我正在开展一个项目,我们已经挂了系统公开呼叫。当用户尝试打开文件时,我们希望sys_open根据包含文件路径的文件检查给定路径。如果给定文件路径包含在该文件中,我们希望阻止它们打开该文件。这是我们的模块:
#include <linux/module.h> /* Needed by all kernel modules */
#include <linux/kernel.h> /* Needed for loglevels (KERN_WARNING, KERN_EMERG, KERN_INFO, etc.) */
#include <linux/init.h> /* Needed for __init and __exit macros. */
#include <linux/unistd.h> /* sys_call_table __NR_* system call function indices */
#include <linux/fs.h> /* filp_open */
#include <linux/slab.h> /* kmalloc */
#include <asm/paravirt.h> /* write_cr0 */
#include <asm/uaccess.h> /* get_fs, set_fs */
#include <linux/xattr.h>
#include <linux/dcache.h> /*dentry*/
#include <linux/namei.h>
#define PROC_V "/proc/version"
#define BOOT_PATH "/boot/System.map-"
#define CHECK_FILE "root/home/ben/Documents/project/module/test.txt"
#define MAX_VERSION_LEN 256
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Lots o ppl");
MODULE_DESCRIPTION("File Bunker");
//https://tnichols.org/2015/10/19/Hooking-the-Linux-System-Call-Table/
unsigned long *syscall_table = NULL;
//unsigned long *syscall_table = (unsigned long *)0xffffffff81801400;
asmlinkage int (*original_open)(const char*, int flags, mode_t);
static int find_sys_call_table (char *kern_ver) {
char system_map_entry[MAX_VERSION_LEN];
int i = 0;
/*
* Holds the /boot/System.map-<version> file name as we build it
*/
char *filename;
/*
* Length of the System.map filename, terminating NULL included
*/
size_t filename_length = strlen(kern_ver) + strlen(BOOT_PATH) + 1;
/*
* This will point to our /boot/System.map-<version> file
*/
struct file *f = NULL;
mm_segment_t oldfs;
oldfs = get_fs();
set_fs (KERNEL_DS);
printk(KERN_EMERG "Kernel version: %s\n", kern_ver);
filename = kmalloc(filename_length, GFP_KERNEL);
if (filename == NULL) {
printk(KERN_EMERG "kmalloc failed on System.map-<version> filename allocation");
return -1;
}
/*
* Zero out memory to be safe
*/
memset(filename, 0, filename_length);
/*
* Construct our /boot/System.map-<version> file name
*/
strncpy(filename, BOOT_PATH, strlen(BOOT_PATH));
strncat(filename, kern_ver, strlen(kern_ver));
/*
* Open the System.map file for reading
*/
f = filp_open(filename, O_RDONLY, 0);
if (IS_ERR(f) || (f == NULL)) {
printk(KERN_EMERG "Error opening System.map-<version> file: %s\n", filename);
return -1;
}
memset(system_map_entry, 0, MAX_VERSION_LEN);
/*
* Read one byte at a time from the file until we either max out
* out our buffer or read an entire line.
*/
while (vfs_read(f, system_map_entry + i, 1, &f->f_pos) == 1) {
/*
* If we've read an entire line or maxed out our buffer,
* check to see if we've just read the sys_call_table entry.
*/
if ( system_map_entry[i] == '\n' || i == MAX_VERSION_LEN ) {
// Reset the "column"/"character" counter for the row
i = 0;
if (strstr(system_map_entry, "sys_call_table") != NULL) {
char *sys_string;
char *system_map_entry_ptr = system_map_entry;
sys_string = kmalloc(MAX_VERSION_LEN, GFP_KERNEL);
if (sys_string == NULL) {
filp_close(f, 0);
set_fs(oldfs);
kfree(filename);
return -1;
}
memset(sys_string, 0, MAX_VERSION_LEN);
strncpy(sys_string, strsep(&system_map_entry_ptr, " "), MAX_VERSION_LEN);
//syscall_table = (unsigned long long *) kstrtoll(sys_string, NULL, 16);
//syscall_table = kmalloc(sizeof(unsigned long *), GFP_KERNEL);
//syscall_table = kmalloc(sizeof(syscall_table), GFP_KERNEL);
kstrtoul(sys_string, 16, &syscall_table);
printk(KERN_EMERG "syscall_table retrieved\n");
kfree(sys_string);
break;
}
memset(system_map_entry, 0, MAX_VERSION_LEN);
continue;
}
i++;
}
filp_close(f, 0);
set_fs(oldfs);
kfree(filename);
return 0;
}
/*
* We have to pass in a pointer to a buffer to store the parsed
* version information in. If we declare a pointer to the
* parsed version info on the stack of this function, the
* pointer will disappear when the function ends and the
* stack frame is removed.
*/
char *acquire_kernel_version (char *buf) {
struct file *proc_version;
char *kernel_version;
/*
* We use this to store the userspace perspective of the filesystem
* so we can switch back to it after we are done reading the file
* into kernel memory
*/
mm_segment_t oldfs;
/*
* Standard trick for reading a file into kernel space
* This is very bad practice. We're only doing it here because
* we're malicious and don't give a damn about best practices.
*/
oldfs = get_fs();
set_fs (KERNEL_DS);
/*
* Open the version file in the /proc virtual filesystem
*/
proc_version = filp_open(PROC_V, O_RDONLY, 0);
if (IS_ERR(proc_version) || (proc_version == NULL)) {
return NULL;
}
/*
* Zero out memory just to be safe
*/
memset(buf, 0, MAX_VERSION_LEN);
/*
* Read version info from /proc virtual filesystem
*/
vfs_read(proc_version, buf, MAX_VERSION_LEN, &(proc_version->f_pos));
/*
* Extract the third field from the full version string
*/
kernel_version = strsep(&buf, " ");
kernel_version = strsep(&buf, " ");
kernel_version = strsep(&buf, " ");
filp_close(proc_version, 0);
/*
* Switch filesystem context back to user space mode
*/
set_fs(oldfs);
return kernel_version;
}
asmlinkage int new_open (const char* path, int flags, mode_t mode) {
//printk(KERN_EMERG "[+] open() hooked.");
printk(KERN_EMERG "%s\n",path);
//allow this file to be opened, produces a security hole if they can find the
//file, but since this is just a surface level locking it doesnt violate the
//main idea of this module
if(strcmp(path,CHECK_FILE)) return original_open(path, flags, mode);
//need to check the masterfile to see if it is a restricted file
mm_segment_t oldfs;
oldfs = get_fs();
struct file *f;
set_fs (KERNEL_DS);
f = filp_open(CHECK_FILE,O_RDONLY,0);
if(f){
int i = 0;
int count = 0;
char *buf = kmalloc(sizeof(char)*256, GFP_KERNEL);
//reading a char at a time, if | appears we know it is the end of the path
while (vfs_read(f, buf + i, 1, &f->f_pos) == 1) {
//if it is a end character then it is the end of the file and we need to
//deal with the last path
//we need to get the length of the path
if(buf[count] == "|" || "\0"){
//if it is null char then we know that was the last path
if(buf[count] == "\0"){
kfree(buf);
return original_open(path, flags, mode);
}
buf[count + 1] = "\0";
char str[count+1];
memcpy(str,buf,sizeof(char)*count+1);
//if the path is in the file then do not open it
if(strcmp(path,str)){
kfree(buf);
return 0;
}
count = 0;
}
i++;
}
kfree(buf);
}
return original_open(path, flags, mode);
}
static int __init onload(void) {
char *kernel_version = kmalloc(MAX_VERSION_LEN, GFP_KERNEL);
printk(KERN_WARNING "Hello world!\n");
// printk(KERN_EMERG "Version: %s\n", acquire_kernel_version(kernel_version));
find_sys_call_table(acquire_kernel_version(kernel_version));
printk(KERN_EMERG "Syscall table address: %p\n", syscall_table);
printk(KERN_EMERG "sizeof(unsigned long *): %zx\n", sizeof(unsigned long*));
printk(KERN_EMERG "sizeof(sys_call_table) : %zx\n", sizeof(syscall_table));
if (syscall_table != NULL) {
write_cr0 (read_cr0 () & (~ 0x10000));
original_open = (void *)syscall_table[__NR_open];
syscall_table[__NR_open] = &new_open;
write_cr0 (read_cr0 () | 0x10000);
printk(KERN_EMERG "[+] onload: sys_call_table hooked\n");
} else {
printk(KERN_EMERG "[-] onload: syscall_table is NULL\n");
}
kfree(kernel_version);
/*
* A non 0 return means init_module failed; module can't be loaded.
*/
return 0;
}
static void __exit onunload(void) {
if (syscall_table != NULL) {
write_cr0 (read_cr0 () & (~ 0x10000));
syscall_table[__NR_open] = original_open;
write_cr0 (read_cr0 () | 0x10000);
printk(KERN_EMERG "[+] onunload: sys_call_table unhooked\n");
} else {
printk(KERN_EMERG "[-] onunload: syscall_table is NULL\n");
}
printk(KERN_INFO "Goodbye world!\n");
}
module_init(onload);
module_exit(onunload);
当我尝试打开文件然后使用dmsg shell命令检查时,这是我得到的输出:
ben@ubuntu:~/Documents/project/module$ dmsg
Traceback (most recent call last):
File "/usr/lib/command-not-found", line 27, in <module>
from CommandNotFound.util import crash_guard
File "/usr/lib/python3/dist-packages/CommandNotFound/__init__.py", line 3, in <module>
from CommandNotFound.CommandNotFound import CommandNotFound
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 7, in <module>
import dbm.gnu as gdbm
File "<frozen importlib._bootstrap>", line 2237, in _find_and_load
File "<frozen importlib._bootstrap>", line 2226, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 1200, in _load_unlocked
File "<frozen importlib._bootstrap>", line 1129, in _exec
File "<frozen importlib._bootstrap>", line 1467, in exec_module
File "<frozen importlib._bootstrap>", line 1579, in get_code
File "<frozen importlib._bootstrap>", line 1639, in _cache_bytecode
File "<frozen importlib._bootstrap>", line 1663, in set_data
File "<frozen importlib._bootstrap>", line 110, in _write_atomic
ValueError: Negative filedescriptor
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook
from apport.fileutils import likely_packaged, get_recent_crashes
File "/usr/lib/python3/dist-packages/apport/__init__.py", line 5, in <module>
from apport.report import Report
File "/usr/lib/python3/dist-packages/apport/report.py", line 15, in <module>
import xml.dom, xml.dom.minidom
File "<frozen importlib._bootstrap>", line 2237, in _find_and_load
File "<frozen importlib._bootstrap>", line 2226, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 1200, in _load_unlocked
File "<frozen importlib._bootstrap>", line 1129, in _exec
File "<frozen importlib._bootstrap>", line 1467, in exec_module
File "<frozen importlib._bootstrap>", line 1579, in get_code
File "<frozen importlib._bootstrap>", line 1639, in _cache_bytecode
File "<frozen importlib._bootstrap>", line 1663, in set_data
File "<frozen importlib._bootstrap>", line 110, in _write_atomic
ValueError: Negative filedescriptor
Original exception was:
Traceback (most recent call last):
File "/usr/lib/command-not-found", line 27, in <module>
from CommandNotFound.util import crash_guard
File "/usr/lib/python3/dist-packages/CommandNotFound/__init__.py", line 3, in <module>
from CommandNotFound.CommandNotFound import CommandNotFound
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 7, in <module>
import dbm.gnu as gdbm
File "<frozen importlib._bootstrap>", line 2237, in _find_and_load
File "<frozen importlib._bootstrap>", line 2226, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 1200, in _load_unlocked
File "<frozen importlib._bootstrap>", line 1129, in _exec
File "<frozen importlib._bootstrap>", line 1467, in exec_module
File "<frozen importlib._bootstrap>", line 1579, in get_code
File "<frozen importlib._bootstrap>", line 1639, in _cache_bytecode
File "<frozen importlib._bootstrap>", line 1663, in set_data
File "<frozen importlib._bootstrap>", line 110, in _write_atomic
ValueError: Negative filedescriptor
我很困惑这里到底出了什么问题,非常感谢一些输入!感谢。
当我运行dmesg命令时,这是输出:
[ 273.571654] /dev/:0
[ 273.571656] /dev/:1
[ 273.571659] /dev/pts/0
[ 273.571696] /var/run/utmp
[ 273.571709] /dev/:0
[ 273.571712] /dev/:1
[ 273.571715] /dev/pts/0
[ 273.571719] /var/run/utmp
[ 273.571731] /dev/:0
[ 273.571734] /dev/:1
[ 273.571736] /dev/pts/0
[ 273.571740] /var/run/utmp
[ 273.571752] /dev/:0
[ 273.571755] /dev/:1
[ 273.571758] /dev/pts/0
[ 273.571761] /var/run/utmp
[ 273.571773] /dev/:0
[ 273.571776] /dev/:1
[ 273.571779] /dev/pts/0
[ 273.571782] /var/run/utmp
[ 273.571794] /dev/:0
[ 273.571797] /dev/:1
[ 273.571800] /dev/pts/0
[ 273.571803] /var/run/utmp
[ 273.571816] /dev/:0
[ 273.571818] /dev/:1
[ 273.571821] /dev/pts/0
[ 273.571825] /var/run/utmp
[ 273.571837] /dev/:0
[ 273.571840] /dev/:1
[ 273.571843] /dev/pts/0
[ 273.571846] /var/run/utmp
[ 273.571859] /dev/:0
[ 273.571861] /dev/:1
[ 273.571864] /dev/pts/0
[ 273.571868] /var/run/utmp
[ 273.571880] /dev/:0
[ 273.571883] /dev/:1
[ 273.571886] /dev/pts/0
[ 273.571889] /var/run/utmp
[ 273.571913] /dev/:0
[ 273.571917] /dev/:1
[ 273.571920] /dev/pts/0
[ 273.571925] /var/run/utmp
[ 273.571937] /dev/:0
[ 273.571940] /dev/:1
[ 273.571943] /dev/pts/0
[ 273.571946] /var/run/utmp
[ 273.571959] /dev/:0
[ 273.571961] /dev/:1
[ 273.571964] /dev/pts/0
[ 273.571967] /var/run/utmp
[ 273.571980] /dev/:0
[ 273.571982] /dev/:1
[ 273.571985] /dev/pts/0
[ 273.571989] /var/run/utmp
[ 273.572001] /dev/:0
[ 273.572004] /dev/:1
[ 273.572006] /dev/pts/0
[ 273.572010] /var/run/utmp
[ 273.572023] /dev/:0
[ 273.572025] /dev/:1
[ 273.572028] /dev/pts/0
[ 273.572032] /var/run/utmp
[ 273.572044] /dev/:0
[ 273.572047] /dev/:1
[ 273.572049] /dev/pts/0
[ 273.572053] /var/run/utmp
[ 273.572066] /dev/:0
[ 273.572068] /dev/:1
[ 273.572071] /dev/pts/0
[ 273.572074] /var/run/utmp
[ 273.572087] /dev/:0
[ 273.572090] /dev/:1
[ 273.572092] /dev/pts/0
[ 273.572096] /var/run/utmp
[ 273.572108] /dev/:0
[ 273.572111] /dev/:1
[ 273.572113] /dev/pts/0
[ 273.572117] /var/run/utmp
[ 273.572129] /dev/:0
[ 273.572132] /dev/:1
[ 273.572135] /dev/pts/0
[ 273.572139] /var/run/utmp
[ 273.572151] /dev/:0
[ 273.572154] /dev/:1
[ 273.572156] /dev/pts/0
[ 273.572160] /var/run/utmp
[ 273.572172] /dev/:0
[ 273.572175] /dev/:1
[ 273.572178] /dev/pts/0
[ 273.572181] /var/run/utmp
[ 273.572194] /dev/:0
[ 273.572197] /dev/:1
[ 273.572199] /dev/pts/0
[ 273.572203] /var/run/utmp
[ 273.572215] /dev/:0
[ 273.572218] /dev/:1
[ 273.572221] /dev/pts/0
[ 273.572224] /var/run/utmp
[ 273.572237] /dev/:0
[ 273.572239] /dev/:1
[ 273.572242] /dev/pts/0
[ 273.572245] /var/run/utmp
[ 273.572258] /dev/:0
[ 273.572261] /dev/:1
[ 273.572263] /dev/pts/0
[ 273.572267] /var/run/utmp
[ 273.572279] /dev/:0
[ 273.572282] /dev/:1
[ 273.572284] /dev/pts/0
[ 273.572288] /var/run/utmp
[ 273.572300] /dev/:0
[ 273.572303] /dev/:1
[ 273.572306] /dev/pts/0
[ 273.572309] /var/run/utmp
[ 273.572322] /dev/:0
[ 273.572324] /dev/:1
[ 273.572327] /dev/pts/0
[ 273.572330] /var/run/utmp
[ 273.572343] /dev/:0
[ 273.572345] /dev/:1
[ 273.572348] /dev/pts/0
[ 273.572352] /var/run/utmp
[ 273.572364] /dev/:0
[ 273.572367] /dev/:1
[ 273.572369] /dev/pts/0
[ 273.572373] /var/run/utmp
[ 273.572385] /dev/:0
[ 273.572388] /dev/:1
[ 273.572390] /dev/pts/0
[ 273.572436] /var/run/utmp
[ 273.572451] /dev/:0
[ 273.572454] /dev/:1
[ 273.572456] /dev/pts/0
[ 273.572460] /var/run/utmp
[ 273.572473] /dev/:0
[ 273.572475] /dev/:1
[ 273.572478] /dev/pts/0
[ 273.572482] /var/run/utmp
[ 273.572494] /dev/:0
[ 273.572497] /dev/:1
[ 273.572500] /dev/pts/0
[ 273.572504] /var/run/utmp
[ 273.572516] /dev/:0
[ 273.572519] /dev/:1
[ 273.572521] /dev/pts/0
[ 273.572525] /var/run/utmp
[ 273.572538] /dev/:0
[ 273.572540] /dev/:1
[ 273.572543] /dev/pts/0
[ 273.572547] /var/run/utmp
[ 273.572559] /dev/:0
[ 273.572563] /dev/:1
[ 273.572566] /dev/pts/0
[ 273.572570] /var/run/utmp
[ 273.572582] /dev/:0
[ 273.572585] /dev/:1
[ 273.572587] /dev/pts/0
[ 273.572591] /var/run/utmp
[ 273.572603] /dev/:0
[ 273.572606] /dev/:1
[ 273.572609] /dev/pts/0
[ 273.572612] /var/run/utmp
[ 273.572625] /dev/:0
[ 273.572627] /dev/:1
[ 273.572630] /dev/pts/0
[ 273.572634] /var/run/utmp
[ 273.572646] /dev/:0
[ 273.572649] /dev/:1
[ 273.572651] /dev/pts/0
[ 273.572655] /var/run/utmp
[ 273.572667] /dev/:0
[ 273.572670] /dev/:1
[ 273.572672] /dev/pts/0
[ 273.572676] /var/run/utmp
[ 273.572689] /dev/:0
[ 273.572691] /dev/:1
[ 273.572694] /dev/pts/0
[ 273.572697] /var/run/utmp
[ 273.572710] /dev/:0
[ 273.572712] /dev/:1
[ 273.572715] /dev/pts/0
[ 273.572719] /var/run/utmp
[ 273.572731] /dev/:0
[ 273.572734] /dev/:1
[ 273.572736] /dev/pts/0
[ 273.572740] /var/run/utmp
[ 273.572752] /dev/:0
[ 273.572755] /dev/:1
[ 273.572757] /dev/pts/0
[ 273.572761] /var/run/utmp
[ 273.572773] /dev/:0
[ 273.572776] /dev/:1
[ 273.572778] /dev/pts/0
[ 273.572782] /var/run/utmp
[ 273.572794] /dev/:0
[ 273.572797] /dev/:1
[ 273.572799] /dev/pts/0
[ 273.572803] /var/run/utmp
[ 273.572815] /dev/:0
[ 273.572818] /dev/:1
[ 273.572820] /dev/pts/0
[ 273.572824] /var/run/utmp
[ 273.572836] /dev/:0
[ 273.572839] /dev/:1
[ 273.572842] /dev/pts/0
[ 273.572845] /var/run/utmp
[ 273.572857] /dev/:0
[ 273.572860] /dev/:1
[ 273.572863] /dev/pts/0
[ 273.572866] /var/run/utmp
[ 273.572879] /dev/:0
[ 273.572881] /dev/:1
[ 273.572884] /dev/pts/0
[ 273.572887] /var/run/utmp
[ 273.573006] /dev/:0
[ 273.573010] /dev/:1
[ 273.573013] /dev/pts/0
[ 273.573018] /var/run/utmp
[ 273.573031] /dev/:0
[ 273.573034] /dev/:1
[ 273.573037] /dev/pts/0
[ 273.573040] /var/run/utmp
[ 273.573053] /dev/:0
[ 273.573055] /dev/:1
[ 273.573058] /dev/pts/0
[ 273.573061] /var/run/utmp
[ 273.573074] /dev/:0
[ 273.573076] /dev/:1
[ 273.573079] /dev/pts/0
[ 273.573082] /var/run/utmp
[ 273.573095] /dev/:0
[ 273.573097] /dev/:1
[ 273.573100] /dev/pts/0
[ 273.573104] /var/run/utmp
[ 273.573116] /dev/:0
[ 273.573119] /dev/:1
[ 273.573121] /dev/pts/0
[ 273.573125] /var/run/utmp
[ 273.573137] /dev/:0
[ 273.573140] /dev/:1
[ 273.573143] /dev/pts/0
[ 273.573146] /var/run/utmp
[ 273.573159] /dev/:0
[ 273.573161] /dev/:1
[ 273.573164] /dev/pts/0
[ 273.573167] /var/run/utmp
[ 273.573180] /dev/:0
[ 273.573183] /dev/:1
[ 273.573185] /dev/pts/0
[ 273.573189] /var/run/utmp
[ 273.573201] /dev/:0
[ 273.573204] /dev/:1
[ 273.573206] /dev/pts/0
[ 273.573210] /var/run/utmp
[ 273.573222] /dev/:0
[ 273.573225] /dev/:1
[ 273.573228] /dev/pts/0
[ 273.573268] /var/run/utmp
[ 273.573281] /dev/:0
[ 273.573284] /dev/:1
[ 273.573287] /dev/pts/0
[ 273.573291] /var/run/utmp
[ 273.573303] /dev/:0
[ 273.573306] /dev/:1
[ 273.573309] /dev/pts/0
[ 273.573312] /var/run/utmp
[ 273.573325] /dev/:0
[ 273.573327] /dev/:1
[ 273.573330] /dev/pts/0
[ 273.573334] /var/run/utmp
[ 273.573346] /dev/:0
[ 273.573349] /dev/:1
[ 273.573352] /dev/pts/0
[ 273.573355] /var/run/utmp
[ 273.573368] /dev/:0
[ 273.573370] /dev/:1
[ 273.573373] /dev/pts/0
[ 273.573377] /var/run/utmp
[ 273.573389] /dev/:0
[ 273.573392] /dev/:1
[ 273.573407] /dev/pts/0
[ 273.573412] /var/run/utmp
[ 273.573425] /dev/:0
[ 273.573428] /dev/:1
[ 273.573431] /dev/pts/0
[ 273.573434] /var/run/utmp
[ 273.573447] /dev/:0
[ 273.573449] /dev/:1
[ 273.573452] /dev/pts/0
[ 273.573456] /var/run/utmp
[ 273.573468] /dev/:0
[ 273.573471] /dev/:1
[ 273.573474] /dev/pts/0
[ 273.573477] /var/run/utmp
[ 273.573490] /dev/:0
[ 273.573493] /dev/:1
[ 273.573495] /dev/pts/0
[ 273.573499] /var/run/utmp
[ 273.573511] /dev/:0
[ 273.573514] /dev/:1
[ 273.573517] /dev/pts/0
[ 273.573520] /var/run/utmp
[ 273.573533] /dev/:0
[ 273.573535] /dev/:1
[ 273.573538] /dev/pts/0
[ 273.573542] /var/run/utmp
[ 273.573554] /dev/:0
[ 273.573557] /dev/:1
[ 273.573560] /dev/pts/0
[ 273.573563] /var/run/utmp
[ 273.573576] /dev/:0
[ 273.573578] /dev/:1
[ 273.573581] /dev/pts/0
[ 273.573585] /var/run/utmp
[ 273.573597] /dev/:0
[ 273.573600] /dev/:1
[ 273.573602] /dev/pts/0
[ 273.573606] /var/run/utmp
[ 273.573618] /dev/:0
[ 273.573621] /dev/:1
[ 273.573624] /dev/pts/0
[ 273.573627] /var/run/utmp
[ 273.573640] /dev/:0
[ 273.573643] /dev/:1
[ 273.573645] /dev/pts/0
[ 273.573649] /var/run/utmp
[ 273.573661] /dev/:0
[ 273.573664] /dev/:1
[ 273.573667] /dev/pts/0
[ 273.573670] /var/run/utmp
[ 273.573683] /dev/:0
[ 273.573686] /dev/:1
[ 273.573688] /dev/pts/0
[ 273.573692] /var/run/utmp
[ 273.573704] /dev/:0
[ 273.573707] /dev/:1
[ 273.573710] /dev/pts/0
[ 273.573713] /var/run/utmp
[ 273.573726] /dev/:0
[ 273.573728] /dev/:1
[ 273.573731] /dev/pts/0
[ 273.573735] /var/run/utmp
[ 273.573747] /dev/:0
[ 273.573750] /dev/:1
[ 273.573752] /dev/pts/0
[ 273.573756] /var/run/utmp
[ 273.573769] /dev/:0
[ 273.573771] /dev/:1
[ 273.573774] /dev/pts/0
[ 273.573778] /var/run/utmp
[ 273.573790] /dev/:0
[ 273.573793] /dev/:1
[ 273.573795] /dev/pts/0
[ 273.573799] /var/run/utmp
[ 273.573811] /dev/:0
[ 273.573814] /dev/:1
[ 273.573817] /dev/pts/0
[ 273.573820] /var/run/utmp
[ 273.573833] /dev/:0
[ 273.573835] /dev/:1
[ 273.573838] /dev/pts/0
[ 273.573841] /var/run/utmp
[ 273.573862] /dev/:0
[ 273.573865] /dev/:1
[ 273.573867] /dev/pts/0
[ 273.573871] /var/run/utmp
[ 273.573883] /dev/:0
[ 273.573885] /dev/:1
[ 273.573888] /dev/pts/0
[ 273.573891] /var/run/utmp
[ 273.573924] /dev/:0
[ 273.573930] /dev/:1
[ 273.573934] /dev/pts/0
[ 273.573940] /var/run/utmp
[ 273.573953] /dev/:0
[ 273.573956] /dev/:1
[ 273.573968] /dev/pts/0
[ 273.573971] /var/run/utmp
[ 273.574003] /dev/:0
[ 273.574006] /dev/:1
[ 273.574008] /dev/pts/0
[ 273.574022] /var/run/utmp
[ 273.574044] /dev/:0
[ 273.574046] /dev/:1
[ 273.574049] /dev/pts/0
[ 273.574136] /var/run/utmp
[ 273.574159] /dev/:0
[ 273.574172] /dev/:1
[ 273.574175] /dev/pts/0
[ 273.574179] /var/run/utmp
[ 273.574211] /dev/:0
[ 273.574213] /dev/:1
[ 273.574216] /dev/pts/0
[ 273.574229] /var/run/utmp
[ 273.574252] /dev/:0
[ 273.574264] /dev/:1
[ 273.574266] /dev/pts/0
[ 273.574270] /var/run/utmp
[ 273.574304] /dev/:0
[ 273.574306] /dev/:1
[ 273.574309] /dev/pts/0
[ 273.574322] /var/run/utmp
[ 273.574344] /dev/:0
[ 273.574347] /dev/:1
[ 273.574359] /dev/pts/0
[ 273.574363] /var/run/utmp
[ 273.574385] /dev/:0
[ 273.574398] /dev/:1
[ 273.574400] /dev/pts/0
[ 273.574404] /var/run/utmp
[ 273.574427] /dev/:0
[ 273.574432] /dev/:1
[ 273.574434] /dev/pts/0
[ 273.574439] /var/run/utmp
[ 273.574452] /dev/:0
[ 273.574454] /dev/:1
[ 273.574457] /dev/pts/0
[ 273.574460] /var/run/utmp
[ 273.574473] /dev/:0
[ 273.574475] /dev/:1
[ 273.574478] /dev/pts/0
[ 273.574482] /var/run/utmp
[ 273.574494] /dev/:0
[ 273.574497] /dev/:1
[ 273.574499] /dev/pts/0
[ 273.574503] /var/run/utmp
[ 273.574515] /dev/:0
[ 273.574518] /dev/:1
[ 273.574520] /dev/pts/0
[ 273.574524] /var/run/utmp
[ 273.574536] /dev/:0
[ 273.574539] /dev/:1
[ 273.574542] /dev/pts/0
[ 273.574545] /var/run/utmp
[ 273.574558] /dev/:0
[ 273.574560] /dev/:1
[ 273.574563] /dev/pts/0
[ 273.574566] /var/run/utmp
[ 273.574579] /dev/:0
[ 273.574581] /dev/:1
[ 273.574584] /dev/pts/0
[ 273.574587] /var/run/utmp
[ 273.574600] /dev/:0
[ 273.574603] /dev/:1
[ 273.574605] /dev/pts/0
[ 273.574609] /var/run/utmp
[ 273.574621] /dev/:0
//part omitted due to character restriction
[ 273.574733] /dev/pts/0
[ 273.574737] /var/run/utmp
[ 273.574749] /dev/:0
[ 273.574752] /dev/:1
[ 273.574754] /dev/pts/0
[ 273.574758] /var/run/utmp
[ 273.574770] /dev/:0
[ 273.574773] /dev/:1
[ 273.574775] /dev/pts/0
[ 273.574779] /var/run/utmp
[ 273.574791] /dev/:0
[ 273.574794] /dev/:1
[ 273.574797] /dev/pts/0
[ 273.574800] /var/run/utmp
[ 273.574813] /dev/:0
[ 273.574815] /dev/:1
[ 273.574818] /dev/pts/0
[ 273.574821] /var/run/utmp
[ 273.574834] /dev/:0
[ 273.574836] /dev/:1
[ 273.574839] /dev/pts/0
[ 273.574843] /var/run/utmp
[ 273.574855] /dev/:0
[ 273.574858] /dev/:1
[ 273.574860] /dev/pts/0
[ 273.574864] /var/run/utmp
[ 273.574876] /dev/:0
[ 273.574879] /dev/:1
[ 273.574881] /dev/pts/0
[ 273.574894] /var/run/utmp
[ 273.574910] /dev/:0
[ 273.574913] /dev/:1
[ 273.574915] /dev/pts/0
[ 273.574920] /var/run/utmp
[ 273.574932] /dev/:0
[ 273.574935] /dev/:1
[ 273.574937] /dev/pts/0
[ 273.574941] /var/run/utmp
[ 273.577004] /etc/ld.so.cache
[ 273.577018] /lib/x86_64-linux-gnu/libc.so.6
[ 273.577182] /usr/lib/locale/locale-archive