Hi Santi,
yes the process crashed already from what I can see it....
because at the end up the system call it says
> *--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x8} ---+++
> killed by SIGSEGV +++*
>
and below that the typical "Segmentation fault"
I called strace with the following parameter "strace -C bin/rootcheck_control
-L -i 000"
was this sufficient or do I need something else?
thanks,
theresa
Am Montag, 10. August 2015 23:11:59 UTC+2 schrieb Santiago Bassett:
>
> Hi Theresa,
>
> did the process crash already? We need it to crash :-)
>
>
>
> On Mon, Aug 10, 2015 at 2:03 PM, theresa mic-snare <[email protected]
> <javascript:>> wrote:
>
> Hi Santi,
>
> I've now run rootcheck_control with strace, but I'm not quite sure what to
> make of it....
>
> strace -C bin/rootcheck_control -L -i 000
> execve("bin/rootcheck_control", ["bin/rootcheck_control", "-L", "-i",
> "000"], [/* 18 vars */]) = 0
> brk(0) = 0x7ffb98ad0000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ffb97d04000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=18775, ...}) = 0
> mmap(NULL, 18775, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ffb97cff000
> close(3) = 0
> open("/lib64/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\356\1\0\0\0\0\0"
> ..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=1921216, ...}) = 0
> mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
> = 0x7ffb97752000
> mprotect(0x7ffb978dc000, 2097152, PROT_NONE) = 0
> mmap(0x7ffb97adc000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0x18a000) = 0x7ffb97adc000
> mmap(0x7ffb97ae1000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_ANONYMOUS, -1, 0) = 0x7ffb97ae1000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ffb97cfe000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ffb97cfd000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ffb97cfc000
> arch_prctl(ARCH_SET_FS, 0x7ffb97cfd700) = 0
> mprotect(0x7ffb97adc000, 16384, PROT_READ) = 0
> mprotect(0x7ffb97f2c000, 4096, PROT_READ) = 0
> mprotect(0x7ffb97d05000, 4096, PROT_READ) = 0
> munmap(0x7ffb97cff000, 18775) = 0
> brk(0) = 0x7ffb98ad0000
> brk(0x7ffb98af1000) = 0x7ffb98af1000
> socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -
> 1 ENOENT (No such file or directory)
> close(3) = 0
> socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -
> 1 ENOENT (No such file or directory)
> close(3) = 0
> open("/etc/nsswitch.conf", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ffb97d03000
> read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0x7ffb97d03000, 4096) = 0
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=18775, ...}) = 0
> mmap(NULL, 18775, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ffb97cff000
> close(3) = 0
> open("/lib64/libnss_files.so.2", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"
> ..., 832) = 832
> fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
> mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
> = 0x7ffb97544000
> mprotect(0x7ffb97550000, 2097152, PROT_NONE) = 0
> mmap(0x7ffb97750000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
> MAP_DENYWRITE, 3, 0xc000) = 0x7ffb97750000
> close(3) = 0
> mprotect(0x7ffb97750000, 4096, PROT_READ) = 0
> munmap(0x7ffb97cff000, 18775) = 0
> open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
> fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
> fstat(3, {st_mode=S_IFREG|0644, st_size=577, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ffb97d03000
> read(3, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 577
> close(3) = 0
> munmap(0x7ffb97d03000, 4096) = 0
> socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -
> 1 ENOENT (No such file or directory)
> close(3) = 0
> socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
> connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -
> 1 ENOENT (No such file or directory)
> close(3) =
>
> ...
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
