Sample details: 346a759eeb958379ae613183364b9375 --

Hashes
MD5: 346a759eeb958379ae613183364b9375
SHA1: 7a13052cb7100a031e832e575e9187b8dc13f204
SHA256: 11f89d5e0d0f069eeba5210970669602983da5a0f136a108d5011bb3f96e5119
SSDEEP: 1536:ROFHRxxlWbnHwxqRWlEN+ID0B/0x/SAld1qq4245PhtHqqE4jq1ohPwT:RWH3uLHwcBfD0c942CCs7lwT
Details
File Type: ELF
Yara Hits
YRP/domain | YRP/contentis_base64 |
Strings
		__gmon_start__
_ITM_deregisterTMCloneTable
_ITM_registerTMCloneTable
__cxa_finalize
_Jv_RegisterClasses
audit_msg
strcasecmp
__fxstat
__errno_location
fdopen
strchr
audit_strsplit_r
fclose
__stack_chk_fail
audit_request_status
audit_send
audit_open
audit_get_reply
get_auditfail_action
audit_set_enabled
audit_set_failure
audit_set_pid
audit_set_rate_limit
audit_set_backlog_limit
audit_set_backlog_wait_time
audit_set_feature
audit_request_features
audit_set_loginuid_immutable
audit_get_features
audit_request_rules_list_data
audit_request_signal_info
audit_update_watch_perms
audit_add_rule_data
audit_delete_rule_data
audit_trim_subtrees
audit_make_equivalent
strlen
calloc
memcpy
audit_getloginuid
strtol
audit_setloginuid
__snprintf_chk
audit_rule_syscall_data
audit_rule_interfield_comp_data
strstr
audit_name_to_field
audit_rule_free_data
audit_detect_machine
audit_name_to_machine
audit_rule_syscallbyname_data
_audit_elf
audit_elf_to_machine
audit_name_to_syscall
__ctype_b_loc
audit_add_watch_dir
realloc
memset
_audit_permadded
audit_add_watch
audit_add_dir
audit_determine_machine
strtoul
audit_rule_fieldpair_data
strncpy
audit_name_to_errno
__ctype_tolower_loc
audit_name_to_ftype
_audit_syscalladded
audit_name_to_msg_type
getgrnam
audit_machine_to_elf
_audit_archadded
_audit_exeadded
getpwnam
audit_number_to_errmsg
stderr
__fprintf_chk
audit_can_control
capng_save_state
capng_have_capability
capng_restore_state
audit_is_enabled
audit_can_write
audit_can_read
set_aumessage_mode
__vfprintf_chk
__vsyslog_chk
socket
audit_close
recvfrom
sendto
__memcpy_chk
strcmp
audit_field_to_name
audit_syscall_to_name
audit_name_to_flag
audit_flag_to_name
audit_name_to_action
audit_action_to_name
__strncpy_chk
audit_msg_type_to_name
audit_machine_to_name
audit_operator_to_symbol
audit_errno_to_name
audit_ftype_to_name
getaddrinfo
inet_ntop
freeaddrinfo
gai_strerror
ttyname_r
__lxstat
audit_value_needs_encoding
audit_encode_value
readlink
audit_encode_nv_string
__asprintf_chk
malloc
audit_log_user_message
__strncat_chk
audit_log_user_comm_message
audit_log_acct_message
strnlen
snprintf
audit_log_user_avc_message
__syslog_chk
audit_log_semanage_message
audit_log_user_command
__strdup
getcwd
__strcpy_chk
audit_strsplit
libcap-ng.so.0
libc.so.6
_edata
__bss_start
libaudit.so.1
GLIBC_2.3
GLIBC_2.14
GLIBC_2.8
GLIBC_2.4
GLIBC_2.3.4
GLIBC_2.2.5
A\A]A^
]A\A]A^
[]A\A]A^A_
AUATUSH
[]A\A]
L$(dH3
L$(dH3
L$(dH3
L$(dH3
L$(dH3
[]A\A]A^A_
AVAUATUSH
 []A\A]A^
AWAVAUATUS
L$(dH3
8[]A\A]A^A_
AVAUATUSH
]A\A]A^
]A\A]A^
[]A\A]A^A_
AWAVAUATUSH
[]A\A]A^A_
AUATUSH
[]A\A]
[]A\A]
[]A\A]
AWAVAUATUSH
t$(dH34%(
8[]A\A]A^A_
AWAVAUATUSH
;D$0t`E1
[]A\A]A^A_
AWAVAUATI
[A\A]A^A_]
AWAVAUATSH
[A\A]A^A_]
AWAVAUATI
[A\A]A^A_]
AWAVAUATI
[A\A]A^A_]
AWAVAUATI
[A\A]A^A_]
AWAVAUATI
[A\A]A^A_]
AWAVAUATI
[A\A]A^A_]
AWAVAUATI
[A\A]A^A_]
D$HdH3
([]A\A]
AWAVAUATUSH
[]A\A]A^A_
AWAVAUATUSH
AWAVSL
[]A\A]A^A_
D$p"?"
AWAVAUATUSH
ATAWAQAUL
ATAWAQAUL
[]A\A]A^A_
AWAVAUATUSH
[]A\A]A^A_
AWAVAUATUSH
t$ AVAUATASARAQ
[]A\A]A^A_
t$ AVAUATASARAQ
AWAVAUATUSH
cwd=%s 
cmd=%s 
terminal
=%s res=f
[]A\A]A^A_
cmd="%s"
cwd="%s"
[]A\A]A^
]A\A]A^
ignore
Option %s not found - line %d
/etc/libaudit.conf
Error opening %s (%s)
Error fstat'ing %s (%s)
Error - %s is world writable
Error - fdopen failed (%s)
failure_action
Error setting feature (%s)
Error getting feature (%s)
Rule exists
/proc/self/loginuid
Error writing loginuid
Rule is not empty
Invalid type used
Cannot realloc memory!
Unknown user: %s
Unknown group: %s
terminate
-F missing operation for
-F unknown field:
must be before -S
machine type not found
elf mapping not found
-F unknown message type -
Failed upgrading rule
String value too long
only takes = or != operators
-F unknown errno -
-F unknown file type - 
-F value should be number for
-C unknown field:
Too many fields in rule:
only takes = operator
audit_failure_parser called with: %s
Config file %s doesn't exist, skipping
Config file %s opened for parsing
Error - %s isn't owned by root
Error - %s is not a regular file
Missing equal sign for line %d in %s
Wrong number of arguments for line %d in %s
Unknown keyword "%s" in line %d of %s
Error sending status request (%s)
Error sending enable request (%s)
Error sending failure mode request (%s)
Error setting audit daemon pid (%s)
Error sending rate limit request (%s)
Error sending backlog limit request (%s)
Error sending rule list data request (%s)
Error sending signal_info request (%s)
Use of entry filter is deprecated
Error sending add rule data request (%s)
Error sending delete rule request (No rule matches)
Error sending delete rule data request (%s)
Error sending trim subtrees command (%s)
Error sending make_equivalent command (%s)
Error opening /proc/self/loginuid
requested bit level not supported by machine
can only be used with exit filter list
msgtype field can only be used with exclude filter list
Only msgtype field can be used with exclude filter
Permission can only contain  'rwxa'
can only be used with exit and entry filter list
Key field needs a watch, syscall or exe path given prior to it
-F missing value after operation for
-F missing field name before operator for
-C missing field name before operator for
-C missing value after operation for 
-C unknown right hand value for comparison with:
Field option not supported by kernel:
Error - audit support not in kernel
Error opening audit netlink socket (%s)
Error setting audit netlink socket CLOEXEC flag (%s)
Error receiving audit netlink packet (%s)
Bad address size reading audit netlink socket
Spoofed packet received on audit netlink socket
Netlink event from kernel is too big
Netlink message from kernel was not OK
aarch64
armv5tejl
armv5tel
armv6l
armv7l
ppc64le
x86_64
exclude
always
possible
ACCT_LOCK
ACCT_UNLOCK
ADD_GROUP
ADD_USER
ANOM_ABEND
ANOM_ACCESS_FS
ANOM_ADD_ACCT
ANOM_AMTU_FAIL
ANOM_CRYPTO_FAIL
ANOM_DEL_ACCT
ANOM_EXEC
ANOM_LINK
ANOM_LOGIN_ACCT
ANOM_LOGIN_FAILURES
ANOM_LOGIN_LOCATION
ANOM_LOGIN_SESSIONS
ANOM_LOGIN_TIME
ANOM_MAX_DAC
ANOM_MAX_MAC
ANOM_MK_EXEC
ANOM_MOD_ACCT
ANOM_PROMISCUOUS
ANOM_RBAC_FAIL
ANOM_RBAC_INTEGRITY_FAIL
ANOM_ROOT_TRANS
APPARMOR
APPARMOR_ALLOWED
APPARMOR_AUDIT
APPARMOR_DENIED
APPARMOR_ERROR
APPARMOR_HINT
APPARMOR_STATUS
AVC_PATH
BPRM_FCAPS
CAPSET
CHGRP_ID
CHUSER_ID
CONFIG_CHANGE
CRED_ACQ
CRED_DISP
CRED_REFR
CRYPTO_FAILURE_USER
CRYPTO_IKE_SA
CRYPTO_IPSEC_SA
CRYPTO_KEY_USER
CRYPTO_LOGIN
CRYPTO_LOGOUT
CRYPTO_PARAM_CHANGE_USER
CRYPTO_REPLAY_USER
CRYPTO_SESSION
CRYPTO_TEST_USER
DAC_CHECK
DAEMON_ABORT
DAEMON_ACCEPT
DAEMON_CLOSE
DAEMON_CONFIG
DAEMON_END
DAEMON_ERR
DAEMON_RESUME
DAEMON_ROTATE
DAEMON_START
DEL_GROUP
DEL_USER
DEV_ALLOC
DEV_DEALLOC
EXECVE
FD_PAIR
FEATURE_CHANGE
FS_RELABEL
GRP_AUTH
GRP_CHAUTHTOK
GRP_MGMT
INTEGRITY_DATA
INTEGRITY_HASH
INTEGRITY_METADATA
INTEGRITY_PCR
INTEGRITY_RULE
INTEGRITY_STATUS
IPC_SET_PERM
KERNEL
KERNEL_OTHER
LABEL_LEVEL_CHANGE
LABEL_OVERRIDE
MAC_CHECK
MAC_CIPSOV4_ADD
MAC_CIPSOV4_DEL
MAC_CONFIG_CHANGE
MAC_IPSEC_ADDSA
MAC_IPSEC_ADDSPD
MAC_IPSEC_DELSA
MAC_IPSEC_DELSPD
MAC_IPSEC_EVENT
MAC_MAP_ADD
MAC_MAP_DEL
MAC_POLICY_LOAD
MAC_STATUS
MAC_UNLBL_ALLOW
MAC_UNLBL_STCADD
MAC_UNLBL_STCDEL
MQ_GETSETATTR
MQ_NOTIFY
MQ_OPEN
MQ_SENDRECV
NETFILTER_CFG
NETFILTER_PKT
OBJ_PID
PROCTITLE
RESP_ACCT_LOCK
RESP_ACCT_LOCK_TIMED
RESP_ACCT_REMOTE
RESP_ACCT_UNLOCK_TIMED
RESP_ALERT
RESP_ANOMALY
RESP_EXEC
RESP_HALT
RESP_KILL_PROC
RESP_SEBOOL
RESP_SINGLE
RESP_TERM_ACCESS
RESP_TERM_LOCK
ROLE_ASSIGN
ROLE_MODIFY
ROLE_REMOVE
SECCOMP
SELINUX_ERR
SERVICE_START
SERVICE_STOP
SOCKADDR
SOCKETCALL
SYSCALL
SYSTEM_BOOT
SYSTEM_RUNLEVEL
SYSTEM_SHUTDOWN
TRUSTED_APP
USER_ACCT
USER_AUTH
USER_AVC
USER_CHAUTHTOK
USER_CMD
USER_END
USER_ERR
USER_LABELED_EXPORT
USER_LOGIN
USER_LOGOUT
USER_MAC_CONFIG_CHANGE
USER_MAC_POLICY_LOAD
USER_MGMT
USER_ROLE_CHANGE
USER_SELINUX_ERR
USER_START
USER_TTY
USER_UNLABELED_EXPORT
USYS_CONFIG
VIRT_CONTROL
VIRT_MACHINE_ID
VIRT_RESOURCE
devmajor
devminor
field_compare
filetype
loginuid
msgtype
obj_gid
obj_lev_high
obj_lev_low
obj_role
obj_type
obj_uid
obj_user
subj_clr
subj_role
subj_sen
subj_type
subj_user
success
character
socket
EACCES
EADDRINUSE
EADDRNOTAVAIL
EAFNOSUPPORT
EAGAIN
EALREADY
EBADFD
EBADMSG
EBADRQC
EBADSLT
EBFONT
ECANCELED
ECHILD
ECHRNG
ECONNABORTED
ECONNREFUSED
ECONNRESET
EDEADLK
EDEADLOCK
EDESTADDRREQ
EDOTDOT
EDQUOT
EEXIST
EFAULT
EHOSTDOWN
EHOSTUNREACH
EHWPOISON
EILSEQ
EINPROGRESS
EINVAL
EISCONN
EISDIR
EISNAM
EKEYEXPIRED
EKEYREJECTED
EKEYREVOKED
EL2HLT
EL2NSYNC
EL3HLT
EL3RST
ELIBACC
ELIBBAD
ELIBEXEC
ELIBMAX
ELIBSCN
ELNRNG
EMEDIUMTYPE
EMFILE
EMLINK
EMSGSIZE
EMULTIHOP
ENAMETOOLONG
ENAVAIL
ENETDOWN
ENETRESET
ENETUNREACH
ENFILE
ENOANO
ENOBUFS
ENOCSI
ENODATA
ENODEV
ENOENT
ENOEXEC
ENOKEY
ENOLCK
ENOLINK
ENOMEDIUM
ENOMEM
ENOMSG
ENONET
ENOPKG
ENOPROTOOPT
ENOSPC
ENOSTR
ENOSYS
ENOTBLK
ENOTCONN
ENOTDIR
ENOTEMPTY
ENOTNAM
ENOTRECOVERABLE
ENOTSOCK
ENOTTY
ENOTUNIQ
EOPNOTSUPP
EOVERFLOW
EOWNERDEAD
EPFNOSUPPORT
EPROTO
EPROTONOSUPPORT
EPROTOTYPE
ERANGE
EREMCHG
EREMOTE
EREMOTEIO
ERESTART
ERFKILL
ESHUTDOWN
ESOCKTNOSUPPORT
ESPIPE
ESRMNT
ESTALE
ESTRPIPE
ETIMEDOUT
ETOOMANYREFS
ETXTBSY
EUCLEAN
EUNATCH
EUSERS
EWOULDBLOCK
EXFULL
_sysctl
accept
accept4
access
add_key
adjtimex
afs_syscall
arch_prctl
capget
capset
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
create_module
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_ctl_old
epoll_pwait
epoll_wait
epoll_wait_old
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchownat
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstatfs
ftruncate
futimesat
get_kernel_syms
get_mempolicy
get_robust_list
get_thread_area
getcpu
getcwd
getdents
getdents64
getegid
geteuid
getgid
getgroups
getitimer
getpeername
getpgid
getpgrp
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresuid
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioperm
ioprio_get
ioprio_set
kexec_file_load
kexec_load
keyctl
lchown
lgetxattr
linkat
listen
listxattr
llistxattr
lookup_dcookie
lremovexattr
lsetxattr
madvise
membarrier
memfd_create
migrate_pages
mincore
mkdirat
mknodat
mlock2
mlockall
modify_ldt
move_pages
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
msgctl
msgget
msgrcv
msgsnd
munlock
munlockall
munmap
name_to_handle_at
nanosleep
newfstatat
nfsservctl
open_by_handle_at
openat
perf_event_open
personality
pivot_root
preadv
prlimit64
process_vm_readv
process_vm_writev
pselect6
ptrace
putpmsg
pwrite
pwritev
query_module
quotactl
readahead
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
restart_syscall
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
security
select
semctl
semget
semtimedop
sendfile
sendmmsg
sendmsg
sendto
set_mempolicy
set_robust_list
set_thread_area
set_tid_address
setdomainname
setfsgid
setfsuid
setgid
setgroups
sethostname
setitimer
setpgid
setpriority
setregid
setresgid
setresuid
setreuid
setrlimit
setsid
setsockopt
settimeofday
setuid
setxattr
shmctl
shmget
shutdown
sigaltstack
signalfd
signalfd4
socket
socketpair
splice
statfs
swapoff
swapon
symlink
symlinkat
sync_file_range
syncfs
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd
timerfd_gettime
timerfd_settime
truncate
tuxcall
umount2
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vmsplice
vserver
waitid
writev
_sysctl
accept4
access
add_key
adjtimex
afs_syscall
bdflush
capget
capset
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
create_module
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_pwait
epoll_wait
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchownat
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstatfs
fstatfs64
ftruncate
futimesat
get_kernel_syms
get_robust_list
getcpu
getcwd
getdents
getegid
geteuid
getgid
getgroups
getitimer
getpeername
getpgid
getpgrp
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresuid
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioprio_get
ioprio_set
kexec_load
keyctl
lchown
lgetxattr
linkat
listen
listxattr
llistxattr
lremovexattr
lsetxattr
madvise
membarrier
memfd_create
mincore
mkdirat
mknodat
mlock2
mlockall
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
munlock
munlockall
munmap
name_to_handle_at
nanosleep
newfstatat
nfsservctl
open_by_handle_at
openat
perf_event_open
personality
pivot_root
preadv
prlimit64
process_vm_readv
process_vm_writev
pselect6
ptrace
putpmsg
pwrite
pwritev
query_module
quotactl
readahead
readdir
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
s390_pci_mmio_read
s390_pci_mmio_write
s390_runtime_instr
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
select
sendfile
sendmmsg
sendmsg
sendto
set_robust_list
set_tid_address
setdomainname
setfsgid
setfsuid
setgid
setgroups
sethostname
setitimer
setpgid
setpriority
setregid
setresgid
setresuid
setreuid
setrlimit
setsid
setsockopt
settimeofday
setuid
setxattr
shutdown
sigaction
sigaltstack
signal
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket
socketcall
socketpair
splice
statfs
statfs64
swapoff
swapon
symlink
symlinkat
sync_file_range
syncfs
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd
timerfd_create
timerfd_gettime
timerfd_settime
truncate
umount
umount2
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vmsplice
waitid
writev
_llseek
_newselect
_sysctl
accept4
access
add_key
adjtimex
afs_syscall
bdflush
capget
capset
chown32
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
create_module
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_pwait
epoll_wait
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fadvise64_64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchown32
fchownat
fcntl64
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstat64
fstatat64
fstatfs
fstatfs64
ftruncate
ftruncate64
futimesat
get_kernel_syms
get_robust_list
getcpu
getcwd
getdents
getdents64
getegid
getegid32
geteuid
geteuid32
getgid
getgid32
getgroups
getgroups32
getitimer
getpeername
getpgid
getpgrp
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresgid32
getresuid
getresuid32
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getuid32
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioperm
ioprio_get
ioprio_set
kexec_load
keyctl
lchown
lchown32
lgetxattr
linkat
listen
listxattr
llistxattr
lremovexattr
lsetxattr
lstat64
madvise
membarrier
memfd_create
mincore
mkdirat
mknodat
mlock2
mlockall
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
munlock
munlockall
munmap
name_to_handle_at
nanosleep
nfsservctl
open_by_handle_at
openat
perf_event_open
personality
pivot_root
preadv
prlimit64
process_vm_readv
process_vm_writev
pselect6
ptrace
putpmsg
pwrite
pwritev
query_module
quotactl
readahead
readdir
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
s390_pci_mmio_read
s390_pci_mmio_write
s390_runtime_instr
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
sendfile
sendfile64
sendmmsg
sendmsg
sendto
set_robust_list
set_tid_address
setdomainname
setfsgid
setfsgid32
setfsuid
setfsuid32
setgid
setgid32
setgroups
setgroups32
sethostname
setitimer
setpgid
setpriority
setregid
setregid32
setresgid
setresgid32
setresuid
setresuid32
setreuid
setreuid32
setrlimit
setsid
setsockopt
settimeofday
setuid
setuid32
setxattr
shutdown
sigaction
sigaltstack
signal
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket
socketcall
socketpair
splice
stat64
statfs
statfs64
swapoff
swapon
symlink
symlinkat
sync_file_range
syncfs
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd
timerfd_create
timerfd_gettime
timerfd_settime
truncate
truncate64
ugetrlimit
umount
umount2
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vmsplice
waitid
writev
_llseek
_newselect
_sysctl
accept
accept4
access
add_key
adjtimex
afs_syscall
bdflush
capget
capset
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
create_module
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_pwait
epoll_wait
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fadvise64_64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchownat
fcntl64
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstat64
fstatat64
fstatfs
fstatfs64
ftruncate
ftruncate64
futimesat
get_kernel_syms
get_robust_list
getcpu
getcwd
getdents
getdents64
getegid
geteuid
getgid
getgroups
getitimer
getpeername
getpgid
getpgrp
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresuid
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioperm
ioprio_get
ioprio_set
kexec_load
keyctl
lchown
lgetxattr
linkat
listen
listxattr
llistxattr
lookup_dcookie
lremovexattr
lsetxattr
lstat64
madvise
membarrier
memfd_create
mincore
mkdirat
mknodat
mlock2
mlockall
modify_ldt
move_pages
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
multiplexer
munlock
munlockall
munmap
name_to_handle_at
nanosleep
nfsservctl
oldfstat
oldlstat
oldolduname
oldstat
olduname
open_by_handle_at
openat
pciconfig_iobase
pciconfig_read
pciconfig_write
perf_counter_open
personality
pivot_root
preadv
prlimit64
process_vm_readv
process_vm_writev
profil
pselect6
ptrace
putpmsg
pwrite
pwritev
query_module
quotactl
readahead
readdir
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
select
sendfile
sendfile64
sendmmsg
sendmsg
sendto
set_robust_list
set_tid_address
setdomainname
setfsgid
setfsuid
setgid
setgroups
sethostname
setitimer
setpgid
setpriority
setregid
setresgid
setresuid
setreuid
setrlimit
setsid
setsockopt
settimeofday
setuid
setxattr
sgetmask
shutdown
sigaction
sigaltstack
signal
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket
socketcall
socketpair
splice
spu_create
spu_run
ssetmask
stat64
statfs
statfs64
subpage_prot
swapcontext
swapoff
swapon
switch_endian
symlink
symlinkat
sync_file_range2
syncfs
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd
timerfd_gettime
timerfd_settime
truncate
truncate64
tuxcall
ugetrlimit
ulimit
umount
umount2
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vmsplice
waitid
waitpid
writev
_sysctl
accept
accept4
access
add_key
adjtimex
afs_syscall
bdflush
capget
capset
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
clone2
connect
copy_file_range
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_pwait
epoll_wait
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchownat
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstatfs
fstatfs64
ftruncate
futimesat
get_mempolicy
get_robust_list
getcpu
getcwd
getdents
getdents64
getegid
geteuid
getgid
getgroups
getitimer
getpeername
getpgid
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresuid
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getunwind
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioprio_get
ioprio_set
kexec_load
keyctl
lchown
lgetxattr
linkat
listen
listxattr
llistxattr
lookup_dcookie
lremovexattr
lsetxattr
madvise
membarrier
memfd_create
migrate_pages
mincore
mkdirat
mknodat
mlock2
mlockall
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
msgctl
msgget
msgrcv
msgsnd
munlock
munlockall
munmap
name_to_handle_at
nanosleep
newfstatat
nfsservctl
ni_syscall
open_by_handle_at
openat
pciconfig_read
pciconfig_write
perfmonctl
personality
pivot_root
pread64
preadv
prlimit64
process_vm_readv
process_vm_writev
pselect
ptrace
putpmsg
pwrite64
pwritev
quotactl
readahead
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
restart_syscall
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
select
semctl
semget
semtimedop
sendfile
sendmmsg
sendmsg
sendto
set_mempolicy
set_robust_list
set_tid_address
set_zone_reclaim
setdomainname
setfsgid
setfsuid
setgid
setgroups
sethostname
setitimer
setpgid
setpriority
setregid
setresgid
setresuid
setreuid
setrlimit
setsid
setsockopt
settimeofday
setuid
setxattr
shmctl
shmget
shutdown
sigaltstack
signalfd
signalfd4
socket
socketpair
splice
statfs
statfs64
swapoff
swapon
symlink
symlinkat
sync_file_range
syncfs
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd
timerfd_create
timerfd_gettime
timerfd_settime
truncate
umount
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vmsplice
vserver
waitid
writev
_llseek
_newselect
_sysctl
accept4
access
add_key
adjtimex
afs_syscall
bdflush
capget
capset
chown32
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
create_module
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_pwait
epoll_wait
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fadvise64_64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchown32
fchownat
fcntl64
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstat64
fstatat64
fstatfs
fstatfs64
ftruncate
ftruncate64
futimesat
get_kernel_syms
get_mempolicy
get_robust_list
get_thread_area
getcpu
getcwd
getdents
getdents64
getegid
getegid32
geteuid
geteuid32
getgid
getgid32
getgroups
getgroups32
getitimer
getpeername
getpgid
getpgrp
getpid
getpmsg
getppid
getpriority
getrandom
getresgid
getresgid32
getresuid
getresuid32
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getuid32
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioperm
ioprio_get
ioprio_set
keyctl
lchown
lchown32
lgetxattr
linkat
listen
listxattr
llistxattr
lookup_dcookie
lremovexattr
lsetxattr
lstat64
madvise
madvise1
membarrier
memfd_create
migrate_pages
mincore
mkdirat
mknodat
mlock2
mlockall
modify_ldt
move_pages
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
munlock
munlockall
munmap
name_to_handle_at
nanosleep
nfsservctl
oldfstat
oldlstat
oldolduname
oldstat
olduname
open_by_handle_at
openat
perf_event_open
personality
pivot_root
pread64
preadv
prlimit64
process_vm_readv
process_vm_writev
profil
pselect6
ptrace
putpmsg
pwrite64
pwritev
query_module
quotactl
readahead
readdir
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
restart_syscall
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
select
sendfile
sendfile64
sendmmsg
sendmsg
sendto
set_mempolicy
set_robust_list
set_thread_area
set_tid_address
setdomainname
setfsgid
setfsgid32
setfsuid
setfsuid32
setgid
setgid32
setgroups
setgroups32
sethostname
setitimer
setpgid
setpriority
setregid
setregid32
setresgid
setresgid32
setresuid
setresuid32
setreuid
setreuid32
setrlimit
setsid
setsockopt
settimeofday
setuid
setuid32
setxattr
sgetmask
shutdown
sigaction
sigaltstack
signal
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket
socketcall
socketpair
splice
ssetmask
stat64
statfs
statfs64
swapoff
swapon
symlink
symlinkat
sync_file_range
syncfs
sys_kexec_load
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd
timerfd_gettime
timerfd_settime
truncate
truncate64
ugetrlimit
ulimit
umount
umount2
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vm86old
vmsplice
vserver
waitid
waitpid
writev
accept
accept4
add_key
adjtimex
capget
capset
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
delete_module
epoll_create1
epoll_ctl
epoll_pwait
eventfd2
execve
execveat
exit_group
faccessat
fadvise64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchownat
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstatfs
ftruncate
get_mempolicy
get_robust_list
getcpu
getcwd
getdents
getegid
geteuid
getgid
getgroups
getitimer
getpeername
getpgid
getpid
getppid
getpriority
getrandom
getresgid
getresuid
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getxattr
init_module
inotify_add_watch
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioprio_get
ioprio_set
kexec_load
keyctl
lgetxattr
linkat
listen
listxattr
llistxattr
lookup_dcookie
lremovexattr
lsetxattr
madvise
membarrier
memfd_create
migrate_pages
mincore
mkdirat
mknodat
mlock2
mlockall
move_pages
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
msgctl
msgget
msgrcv
msgsnd
munlock
munlockall
munmap
name_to_handle_at
nanosleep
newfstat
newfstatat
nfsservctl
open_by_handle_at
openat
perf_event_open
personality
pivot_root
preadv
prlimit64
process_vm_readv
process_vm_writev
pselect6
ptrace
pwrite
pwritev
quotactl
readahead
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
renameat
renameat2
request_key
restart_syscall
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
semctl
semget
semtimedop
sendfile
sendmmsg
sendmsg
sendto
set_mempolicy
set_robust_list
set_tid_address
setdomainname
setfsgid
setfsuid
setgid
setgroups
sethostname
setitimer
setpgid
setpriority
setregid
setresgid
setresuid
setreuid
setrlimit
setsid
setsockopt
settimeofday
setuid
setxattr
shmctl
shmget
shutdown
sigaltstack
signalfd4
socket
socketpair
splice
statfs
swapoff
swapon
symlinkat
sync_file_range
syncfs
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd_create
timerfd_gettime
timerfd_settime
truncate
umount2
unlinkat
unshare
userfaultfd
utimensat
vhangup
vmsplice
waitid
writev
accept
accept4
access
add_key
adjtimex
bdflush
capget
capset
chown32
chroot
clock_adjtime
clock_getres
clock_gettime
clock_nanosleep
clock_settime
connect
copy_file_range
delete_module
epoll_create
epoll_create1
epoll_ctl
epoll_wait
eventfd
eventfd2
execve
execveat
exit_group
faccessat
fadvise64_64
fallocate
fanotify_init
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchown32
fchownat
fcntl64
fdatasync
fgetxattr
finit_module
flistxattr
fremovexattr
fsetxattr
fstat64
fstatat64
fstatfs
fstatfs64
ftruncate
ftruncate64
futimesat
get_mempolicy
get_robust_list
getcpu
getcwd
getdents
getdents64
getegid
getegid32
geteuid
geteuid32
getgid
getgid32
getgroups
getgroups32
getitimer
getpeername
getpgid
getpgrp
getpid
getppid
getpriority
getrandom
getresgid
getresgid32
getresuid
getresuid32
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getuid32
getxattr
init_module
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
io_cancel
io_destroy
io_getevents
io_setup
io_submit
ioprio_get
ioprio_set
kexec_load
keyctl
lchown
lchown32
lgetxattr
linkat
listen
listxattr
llistxattr
llseek
lookup_dcookie
lremovexattr
lsetxattr
lstat64
madvise
membarrier
memfd_create
mincore
mkdirat
mknodat
mlock2
mlockall
move_pages
mprotect
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
msgctl
msgget
msgrcv
msgsnd
munlock
munlockall
munmap
name_to_handle_at
nanosleep
newselect
nfsservctl
open_by_handle_at
openat
pciconfig_iobase
pciconfig_read
pciconfig_write
perf_event_open
personality
pivot_root
pread64
preadv
prlimit64
process_vm_readv
process_vm_writev
ptrace
pwrite64
pwritev
quotactl
readahead
readdir
readlink
readlinkat
reboot
recvfrom
recvmmsg
recvmsg
remap_file_pages
removexattr
rename
renameat
renameat2
request_key
restart_syscall
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
select
semctl
semget
semtimedop
sendfile
sendfile64
sendmmsg
sendmsg
sendto
set_mempolicy
set_robust_list
set_tid_address
setdomainname
setfsgid
setfsgid32
setfsuid
setfsuid32
setgid
setgid32
setgroups
setgroups32
sethostname
setitimer
setpgid
setpriority
setregid
setregid32
setresgid
setresgid32
setresuid
setresuid32
setreuid
setreuid32
setrlimit
setsid
setsockopt
settimeofday
setuid
setuid32
setxattr
shmctl
shmget
shutdown
sigaction
sigaltstack
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket
socketcall
socketpair
splice
stat64
statfs
statfs64
swapoff
swapon
symlink
symlinkat
sync_file_range
syncfs
syscall
sysctl
sysinfo
syslog
tgkill
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd_create
timerfd_gettime
timerfd_settime
truncate
truncate64
ugetrlimit
umount
umount2
unlink
unlinkat
unshare
uselib
userfaultfd
utimensat
utimes
vhangup
vmsplice
vserver
waitid
writev
UNKNOWN[
resolve_addr: cannot resolve hostname %s (%s)
get_exename: cannot determine executable
%s comm=%s exe=%s hostname=%s addr=%s terminal=%s res=%s
op=%s acct=%s exe=%s hostname=%s addr=%s terminal=%s res=%s
op=%s acct="%s" exe=%s hostname=%s addr=%s terminal=%s res=%s
op=%s id=%u exe=%s hostname=%s addr=%s terminal=%s res=%s
%s exe=%s sauid=%d hostname=%s addr=%s terminal=%s
Can't send to audit system: %s %s
op=%s acct=%s old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s
op=%s acct="%s" old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s
op=%s id=%u old-seuser=%s old-role=%s old-range=%s new-seuser=%s new-role=%s new-range=%s exe=%s hostname=%s addr=%s terminal=%s res=%s
FATAL: bad tty %s
0123456789ABCDEF
/proc/self/exe
%s="%s"
success
failed
/proc/self/comm
09efec334492fb455a6238d52f4f45041b97cb.debug
.shstrtab
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.plt.got
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.data.rel.ro
.dynamic
.gnu_debuglink