) = 0 [pid 23336] munmap(0x403e8000, 15264) = 0 [pid 23336] shutdown(4, 2 /* send and receive */) = -1 ENOTCONN (Transport endpoint is not connected) [pid 23336] close(4) = 0 [pid 23336] _exit(255) = ? [pid 23318] <... select resumed> ) = ? ERESTARTNOHAND (To be restarted) [pid 23318] --- SIGCHLD (Child exited) --- [pid 23318] wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 255], WNOHANG, NULL) = 23336 [pid 23318] wait4(-1, 0xbffff2f0, WNOHANG, NULL) = -1 ECHILD (No child processes) [pid 23318] rt_sigaction(SIGCHLD, {0x804c138, [CHLD], SA_RESTART|0x4000000}, {0x804c138, [CHLD], SA_RESTART|0x4000000}, 8) = 0 [pid 23318] sigreturn() = ? (mask now [RTMIN]) [pid 23318] select(6, [3], NULL, NULL, NULL