X__text__TEXTl h)__data__DATAl H__const__TEXT \__cstring__TEXT\__picsymbolstub2__TEXT!x__la_sym_ptr2__DATA Pp%__nl_symbol_ptr__DATA\(8(__textcoal_nt__TEXT` @&/ 5 P  !&2US qED$E$yWED$ qD$D$$D$$SmDžE%=@uEED$$uDžE D$E$E%=M} CDž|D$D$E$V D$D$$ |뾋$|3M3E ȅD$E$>|3L3H ȅtbEȋỦ3L3H ȅuHED$ D$D$$D$$mEE%=E@t=i8t#ED$VD$i$m0e8t#ED$VD$e$R}u=ED$ qD$D$$D$$m=E%t0a8t#ED$VD$a$Dž []ÐUSd qEEE3 X8 \> `G dQ hV l[ pDžt}tE$=w'a D$q $Dž xD$E$yDž;xt$8tExE%=@tDžE􃼅Xu.E􋄅XD$E$u E EËE$E}uA D$E$u $E}tDžE$gE}u D$E$"t D$E$uE맋ED$ED$ D$D$H$D$H$uA%=@t(%=t%=tEEU;~UЍ<uED$UЍ$UЍD$ED$UЍD$ D$D$$ D$$ E D$H$X uE D$H$E9E}tUE9uD$E$E ;EtxED$ED$ED$ D$D$$ D$Q D$E$ t!D$$ E$P Džd []ÐUS D$q$  ED$ D$D$$ x$etnD$$d  D$$@  D$$  *   x(t" @,D$$DžSX^gqv   ) {. 9 B DžDž~ru`D$ED$ G D$D$$ @,D$$^냍 8uI D$ Q D$D$x$q xD$$B  8 8 8 $ud d $Qu` ` $!u\ 1 \dD$`D$\D$ q D$D$h$UhD$$& 8t6 $u$e $: 8t6 $Mu$" $ 8t6 $ u$ $ []  !"#$%&'*+,:;<=>?[\]^`{|}~Anomaly detected in file '%s'. Hidden from stats, but showing up on readdir. Possible kernel level rootkit./dev/fdAnomaly detected in file '%s'. File size doesn't match what we found. Possible kernel level rootkit.%s File '%s' is owned by root and has written permissions to anyone./bin/sbin/usr/bin/usr/sbin/dev/etc/bootossec-rootcheck%s: Invalid directory given./...%s/%sRootkit '%s' detected by the presence of file '%s/%s'./procFiles hidden inside directory '%s'. Link count does not match number of files (%d,%d).%s: DEBUG: Starting on check_rc_sys%swrootcheck-rw-rw-rw-.txtrootcheck-rwxrwxrwx.txtrootcheck-suid-files.txt/lib/root/var/log/var/mail/var/lib/var/www/usr/lib/usr/include/tmp/usr/local/var/tmp/sys%s%sNo problem found on the system. Analyzed %d files. rootcheck-suid-files.txt (list of suid files) rootcheck-rwxrwxrwx.txt (list of world writtable/executable files) rootcheck-rw-rw-rw-.txt (list of world writable files) Check the following files for more information: %s%s%s⍀P⍀P⍀P⍀P⍀Plg⍀PSNq⍀qP:5\⍀\P!G⍀GP2⍀2P⍀P⍀P⍀P⍀P⍀Prm⍀PYT⍀P@;⍀P'"u⍀uP `⍀`P$=Vo7Pi$Ë$_ S poM E 9o; / po" po  to  !o  to to  xo  o  xo xo  f o< o. o$  xo @o o  to o o  po po to xoz d J o< o/ |o  \o  o o oz on ob oV oJ o> yo2 po& fo ]o Wo o Ro o o o o o  \o \or pod toV xoJ poB : 9o0 o& to  !o o xo oo\ooloo|o{oqok  @0|*iK9w(@`d|dddDh%"o [5-#llmlT0(  aUpKe7p|tet|xemx4|.~No|iS9(  . WW  . SS  . OO  . KK  . G~Gx  s. mCzeCz_  Z. T?aL?aF  A. ;;H3;H-  (. "7/7/  . 33  . //  . ++  . ''  . ##  . ~  y. ske  `. ZgRgL  G. AN9N3  .. (5 5  .     LHD@<840,($  -*" )! ('-*" )! ('&%$#dd< DDD(D,0D0WD1mD4xD8D?D@DCDIDNDPDS%DU2DWdDYtD[D_DdDhDi2Dr=Du`DwkDxxDzD~DDDDDD(D5DBDeDo$S^ ab&g'!p9%Lgwre,:qQ(cyh`map7HI+m0noKLMN|]c===o$DDDDDDDDD4DCD\DkD}DDDDDDDDDDD DDDDTDmDDDDD D5D;DVDrDwDD D$D,D)7D*SD,XD2rD:D=DJDLDM.DY9D[DD\N$   2 D h Rt {  # x X  HC W mX f g /h mi 6x 7  9 N $Dc`DfoDhDiDjDlDpDrDs Dt. DxT Dyb Dzp D~ D D D D D D D D D" D- D: Dh D D D D D D D D D D D D D- DC DQ Dc $c` b d o     -  x :  ~  h%  &  ' l ( $ ) = & p  & #oT    9 Q d v    dl 6`(Dk-%bRxIr@w]jR@~Z7_read_sys_file___i686.get_pc_thunk.bx_read_sys_dir_check_rc_sys___local_name_rootcheck_rk_sys_file_rk_sys_name_rk_sys_count_total_ports_udp_total_ports_tcp__sys_errors__sys_total_did__wx__ww__suid___i686.get_pc_thunk.axdyld_stub_binding_helper_fclose_unlink_ftell_fopen_debug1_closedir_strncmp_readdir_opendir_merror_strlen_fprintf_close_read_open_strcmp_notify_rk_snprintf_lstat/mnt/gmirror/ports/security/ossec-hids-server/work/ossec-hids-1.3/src/rootcheck/check_rc_sys.cgcc2_compiled._hostname_mapread_sys_file:F(0,1)=r(0,1);-2147483648;2147483647;int:t(0,1)file_name:p(0,2)=*(0,3)=r(0,3);0;127;do_read:p(0,1)char:t(0,3)statbuf:(0,4)=xsstat:stat:T(0,4)=s96st_dev:(0,5)=(0,6)=(0,7)=(0,1),0,32;st_ino:(0,8)=(0,9)=(0,10)=(0,11)=r(0,11);0000000000000;0037777777777;,32,32;st_mode:(0,12)=(0,13)=(0,14)=(0,15)=@s16;r(0,15);0;65535;,64,16;st_nlink:(0,16)=(0,14),80,16;st_uid:(0,17)=(0,18)=(0,10),96,32;st_gid:(0,19)=(0,20)=(0,10),128,32;st_rdev:(0,5),160,32;st_atimespec:(0,21)=xstimespec:,192,64;st_mtimespec:(0,21),256,64;st_ctimespec:(0,21),320,64;st_size:(0,22)=(0,23)=(0,24)=(0,25)=@s64;r(0,25);01000000000000000000000;0777777777777777777777;,384,64;st_blocks:(0,26)=(0,27)=(0,24),448,64;st_blksize:(0,28)=(0,29)=(0,7),512,32;st_flags:(0,10),544,32;st_gen:(0,10),576,32;st_lspare:(0,7),608,32;st_qspare:(0,30)=ar(0,31)=r(0,31);0000000000000;0037777777777;;0;1;(0,24),640,128;;dev_t:t(0,5)__darwin_dev_t:t(0,6)__int32_t:t(0,7)ino_t:t(0,8)__darwin_ino_t:t(0,9)__uint32_t:t(0,10)unsigned int:t(0,11)mode_t:t(0,12)__darwin_mode_t:t(0,13)__uint16_t:t(0,14)short unsigned int:t(0,15)nlink_t:t(0,16)uid_t:t(0,17)__darwin_uid_t:t(0,18)gid_t:t(0,19)__darwin_gid_t:t(0,20)timespec:T(0,21)=s8tv_sec:(0,32)=(0,33)=(0,34)=r(0,34);-2147483648;2147483647;,0,32;tv_nsec:(0,34),32,32;;off_t:t(0,22)__darwin_off_t:t(0,23)__int64_t:t(0,24)long long int:t(0,25)blkcnt_t:t(0,26)__darwin_blkcnt_t:t(0,27)blksize_t:t(0,28)__darwin_blksize_t:t(0,29)long unsigned int:t(0,35)=r(0,35);0000000000000;0037777777777;time_t:t(0,32)__darwin_time_t:t(0,33)long int:t(0,34)op_msg:(0,36)=ar(0,31);0;1024;(0,3)buf:(0,37)=ar(0,31);0;1023;(0,3)fd:(0,1)nr:(0,1)total:(0,35)statbuf2:(0,4)op_msg:(0,36)op_msg:(0,36)read_sys_dir:F(0,1)dir_name:p(0,2)do_read:p(0,1)i:(0,1)entry_count:(0,11)did_changed:(0,1)dp:(0,38)=*(0,39)=(0,40)=s80dd_fd:(0,1),0,32;dd_loc:(0,34),32,32;dd_size:(0,34),64,32;dd_buf:(0,2),96,32;dd_len:(0,1),128,32;dd_seek:(0,34),160,32;dd_rewind:(0,34),192,32;dd_flags:(0,1),224,32;dd_lock:(0,41)=(0,42)=xs_opaque_pthread_mutex_t:,256,352;dd_td:(0,43)=*(0,44)=xs_telldir:,608,32;;DIR:t(0,39)__darwin_pthread_mutex_t:t(0,41)_opaque_pthread_mutex_t:T(0,42)=s44__sig:(0,34),0,32;__opaque:(0,45)=ar(0,31);0;39;(0,3),32,320;;entry:(0,46)=*(0,47)=xsdirent:dirent:T(0,47)=s264d_ino:(0,8),0,32;d_reclen:(0,14),32,16;d_type:(0,48)=(0,49)=@s8;r(0,49);0;255;,48,8;d_namlen:(0,48),56,8;d_name:(0,50)=ar(0,31);0;255;(0,3),64,2048;;__uint8_t:t(0,48)unsigned char:t(0,49)statbuf:(0,4)dirs_to_doread:(0,51)=ar(0,31);0;7;(0,2)f_name:(0,52)=ar(0,31);0;1025;(0,3)statbuf_local:(0,4)op_msg:(0,36)statbuf2:(0,4)op_msg:(0,36)check_rc_sys:F(0,53)=(0,53)void:t(0,53)basedir:p(0,2)file_path:(0,36)_i:(0,1)dirs_to_scan:(0,54)=ar(0,31);0;19;(0,2)op_msg:(0,36)op_msg:(0,36)__local_name:G(0,2)hostname_map:S(0,55)=ar(0,31);0;255;(0,56)=k(0,49)rootcheck:G(0,57)=(0,58)=xs_rkconfig:rkconfig:t(0,57)_rkconfig:T(0,58)=s60workdir:(0,2),0,32;basedir:(0,2),32,32;rootkit_files:(0,2),64,32;rootkit_trojans:(0,2),96,32;winaudit:(0,2),128,32;winmalware:(0,2),160,32;winapps:(0,2),192,32;fp:(0,59)=*(0,60)=(0,61)=xs__sFILE:,224,32;daemon:(0,1),256,32;notify:(0,1),288,32;scanall:(0,1),320,32;readall:(0,1),352,32;disabled:(0,1),384,32;time:(0,1),416,32;queue:(0,1),448,32;;FILE:t(0,60)__sFILE:T(0,61)=s88_p:(0,62)=*(0,49),0,32;_r:(0,1),32,32;_w:(0,1),64,32;_flags:(0,63)=@s16;r(0,63);-32768;32767;,96,16;_file:(0,63),112,16;_bf:(0,64)=xs__sbuf:,128,64;_lbfsize:(0,1),192,32;_cookie:(0,65)=*(0,53),224,32;_close:(0,66)=*(0,67)=f(0,1),256,32;_read:(0,68)=*(0,69)=f(0,1),288,32;_seek:(0,70)=*(0,71)=f(0,72)=(0,23),320,32;_write:(0,73)=*(0,74)=f(0,1),352,32;_ub:(0,64),384,64;_extra:(0,75)=*(0,76)=xs__sFILEX:,448,32;_ur:(0,1),480,32;_ubuf:(0,77)=ar(0,31);0;2;(0,49),512,24;_nbuf:(0,78)=ar(0,31);0;0;(0,49),536,8;_lb:(0,64),544,64;_blksize:(0,1),608,32;_offset:(0,72),640,64;;short int:t(0,63)__sbuf:T(0,64)=s8_base:(0,62),0,32;_size:(0,1),32,32;;fpos_t:t(0,72)rk_sys_file:G(0,79)=*(0,2)rk_sys_name:G(0,79)rk_sys_count:G(0,1)total_ports_udp:G(0,80)=ar(0,31);0;65535;(0,3)total_ports_tcp:G(0,80)_sys_errors:G(0,1)_sys_total:G(0,1)did:G(0,5)_wx:G(0,59)_ww:G(0,59)_suid:G(0,59)