ANTICHAT — форум по информационной безопасности, OSINT и технологиям

sh-4.1$ uname -a
uname -a
Linux h1.ihc.ru 2.6.32-642.1.1.el6.x86_64 #1 SMP Tue May 31 21:57:07 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

sh-4.1$ ls -la /boot
ls -la /boot
total 82360
dr-xr-xr-x  4 root root     4096 Jun 20 15:46 .
drwxr-xr-x 26 root root     4096 Jul  5 00:30 ..
-rw-r--r--  1 root root      170 Mar  7  2012 .vmlinuz-2.6.32-220.7.1.el6.x86_64.hmac
-rw-r--r--  1 root root      170 Jun  1 01:02 .vmlinuz-2.6.32-642.1.1.el6.x86_64.hmac
-rw-r--r--  1 root root      165 May 20  2011 .vmlinuz-2.6.32-71.el6.x86_64.hmac
-rw-r--r--  1 root root  2313972 Mar  7  2012 System.map-2.6.32-220.7.1.el6.x86_64
-rw-r--r--  1 root root  2615135 Jun  1 01:02 System.map-2.6.32-642.1.1.el6.x86_64
-rw-r--r--  1 root root  2226490 May 20  2011 System.map-2.6.32-71.el6.x86_64
-rw-r--r--  1 root root   100947 Mar  7  2012 config-2.6.32-220.7.1.el6.x86_64
-rw-r--r--  1 root root   108107 Jun  1 01:02 config-2.6.32-642.1.1.el6.x86_64
-rw-r--r--  1 root root    97862 May 20  2011 config-2.6.32-71.el6.x86_64
drwxr-xr-x  3 root root     4096 Dec  8  2011 efi
drwxr-xr-x  2 root root     4096 Jun 21 11:14 grub
-rw-r--r--  1 root root 15414292 Apr 17  2012 initramfs-2.6.32-220.7.1.el6.x86_64.img
-rw-------  1 root root 22114675 Jun 20 15:42 initramfs-2.6.32-642.1.1.el6.x86_64.img
-rw-r--r--  1 root root 13446144 Dec  8  2011 initramfs-2.6.32-71.el6.x86_64.img
-rw-------  1 root root  4768542 Jun 20 15:41 initrd-2.6.32-220.7.1.el6.x86_64kdump.img
-rw-------  1 root root  4876579 Jun 20 15:46 initrd-2.6.32-642.1.1.el6.x86_64kdump.img
-rw-r--r--  1 root root  3643212 Apr 17  2012 initrd-2.6.32-71.el6.x86_64kdump.img
-rw-r--r--  1 root root   171216 Mar  7  2012 symvers-2.6.32-220.7.1.el6.x86_64.gz
-rw-r--r--  1 root root   215559 Jun  1 01:02 symvers-2.6.32-642.1.1.el6.x86_64.gz
-rw-r--r--  1 root root   160542 May 20  2011 symvers-2.6.32-71.el6.x86_64.gz
-rwxr-xr-x  1 root root  3941040 Mar  7  2012 vmlinuz-2.6.32-220.7.1.el6.x86_64
-rwxr-xr-x  1 root root  4264432 Jun  1 01:02 vmlinuz-2.6.32-642.1.1.el6.x86_64
-rwxr-xr-x  1 root root  3791040 May 20  2011 vmlinuz-2.6.32-71.el6.x86_64

sh-4.1$ ls -la --full-time /lib
ls -la --full-time /lib
total 48
dr-xr-xr-x 10 root root  4096 2016-08-02 16:19:19.410880280 +0300 .
drwxr-xr-x 26 root root  4096 2016-07-05 00:30:41.385863698 +0300 ..
drwxr-xr-x  3 root root  4096 2016-05-11 11:24:26.000000000 +0300 alsa
lrwxrwxrwx  1 root root    14 2016-08-02 16:19:19.410880280 +0300 cpp -> ../usr/bin/cpp
drwxr-xr-x  3 root root  4096 2016-06-20 14:40:03.502496274 +0300 crda
drwxr-xr-x 46 root root 12288 2016-06-20 15:41:30.129591585 +0300 firmware
drwxr-xr-x  6 root root  4096 2011-12-08 18:08:22.000000000 +0400 kbd
dr-xr-xr-x  5 root root  4096 2016-06-20 14:40:09.462474436 +0300 modules
drwxr-xr-x  2 root root  4096 2016-05-11 02:18:18.000000000 +0300 security
drwxr-xr-x  6 root root  4096 2015-03-16 11:53:51.000000000 +0300 terminfo
drwxr-xr-x  5 root root  4096 2016-08-18 04:07:48.429461162 +0300 udev

sh-4.1$ mount
mount
/dev/sda1 on / type ext4 (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda3 on /tmp type ext4 (rw,noexec,nosuid,nodev,noatime,data=writeback,barrier=0)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/sda4 on /home type ext4 (rw,noatime,usrquota,barrier=0)

sh-4.1$ df -h
df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        30G  6.8G   22G  25% /
tmpfs            24G   80K   24G   1% /dev/shm
/dev/sda3       2.0G  779M  1.1G  43% /tmp
/dev/sda4       1.8T  434G  1.4T  25% /home

sh-4.1$ cat /etc/issue
cat /etc/issue
CentOS release 6.8 (Final)
Kernel \r on an \m

sh-4.1$ cat /etc/crontab
cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=cronlog
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

*/5 * * * * root /usr/local/bin/passwd_change.sh >/dev/null 2>&1
0 */3 * * * root /usr/local/bin/bbutemp.sh  >/dev/null 2>&1
*/10 * * * * root /usr/local/bin/move_nrpe.sh >/dev/null 2>&1
*/10 * * * * root /usr/bin/timeout 540 puppet agent --no-daemonize --onetime -l /var/log/puppet/agent.log --onetime --certname `hostname` --server puppet.ihc-ru.net >/dev/null 2>&1; rm -f /var/lib/puppet/state/agent_catalog_run.lock
*/30 * * * * root ( fail2ban-client reload WordPress; /sbin/iptables -F http ) >/dev/null 2>&1
0 2 * * * root ( sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "DELETE FROM bans; VACUUM;"; /sbin/service fail2ban restart ) >/dev/null 2>&1
*/30 * * * * root /usr/local/bin/shape_shared.sh >/dev/null 2>&1
0 2 * * 7 root [ `date "+\%d"` -lt 8 ] && root /usr/local/bin/autolearn.sh >/dev/null 2>&1
30 22 * * * root /usr/local/bin/countfiles.sh >/dev/null 2>&1
*/3 * * * * root /usr/bin/killall -19 transmission-daemon deluge deluged mlnet rtorrent utserver deluge-web fmb qbittorrent minerd jhprimeminer bitcoind > /dev/null 2>&1
40 17 * * * root /usr/local/bin/regkernelcare >/dev/null 2>&1
0 3 * * 1 root /usr/local/bin/virusscan.pl >/dev/null 2>&1

sh-4.1$ ls -la /etc/cron.d
ls -la /etc/cron.d
total 44
drwxr-xr-x   2 root root  4096 Jun 20 16:19 .
drwxr-xr-x 103 root root 12288 Sep 18 21:45 ..
-rw-r--r--   1 root root    67 Apr 28  2010 atop
-rw-r--r--   1 root root    50 Jun 20 16:15 kcare-cron
-rw-r--r--   1 root root   405 Jun 20 16:17 lsws
-rw-r--r--   1 root root   232 Jun 20 16:19 puppet
-rw-------   1 root root   108 Dec 11  2015 raid-check
-rw-r--r--   1 root root   459 Dec  5  2013 sa-update
-rw-------   1 root root   235 May 11 05:02 sysstat

sh-4.1$ ls -la /etc/cron.hourly
ls -la /etc/cron.hourly
total 28
drwxr-xr-x   2 root root  4096 Jun 20 16:19 .
drwxr-xr-x 103 root root 12288 Sep 18 21:45 ..
-rwxr-xr-x   1 root root   195 Mar 20  2013 00awstats
-rwx------   1 root root   611 Jun 20 16:17 ip6_check_count_rules.sh
-rwx------   1 root root   899 Jun 20 16:16 rotate_acct.sh

sh-4.1$ ls -la /etc/cron.monthly
ls -la /etc/cron.monthly
total 20
drwxr-xr-x   2 root root  4096 Jun 20 15:41 .
drwxr-xr-x 103 root root 12288 Sep 18 21:49 ..
-rwxr-xr-x   1 root root   111 Nov 23  2013 readahead-monthly.cron

sh-4.1$ ls -la /etc/cron.weekly
ls -la /etc/cron.weekly
total 16
drwxr-xr-x   2 root root  4096 Apr 17  2012 .
drwxr-xr-x 103 root root 12288 Sep 18 21:50 ..

sh-4.1$ cat /proc/version
cat /proc/version
Linux version 2.6.32-642.1.1.el6.x86_64 (mockbuild@worker1.bsys.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) ) #1 SMP Tue May 31 21:57:07 UTC 2016

sh-4.1$ cat /proc/sys/vm/mmap_min_addr
cat /proc/sys/vm/mmap_min_addr
4096

sh-4.1$ pwd
pwd
/home/p2267/www/****.ru/content

sh-4.1$ ls -la /usr/bin/staprun
ls -la /usr/bin/staprun
---s--x--- 1 root stapusr 183072 May 11 02:40 /usr/bin/staprun

sh-4.1$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
-rwsr-x--- 1 root dbus 50552 Apr 22  2015 /lib64/dbus-1/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 53472 May 11 01:58 /bin/umount
-rwsr-xr-x 1 root root 77336 May 11 01:58 /bin/mount
-rwsr-xr-x 1 root root 34904 May 11 11:59 /bin/su
-rwsr-xr-x 1 root root 36488 May 10 21:32 /bin/ping6
-rwsr-xr-x 1 root root 38264 May 10 21:32 /bin/ping
-r-sr-xr-x 1 root root 19848 Jun 30  2015 /usr/local/lsws/bin/lscgid.5.0.1
-r-sr-xr-x 1 root root 19848 May 26 16:56 /usr/local/lsws/bin/lscgid.5.0.17
-r-sr-xr-x 1 root root 23736 Aug  4  2014 /usr/local/lsws/bin/lscgid.4.2.13
-r-sr-xr-x 1 root root 19848 Nov 19  2015 /usr/local/lsws/bin/lscgid.5.0.8
-r-sr-xr-x 1 root root 19848 Jul 22  2015 /usr/local/lsws/bin/lscgid.5.0.2
-r-sr-xr-x 1 root root 21984 Jan 12  2012 /usr/local/lsws/bin/lscgid.4.1.10
-r-sr-xr-x 1 root root 23736 Jun 10  2014 /usr/local/lsws/bin/lscgid.4.2.12
-r-sr-xr-x 1 root root 19848 Apr 18 09:35 /usr/local/lsws/bin/lscgid.5.1.4
-r-sr-xr-x 1 root root 19848 Apr 18 10:51 /usr/local/lsws/bin/lscgid.5.0.15
-r-sr-xr-x 1 root root 19848 Jul 20 09:55 /usr/local/lsws/bin/lscgid.5.1.7
-r-sr-xr-x 1 root root 23736 Jan 14  2015 /usr/local/lsws/bin/lscgid.4.2.20
-r-sr-xr-x 1 root root 19848 Aug 31  2015 /usr/local/lsws/bin/lscgid.5.0.5
-r-sr-xr-x 1 root root 23736 Feb  4  2015 /usr/local/lsws/bin/lscgid.4.2.21
-r-sr-xr-x 1 root root 19848 Mar 14  2016 /usr/local/lsws/bin/lscgid.5.0.14
-r-sr-xr-x 1 root root 23736 Nov 18  2013 /usr/local/lsws/bin/lscgid.4.2.5
-r-sr-xr-x 1 root root 23736 Oct  9  2014 /usr/local/lsws/bin/lscgid.4.2.17
-r-sr-xr-x 1 root root 23736 Oct  2  2014 /usr/local/lsws/bin/lscgid.4.2.16
-r-sr-xr-x 1 root root 23736 Nov 25  2014 /usr/local/lsws/bin/lscgid.4.2.19
-r-sr-xr-x 1 root root 19848 Oct 13  2015 /usr/local/lsws/bin/lscgid.5.0.7
-r-sr-xr-x 1 root root 23736 Oct 31  2014 /usr/local/lsws/bin/lscgid.4.2.18
-r-sr-xr-x 1 root root 23736 Aug 14  2014 /usr/local/lsws/bin/lscgid.4.2.14
-r-sr-xr-x 1 root root 23736 Apr  8  2014 /usr/local/lsws/bin/lscgid.4.2.6
-r-sr-xr-x 1 root root 23736 Apr  9  2014 /usr/local/lsws/bin/lscgid.4.2.9
-r-sr-xr-x 1 root root 23736 May 22  2014 /usr/local/lsws/bin/lscgid.4.2.11
-r-sr-xr-x 1 root root 19848 Aug 17  2015 /usr/local/lsws/bin/lscgid.5.0.4
-r-sr-xr-x 1 root root 19848 Jul 13 09:42 /usr/local/lsws/bin/lscgid.5.1.6
-r-sr-xr-x 1 root root 23736 Apr  1  2014 /usr/local/lsws/bin/lscgid.4.2.7
-r-sr-xr-x 1 root root 23736 Jun  1  2015 /usr/local/lsws/bin/lscgid.4.2.23
-r-sr-xr-x 1 root root 19848 Dec  6  2015 /usr/local/lsws/bin/lscgid.5.0.9
-r-sr-xr-x 1 root root 23736 Apr  9  2014 /usr/local/lsws/bin/lscgid.4.2.8
-r-sr-xr-x 1 root root 19848 May 25 12:28 /usr/local/lsws/bin/lscgid.5.1.5
-r-sr-xr-x 1 root root 23736 Sep 29  2013 /usr/local/lsws/bin/lscgid.4.2.4
-r-sr-xr-x 1 root root 19848 Jun 24  2015 /usr/local/lsws/bin/lscgid.5.0
-rws--x--x 1 root root 14280 May 10 17:11 /usr/libexec/pt_chown
-rws--x--x 1 vcsa root 11208 May 11 00:24 /usr/libexec/mc/cons.saver
-rwsr-xr-x 1 root root 257824 May 12 07:52 /usr/libexec/openssh/ssh-keysign
-rwsr-xr-x 1 root root 14368 Mar 17  2015 /usr/libexec/polkit-1/polkit-agent-helper-1
-rws--x--x 1 root root 20184 May 11 01:58 /usr/bin/chfn
-rws--x--x 1 root root 20056 May 11 01:58 /usr/bin/chsh
-rwsr-xr-x 1 root root 40240 May 11 00:23 /usr/bin/newgrp
-rwsr-xr-x 1 root root 30768 Nov 23  2015 /usr/bin/passwd
-rwsr-xr-x 1 root root 75640 May 11 00:23 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 70480 May 11 00:23 /usr/bin/chage
-rwsr-xr-x 1 root root 22544 Mar 17  2015 /usr/bin/pkexec
-rwsr-xr-x 1 root root 54496 Feb 19  2015 /usr/bin/at
---s--x--x 1 root root 123832 May 11 02:13 /usr/bin/sudo
---s--x--- 1 root stapusr 183072 May 11 02:40 /usr/bin/staprun
-rwsr-xr-x 1 root root 21302 May  5  2014 /usr/share/doc/fping-3.10/ChangeLog
-rwsr-xr-x 1 root root 1067 May  5  2014 /usr/share/doc/fping-3.10/COPYING
-rwsr-xr-x 1 root root 1496 May  5  2014 /usr/share/doc/fping-3.10/README
-rwsr-xr-x 1 root root 92815 May  7  2014 /usr/sbin/fping6
-rwsr-xr-x 1 root root 9000 May 11 22:34 /usr/sbin/usernetctl
-rwsr-xr-x 1 root root 1274440 Mar  4  2016 /usr/sbin/exim
-rws--x--x 1 root root 42288 Aug 22  2010 /usr/sbin/userhelper
-rwsr-xr-x 1 root root 42792 May  7  2014 /usr/sbin/fping
-rwsr-xr-x 1 root root 34840 May 11 02:18 /sbin/unix_chkpwd
-rwsr-xr-x 1 root root 10272 May 11 02:18 /sbin/pam_timestamp_check
-rwsrwsrwt 1 p2267 p2267 72844 Sep 18 19:16 /home/p2267/www/****.ru/content/pagesinfo.php