11:47:05
|
#ifconfig tun1 destroy
ifconfig: SIOCIFDESTROY: Invalid argument |
| /l3/trainings/xg-ids/2005-12-19/fbsd1.linux.nt/root :1 :2 :3 :4 :5 :6 :7 :8 |
|
|
#ifconfig tun1 destroy
ifconfig: SIOCIFDESTROY: Invalid argument |
|
#ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::204:75ff:fe82:5343%xl0 prefixlen 64 scopeid 0x1
inet 192.168.15.21 netmask 0xffffff00 broadcast 192.168.15.255
ether 00:04:75:82:53:43
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:04:79:67:96:71
media: Ethernet autoselect (none)
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 192.168.18.20 --> 192.168.18.254 netmask 0xffffffff
Opened by PID 1523
tun1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
|
|
#ng
ngctl ngettext nghook |
|
#man ngctl
|
|
#[root@fbsd1:~]# time /usr/local/bin/nc 192.168.15.24 3456 > /dev/null
real 0m20.422s user 0m0.244s sys 0m2.595s |
|
#ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::204:75ff:fe82:5343%xl0 prefixlen 64 scopeid 0x1
inet 192.168.15.21 netmask 0xffffff00 broadcast 192.168.15.255
ether 00:04:75:82:53:43
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:04:79:67:96:71
media: Ethernet autoselect (none)
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 192.168.18.20 --> 192.168.18.254 netmask 0xffffffff
Opened by PID 1523
tun1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
|
|
#kill ppp
bash: kill: ppp: arguments must be process or job IDs |
|
#killall
|
|
#ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::204:75ff:fe82:5343%xl0 prefixlen 64 scopeid 0x1
inet 192.168.15.21 netmask 0xffffff00 broadcast 192.168.15.255
ether 00:04:75:82:53:43
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
ether 00:04:79:67:96:71
media: Ethernet autoselect (none)
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
|
|
#ping lenta.ru
PING lenta.ru (81.19.69.28): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ^C --- lenta.ru ping statistics --- 6 packets transmitted, 0 packets received, 100% packet loss |
|
#vi /etc/rc.conf
7c7 < #defaultrouter="192.168.15.254" --- > defaultrouter="192.168.15.254" |
|
#/etc/rc.d/routing restart
add net default: gateway 192.168.15.254 Additional routing options:. |
|
#ping lenta.ru
PING lenta.ru (81.19.69.28): 56 data bytes 64 bytes from 81.19.69.28: icmp_seq=0 ttl=49 time=151.524 ms 64 bytes from 81.19.69.28: icmp_seq=1 ttl=49 time=136.876 ms 64 bytes from 81.19.69.28: icmp_seq=2 ttl=49 time=136.337 ms ^C --- lenta.ru ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 136.337/141.579/151.524/7.036 ms |
|
#dig 62.64.113.246
; <<>> DiG 9.3.1 <<>> 62.64.113.246 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8626 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;62.64.113.246. IN A ;; AUTHORITY SECTION: . 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2005122101 1800 900 604800 86400 ;; Query time: 187 msec ;; SERVER: 192.168.15.254#53(192.168.15.254) ;; WHEN: Thu Dec 22 13:41:35 2005 ;; MSG SIZE rcvd: 106 |
|
#ssh -N -f -a -x -L 2010:127.0.0.1:110 193.111.9.10
root@193.111.9.10's password: |
|
#sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root ssh 2261 3 tcp4 192.168.15.21:61315 193.111.9.10:22 root ssh 2261 5 tcp4 127.0.0.1:2010 *:* root ssh 935 3 tcp4 192.168.15.21:57903 192.168.15.22:22 root Xorg 695 3 tcp4 *:6000 *:* root inetd 593 4 tcp4 *:540 *:* root syslog-ng 542 6 udp4 *:514 *:* root syslog-ng 542 16 udp4 192.168.15.21:64229 192.168.15.21:514 www httpd 533 16 tcp4 *:80 *:* www httpd 532 16 tcp4 *:80 *:* www httpd 531 16 tcp4 *:80 *:* www httpd 530 16 tcp4 *:80 *:* www httpd 529 16 tcp4 *:80 *:* mysql mysqld 528 3 tcp4 *:3306 *:* root httpd 465 16 tcp4 *:80 *:* root sendmail 426 3 tcp4 127.0.0.1:25 *:* root sshd 420 4 tcp4 *:22 *:* |
|
#ssh -N -f -a -x -L 2010:127.0.0.1:110 193.111.9.10
root@193.111.9.10's password: |
|
#ssh 193.111.9.10
tcp 0 1 193.111.9.10:1232 195.70.35.152:25 SYN_SENT tcp 0 1 193.111.9.10:1229 10.0.0.2:25 SYN_SENT tcp 0 256 193.111.9.10:22 62.64.113.246:1495 ESTABLISHED tcp 0 1 193.111.9.10:1227 198.127.14.3:25 SYN_SENT tcp 0 1 193.111.9.10:1244 222.150.61.145:25 SYN_SENT tcp 0 0 192.168.1.1:110 192.168.1.6:2499 TIME_WAIT tcp 0 0 193.111.9.10:1260 24.28.204.37:25 ESTABLISHED tcp 0 0 193.111.9.10:1250 24.28.204.37:25 ESTABLISHED tcp 0 0 192.168.1.1:3128 192.168.1.4:1804 ESTABLISHED tcp 0 1 193.111.9.10:1241 69.25.212.134:25 SYN_SENT ... tcp 0 0 192.168.1.1:3128 192.168.1.12:1687 TIME_WAIT tcp 0 0 193.111.9.10:22 62.64.113.246:1555 ESTABLISHED tcp 0 0 192.168.1.1:3128 192.168.1.4:2142 ESTABLISHED tcp 0 0 192.168.1.1:3128 192.168.1.4:2126 TIME_WAIT tcp 0 0 192.168.1.1:3128 192.168.1.12:1686 TIME_WAIT tcp 0 0 192.168.1.1:110 192.168.1.4:2125 TIME_WAIT tcp 0 0 193.111.9.10:2074 24.28.204.37:25 ESTABLISHED tcp 0 1 193.111.9.10:2324 162.33.244.142:25 SYN_SENT tcp 0 0 192.168.1.1:3128 192.168.1.4:2145 TIME_WAIT tcp 0 0 193.111.9.10:2109 24.28.204.37:25 ESTABLISHED |
|
#host 62.64.113.246
246.113.64.62.in-addr.arpa domain name pointer mail.tex.kiev.ua. |
|
#host
Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]
[-R number] hostname [server]
-a is equivalent to -v -t *
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-i IP6.INT reverse lookups
-N changes the number of dots allowed before root lookup is done
-r disables recursive processing
-R specifies number of retries for UDP packets
-t specifies the query type
-T enables TCP/IP mode
-v enables verbose output
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
-4 use IPv4 query transport only
-6 use IPv6 query transport only
|
|
#host 62.64.113.246
246.113.64.62.in-addr.arpa domain name pointer mail.tex.kiev.ua. |
|
#host 62.64.113.246
246.113.64.62.in-addr.arpa domain name pointer mail.tex.kiev.ua. |
|
#ps ax |grep ipfw
|
|
#ps ax |grep ip
755 ?? S 0:12.22 kdeinit: kdeinit: klipper (kdeinit) 617 v0 I+ 0:00.04 script -t 0 -q /home/user/.lilalo/ttyv0-617.script 881 p2 Is+ 0:00.10 script -t 0 -q /root/.lilalo/ttyp2-881.script 827 p4 Ss+ 0:00.29 script -t 0 -q /root/.lilalo/ttyp4-827.script 1645 p6 Is+ 0:00.19 script -t 0 -q /root/.lilalo/ttyp6-1645.script 2665 p8 Is+ 0:00.09 script -t 0 -q /root/.lilalo/ttyp8-2665.script |
|
#ipfw show
65535 8 554 deny ip from any to any |
|
#ipfw add 65000 allow ip from any to any
65000 allow ip from any to any |
|
#ipfw show
65000 0 0 allow ip from any to any 65535 15 1171 deny ip from any to any |
|
#ipfw add 100 allow tcp from any to my 22
^[[Aipfw: hostname ``my'' unknown |
|
#ipfw add 100 allow tcp from any to me22
00100 allow tcp from any to me dst-port 22 |
|
#ipfw add 2000 deny tcp from any to any setup via xl0 in
02000 deny tcp from any to any setup via xl0 in |
|
#ipfw show
00100 0 0 allow tcp from any to me dst-port 22 02000 0 0 deny tcp from any to any setup via xl0 in 65000 39 6764 allow ip from any to any 65535 15 1171 deny ip from any to any |
|
#ipfw
usage: ipfw [options] do "ipfw -h" or see ipfw manpage for details |
|
#ipfw -a
ipfw: bad arguments, for usage summary ``ipfw'' |
|
#ipfw add 200 allow tcp from any to me 23
00200 allow tcp from any to me dst-port 23 |
|
#ipfw show
00100 0 0 allow tcp from any to me dst-port 22 00200 0 0 allow tcp from any to me dst-port 23 02000 1 60 deny tcp from any to any setup via xl0 in 65000 200 23428 allow ip from any to any 65535 15 1171 deny ip from any to any |
|
#ipfw delite 2000
ipfw: bad command `delite' |
|
#ipfw delee 2000
|
|
#ipfw show
00100 0 0 allow tcp from any to me dst-port 22 00200 0 0 allow tcp from any to me dst-port 23 65000 265 29485 allow ip from any to any 65535 15 1171 deny ip from any to any |
|
#ipfw add 2000 reject tcp from any to any setup via xl0 in
02000 reject tcp from any to any setup via xl0 in |
|
#ipfw show
00100 0 0 allow tcp from any to me dst-port 22 00200 0 0 allow tcp from any to me dst-port 23 02000 0 0 reject tcp from any to any setup via xl0 in 65000 289 32622 allow ip from any to any 65535 15 1171 deny ip from any to any |
|
#ipfw list
00100 allow tcp from any to me dst-port 22 00200 allow tcp from any to me dst-port 23 02000 reject tcp from any to any setup via xl0 in 65000 allow ip from any to any 65535 deny ip from any to any |
|
#ipfw delete 100
|
|
#ipfw delete 100
ipfw: rule 100: setsockopt(IP_FW_DEL): Invalid argument |
|
#ipfw del 100
ipfw: DEPRECATED: 'del' matched 'delete' as a sub-string ipfw: rule 100: setsockopt(IP_FW_DEL): Invalid argument |
|
#ipfw list
00200 allow tcp from any to me dst-port 23 02000 reject tcp from any to any setup via xl0 in 65000 allow ip from any to any 65535 deny ip from any to any |
|
#ipfw del 20
ipfw: DEPRECATED: 'del' matched 'delete' as a sub-string |
|
#ipfw list
02000 reject tcp from any to any setup via xl0 in 65000 allow ip from any to any 65535 deny ip from any to any |
|
#ipfw del 2000
ipfw: DEPRECATED: 'del' matched 'delete' as a sub-string |
|
#ipfw list
65000 allow ip from any to any 65535 deny ip from any to any |
|
#ipfw add 005 allow tcp from any to me dst-port 22 keep-state
00005 allow tcp from any to me dst-port 22 keep-state |
|
#ipfw add 0011 allow tcp from any to me dst-port 23
00011 allow tcp from any to me dst-port 23 |
|
#ipfw add 0050 allow tcp from me to any out keep-state
00050 allow tcp from me to any out keep-state |
|
#ipfw add 0150 reset tcp from any to any
00150 reset tcp from any to any |
|
#ipfw list
00005 allow tcp from any to me dst-port 22 keep-state 00011 allow tcp from any to me dst-port 23 00050 allow tcp from me to any out keep-state 00150 reset tcp from any to any 65000 allow ip from any to any 65535 deny ip from any to any |
|
#ipfw list
00005 allow tcp from any to me dst-port 22 keep-state 00011 allow tcp from any to me dst-port 23 00050 allow tcp from me to any out keep-state 00150 reset tcp from any to any 65000 allow ip from any to any 65535 deny ip from any to any |
|
#pkg_add -r scanlogd
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/scanlogd.tbz... Done. ---------------------------------------------------------------------------- scanlogd requires a separate user and group named 'scanlogd' to run. You will need to create these manually. For example: pw groupadd scanlogd pw useradd scanlogd -d /nonexistent -g scanlogd -s /sbin/nologin -c SCANLOGD ---------------------------------------------------------------------------- |
|
#cat /etc/my.firewall
add 00005 allow tcp from any to me dst-port 22 keep-state add 00011 allow tcp from any to me dst-port 23 add 00050 allow tcp from me to any out keep-state add 00150 reset tcp from any to any add 65000 allow ip from any to any |
|
#/usr/local/etc/rc.d/scanlogd.sh start
|
|
#kldunload ipfw
|
|
#tail /var/log/messages
Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#tail -n20 og/messages
Dec 22 16:40:10 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#tail -n20 /var/log/messages
Dec 22 16:40:10 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#tail -n20 /var/log/messages
Dec 22 16:40:10 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#tail -n20 /var/log/messages
Dec 22 16:40:10 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:49:06 src@fbsd1 IP firewall unloaded Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:08 src@fbsd1 Limiting closed port RST response from 383 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:09 src@fbsd1 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:11 src@fbsd1 syslog-ng[542]: STATS: dropped 0 Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:12 src@fbsd1 Limiting closed port RST response from 384 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:13 src@fbsd1 Limiting closed port RST response from 381 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:15 src@fbsd1 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:16 src@fbsd1 Limiting closed port RST response from 323 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 22 16:50:17 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#pps ax |scan
bash: pps: command not found bash: scan: command not found |
|
#ps ax |grep
3560 p5 R+ 0:00.00 grep scan |
|
#/usr/local/etc/rc.d/scanlogd.sh start
|
|
#ps ax |grep scan
|
|
#/usr/local/etc/rc.d/scanlogd.sh
Usage: /usr/local/etc/rc.d/scanlogd.sh [fast|force|one](start stop restart rcvar status poll) |
|
#/usr/local/etc/rc.d/scanlogd.sh start
|
|
#ps ax |grep scan
3637 p5 S+ 0:00.00 grep scan |
|
#ps ax |grep scan
|
|
#vi /etc/rc.conf
|
|
#/usr/local/etc/rc.d/scanlogd.sh start
Starting scanlogd.
getpwnam("scanlogd"): No such user
|
|
#ps ax |grep scan
3692 p5 R+ 0:00.00 grep scan |
|
#vi /etc/rc.conf
|
|
#/usr/local/etc/rc.d/scanlogd.sh
Usage: /usr/local/etc/rc.d/scanlogd.sh [fast|force|one](start stop restart rcvar status poll) |
|
#/usr/local/etc/rc.d/scanlogd.sh start
Starting scanlogd.
getpwnam("scanlogd"): No such user
|
|
#ps ax |grep scan
|
|
#ps ax |grep scan
|
|
#pw groupadd scanlogd
pw: group name `scanlogd' already exists |
|
#pw useradd scanlogd -d /nonexistent -g scanlogd -s /sbin/nologin -c SCANLOGD
|
|
#/usr/local/etc/rc.d/scanlogd.sh start
Starting scanlogd. |
|
#ps ax |grep scan
3832 ?? Ss 0:00.00 /usr/local/bin/scanlogd 3842 p5 R+ 0:00.00 grep scan |
|
#nmap -D `perl -e r (1..32) { print int(rand(255)),($_%4?".":","); }'`me m02
bash: command substitution: line 1: syntax error near unexpected token `('
bash: command substitution: line 1: `perl -e r (1..32) { print int(rand(255)),($_%4?".":","); }''
bash: nmap: command not found
|
|
#pkg_add -r nmap
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/nmap.tbz... Done. |
|
#nmap -D `perl -e r (1..32) { print int(rand(255)),($_%4?".":","); }'`me m02
bash: command substitution: line 1: syntax error near unexpected token `('
bash: command substitution: line 1: `perl -e r (1..32) { print int(rand(255)),($_%4?".":","); }''
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-12-22 17:33 EET
Interesting ports on fbsd2.linux.nt (192.168.15.22):
(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:13:8F:2F:AC:5E (Unknown)
Nmap finished: 1 IP address (1 host up) scanned in 0.868 seconds
|
|
#nmap -D `perl 'for (1..32) { print int(rand(255)),($_%4?".":","); }'`me m01
Can't open perl script "for (1..32) { print int(rand(255)),($_%4?".":","); }": No such file or directory
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-12-23 09:41 EET
^[[AInteresting ports on fbsd1.linux.nt (192.168.15.21):
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
540/tcp open uucp
3306/tcp open mysql
6000/tcp open X11
MAC Address: 00:04:75:82:53:43 (3 Com)
Nmap finished: 1 IP address (1 host up) scanned in 10.733 seconds
|
|
#tail /var/log/messages
Dec 23 09:32:27 src@fbsd1 acd0: DVDROM <JLMS DVD-ROM LTD-166S/DS0B> at ata1-master UDMA40 Dec 23 09:32:27 src@fbsd1 Trying to mount root from ufs:/dev/ad1s1a Dec 23 09:32:27 src@fbsd1 Trying to mount root from ufs:/dev/ad1s1a Dec 23 09:32:28 src@fbsd1 xl0: promiscuous mode disabled Dec 23 09:32:41 src@fbsd1 syslog-ng[552]: Changing permissions on special file /dev/console Dec 23 09:32:41 src@fbsd1 su: user to root on /dev/ttyp0 Dec 23 09:33:55 src@fbsd1 (root-800): starting (version 2.10.1), pid 800 user 'root' Dec 23 09:33:55 src@fbsd1 (root-800): Resolved address "xml:readonly:/usr/X11R6/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Dec 23 09:33:55 src@fbsd1 (root-800): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1 Dec 23 09:33:55 src@fbsd1 (root-800): Resolved address "xml:readonly:/usr/X11R6/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 |
|
#ssh m02
The authenticity of host 'fbsd2.linux.nt (192.168.15.22)' can't be established.
DSA key fingerprint is c3:7f:9a:c8:76:9c:08:38:81:b8:b3:bd:d6:20:ad:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fbsd2.linux.nt' (DSA) to the list of known hosts.
Password:
Last login: Thu Dec 22 17:15:32 2005 from fbsd5.linux.nt
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.0-RELEASE (GENERIC) #0: Thu Nov 3 09:36:13 UTC 2005
Welcome to FreeBSD!
...
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
|
|
#tail /var/log/messages
Dec 23 09:44:05 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 23 09:44:05 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 23 09:44:20 src@fbsd1 Limiting closed port RST response from 253 to 200 packets/sec Dec 23 09:44:20 src@fbsd1 Limiting closed port RST response from 253 to 200 packets/sec Dec 23 09:44:22 src@fbsd1 Limiting closed port RST response from 233 to 200 packets/sec Dec 23 09:44:22 src@fbsd1 Limiting closed port RST response from 233 to 200 packets/sec Dec 23 09:44:23 src@fbsd1 Limiting closed port RST response from 262 to 200 packets/sec Dec 23 09:44:23 src@fbsd1 Limiting closed port RST response from 262 to 200 packets/sec Dec 23 09:44:24 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 23 09:44:24 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#nmap -D `perl 'for (1..32) { print int(rand(255)),($_%4?".":","); }'`me m01
Can't open perl script "for (1..32) { print int(rand(255)),($_%4?".":","); }": No such file or directory
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-12-23 09:42 EET
Interesting ports on fbsd1.linux.nt (192.168.15.21):
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
540/tcp open uucp
3306/tcp open mysql
6000/tcp open X11
MAC Address: 00:04:75:82:53:43 (3 Com)
Nmap finished: 1 IP address (1 host up) scanned in 10.682 seconds
|
|
#ps ax |grep scan
505 ?? Is 0:00.06 /usr/local/bin/scanlogd 1090 ?? Ss 0:00.00 scanlogd 1100 p5 S+ 0:00.00 grep scan |
|
#tail -n20 log/messages
Dec 23 09:33:55 src@fbsd1 (root-800): Resolved address "xml:readonly:/usr/X11R6/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Dec 23 09:33:55 src@fbsd1 (root-800): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1 Dec 23 09:33:55 src@fbsd1 (root-800): Resolved address "xml:readonly:/usr/X11R6/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 Dec 23 09:42:27 src@fbsd1 syslog-ng[552]: STATS: dropped 25 Dec 23 09:44:01 src@fbsd1 Limiting closed port RST response from 253 to 200 packets/sec Dec 23 09:44:01 src@fbsd1 Limiting closed port RST response from 253 to 200 packets/sec Dec 23 09:44:02 src@fbsd1 Limiting closed port RST response from 233 to 200 packets/sec Dec 23 09:44:02 src@fbsd1 Limiting closed port RST response from 233 to 200 packets/sec Dec 23 09:44:03 src@fbsd1 Limiting closed port RST response from 262 to 200 packets/sec Dec 23 09:44:03 src@fbsd1 Limiting closed port RST response from 262 to 200 packets/sec Dec 23 09:44:05 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 23 09:44:05 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 23 09:44:20 src@fbsd1 Limiting closed port RST response from 253 to 200 packets/sec Dec 23 09:44:20 src@fbsd1 Limiting closed port RST response from 253 to 200 packets/sec Dec 23 09:44:22 src@fbsd1 Limiting closed port RST response from 233 to 200 packets/sec Dec 23 09:44:22 src@fbsd1 Limiting closed port RST response from 233 to 200 packets/sec Dec 23 09:44:23 src@fbsd1 Limiting closed port RST response from 262 to 200 packets/sec Dec 23 09:44:23 src@fbsd1 Limiting closed port RST response from 262 to 200 packets/sec Dec 23 09:44:24 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec Dec 23 09:44:24 src@fbsd1 Limiting closed port RST response from 283 to 200 packets/sec |
|
#pkg_add -r nessus
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------
Congratulations. Your server certificate was properly created.
/usr/local/etc/nessus/nessusd.conf updated
The following files were created :
. Certification authority :
Certificate = /usr/local/com/CA/cacert.pem
Private key = /usr/local/var/CA/cakey.pem
. Nessus Server :
...
Press [ENTER] to exit
***********************************
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
***********************************
Since 2.0.12_1, to run nessusd server from startup, add nessusd_enable="YES"
in your /etc/rc.conf.
Available variables you add/set to /etc/rc.conf.
- nessusd_enable (bool): Set to "NO" by default.
Set it to "YES" to enable nessusd.
- nessusd_flags (str): Set to "-D" by default.
|
add 00005 allow tcp from any to me dst-port 22 keep-state add 00011 allow tcp from any to me dst-port 23 add 00050 allow tcp from me to any out keep-state add 00150 reset tcp from any to any add 65000 allow ip from any to any
| Время первой команды журнала | 11:46:01 2006-12-22 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 09:46:49 2006-12-23 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 20.79 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 2.97 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 3.52 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 0.48 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008