/l3/trainings/xg-ids/2005-12-19/fbsd1.linux.nt/user :1 :2 :3 |
|
$w
exit 11:16AM up 45 mins, 1 user, load averages: 0.08, 0.02, 0.01 USER TTY FROM LOGIN@ IDLE WHAT user v0 - 11:16AM - script -t 0 -q /home/u |
$su
Password: |
#vi .xinitrc
|
#cat .xinitrc
startkde |
#xinit
X Window System Version 6.8.2 Release Date: 9 February 2005 X Protocol Version 11, Revision 0, Release 6.8.2 Build Operating System: FreeBSD 6.0 i386 [ELF] Current Operating System: FreeBSD fbsd1.linux.nt 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 Build Date: 12 October 2005 Before reporting problems, check http://wiki.X.Org to make sure that you have the latest version. Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, ... getconfig.pl: rules file '/usr/X11R6/lib/X11/getconfig/xorg.cfg' has version 1.0. getconfig.pl: 1 rule added from file '/usr/X11R6/lib/X11/getconfig/xorg.cfg'. getconfig.pl: Evaluated 24 rules with 0 errors. getconfig.pl: Weight of result is 500. New driver is "i810" (==) Using default built-in configuration (53 lines) (EE) Failed to load module "fbdev" (module does not exist, 0) xterm: fatal IO error 32 (Broken pipe) or KillClient on X server ":0.0" xinit: connection to X server lost. waiting for X server to shut down FreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing. |
#xorgcfg
![]() Module apm: vendor="X.Org Foundation" compiled for 6.8.2, module version = 1.0.0 Unloading /usr/X11R6/lib/modules/drivers/apm_drv.o Loading /usr/X11R6/lib/modules/drivers/ark_drv.o Module ark: vendor="X.Org Foundation" compiled for 6.8.2, module version = 0.5.0 Unloading /usr/X11R6/lib/modules/drivers/ark_drv.o Loading /usr/X11R6/lib/modules/drivers/ati_drv.o Module ati: vendor="X.Org Foundation" compiled for 6.8.2, module version = 6.5.6 ... Loading /usr/X11R6/lib/modules/drivers/via_drv.o Module via: vendor="X.Org Foundation" compiled for 4.3.99.902, module version = 4.1.30 Unloading /usr/X11R6/lib/modules/drivers/via_drv.o Loading /usr/X11R6/lib/modules/drivers/vmware_drv.o Module vmware: vendor="X.Org Foundation" compiled for 6.8.2, module version = 10.10.2 Module vmware already in list! Unloading /usr/X11R6/lib/modules/drivers/vmware_drv.o X connection to :8.0 broken (explicit kill or server shutdown). |
#FreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing.
![]() |
#vi xorg.conf.new
|
#ls
.bash_profile .lilalo .mail_aliases .rhosts xorg.conf.new .bashrc .login .mailrc .shrc .cshrc .login_conf .profile .xinitrc |
#cat xorg.conf.new
|
#exit
|
$xinit
kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call ... kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive call kdeinit in malloc(): error: recursive callFreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing. xinit: connection to X server lost. Hangup GOT SIGHUP |
#sudo cat /etc/shadow
![]() su: sudo: command not found |
#pkg_add sudo
![]() pkg_add: can't stat package file 'sudo' |
#pkg_add -r o
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/sudo.tbz... Done. |
#sudo cat /etc/shadow
![]() root is not in the sudoers file. This incident will be reported. |
#vi /usr/local/etc/sudoers
|
$xrandr
exit SZ: Pixels Physical Refresh *0 1600 x 1200 ( 342mm x 272mm ) *66 1 1280 x 1024 ( 342mm x 272mm ) 76 2 1024 x 768 ( 342mm x 272mm ) 76 3 800 x 600 ( 342mm x 272mm ) 73 4 640 x 480 ( 342mm x 272mm ) 73 Current rotation - normal Current reflection - none Rotations possible - normal Reflections possible - none |
$sudo
![]() usage: sudo -K | -L | -V | -h | -k | -l | -v usage: sudo [-HPSb] [-c class|-] [-p prompt] [-u username|#uid] { -e file [...] | -i | -s | <command> } |
$sudo -s
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: |
#vi /etc/X11/xorg.conf
103c103 < Modes "1024*768" --- > Modes "1024*768" "1280*1024" |
#exit
exit |
$ls
Desktop nohup.out xorg.conf.new |
$su
Password: |
#cat /etc/shadow
![]() cat: /etc/shadow: No such file or directory |
#cd /etc
|
#ls
X11 login.conf.db pwd.db aliases mac.conf rc amd.map mail rc.bsdextended apmd.conf mail.rc rc.conf auth.conf make.conf rc.d bluetooth manpath.config rc.firewall crontab manpath.config.bak rc.firewall6 csh.cshrc master.passwd rc.initdiskless csh.login motd rc.resume csh.logout mtree rc.sendmail ... hosts pccard_ether ssh hosts.allow periodic ssl hosts.equiv pf.conf sysctl.conf hosts.lpd pf.os syslog.conf inetd.conf phones termcap isdn portsnap.conf ttys localtime ppp usbd.conf locate.rc printcap wall_cmos_clock login.access profile login.conf protocols |
#cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:$1$L5AH1i1r$Xm5gkzCwrEiMNhlGO49tL0:0:0::0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin ... proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin gdm:*:92:92::0:0:GNOME Display Manager:/nonexistent:/sbin/nologin cyrus:*:60:60::1134856800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin user:$1$.xb.Lvpj$7nAcx8eNT2sxLm3Paf/5K0:1001:0::0:0:NT-IDS Student #1:/home/user:/usr/local/bin/bash |
#ls -l /var/run/log
srw-rw-rw- 1 root wheel 0 Dec 19 10:31 /var/run/log |
#cat /etc/syslog.conf
# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security ... # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log |
#logger test
|
#cat /var/log/messages
Dec 18 20:17:10 fbsd1 kernel: pci0: <ACPI PCI bus> on pcib0 Dec 18 20:17:10 fbsd1 kernel: agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xd0000000-0xd7ffffff,0xde000000-0xde07ffff irq 16 at device 2.0 on pci0 Dec 18 20:17:10 fbsd1 kernel: agp0: detected 8060k stolen memory Dec 18 20:17:10 fbsd1 kernel: agp0: aperture size is 128M Dec 18 20:17:10 fbsd1 kernel: pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0 Dec 18 20:17:10 fbsd1 kernel: pci1: <ACPI PCI bus> on pcib1 Dec 18 20:17:10 fbsd1 kernel: xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xc000-0xc07f mem 0xdd000000-0xdd00007f irq 16 at device 0.0 on pci1 Dec 18 20:17:10 fbsd1 kernel: miibus0: <MII bus> on xl0 Dec 18 20:17:10 fbsd1 kernel: ukphy0: <Generic IEEE 802.3u media interface> on miibus0 Dec 18 20:17:10 fbsd1 kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto ... Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1 Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6 Dec 19 11:36:57 fbsd1 sudo: root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test |
#tailr/log/messages
Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1 Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6 Dec 19 11:36:57 fbsd1 sudo: root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test |
#tail -far/log/messages
![]() Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1 Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6 Dec 19 11:36:57 fbsd1 sudo: root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test ^[[A Dec 19 12:12:19 fbsd1 root: new syslog line ^C |
#tail -f /var/log/messages
![]() Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1 Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6 Dec 19 11:36:57 fbsd1 sudo: root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 ^X ^C |
#logger -p emerg TEST2
|
#vi /etc/rc.conf
|
#pkg_add -r syslog-NG
![]() Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz: File unavailable (e.g., file not found, no access) pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz' by URL |
#pkg_add -r syslog-NG
![]() Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz: File unavailable (e.g., file not found, no access) pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz' by URL |
#cd /usr/ports/sysutils
|
#pkg_add -r syslog-ng
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-ng.tbz... Done. syslog-ng is now installed! To replace FreeBSD's standard syslogd (/usr/sbin/syslogd), complete these steps: 1. Create a configuration file named /usr/local/etc/syslog-ng/syslog-ng.conf (a sample named syslog-ng.conf.sample has been included) 2. If you are using FreeBSD 4.4 or later, add these lines to your /etc/rc.conf: syslogd_program="/usr/local/sbin/syslog-ng" syslogd_flags="" 3. If you are using FreeBSD 4.3 or earlier, follow these steps: a. Configure syslog-ng to start automatically by creating a startup script in /usr/local/etc/rc.d. (a sample named syslog-ng.sh.sample has been included) b. Prevent the standard FreeBSD syslogd from starting automatically by adding a line to the end of your /etc/rc.conf file that reads: syslogd_enable="NO" 4. Shut down the standard FreeBSD syslogd: kill `cat /var/run/syslog.pid` 5. Start syslog-ng: /usr/local/sbin/syslog-ng |
#pkg_info -Lx syslog-ng
Information for syslog-ng-1.6.8: Files: /usr/local/man/man5/syslog-ng.conf.5.gz /usr/local/man/man8/syslog-ng.8.gz /usr/local/etc/rc.d/syslog-ng.sh.sample /usr/local/etc/syslog-ng/syslog-ng.conf.sample /usr/local/sbin/syslog-ng /usr/local/share/doc/syslog-ng/AUTHORS /usr/local/share/doc/syslog-ng/COPYING /usr/local/share/doc/syslog-ng/ChangeLog /usr/local/share/doc/syslog-ng/INSTALL /usr/local/share/doc/syslog-ng/NEWS /usr/local/share/doc/syslog-ng/PORTS /usr/local/share/doc/syslog-ng/README /usr/local/share/doc/syslog-ng/sgml/syslog-ng.dvi /usr/local/share/doc/syslog-ng/sgml/syslog-ng.html.tar.gz /usr/local/share/doc/syslog-ng/sgml/syslog-ng.ps /usr/local/share/doc/syslog-ng/sgml/syslog-ng.sgml /usr/local/share/doc/syslog-ng/sgml/syslog-ng.txt |
#ls
syslog-ng.conf.sample |
#cp syslog-ng.conf.sample syslog-ng.conf
|
#ls
syslog-ng.conf syslog-ng.conf.sample |
#vi syslog-ng.conf
|
#vi /usr/local/etc/syslo-ng/syslog-ng.conf
|
#/usr/local/etc/rc.d/syslog-ng.shart
![]() su: /usr/local/etc/rc.d/syslog-ng.sh: No such file or directory |
#/etc/rc.d/syslog stop
![]() su: /etc/rc.d/syslog: No such file or directory |
#cd /usr/local/etc/rc.d/
|
#/etc/rc.d/syslogdstop
|
#ps ax |grep syslogd
288 ?? Ss 0:00.05 /usr/sbin/syslogd -s 3557 p5 S+ 0:00.00 grep syslogd |
#ls
000.mysql-client.sh kdelibs.sh snmptrapd.sh 001slpd.sh mdnsd.sh syslog-ng.sh.sample cups.sh.sample mdnsresponder.sh genkdmconf.sh snmpd.sh |
#cp syslog-ng.sh.sample syslog-ng.sh
|
#killall syslogd
|
#/usr/local/etc/rc.d/syslog-ng.sh start
Changing permissions on special file /dev/klog |
#ps ax|grep sys
3752 ?? Ss 0:00.00 /usr/local/sbin/syslog-ng 3762 p5 S+ 0:00.00 grep sys 3456 p7 I+ 0:00.01 /bin/sh /usr/bin/vi /usr/local/etc/syslog-ng/syslog-n 3465 p7 I+ 0:00.01 /usr/bin/vi.orig /usr/local/etc/syslog-ng/syslog-ng.c |
#logger -p emerg TEST3
|
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15 Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting |
#ps ax |grep syslogd
![]() |
#logger TEST3
|
#/etc/rc.d/syslog-ng start
![]() su: /etc/rc.d/syslog-ng: No such file or directory |
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15 Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting |
#tail /var/log/
![]() Xorg.0.log debug.log scrollkeeper.log userlog Xorg.0.log.old lastlog security wtmp Xorg.8.log lpd-errs sendmail.st xferlog Xorg.8.log.old maillog sendmail.st.0 auth.log messages sendmail.st.1 cron ppp.log slip.log |
#tail /var/log/userlog
2005-12-18 21:58:54 [unknown:groupadd] gdm(92) 2005-12-18 21:58:54 [unknown:useradd] gdm(92):gdm(92):GNOME Display Manager:/nonexistent:/sbin/nologin 2005-12-18 22:06:40 [unknown:groupadd] cyrus(60) 2005-12-18 22:06:40 [unknown:useradd] cyrus(60):cyrus(60):the cyrus mail server:/nonexistent:/usr/sbin/nologin 2005-12-18 22:16:07 [unknown:useradd] user(1001):wheel(0):NT-IDS Student #1:/home/user:/usr/local/bin/bash 2005-12-18 22:16:07 [unknown:useradd] user(1001) home /home/user made |
#cat /usr/local/etc/syslog-ng/syslog-ng.conf
destination newsnotice { file("/var/log/news/news.notice"); }; destination slip { file("/var/log/slip.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination console { file("/dev/console"); }; destination allusers { usertty("*"); }; #destination loghost { udp("loghost" port(514)); }; # # log facility filters # filter f_auth { facility(auth); }; ... # # !startslip # *.* /var/log/slip.log # log { source(src); filter(f_slip); destination(slip); }; # # !ppp # *.* /var/log/ppp.log # log { source(src); filter(f_ppp); destination(ppp); }; |
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15 Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting |
#logger TEST3
|
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15 Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting |
#ps ax |grep sys
3752 ?? Is 0:00.00 /usr/local/sbin/syslog-ng 3855 p5 R+ 0:00.00 grep sys 3456 p7 I+ 0:00.01 /bin/sh /usr/bin/vi /usr/local/etc/syslog-ng/syslog-n 3465 p7 I+ 0:00.04 /usr/bin/vi.orig /usr/local/etc/syslog-ng/syslog-ng.c |
#exit
exit |
#ps ax |grep sys
3752 ?? Ss 0:00.00 /usr/local/sbin/syslog-ng 3950 p4 S+ 0:00.00 grep sys 3456 p7 I+ 0:00.01 /bin/sh /usr/bin/vi /usr/local/etc/syslog-ng/syslog-ng.conf 3465 p7 I+ 0:00.04 /usr/bin/vi.orig /usr/local/etc/syslog-ng/syslog-ng.conf |
#ps ax |grep sys
3752 ?? Is 0:00.00 /usr/local/sbin/syslog-ng 4002 p4 R+ 0:00.00 grep sys |
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15 Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting |
#logger -p emerg TEST3
|
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test Dec 19 12:12:19 fbsd1 root: new syslog line Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7 Dec 19 12:16:30 fbsd1 user: TEST2 Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15 Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting |
#cal /etc/rc.conf
![]() cal: year 0 not in range 1..9999 |
#cat/etc/rc.conf
# -- sysinstall generated deltas -- # Sun Dec 18 21:47:40 2005 # Created: Sun Dec 18 21:47:40 2005 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter="192.168.15.254" font8x14="cp866-8x14" font8x16="cp866b-8x16" font8x8="cp866-8x8" hostname="fbsd1.linux.nt" ifconfig_xl0="inet 192.168.15.21 netmask 255.255.255.0" keymap="ru.koi8-r" keyrate="fast" mousechar_start="3" moused_enable="YES" saver="daemon" scrnmap="koi8-r2cp866" sshd_enable="YES" syslogd_enable="NO" |
#logger -p emerg TEST3Dec 19 13:11:49 fbsd1 user: TEST3
Dec 19 13:52:04 fbsd1 user: TEST3 |
$ps aux | grep l3
root 1039 0.0 0.6 7080 5788 ?? Ss 11:00AM 1:30.19 l3-agent (perl5.8.7) root 1041 0.0 0.6 7096 5808 ?? Rs 11:00AM 1:29.83 l3-agent (perl5.8.7) root 1057 0.0 0.6 7084 5792 ?? Ss 11:00AM 1:29.44 l3-agent (perl5.8.7) |
$sudo ll l3-agent
![]() Password: No matching processes were found |
$sudo killall 1039 1041 1057
![]() No matching processes were found |
$sudo kill 1039 1041 1057
|
$l3-agent
|
$l3-agent
l3-agent is already running |
$l3-agent
l3-agent is already running |
#cat /usr/local/etc/rc.d/syslog-ng.sh restart
![]() #!/bin/sh if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then echo "$0: Cannot determine the PREFIX" >&2 exit 1 fi case "$1" in start) [ -x ${PREFIX}/sbin/syslog-ng ] && ${PREFIX}/sbin/syslog-ng && echo -n ' syslog-ng' ;; stop) killall syslog-ng && echo -n ' syslog-ng' ;; *) echo "Usage: `basename $0` {start|stop}" >&2 ;; esac exit 0 cat: restart: No such file or directory |
#/usr/local/etc/rc.d/syslog-ng.sh restart
Usage: syslog-ng.sh {start|stop} |
#/usr/local/etc/rc.d/syslog-ng.sh stop
|
startkde
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:$1$L5AH1i1r$Xm5gkzCwrEiMNhlGO49tL0:0:0::0:0:Charlie &:/root:/usr/local/bin/bash toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin gdm:*:92:92::0:0:GNOME Display Manager:/nonexistent:/sbin/nologin cyrus:*:60:60::1134856800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin user:$1$.xb.Lvpj$7nAcx8eNT2sxLm3Paf/5K0:1001:0::0:0:NT-IDS Student #1:/home/user:/usr/local/bin/bash
# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log # touch /var/log/all.log and chmod it to mode 600 before it will work #*.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log
destination newsnotice { file("/var/log/news/news.notice"); }; destination slip { file("/var/log/slip.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination console { file("/dev/console"); }; destination allusers { usertty("*"); }; #destination loghost { udp("loghost" port(514)); }; # # log facility filters # filter f_auth { facility(auth); }; filter f_authpriv { facility(authpriv); }; filter f_not_authpriv { not facility(authpriv); }; filter f_console { facility(console); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_security { facility(security); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); }; # # log level filters # filter f_emerg { level(emerg); }; filter f_alert { level(alert..emerg); }; filter f_crit { level(crit..emerg); }; filter f_err { level(err..emerg); }; filter f_warning { level(warning..emerg); }; filter f_notice { level(notice..emerg); }; filter f_info { level(info..emerg); }; filter f_debug { level(debug..emerg); }; filter f_is_debug { level(debug); }; # # program filters # filter f_ppp { program("ppp"); }; filter f_slip { program("startslip"); }; # # *.err;kern.warning;auth.notice;mail.crit /dev/console # log { source(src); filter(f_err); destination(console); }; log { source(src); filter(f_kern); filter(f_warning); destination(console); }; log { source(src); filter(f_auth); filter(f_notice); destination(console); }; log { source(src); filter(f_mail); filter(f_crit); destination(console); }; # # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages # log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); }; log { source(src); filter(f_news); filter(f_err); destination(messages); }; # # security.* /var/log/security # log { source(src); filter(f_security); destination(security); }; # # auth.info;authpriv.info /var/log/auth.log log { source(src); filter(f_auth); filter(f_info); destination(authlog); }; log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); }; # # mail.info /var/log/maillog # log { source(src); filter(f_mail); filter(f_info); destination(maillog); }; # # lpr.info /var/log/lpd-errs # log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); }; # # ftp.info /var/log/xferlog # log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); }; # # cron.* /var/log/cron # log { source(src); filter(f_cron); destination(cron); }; # # *.=debug /var/log/debug.log # log { source(src); filter(f_is_debug); destination(debuglog); }; # # *.emerg * # log { source(src); filter(f_emerg); destination(allusers); }; # # uncomment this to log all writes to /dev/console to /var/log/console.log # console.info /var/log/console.log # #log { source(src); filter(f_console); filter(f_info); destination(consolelog); }; # # uncomment this to enable logging of all log messages to /var/log/all.log # touch /var/log/all.log and chmod it to mode 600 before it will work # *.* /var/log/all.log # #log { source(src); destination(all); }; # # uncomment this to enable logging to a remote loghost named loghost # *.* @loghost # #log { source(src); destination(loghost); }; # # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice # #log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; #log { source(src); filter(f_news); filter(f_err); destination(newserr); }; #log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; # # !startslip # *.* /var/log/slip.log # log { source(src); filter(f_slip); destination(slip); }; # # !ppp # *.* /var/log/ppp.log # log { source(src); filter(f_ppp); destination(ppp); };
Dec 18 20:17:10 fbsd1 kernel: pci0: <ACPI PCI bus> on pcib0 Dec 18 20:17:10 fbsd1 kernel: agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xd0000000-0xd7ffffff,0xde000000-0xde07ffff irq 16 at device 2.0 on pci0 Dec 18 20:17:10 fbsd1 kernel: agp0: detected 8060k stolen memory Dec 18 20:17:10 fbsd1 kernel: agp0: aperture size is 128M Dec 18 20:17:10 fbsd1 kernel: pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0 Dec 18 20:17:10 fbsd1 kernel: pci1: <ACPI PCI bus> on pcib1 Dec 18 20:17:10 fbsd1 kernel: xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xc000-0xc07f mem 0xdd000000-0xdd00007f irq 16 at device 0.0 on pci1 Dec 18 20:17:10 fbsd1 kernel: miibus0: <MII bus> on xl0 Dec 18 20:17:10 fbsd1 kernel: ukphy0: <Generic IEEE 802.3u media interface> on miibus0 Dec 18 20:17:10 fbsd1 kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Dec 18 20:17:10 fbsd1 kernel: xl0: Ethernet address: 00:04:75:82:53:43 Dec 18 20:17:10 fbsd1 kernel: xl1: <3Com 3c905C-TX Fast Etherlink XL> port 0xc400-0xc47f mem 0xdd001000-0xdd00107f irq 18 at device 2.0 on pci1 Dec 18 20:17:10 fbsd1 kernel: miibus1: <MII bus> on xl1 Dec 18 20:17:10 fbsd1 kernel: xlphy0: <3c905C 10/100 internal PHY> on miibus1 Dec 18 20:17:10 fbsd1 kernel: xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Dec 18 20:17:10 fbsd1 kernel: xl1: Ethernet address: 00:04:79:67:96:71 Dec 18 20:17:10 fbsd1 kernel: isab0: <PCI-ISA bridge> at device 31.0 on pci0 Dec 18 20:17:10 fbsd1 kernel: isa0: <ISA bus> on isab0 Dec 18 20:17:10 fbsd1 kernel: atapci0: <Intel ICH4 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 31.1 on pci0 Dec 18 20:17:10 fbsd1 kernel: ata0: <ATA channel 0> on atapci0 Dec 18 20:17:10 fbsd1 kernel: ata1: <ATA channel 1> on atapci0 Dec 18 20:17:10 fbsd1 kernel: pci0: <serial bus, SMBus> at device 31.3 (no driver attached) Dec 18 20:17:10 fbsd1 kernel: pci0: <multimedia, audio> at device 31.5 (no driver attached) Dec 18 20:17:10 fbsd1 kernel: acpi_tz0: <Thermal Zone> on acpi0 Dec 18 20:17:10 fbsd1 kernel: fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 Dec 18 20:17:10 fbsd1 kernel: fdc0: [FAST] Dec 18 20:17:10 fbsd1 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0 Dec 18 20:17:10 fbsd1 kernel: sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 Dec 18 20:17:10 fbsd1 kernel: sio0: type 16550A Dec 18 20:17:10 fbsd1 kernel: sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 Dec 18 20:17:10 fbsd1 kernel: sio1: type 16550A Dec 18 20:17:10 fbsd1 kernel: atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0 Dec 18 20:17:10 fbsd1 kernel: atkbd0: <AT Keyboard> irq 1 on atkbdc0 Dec 18 20:17:10 fbsd1 kernel: kbd0 at atkbd0 Dec 18 20:17:10 fbsd1 kernel: atkbd0: [GIANT-LOCKED] Dec 18 20:17:10 fbsd1 kernel: psm0: <PS/2 Mouse> irq 12 on atkbdc0 Dec 18 20:17:10 fbsd1 kernel: psm0: [GIANT-LOCKED] Dec 18 20:17:10 fbsd1 kernel: psm0: model Generic PS/2 mouse, device ID 0 Dec 18 20:17:10 fbsd1 kernel: pmtimer0 on isa0 Dec 18 20:17:10 fbsd1 kernel: ppc0: parallel port not found. Dec 18 20:17:10 fbsd1 kernel: sc0: <System console> at flags 0x100 on isa0 Dec 18 20:17:10 fbsd1 kernel: sc0: VGA <16 virtual consoles, flags=0x300> Dec 18 20:17:10 fbsd1 kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Dec 18 20:17:10 fbsd1 kernel: Timecounter "TSC" frequency 1800032756 Hz quality 800 Dec 18 20:17:10 fbsd1 kernel: Timecounters tick every 1.000 msec Dec 18 20:17:10 fbsd1 kernel: ad1: 32253MB <SAMSUNG SP0612N TT100-23> at ata0-slave UDMA100 Dec 18 20:17:10 fbsd1 kernel: acd0: DVDROM <JLMS DVD-ROM LTD-166S/DS0B> at ata1-master UDMA40 Dec 18 20:17:10 fbsd1 kernel: Trying to mount root from ufs:/dev/ad1s1a Dec 18 20:17:10 fbsd1 savecore: no dumps found Dec 18 20:17:11 fbsd1 root: /etc/rc: WARNING: Setting entropy source to blocking mode. Dec 18 20:18:14 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 18 20:18:52 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 18 20:27:47 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 18 20:27:51 fbsd1 shutdown: power-down by root: Dec 18 20:27:54 fbsd1 syslogd: exiting on signal 15 Dec 19 10:31:45 fbsd1 syslogd: kernel boot file is /boot/kernel/kernel Dec 19 10:31:45 fbsd1 kernel: Copyright (c) 1992-2005 The FreeBSD Project. Dec 19 10:31:45 fbsd1 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Dec 19 10:31:45 fbsd1 kernel: The Regents of the University of California. All rights reserved. Dec 19 10:31:45 fbsd1 kernel: FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 Dec 19 10:31:45 fbsd1 kernel: root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC Dec 19 10:31:45 fbsd1 kernel: ACPI APIC Table: <IntelR AWRDACPI> Dec 19 10:31:45 fbsd1 kernel: Timecounter "i8254" frequency 1193182 Hz quality 0 Dec 19 10:31:45 fbsd1 kernel: CPU: Intel(R) Celeron(R) CPU 1.80GHz (1800.03-MHz 686-class CPU) Dec 19 10:31:45 fbsd1 kernel: Origin = "GenuineIntel" Id = 0xf13 Stepping = 3 Dec 19 10:31:45 fbsd1 kernel: Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM> Dec 19 10:31:45 fbsd1 kernel: real memory = 1065287680 (1015 MB) Dec 19 10:31:45 fbsd1 kernel: avail memory = 1033555968 (985 MB) Dec 19 10:31:45 fbsd1 kernel: ioapic0 <Version 2.0> irqs 0-23 on motherboard Dec 19 10:31:45 fbsd1 kernel: npx0: [FAST] Dec 19 10:31:45 fbsd1 kernel: npx0: <math processor> on motherboard Dec 19 10:31:45 fbsd1 kernel: npx0: INT 16 interface Dec 19 10:31:45 fbsd1 kernel: acpi0: <IntelR MSI ACPI> on motherboard Dec 19 10:31:45 fbsd1 kernel: acpi0: Power Button (fixed) Dec 19 10:31:45 fbsd1 kernel: pci_link0: <ACPI PCI Link LNKA> irq 11 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link1: <ACPI PCI Link LNKB> irq 5 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link2: <ACPI PCI Link LNKC> irq 10 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link3: <ACPI PCI Link LNKD> irq 9 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link4: <ACPI PCI Link LNKE> irq 0 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link5: <ACPI PCI Link LNKF> irq 0 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link6: <ACPI PCI Link LNK0> irq 0 on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci_link7: <ACPI PCI Link LNK1> irq 7 on acpi0 Dec 19 10:31:45 fbsd1 kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 Dec 19 10:31:45 fbsd1 kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 Dec 19 10:31:45 fbsd1 kernel: cpu0: <ACPI CPU> on acpi0 Dec 19 10:31:45 fbsd1 kernel: acpi_throttle0: <ACPI CPU Throttling> on cpu0 Dec 19 10:31:45 fbsd1 kernel: acpi_button0: <Power Button> on acpi0 Dec 19 10:31:45 fbsd1 kernel: acpi_button1: <Sleep Button> on acpi0 Dec 19 10:31:45 fbsd1 kernel: pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 Dec 19 10:31:45 fbsd1 kernel: pci0: <ACPI PCI bus> on pcib0 Dec 19 10:31:45 fbsd1 kernel: agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xd0000000-0xd7ffffff,0xde000000-0xde07ffff irq 16 at device 2.0 on pci0 Dec 19 10:31:45 fbsd1 kernel: agp0: detected 8060k stolen memory Dec 19 10:31:45 fbsd1 kernel: agp0: aperture size is 128M Dec 19 10:31:45 fbsd1 kernel: pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0 Dec 19 10:31:45 fbsd1 kernel: pci1: <ACPI PCI bus> on pcib1 Dec 19 10:31:45 fbsd1 kernel: xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xc000-0xc07f mem 0xdd000000-0xdd00007f irq 16 at device 0.0 on pci1 Dec 19 10:31:45 fbsd1 kernel: miibus0: <MII bus> on xl0 Dec 19 10:31:45 fbsd1 kernel: ukphy0: <Generic IEEE 802.3u media interface> on miibus0 Dec 19 10:31:45 fbsd1 kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Dec 19 10:31:45 fbsd1 kernel: xl0: Ethernet address: 00:04:75:82:53:43 Dec 19 10:31:45 fbsd1 kernel: xl1: <3Com 3c905C-TX Fast Etherlink XL> port 0xc400-0xc47f mem 0xdd001000-0xdd00107f irq 18 at device 2.0 on pci1 Dec 19 10:31:45 fbsd1 kernel: miibus1: <MII bus> on xl1 Dec 19 10:31:45 fbsd1 kernel: xlphy0: <3c905C 10/100 internal PHY> on miibus1 Dec 19 10:31:45 fbsd1 kernel: xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Dec 19 10:31:45 fbsd1 kernel: xl1: Ethernet address: 00:04:79:67:96:71 Dec 19 10:31:45 fbsd1 kernel: isab0: <PCI-ISA bridge> at device 31.0 on pci0 Dec 19 10:31:45 fbsd1 kernel: isa0: <ISA bus> on isab0 Dec 19 10:31:45 fbsd1 kernel: atapci0: <Intel ICH4 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 31.1 on pci0 Dec 19 10:31:45 fbsd1 kernel: ata0: <ATA channel 0> on atapci0 Dec 19 10:31:45 fbsd1 kernel: ata1: <ATA channel 1> on atapci0 Dec 19 10:31:45 fbsd1 kernel: pci0: <serial bus, SMBus> at device 31.3 (no driver attached) Dec 19 10:31:45 fbsd1 kernel: pci0: <multimedia, audio> at device 31.5 (no driver attached) Dec 19 10:31:45 fbsd1 kernel: acpi_tz0: <Thermal Zone> on acpi0 Dec 19 10:31:45 fbsd1 kernel: fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 Dec 19 10:31:45 fbsd1 kernel: fdc0: [FAST] Dec 19 10:31:45 fbsd1 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0 Dec 19 10:31:45 fbsd1 kernel: sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 Dec 19 10:31:45 fbsd1 kernel: sio0: type 16550A Dec 19 10:31:45 fbsd1 kernel: sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 Dec 19 10:31:45 fbsd1 kernel: sio1: type 16550A Dec 19 10:31:45 fbsd1 kernel: atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0 Dec 19 10:31:45 fbsd1 kernel: atkbd0: <AT Keyboard> irq 1 on atkbdc0 Dec 19 10:31:45 fbsd1 kernel: kbd0 at atkbd0 Dec 19 10:31:45 fbsd1 kernel: atkbd0: [GIANT-LOCKED] Dec 19 10:31:45 fbsd1 kernel: psm0: <PS/2 Mouse> irq 12 on atkbdc0 Dec 19 10:31:45 fbsd1 kernel: psm0: [GIANT-LOCKED] Dec 19 10:31:45 fbsd1 kernel: psm0: model Generic PS/2 mouse, device ID 0 Dec 19 10:31:45 fbsd1 kernel: pmtimer0 on isa0 Dec 19 10:31:45 fbsd1 kernel: ppc0: parallel port not found. Dec 19 10:31:45 fbsd1 kernel: sc0: <System console> at flags 0x100 on isa0 Dec 19 10:31:45 fbsd1 kernel: sc0: VGA <16 virtual consoles, flags=0x300> Dec 19 10:31:45 fbsd1 kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Dec 19 10:31:45 fbsd1 kernel: Timecounter "TSC" frequency 1800030880 Hz quality 800 Dec 19 10:31:45 fbsd1 kernel: Timecounters tick every 1.000 msec Dec 19 10:31:45 fbsd1 kernel: ad1: 32253MB <SAMSUNG SP0612N TT100-23> at ata0-slave UDMA100 Dec 19 10:31:45 fbsd1 kernel: acd0: DVDROM <JLMS DVD-ROM LTD-166S/DS0B> at ata1-master UDMA40 Dec 19 10:31:45 fbsd1 kernel: Trying to mount root from ufs:/dev/ad1s1a Dec 19 10:31:45 fbsd1 savecore: no dumps found Dec 19 10:51:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1 Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0 Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6 Dec 19 11:36:57 fbsd1 sudo: root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:42:45 fbsd1 sudo: user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash Dec 19 11:45:37 fbsd1 sudo: user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5 Dec 19 12:07:47 fbsd1 root: PANIC Dec 19 12:10:53 fbsd1 user: test
Время первой команды журнала | 11:16:40 2006-12-19 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Время последней команды журнала | 13:53:29 2006-12-19 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Количество командных строк в журнале | 100 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Процент команд с ненулевым кодом завершения, % | 14.00 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Процент синтаксически неверно набранных команд, % | 4.00 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Суммарное время работы с терминалом *, час | 2.03 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Количество командных строк в единицу времени, команда/мин | 0.82 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1 2 3 4Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008