Журнал лабораторных работ

Содержание

Журнал

Вторник (12/19/06)

/dev/ttyv0
11:16:40
$w
exit
11:16AM  up 45 mins, 1 user, load averages: 0.08, 0.02, 0.01
USER             TTY      FROM              LOGIN@  IDLE WHAT
user             v0       -                11:16AM     - script -t 0 -q /home/u
11:17:33
$su
Password:
11:17:45
#vi .xinitrc
11:19:08
#cat .xinitrc
startkde
11:19:18
#xinit
X Window System Version 6.8.2
Release Date: 9 February 2005
X Protocol Version 11, Revision 0, Release 6.8.2
Build Operating System: FreeBSD 6.0 i386 [ELF]
Current Operating System: FreeBSD fbsd1.linux.nt 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov  3 09:36:13 UTC 2005     root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
Build Date: 12 October 2005
        Before reporting problems, check http://wiki.X.Org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
...
getconfig.pl: rules file '/usr/X11R6/lib/X11/getconfig/xorg.cfg' has version 1.0.
getconfig.pl: 1 rule added from file '/usr/X11R6/lib/X11/getconfig/xorg.cfg'.
getconfig.pl: Evaluated 24 rules with 0 errors.
getconfig.pl: Weight of result is 500.
New driver is "i810"
(==) Using default built-in configuration (53 lines)
(EE) Failed to load module "fbdev" (module does not exist, 0)
xterm:  fatal IO error 32 (Broken pipe) or KillClient on X server ":0.0"
xinit:  connection to X server lost.
waiting for X server to shut down FreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing.
11:19:36
#xorgcfg
Module apm: vendor="X.Org Foundation"
        compiled for 6.8.2, module version = 1.0.0
Unloading /usr/X11R6/lib/modules/drivers/apm_drv.o
Loading /usr/X11R6/lib/modules/drivers/ark_drv.o
Module ark: vendor="X.Org Foundation"
        compiled for 6.8.2, module version = 0.5.0
Unloading /usr/X11R6/lib/modules/drivers/ark_drv.o
Loading /usr/X11R6/lib/modules/drivers/ati_drv.o
Module ati: vendor="X.Org Foundation"
        compiled for 6.8.2, module version = 6.5.6
...
Loading /usr/X11R6/lib/modules/drivers/via_drv.o
Module via: vendor="X.Org Foundation"
        compiled for 4.3.99.902, module version = 4.1.30
Unloading /usr/X11R6/lib/modules/drivers/via_drv.o
Loading /usr/X11R6/lib/modules/drivers/vmware_drv.o
Module vmware: vendor="X.Org Foundation"
        compiled for 6.8.2, module version = 10.10.2
Module vmware already in list!
Unloading /usr/X11R6/lib/modules/drivers/vmware_drv.o
X connection to :8.0 broken (explicit kill or server shutdown).
11:20:06
#FreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing.

11:20:24
#vi xorg.conf.new
11:21:34
#ls
.bash_profile   .lilalo         .mail_aliases   .rhosts         xorg.conf.new
.bashrc         .login          .mailrc         .shrc
.cshrc          .login_conf     .profile        .xinitrc
11:21:37
#cat xorg.conf.new

11:21:51
#exit

/dev/ttyv0
11:27:38
$xinit
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
 in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
...
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive call
kdeinit in malloc(): error: recursive callFreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing.
xinit:  connection to X server lost.
Hangup
GOT SIGHUP
/dev/ttyp5
11:34:59
$su
Password:
11:35:09
#sudo cat /etc/shadow
su: sudo: command not found
11:35:42
#pkg_add sudo
pkg_add: can't stat package file 'sudo'
11:36:09
#pkg_add -r o
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/sudo.tbz... Done.
11:36:21
#sudo cat /etc/shadow
root is not in the sudoers file.  This incident will be reported.
11:36:57
#vi /usr/local/etc/sudoers
/dev/ttyp4
11:39:34
$xrandr
exit
 SZ:    Pixels          Physical       Refresh
*0   1600 x 1200   ( 342mm x 272mm )  *66
 1   1280 x 1024   ( 342mm x 272mm )   76
 2   1024 x 768    ( 342mm x 272mm )   76
 3    800 x 600    ( 342mm x 272mm )   73
 4    640 x 480    ( 342mm x 272mm )   73
Current rotation - normal
Current reflection - none
Rotations possible - normal
Reflections possible - none
11:39:50
$sudo
usage: sudo -K | -L | -V | -h | -k | -l | -v
usage: sudo [-HPSb] [-c class|-] [-p prompt] [-u username|#uid]
            { -e file [...] | -i | -s | <command> }
11:42:10
$sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
Password:
11:42:47
#vi /etc/X11/xorg.conf
103c103
< 		Modes	"1024*768"
---
> 		Modes	"1024*768" "1280*1024"
11:44:44
#exit
exit
/dev/ttyp4
11:45:07
$sudo cat /etc/shadow
exit
Password:
cat: /etc/shadow: No such file or directory
11:45:37
$ls
Desktop         nohup.out       xorg.conf.new
11:46:18
$su
Password:
11:46:57
#cat /etc/shadow
cat: /etc/shadow: No such file or directory
11:48:25
#cd /etc

11:48:39
#ls
X11                     login.conf.db           pwd.db
aliases                 mac.conf                rc
amd.map                 mail                    rc.bsdextended
apmd.conf               mail.rc                 rc.conf
auth.conf               make.conf               rc.d
bluetooth               manpath.config          rc.firewall
crontab                 manpath.config.bak      rc.firewall6
csh.cshrc               master.passwd           rc.initdiskless
csh.login               motd                    rc.resume
csh.logout              mtree                   rc.sendmail
...
hosts                   pccard_ether            ssh
hosts.allow             periodic                ssl
hosts.equiv             pf.conf                 sysctl.conf
hosts.lpd               pf.os                   syslog.conf
inetd.conf              phones                  termcap
isdn                    portsnap.conf           ttys
localtime               ppp                     usbd.conf
locate.rc               printcap                wall_cmos_clock
login.access            profile
login.conf              protocols
11:48:43
#cat /etc/master.passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:$1$L5AH1i1r$Xm5gkzCwrEiMNhlGO49tL0:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
...
proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
gdm:*:92:92::0:0:GNOME Display Manager:/nonexistent:/sbin/nologin
cyrus:*:60:60::1134856800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin
user:$1$.xb.Lvpj$7nAcx8eNT2sxLm3Paf/5K0:1001:0::0:0:NT-IDS Student #1:/home/user:/usr/local/bin/bash
11:50:12
#ls -l /var/run/log
srw-rw-rw-  1 root  wheel  0 Dec 19 10:31 /var/run/log
прошло 10 минут
12:00:45
#cat /etc/syslog.conf
# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $
#
#       Spaces ARE valid field separators in this file. However,
#       other *nix-like systems still insist on using tabs as field
#       separators. If you are sharing this file between systems, you
#       may want to use only tabs as field separators here.
#       Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
...
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit                                     /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice                                   /var/log/news/news.notice
!startslip
*.*                                             /var/log/slip.log
!ppp
*.*                                             /var/log/ppp.log
12:04:43
#logger test

12:10:53
#cat /var/log/messages
Dec 18 20:17:10 fbsd1 kernel: pci0: <ACPI PCI bus> on pcib0
Dec 18 20:17:10 fbsd1 kernel: agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xd0000000-0xd7ffffff,0xde000000-0xde07ffff irq 16 at device 2.0 on pci0
Dec 18 20:17:10 fbsd1 kernel: agp0: detected 8060k stolen memory
Dec 18 20:17:10 fbsd1 kernel: agp0: aperture size is 128M
Dec 18 20:17:10 fbsd1 kernel: pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0
Dec 18 20:17:10 fbsd1 kernel: pci1: <ACPI PCI bus> on pcib1
Dec 18 20:17:10 fbsd1 kernel: xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xc000-0xc07f mem 0xdd000000-0xdd00007f irq 16 at device 0.0 on pci1
Dec 18 20:17:10 fbsd1 kernel: miibus0: <MII bus> on xl0
Dec 18 20:17:10 fbsd1 kernel: ukphy0: <Generic IEEE 802.3u media interface> on miibus0
Dec 18 20:17:10 fbsd1 kernel: ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
...
Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1
Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6
Dec 19 11:36:57 fbsd1 sudo:     root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
12:11:15
#tailr/log/messages
Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1
Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6
Dec 19 11:36:57 fbsd1 sudo:     root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
12:11:26
#tail -far/log/messages
Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1
Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6
Dec 19 11:36:57 fbsd1 sudo:     root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
^[[A
Dec 19 12:12:19 fbsd1 root: new syslog line
^C
12:12:30
#tail -f /var/log/messages
Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1
Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0
Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6
Dec 19 11:36:57 fbsd1 sudo:     root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
^X
^C
/dev/ttyp6
12:14:42
$su
Password:
12:15:16
#logger -p emerg TEST2

12:16:30
#vi /etc/rc.conf
/dev/ttyp4
12:23:43
#pkg_add -r syslog-NG
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz' by URL
12:24:15
#pkg_add -r syslog-NG
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-NG.tbz' by URL
12:24:42
#cd /usr/ports/sysutils

12:25:30
#pkg_add -r syslog-ng
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/syslog-ng.tbz... Done.
syslog-ng is now installed!  To replace FreeBSD's standard syslogd
(/usr/sbin/syslogd), complete these steps:
1. Create a configuration file named /usr/local/etc/syslog-ng/syslog-ng.conf
   (a sample named syslog-ng.conf.sample has been included)
2. If you are using FreeBSD 4.4 or later, add these lines to your /etc/rc.conf:
     syslogd_program="/usr/local/sbin/syslog-ng"
     syslogd_flags=""
3. If you are using FreeBSD 4.3 or earlier, follow these steps:
   a. Configure syslog-ng to start automatically by creating a startup script
      in /usr/local/etc/rc.d.  (a sample named syslog-ng.sh.sample has been
      included)
   b. Prevent the standard FreeBSD syslogd from starting automatically by
      adding a line to the end of your /etc/rc.conf file that reads:
        syslogd_enable="NO"
4. Shut down the standard FreeBSD syslogd:
     kill `cat /var/run/syslog.pid`
5. Start syslog-ng:
     /usr/local/sbin/syslog-ng
12:25:41
#pkg_info -Lx syslog-ng
Information for syslog-ng-1.6.8:
Files:
/usr/local/man/man5/syslog-ng.conf.5.gz
/usr/local/man/man8/syslog-ng.8.gz
/usr/local/etc/rc.d/syslog-ng.sh.sample
/usr/local/etc/syslog-ng/syslog-ng.conf.sample
/usr/local/sbin/syslog-ng
/usr/local/share/doc/syslog-ng/AUTHORS
/usr/local/share/doc/syslog-ng/COPYING
/usr/local/share/doc/syslog-ng/ChangeLog
/usr/local/share/doc/syslog-ng/INSTALL
/usr/local/share/doc/syslog-ng/NEWS
/usr/local/share/doc/syslog-ng/PORTS
/usr/local/share/doc/syslog-ng/README
/usr/local/share/doc/syslog-ng/sgml/syslog-ng.dvi
/usr/local/share/doc/syslog-ng/sgml/syslog-ng.html.tar.gz
/usr/local/share/doc/syslog-ng/sgml/syslog-ng.ps
/usr/local/share/doc/syslog-ng/sgml/syslog-ng.sgml
/usr/local/share/doc/syslog-ng/sgml/syslog-ng.txt
/dev/ttyp6
12:32:14
#vi /usr/local/etc/syslpg-ng.conf
/dev/ttyp4
12:34:24
#cd //usr/local/etc/syslog-ng/

12:41:30
#ls
syslog-ng.conf.sample
12:41:33
#cp syslog-ng.conf.sample syslog-ng.conf

12:42:09
#ls
syslog-ng.conf          syslog-ng.conf.sample
12:42:11
#vi syslog-ng.conf
/dev/ttyp6
12:50:24
#vi /usr/local/etc/syslpg-ng/syslog-ng
12:50:49
#vi /usr/local/etc/syslo-ng/syslog-ng.conf
/dev/ttyp4
12:52:16
#/usr/local/etc/rc.d/syslog-ng.shart
su: /usr/local/etc/rc.d/syslog-ng.sh: No such file or directory
12:52:52
#/etc/rc.d/syslog stop
su: /etc/rc.d/syslog: No such file or directory
12:53:02
#cd /usr/local/etc/rc.d/

12:53:07
#/etc/rc.d/syslogdstop

12:53:14
#ps ax |grep syslogd
  288  ??  Ss     0:00.05 /usr/sbin/syslogd -s
 3557  p5  S+     0:00.00 grep syslogd
12:53:37
#ls
000.mysql-client.sh     kdelibs.sh              snmptrapd.sh
001slpd.sh              mdnsd.sh                syslog-ng.sh.sample
cups.sh.sample          mdnsresponder.sh
genkdmconf.sh           snmpd.sh
12:53:41
#cp syslog-ng.sh.sample syslog-ng.sh

12:54:18
#killall syslogd

12:55:05
#/usr/local/etc/rc.d/syslog-ng.sh start
Changing permissions on special file /dev/klog
12:55:11
#ps ax|grep sys
 3752  ??  Ss     0:00.00 /usr/local/sbin/syslog-ng
 3762  p5  S+     0:00.00 grep sys
 3456  p7  I+     0:00.01 /bin/sh /usr/bin/vi /usr/local/etc/syslog-ng/syslog-n
 3465  p7  I+     0:00.01 /usr/bin/vi.orig /usr/local/etc/syslog-ng/syslog-ng.c
12:55:30
#logger -p emerg TEST3

12:56:13
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15
Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting
12:57:20
#ps ax |grep syslogd

12:57:20
#logger TEST3

12:57:23
#/etc/rc.d/syslog-ng start
su: /etc/rc.d/syslog-ng: No such file or directory
12:58:09
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15
Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting
12:58:10
#tail /var/log/
Xorg.0.log        debug.log         scrollkeeper.log  userlog
Xorg.0.log.old    lastlog           security          wtmp
Xorg.8.log        lpd-errs          sendmail.st       xferlog
Xorg.8.log.old    maillog           sendmail.st.0
auth.log          messages          sendmail.st.1
cron              ppp.log           slip.log
12:58:10
#tail /var/log/userlog
2005-12-18 21:58:54 [unknown:groupadd] gdm(92)
2005-12-18 21:58:54 [unknown:useradd] gdm(92):gdm(92):GNOME Display Manager:/nonexistent:/sbin/nologin
2005-12-18 22:06:40 [unknown:groupadd] cyrus(60)
2005-12-18 22:06:40 [unknown:useradd] cyrus(60):cyrus(60):the cyrus mail server:/nonexistent:/usr/sbin/nologin
2005-12-18 22:16:07 [unknown:useradd] user(1001):wheel(0):NT-IDS Student #1:/home/user:/usr/local/bin/bash
2005-12-18 22:16:07 [unknown:useradd] user(1001) home /home/user made
12:58:22
#cat /usr/local/etc/syslog-ng/syslog-ng.conf
destination newsnotice { file("/var/log/news/news.notice"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination console { file("/dev/console"); };
destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };
#
# log facility filters
#
filter f_auth { facility(auth); };
...
#
# !startslip
# *.*                                                   /var/log/slip.log
#
log { source(src); filter(f_slip); destination(slip); };
#
# !ppp
# *.*                                                   /var/log/ppp.log
#
log { source(src); filter(f_ppp); destination(ppp); };
13:00:11
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15
Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting
13:01:40
#logger TEST3

13:02:06
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15
Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting
13:02:12
#ps ax |grep sys
 3752  ??  Is     0:00.00 /usr/local/sbin/syslog-ng
 3855  p5  R+     0:00.00 grep sys
 3456  p7  I+     0:00.01 /bin/sh /usr/bin/vi /usr/local/etc/syslog-ng/syslog-n
 3465  p7  I+     0:00.04 /usr/bin/vi.orig /usr/local/etc/syslog-ng/syslog-ng.c
13:02:43
#exit
exit
/dev/ttyp0
13:03:15
$su
Password:
13:03:25
#ps ax |grep sys
 3752  ??  Ss     0:00.00 /usr/local/sbin/syslog-ng
 3950  p4  S+     0:00.00 grep sys
 3456  p7  I+     0:00.01 /bin/sh /usr/bin/vi /usr/local/etc/syslog-ng/syslog-ng.conf
 3465  p7  I+     0:00.04 /usr/bin/vi.orig /usr/local/etc/syslog-ng/syslog-ng.conf
13:03:32
#ps ax |grep sys
 3752  ??  Is     0:00.00 /usr/local/sbin/syslog-ng
 4002  p4  R+     0:00.00 grep sys
/dev/ttyp6
13:03:55
#vi /usr/local/etc/syslog-ng/syslog-ng.conf
/dev/ttyp0
13:03:59
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15
Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting
13:04:07
#logger -p emerg TEST3

/dev/ttyp6
13:11:37
#vi /usr/local/etc/syslpg-ng/syslog-ng.conf
/dev/ttyp0
13:11:49
#tail /var/log/messages
Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
Dec 19 12:07:47 fbsd1 root: PANIC
Dec 19 12:10:53 fbsd1 user: test
Dec 19 12:12:19 fbsd1 root: new syslog line
Dec 19 12:15:16 fbsd1 su: user to root on /dev/ttyp7
Dec 19 12:16:30 fbsd1 user: TEST2
Dec 19 12:57:20 fbsd1 syslogd: exiting on signal 15
Dec 19 12:55:11 fbsd1 syslog-ng[3752]: syslog-ng version 1.6.8 starting
13:11:58
#cal /etc/rc.conf
cal: year 0 not in range 1..9999
прошло 35 минут
13:47:14
#cat/etc/rc.conf
# -- sysinstall generated deltas -- # Sun Dec 18 21:47:40 2005
# Created: Sun Dec 18 21:47:40 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.15.254"
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
font8x8="cp866-8x8"
hostname="fbsd1.linux.nt"
ifconfig_xl0="inet 192.168.15.21  netmask 255.255.255.0"
keymap="ru.koi8-r"
keyrate="fast"
mousechar_start="3"
moused_enable="YES"
saver="daemon"
scrnmap="koi8-r2cp866"
sshd_enable="YES"
syslogd_enable="NO"
13:47:20
#logger -p emerg TEST3Dec 19 13:11:49 fbsd1 user: TEST3
Dec 19 13:52:04 fbsd1 user: TEST3
/dev/ttyp6
13:48:37
#vi /usr/local/etc/syslo-ng/syslog-ng.conf
/dev/ttyp2
13:50:56
$ps aux | grep l3
root   1039  0.0  0.6  7080  5788  ??  Ss   11:00AM   1:30.19 l3-agent (perl5.8.7)
root   1041  0.0  0.6  7096  5808  ??  Rs   11:00AM   1:29.83 l3-agent (perl5.8.7)
root   1057  0.0  0.6  7084  5792  ??  Ss   11:00AM   1:29.44 l3-agent (perl5.8.7)
13:51:00
$sudo ll l3-agent
Password:
No matching processes were found
13:51:09
$sudo killall 1039 1041 1057
No matching processes were found
13:51:20
$sudo kill 1039 1041 1057

13:51:25
$l3-agent

13:51:35
$l3-agent
l3-agent is already running
13:51:36
$l3-agent
l3-agent is already running
/dev/ttyp2
13:51:44
$l3-agent
exit
l3-agent is already running
/dev/ttyp0
13:52:05
#cat /usr/local/etc/rc.d/syslog-ng.sh restart
#!/bin/sh
if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
    echo "$0: Cannot determine the PREFIX" >&2
    exit 1
fi
case "$1" in
start)
        [ -x ${PREFIX}/sbin/syslog-ng ] && ${PREFIX}/sbin/syslog-ng && echo -n ' syslog-ng'
        ;;
stop)
        killall syslog-ng && echo -n ' syslog-ng'
        ;;
*)
        echo "Usage: `basename $0` {start|stop}" >&2
        ;;
esac
exit 0
cat: restart: No such file or directory
13:52:51
#/usr/local/etc/rc.d/syslog-ng.sh restart
Usage: syslog-ng.sh {start|stop}
13:53:29
#/usr/local/etc/rc.d/syslog-ng.sh stop

Файлы

  • .xinitrc
  • /etc/master.passwd
  • /etc/syslog.conf
  • /usr/local/etc/syslog-ng/syslog-ng.conf
  • /var/log/messages
  • xorg.conf.new
  • .xinitrc
    >
    startkde
    
    /etc/master.passwd
    >
    # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
    #
    root:$1$L5AH1i1r$Xm5gkzCwrEiMNhlGO49tL0:0:0::0:0:Charlie &:/root:/usr/local/bin/bash
    toor:*:0:0::0:0:Bourne-again Superuser:/root:
    daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
    operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
    bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
    tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
    kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
    games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
    news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
    man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
    sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
    smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
    mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
    bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
    proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
    _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
    _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
    uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
    pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
    www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
    nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
    gdm:*:92:92::0:0:GNOME Display Manager:/nonexistent:/sbin/nologin
    cyrus:*:60:60::1134856800:0:the cyrus mail server:/nonexistent:/usr/sbin/nologin
    user:$1$.xb.Lvpj$7nAcx8eNT2sxLm3Paf/5K0:1001:0::0:0:NT-IDS Student #1:/home/user:/usr/local/bin/bash
    
    /etc/syslog.conf
    >
    # $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $
    #
    #       Spaces ARE valid field separators in this file. However,
    #       other *nix-like systems still insist on using tabs as field
    #       separators. If you are sharing this file between systems, you
    #       may want to use only tabs as field separators here.
    #       Consult the syslog.conf(5) manpage.
    *.err;kern.warning;auth.notice;mail.crit                /dev/console
    *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
    security.*                                      /var/log/security
    auth.info;authpriv.info                         /var/log/auth.log
    mail.info                                       /var/log/maillog
    lpr.info                                        /var/log/lpd-errs
    ftp.info                                        /var/log/xferlog
    cron.*                                          /var/log/cron
    *.=debug                                        /var/log/debug.log
    *.emerg                                         *
    # uncomment this to log all writes to /dev/console to /var/log/console.log
    #console.info                                   /var/log/console.log
    # uncomment this to enable logging of all log messages to /var/log/all.log
    # touch /var/log/all.log and chmod it to mode 600 before it will work
    #*.*                                            /var/log/all.log
    # uncomment this to enable logging to a remote loghost named loghost
    #*.*                                            @loghost
    # uncomment these if you're running inn
    # news.crit                                     /var/log/news/news.crit
    # news.err                                      /var/log/news/news.err
    # news.notice                                   /var/log/news/news.notice
    !startslip
    *.*                                             /var/log/slip.log
    !ppp
    *.*                                             /var/log/ppp.log
    
    /usr/local/etc/syslog-ng/syslog-ng.conf
    >
    destination newsnotice { file("/var/log/news/news.notice"); };
    destination slip { file("/var/log/slip.log"); };
    destination ppp { file("/var/log/ppp.log"); };
    destination console { file("/dev/console"); };
    destination allusers { usertty("*"); };
    #destination loghost { udp("loghost" port(514)); };
    #
    # log facility filters
    #
    filter f_auth { facility(auth); };
    filter f_authpriv { facility(authpriv); };
    filter f_not_authpriv { not facility(authpriv); };
    filter f_console { facility(console); };
    filter f_cron { facility(cron); };
    filter f_daemon { facility(daemon); };
    filter f_ftp { facility(ftp); };
    filter f_kern { facility(kern); };
    filter f_lpr { facility(lpr); };
    filter f_mail { facility(mail); };
    filter f_news { facility(news); };
    filter f_security { facility(security); };
    filter f_user { facility(user); };
    filter f_uucp { facility(uucp); };
    filter f_local0 { facility(local0); };
    filter f_local1 { facility(local1); };
    filter f_local2 { facility(local2); };
    filter f_local3 { facility(local3); };
    filter f_local4 { facility(local4); };
    filter f_local5 { facility(local5); };
    filter f_local6 { facility(local6); };
    filter f_local7 { facility(local7); };
    #
    # log level filters
    #
    filter f_emerg { level(emerg); };
    filter f_alert { level(alert..emerg); };
    filter f_crit { level(crit..emerg); };
    filter f_err { level(err..emerg); };
    filter f_warning { level(warning..emerg); };
    filter f_notice { level(notice..emerg); };
    filter f_info { level(info..emerg); };
    filter f_debug { level(debug..emerg); };
    filter f_is_debug { level(debug); };
    #
    # program filters
    #
    filter f_ppp { program("ppp"); };
    filter f_slip { program("startslip"); };
    #
    # *.err;kern.warning;auth.notice;mail.crit              /dev/console
    #
    log { source(src); filter(f_err); destination(console); };
    log { source(src); filter(f_kern); filter(f_warning); destination(console); };
    log { source(src); filter(f_auth); filter(f_notice); destination(console); };
    log { source(src); filter(f_mail); filter(f_crit); destination(console); };
    #
    # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
    #
    log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };
    log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
    log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
    log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
    log { source(src); filter(f_news); filter(f_err); destination(messages); };
    #
    # security.*                                            /var/log/security
    #
    log { source(src); filter(f_security); destination(security); };
    #
    # auth.info;authpriv.info                               /var/log/auth.log
    log { source(src); filter(f_auth); filter(f_info); destination(authlog); };
    log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };
    #
    # mail.info                                             /var/log/maillog
    #
    log { source(src); filter(f_mail); filter(f_info); destination(maillog); };
    #
    # lpr.info                                              /var/log/lpd-errs
    #
    log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };
    #
    # ftp.info                                              /var/log/xferlog
    #
    log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); };
    #
    # cron.*                                                /var/log/cron
    #
    log { source(src); filter(f_cron); destination(cron); };
    #
    # *.=debug                                              /var/log/debug.log
    #
    log { source(src); filter(f_is_debug); destination(debuglog); };
    #
    # *.emerg                                               *
    #
    log { source(src); filter(f_emerg); destination(allusers); };
    #
    # uncomment this to log all writes to /dev/console to /var/log/console.log
    # console.info                                          /var/log/console.log
    #
    #log { source(src); filter(f_console); filter(f_info); destination(consolelog); };
    #
    # uncomment this to enable logging of all log messages to /var/log/all.log
    # touch /var/log/all.log and chmod it to mode 600 before it will work
    # *.*                                                   /var/log/all.log
    #
    #log { source(src); destination(all); };
    #
    # uncomment this to enable logging to a remote loghost named loghost
    # *.*                                                   @loghost
    #
    #log { source(src); destination(loghost); };
    #
    # uncomment these if you're running inn
    # news.crit                                             /var/log/news/news.crit
    # news.err                                              /var/log/news/news.err
    # news.notice                                           /var/log/news/news.notice
    #
    #log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
    #log { source(src); filter(f_news); filter(f_err); destination(newserr); };
    #log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
    #
    # !startslip
    # *.*                                                   /var/log/slip.log
    #
    log { source(src); filter(f_slip); destination(slip); };
    #
    # !ppp
    # *.*                                                   /var/log/ppp.log
    #
    log { source(src); filter(f_ppp); destination(ppp); };
    
    /var/log/messages
    >
    Dec 18 20:17:10 fbsd1 kernel: pci0: <ACPI PCI bus> on pcib0
    Dec 18 20:17:10 fbsd1 kernel: agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xd0000000-0xd7ffffff,0xde000000-0xde07ffff irq 16 at device 2.0 on pci0
    Dec 18 20:17:10 fbsd1 kernel: agp0: detected 8060k stolen memory
    Dec 18 20:17:10 fbsd1 kernel: agp0: aperture size is 128M
    Dec 18 20:17:10 fbsd1 kernel: pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0
    Dec 18 20:17:10 fbsd1 kernel: pci1: <ACPI PCI bus> on pcib1
    Dec 18 20:17:10 fbsd1 kernel: xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xc000-0xc07f mem 0xdd000000-0xdd00007f irq 16 at device 0.0 on pci1
    Dec 18 20:17:10 fbsd1 kernel: miibus0: <MII bus> on xl0
    Dec 18 20:17:10 fbsd1 kernel: ukphy0: <Generic IEEE 802.3u media interface> on miibus0
    Dec 18 20:17:10 fbsd1 kernel: ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Dec 18 20:17:10 fbsd1 kernel: xl0: Ethernet address: 00:04:75:82:53:43
    Dec 18 20:17:10 fbsd1 kernel: xl1: <3Com 3c905C-TX Fast Etherlink XL> port 0xc400-0xc47f mem 0xdd001000-0xdd00107f irq 18 at device 2.0 on pci1
    Dec 18 20:17:10 fbsd1 kernel: miibus1: <MII bus> on xl1
    Dec 18 20:17:10 fbsd1 kernel: xlphy0: <3c905C 10/100 internal PHY> on miibus1
    Dec 18 20:17:10 fbsd1 kernel: xlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Dec 18 20:17:10 fbsd1 kernel: xl1: Ethernet address: 00:04:79:67:96:71
    Dec 18 20:17:10 fbsd1 kernel: isab0: <PCI-ISA bridge> at device 31.0 on pci0
    Dec 18 20:17:10 fbsd1 kernel: isa0: <ISA bus> on isab0
    Dec 18 20:17:10 fbsd1 kernel: atapci0: <Intel ICH4 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 31.1 on pci0
    Dec 18 20:17:10 fbsd1 kernel: ata0: <ATA channel 0> on atapci0
    Dec 18 20:17:10 fbsd1 kernel: ata1: <ATA channel 1> on atapci0
    Dec 18 20:17:10 fbsd1 kernel: pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
    Dec 18 20:17:10 fbsd1 kernel: pci0: <multimedia, audio> at device 31.5 (no driver attached)
    Dec 18 20:17:10 fbsd1 kernel: acpi_tz0: <Thermal Zone> on acpi0
    Dec 18 20:17:10 fbsd1 kernel: fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
    Dec 18 20:17:10 fbsd1 kernel: fdc0: [FAST]
    Dec 18 20:17:10 fbsd1 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
    Dec 18 20:17:10 fbsd1 kernel: sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    Dec 18 20:17:10 fbsd1 kernel: sio0: type 16550A
    Dec 18 20:17:10 fbsd1 kernel: sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
    Dec 18 20:17:10 fbsd1 kernel: sio1: type 16550A
    Dec 18 20:17:10 fbsd1 kernel: atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
    Dec 18 20:17:10 fbsd1 kernel: atkbd0: <AT Keyboard> irq 1 on atkbdc0
    Dec 18 20:17:10 fbsd1 kernel: kbd0 at atkbd0
    Dec 18 20:17:10 fbsd1 kernel: atkbd0: [GIANT-LOCKED]
    Dec 18 20:17:10 fbsd1 kernel: psm0: <PS/2 Mouse> irq 12 on atkbdc0
    Dec 18 20:17:10 fbsd1 kernel: psm0: [GIANT-LOCKED]
    Dec 18 20:17:10 fbsd1 kernel: psm0: model Generic PS/2 mouse, device ID 0
    Dec 18 20:17:10 fbsd1 kernel: pmtimer0 on isa0
    Dec 18 20:17:10 fbsd1 kernel: ppc0: parallel port not found.
    Dec 18 20:17:10 fbsd1 kernel: sc0: <System console> at flags 0x100 on isa0
    Dec 18 20:17:10 fbsd1 kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Dec 18 20:17:10 fbsd1 kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Dec 18 20:17:10 fbsd1 kernel: Timecounter "TSC" frequency 1800032756 Hz quality 800
    Dec 18 20:17:10 fbsd1 kernel: Timecounters tick every 1.000 msec
    Dec 18 20:17:10 fbsd1 kernel: ad1: 32253MB <SAMSUNG SP0612N TT100-23> at ata0-slave UDMA100
    Dec 18 20:17:10 fbsd1 kernel: acd0: DVDROM <JLMS DVD-ROM LTD-166S/DS0B> at ata1-master UDMA40
    Dec 18 20:17:10 fbsd1 kernel: Trying to mount root from ufs:/dev/ad1s1a
    Dec 18 20:17:10 fbsd1 savecore: no dumps found
    Dec 18 20:17:11 fbsd1 root: /etc/rc: WARNING: Setting entropy source to blocking mode.
    Dec 18 20:18:14 fbsd1 login: ROOT LOGIN (root) ON ttyv0
    Dec 18 20:18:52 fbsd1 login: ROOT LOGIN (root) ON ttyv0
    Dec 18 20:27:47 fbsd1 login: ROOT LOGIN (root) ON ttyv0
    Dec 18 20:27:51 fbsd1 shutdown: power-down by root:
    Dec 18 20:27:54 fbsd1 syslogd: exiting on signal 15
    Dec 19 10:31:45 fbsd1 syslogd: kernel boot file is /boot/kernel/kernel
    Dec 19 10:31:45 fbsd1 kernel: Copyright (c) 1992-2005 The FreeBSD Project.
    Dec 19 10:31:45 fbsd1 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    Dec 19 10:31:45 fbsd1 kernel: The Regents of the University of California. All rights reserved.
    Dec 19 10:31:45 fbsd1 kernel: FreeBSD 6.0-RELEASE #0: Thu Nov  3 09:36:13 UTC 2005
    Dec 19 10:31:45 fbsd1 kernel: root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC
    Dec 19 10:31:45 fbsd1 kernel: ACPI APIC Table: <IntelR AWRDACPI>
    Dec 19 10:31:45 fbsd1 kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
    Dec 19 10:31:45 fbsd1 kernel: CPU: Intel(R) Celeron(R) CPU 1.80GHz (1800.03-MHz 686-class CPU)
    Dec 19 10:31:45 fbsd1 kernel: Origin = "GenuineIntel"  Id = 0xf13  Stepping = 3
    Dec 19 10:31:45 fbsd1 kernel: Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
    Dec 19 10:31:45 fbsd1 kernel: real memory  = 1065287680 (1015 MB)
    Dec 19 10:31:45 fbsd1 kernel: avail memory = 1033555968 (985 MB)
    Dec 19 10:31:45 fbsd1 kernel: ioapic0 <Version 2.0> irqs 0-23 on motherboard
    Dec 19 10:31:45 fbsd1 kernel: npx0: [FAST]
    Dec 19 10:31:45 fbsd1 kernel: npx0: <math processor> on motherboard
    Dec 19 10:31:45 fbsd1 kernel: npx0: INT 16 interface
    Dec 19 10:31:45 fbsd1 kernel: acpi0: <IntelR MSI ACPI> on motherboard
    Dec 19 10:31:45 fbsd1 kernel: acpi0: Power Button (fixed)
    Dec 19 10:31:45 fbsd1 kernel: pci_link0: <ACPI PCI Link LNKA> irq 11 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link1: <ACPI PCI Link LNKB> irq 5 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link2: <ACPI PCI Link LNKC> irq 10 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link3: <ACPI PCI Link LNKD> irq 9 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link4: <ACPI PCI Link LNKE> irq 0 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link5: <ACPI PCI Link LNKF> irq 0 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link6: <ACPI PCI Link LNK0> irq 0 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci_link7: <ACPI PCI Link LNK1> irq 7 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
    Dec 19 10:31:45 fbsd1 kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
    Dec 19 10:31:45 fbsd1 kernel: cpu0: <ACPI CPU> on acpi0
    Dec 19 10:31:45 fbsd1 kernel: acpi_throttle0: <ACPI CPU Throttling> on cpu0
    Dec 19 10:31:45 fbsd1 kernel: acpi_button0: <Power Button> on acpi0
    Dec 19 10:31:45 fbsd1 kernel: acpi_button1: <Sleep Button> on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
    Dec 19 10:31:45 fbsd1 kernel: pci0: <ACPI PCI bus> on pcib0
    Dec 19 10:31:45 fbsd1 kernel: agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xd0000000-0xd7ffffff,0xde000000-0xde07ffff irq 16 at device 2.0 on pci0
    Dec 19 10:31:45 fbsd1 kernel: agp0: detected 8060k stolen memory
    Dec 19 10:31:45 fbsd1 kernel: agp0: aperture size is 128M
    Dec 19 10:31:45 fbsd1 kernel: pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0
    Dec 19 10:31:45 fbsd1 kernel: pci1: <ACPI PCI bus> on pcib1
    Dec 19 10:31:45 fbsd1 kernel: xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xc000-0xc07f mem 0xdd000000-0xdd00007f irq 16 at device 0.0 on pci1
    Dec 19 10:31:45 fbsd1 kernel: miibus0: <MII bus> on xl0
    Dec 19 10:31:45 fbsd1 kernel: ukphy0: <Generic IEEE 802.3u media interface> on miibus0
    Dec 19 10:31:45 fbsd1 kernel: ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Dec 19 10:31:45 fbsd1 kernel: xl0: Ethernet address: 00:04:75:82:53:43
    Dec 19 10:31:45 fbsd1 kernel: xl1: <3Com 3c905C-TX Fast Etherlink XL> port 0xc400-0xc47f mem 0xdd001000-0xdd00107f irq 18 at device 2.0 on pci1
    Dec 19 10:31:45 fbsd1 kernel: miibus1: <MII bus> on xl1
    Dec 19 10:31:45 fbsd1 kernel: xlphy0: <3c905C 10/100 internal PHY> on miibus1
    Dec 19 10:31:45 fbsd1 kernel: xlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Dec 19 10:31:45 fbsd1 kernel: xl1: Ethernet address: 00:04:79:67:96:71
    Dec 19 10:31:45 fbsd1 kernel: isab0: <PCI-ISA bridge> at device 31.0 on pci0
    Dec 19 10:31:45 fbsd1 kernel: isa0: <ISA bus> on isab0
    Dec 19 10:31:45 fbsd1 kernel: atapci0: <Intel ICH4 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 31.1 on pci0
    Dec 19 10:31:45 fbsd1 kernel: ata0: <ATA channel 0> on atapci0
    Dec 19 10:31:45 fbsd1 kernel: ata1: <ATA channel 1> on atapci0
    Dec 19 10:31:45 fbsd1 kernel: pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
    Dec 19 10:31:45 fbsd1 kernel: pci0: <multimedia, audio> at device 31.5 (no driver attached)
    Dec 19 10:31:45 fbsd1 kernel: acpi_tz0: <Thermal Zone> on acpi0
    Dec 19 10:31:45 fbsd1 kernel: fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: fdc0: [FAST]
    Dec 19 10:31:45 fbsd1 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
    Dec 19 10:31:45 fbsd1 kernel: sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: sio0: type 16550A
    Dec 19 10:31:45 fbsd1 kernel: sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: sio1: type 16550A
    Dec 19 10:31:45 fbsd1 kernel: atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
    Dec 19 10:31:45 fbsd1 kernel: atkbd0: <AT Keyboard> irq 1 on atkbdc0
    Dec 19 10:31:45 fbsd1 kernel: kbd0 at atkbd0
    Dec 19 10:31:45 fbsd1 kernel: atkbd0: [GIANT-LOCKED]
    Dec 19 10:31:45 fbsd1 kernel: psm0: <PS/2 Mouse> irq 12 on atkbdc0
    Dec 19 10:31:45 fbsd1 kernel: psm0: [GIANT-LOCKED]
    Dec 19 10:31:45 fbsd1 kernel: psm0: model Generic PS/2 mouse, device ID 0
    Dec 19 10:31:45 fbsd1 kernel: pmtimer0 on isa0
    Dec 19 10:31:45 fbsd1 kernel: ppc0: parallel port not found.
    Dec 19 10:31:45 fbsd1 kernel: sc0: <System console> at flags 0x100 on isa0
    Dec 19 10:31:45 fbsd1 kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Dec 19 10:31:45 fbsd1 kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Dec 19 10:31:45 fbsd1 kernel: Timecounter "TSC" frequency 1800030880 Hz quality 800
    Dec 19 10:31:45 fbsd1 kernel: Timecounters tick every 1.000 msec
    Dec 19 10:31:45 fbsd1 kernel: ad1: 32253MB <SAMSUNG SP0612N TT100-23> at ata0-slave UDMA100
    Dec 19 10:31:45 fbsd1 kernel: acd0: DVDROM <JLMS DVD-ROM LTD-166S/DS0B> at ata1-master UDMA40
    Dec 19 10:31:45 fbsd1 kernel: Trying to mount root from ufs:/dev/ad1s1a
    Dec 19 10:31:45 fbsd1 savecore: no dumps found
    Dec 19 10:51:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0
    Dec 19 11:14:42 fbsd1 login: ROOT LOGIN (root) ON ttyv0
    Dec 19 11:17:45 fbsd1 su: user to root on /dev/ttyp1
    Dec 19 11:22:13 fbsd1 login: ROOT LOGIN (root) ON ttyv0
    Dec 19 11:35:09 fbsd1 su: user to root on /dev/ttyp6
    Dec 19 11:36:57 fbsd1 sudo:     root : user NOT in sudoers ; TTY=ttyp6 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
    Dec 19 11:42:45 fbsd1 sudo:     user : TTY=ttyp7 ; PWD=/home/user ; USER=root ; COMMAND=/usr/local/bin/bash
    Dec 19 11:45:37 fbsd1 sudo:     user : TTY=ttyp5 ; PWD=/home/user ; USER=root ; COMMAND=/bin/cat /etc/shadow
    Dec 19 11:46:57 fbsd1 su: user to root on /dev/ttyp5
    Dec 19 12:07:47 fbsd1 root: PANIC
    Dec 19 12:10:53 fbsd1 user: test
    
    xorg.conf.new
    >

    Статистика

    Время первой команды журнала11:16:40 2006-12-19
    Время последней команды журнала13:53:29 2006-12-19
    Количество командных строк в журнале100
    Процент команд с ненулевым кодом завершения, %14.00
    Процент синтаксически неверно набранных команд, % 4.00
    Суммарное время работы с терминалом *, час 2.03
    Количество командных строк в единицу времени, команда/мин 0.82
    Частота использования команд
    vi12|==========| 10.43%
    cat11|=========| 9.57%
    tail10|========| 8.70%
    sudo8|======| 6.96%
    logger7|======| 6.09%
    ls7|======| 6.09%
    ps7|======| 6.09%
    grep7|======| 6.09%
    pkg_add5|====| 4.35%
    su5|====| 4.35%
    cd4|===| 3.48%
    l3-agent4|===| 3.48%
    /usr/local/etc/rc.d/syslog-ng.sh3|==| 2.61%
    exit3|==| 2.61%
    cp2|=| 1.74%
    killall2|=| 1.74%
    xinit2|=| 1.74%
    xorgcfg1|| 0.87%
    xrandr1|| 0.87%
    FreeFontPath:1|| 0.87%
    /usr/local/etc/rc.d/syslog-ng.shart1|| 0.87%
    /etc/rc.d/syslogdstop1|| 0.87%
    pkg_info1|| 0.87%
    -s1|| 0.87%
    w1|| 0.87%
    fixing.1|| 0.87%
    /etc/rc.d/syslog1|| 0.87%
    cal1|| 0.87%
    ll1|| 0.87%
    messages1|| 0.87%
    cat/etc/rc.conf1|| 0.87%
    /etc/rc.d/syslog-ng1|| 0.87%
    kill1|| 0.87%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются

    Справка

    Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:
    1. В журнал автоматически попадают все команды, данные в любом терминале системы.

    2. Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.

    3. Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
      $ l s-l
      bash: l: command not found
      

    4. Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
      $ test 5 -lt 4
      Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

    5. Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
      $ find / -name abc
      find: /home/devi-orig/.gnome2: Keine Berechtigung
      find: /home/devi-orig/.gnome2_private: Keine Berechtigung
      find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
      find: /home/devi-orig/.metacity: Keine Berechtigung
      find: /home/devi-orig/.inkscape: Keine Berechtigung
      ^C
      

    6. Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
      # id
      uid=0(root) gid=0(root) Gruppen=0(root)
      

    7. Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
      $ vi ~/.bashrc
      2a3,5
      >    if [ -f /usr/local/etc/bash_completion ]; then
      >         . /usr/local/etc/bash_completion
      >        fi
      

    8. Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
      $ patch ~/.bashrc
      В данном случае изменения применяются к файлу ~/.bashrc

    9. Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

      Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.

    10. Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.

    11. Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора

    12. Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.

    13. Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.

    14. Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:

      $ whoami
      
      user
      
      $ #^ Интересно, кто я?
      
      в журнале это будет выглядеть так:
      $ whoami
      
      user
      
      Интересно, кто я?

    15. Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

      $ whoami
      
      user
      
      $ cat > /dev/null #^ Интересно, кто я?
      
      Программа whoami выводит имя пользователя, под которым 
      мы зарегистрировались в системе.
      -
      Она не может ответить на вопрос о нашем назначении 
      в этом мире.
      
      В журнале это будет выглядеть так:
      $ whoami
      user
      
      Интересно, кто я?
      Программа whoami выводит имя пользователя, под которым
      мы зарегистрировались в системе.

      Она не может ответить на вопрос о нашем назначении
      в этом мире.
      Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

    16. Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

    17. Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.
    18. Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.
    19. Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
      1
          2
      3   
          4
      
      Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

    О программе

    LiLaLo (L3) расшифровывается как Live Lab Log.
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    (c) Игорь Чубин, 2004-2008

    $Id$