/l3/trainings/xg-ids/2005-12-19/fbsd2.linux.nt/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Четверг (12/21/06)

/dev/ttyp4
15:31:27
$> /usr/local/arpwatch/arp.dat 
bash: /usr/local/arpwatch/arp.dat: Permission denied
15:32:03
$sudo r/local/arpwatch/arp.dat 
bash: /usr/local/arpwatch/arp.dat: Permission denied
15:32:09
$sudo bash










15:32:28




#> /usr/local/arpwatch/arp.dat












15:32:39




#/usr/local/etc/rc.d/syslog-ng.sh stop












15:32:49




#arp -dn





usage: arp [-n] [-i interface] hostname
       arp [-n] [-i interface] -a
       arp -d hostname [pub]
       arp -d -a
       arp -s hostname ether_addr [temp] [pub]
       arp -S hostname ether_addr [temp] [pub]
       arp -f filename











15:32:58




#sudo  user





user is not in the sudoers file.  This incident will be reported.











15:33:25




#exit





exit











15:33:31




$sudo bash












15:33:55




#arp -da


192.168.15.3 (192.168.15.3) deleted
192.168.15.21 (192.168.15.21) deleted
192.168.15.24 (192.168.15.24) deleted
192.168.15.254 (192.168.15.254) deleted











15:34:03




#ls


.ICE-unix               .snap                   Term-VT102-0.82         kde-user                mysql.sock
.X0-lock                .vi                     Term-VT102-0.82.tar.gz  ksocket-user            pipe
.X11-unix               .xf86config7238         Text-Iconv-1.4          lm-saved-51667          vi.psnSHG4Ux6
.XIM-unix               .xf86config7247         Text-Iconv-1.4.tar.gz   lm-saved-8516
.font-unix              .xf86config7256         ad1                     mcop-user











15:34:09




#/usr/local/etc/rc.d/syslog-ng.sh start


Changing permissions on special file /dev/klog











15:34:20




#/usr/local/etc/rc.d/arpwatch.sh start












15:34:42




#ping m01


PING fbsd1.linux.nt (192.168.15.21): 56 data bytes
64 bytes from 192.168.15.21: icmp_seq=0 ttl=64 time=0.335 ms
64 bytes from 192.168.15.21: icmp_seq=1 ttl=64 time=0.215 ms
^C
--- fbsd1.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.215/0.275/0.335/0.060 ms











15:34:49




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory











15:34:53




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
reason=new station
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.15.254
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.21 0:4:75:82:53:43
ip=192.168.15.21
mac=00:04:75:82:53:43
reason=new station
switch port=00:04:75:82:53:43 -> 32 Fa0/18(192.168.12.100)
% nbtscan 192.168.15.21
cant run nbtscan No such file or directory











15:34:59




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:34:47 src@fbsd2 sendmail[16192]: jBLDYl44016192: to=root, ctladdr=user (1001/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30284, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDYlq8016197 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:35:04




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:34:47 src@fbsd2 sendmail[16194]: jBLDYlfk016194: to=root, ctladdr=user (1001/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDYlgu016199 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:35:10




#ping m04


PING fbsd4.linux.nt (192.168.15.24): 56 data bytes
64 bytes from 192.168.15.24: icmp_seq=0 ttl=64 time=0.380 ms
64 bytes from 192.168.15.24: icmp_seq=1 ttl=64 time=0.229 ms
^C
--- fbsd4.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.229/0.304/0.380/0.076 ms











15:35:23




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:34:47 src@fbsd2 sendmail[16193]: jBLDYlWS016193: to=root, ctladdr=user (1001/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30276, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDYlXF016200 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:35:31




#clear












15:35:34




#vi /usr/local/bin/watch-for-new-devices










15:36:34




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:35:22 src@fbsd2 sendmail[16597]: jBLDZLcZ016597: to=root, ctladdr=user (1001/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30289, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDZLQR016601 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:37:25




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:35:22 src@fbsd2 sendmail[16597]: jBLDZLcZ016597: to=root, ctladdr=user (1001/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30289, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDZLQR016601 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:37:26




#ping m03


PING linux3.linux.nt (192.168.15.3): 56 data bytes
64 bytes from 192.168.15.3: icmp_seq=0 ttl=64 time=0.422 ms
64 bytes from 192.168.15.3: icmp_seq=1 ttl=64 time=0.186 ms
64 bytes from 192.168.15.3: icmp_seq=2 ttl=64 time=0.214 ms
^C
--- linux3.linux.nt ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.186/0.274/0.422/0.105 ms











15:37:43




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<29>Dec 21 15:37:41 src@fbsd2 arpwatch: new station 192.168.15.3 0:4:75:75:46:c1
ip=192.168.15.3
mac=00:04:75:75:46:c1
reason=new station
switch port=00:04:75:75:46:c1 -> 31 Fa0/17(192.168.12.100)
% nbtscan 192.168.15.3
cant run nbtscan No such file or directory











15:37:49




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=new station
switch port=00:04:75:75:46:c1 -> 31 Fa0/17(192.168.12.100)
% nbtscan 192.168.15.3
cant run nbtscan No such file or directory
<22>Dec 21 15:37:41 src@fbsd2 sm-mta[17002]: jBLDbfSd017002: from=<user@fbsd2.linux.nt>, size=586, class=0, nrcpts=1, msgid=<200512211337.jBLDbffK016998@fbsd2.linux.nt>, proto=ESMTP, daemon=Daemon0, relay=localhost.linux.nt [127.0.0.1]
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:39:41




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:39:47




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:39:49




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:39:51




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:39:55




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:39:57




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:39:59




#cat arp.log


<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:34:47 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<30>Dec 21 15:37:42 src@fbsd2 arpwatch: bogon 192.168.12.1 0:a:1:d4:d1:39
ip=192.168.12.1
mac=00:0a:01:d4:d1:39
reason=bogon
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.12.1
cant run nbtscan No such file or directory











15:40:34




#sudo vi /etc/rc.conf













15:40:44




#vi /etc/rc.conf










15:41:03




#/usr/local/etc/rc.d/arpwatch.sh stop












15:41:19




#/usr/local/etc/rc.d/syslog-ng.sh stop












15:41:31




#rm arp.log












15:41:34




#rm /usr/local/arpwatch/arp





arp.dat     arp.dat-    arp2ethers











15:41:34




#rm /usr/local/arpwatch/arp.dat












15:42:05




#arp -da


192.168.15.3 (192.168.15.3) deleted
192.168.15.21 (192.168.15.21) deleted
192.168.15.24 (192.168.15.24) deleted
192.168.15.254 (192.168.15.254) deleted











15:42:13




#/usr/local/etc/rc.d/syslog-ng.sh start


Changing permissions on special file /dev/klog











15:42:35




#/usr/local/etc/rc.d/syslog-ng.sh start


io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Error initializing configuration, exiting.











15:43:02




#ifconfig


rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::213:8fff:fe2f:ac5e%rl0 prefixlen 64 scopeid 0x1
        inet 192.168.15.22 netmask 0xffffff00 broadcast 192.168.15.255
        ether 00:13:8f:2f:ac:5e
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000











15:43:19




#ps -waux


USER    PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root     11 94.4  0.0     0     8  ??  RL    9:38AM 336:46.24 [idle]
root    722  0.4  5.5 67992 57480  p0  R     9:39AM   5:44.19 X :0 -nolisten tcp (Xorg)
root      0  0.0  0.0     0     0  ??  WLs   9:38AM   0:00.00 [swapper]
root      1  0.0  0.0   724   356  ??  ILs   9:38AM   0:00.04 /sbin/init --
root      2  0.0  0.0     0     8  ??  DL    9:38AM   0:01.49 [g_event]
root      3  0.0  0.0     0     8  ??  DL    9:38AM   0:02.62 [g_up]
root      4  0.0  0.0     0     8  ??  DL    9:38AM   0:03.48 [g_down]
root      5  0.0  0.0     0     8  ??  DL    9:38AM   0:00.00 [thread taskq]
root      6  0.0  0.0     0     8  ??  DL    9:38AM   0:00.00 [kqueue taskq]
...
user    806  0.0  0.1  1260   820  p2  Is+   9:40AM   0:00.08 script -t 0 -q /home/user/.lilalo/ttyp2-806.script
user    838  0.0  0.2  3196  2208  p3  Is+   9:40AM   0:00.06 /usr/local/bin/bash -i
user   8063  0.0  0.1  1260   820  p4  Ss+  11:23AM   0:01.57 script -t 0 -q /home/user/.lilalo/ttyp4-8063.script
user   8095  0.0  0.2  3244  2380  p5  Is   11:23AM   0:01.26 /usr/local/bin/bash -i
root  16076  0.0  0.2  3200  2320  p5  S     3:33PM   0:00.25 bash
root  17609  0.0  0.1  1452   976  p5  R+    3:43PM   0:00.00 ps -waux
root  13761  0.0  0.1  1260   820  p6  Is+   3:00PM   0:00.06 script -t 0 -q /root/.lilalo/ttyp6-13761.script
root  13797  0.0  0.2  3188  2324  p7  Is+   3:00PM   0:00.04 /usr/local/bin/bash -i
root  15194  0.0  0.1  1260   820  p8  Is+   3:25PM   0:00.04 script -t 0 -q /root/.lilalo/ttyp8-15194.script
root  15234  0.0  0.2  3184  2320  p9  Is+   3:25PM   0:00.04 /usr/local/bin/bash -i











15:43:24




#ps -waux | grep arp















15:43:32




#/usr/local/etc/rc.d/arpwatch.sh stop


No matching processes were found











15:43:42




#/usr/local/etc/rc.d/arpwatch.sh start












15:43:47




#ps -waux | grep arp


root  17643  0.0  0.2  2892  2552  p5  S     3:43PM   0:00.05 /usr/local/sbin/arpwatch
root  17669  0.0  0.0   444   328  p5  R+    3:43PM   0:00.00 grep arp











15:43:49




#/usr/local/etc/rc.d/syslog-ng.sh start


io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Error initializing configuration, exiting.











15:43:56




#cd r/local/etc/syslog-ng/












15:44:34




#ls


syslog-ng.conf          syslog-ng.conf.sample











15:44:35




#vi syslog-ng.conf










15:44:55




#vi /etc/rc.conf










15:45:18




#/usr/local/etc/rc.d/syslog-ng.sh start


io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Error initializing configuration, exiting.











15:45:30




#cd /tmp












15:45:41




#ls


.ICE-unix               .snap                   Term-VT102-0.82         kde-user                mysql.sock
.X0-lock                .vi                     Term-VT102-0.82.tar.gz  ksocket-user            pipe
.X11-unix               .xf86config7238         Text-Iconv-1.4          lm-saved-51667          vi.psnSHG4Ux6
.XIM-unix               .xf86config7247         Text-Iconv-1.4.tar.gz   lm-saved-8516
.font-unix              .xf86config7256         ad1                     mcop-user











15:45:42




#arp





usage: arp [-n] [-i interface] hostname
       arp [-n] [-i interface] -a
       arp -d hostname [pub]
       arp -d -a
       arp -s hostname ether_addr [temp] [pub]
       arp -S hostname ether_addr [temp] [pub]
       arp -f filename











15:45:49




#/etc/rc.





rc.bluetooth  rc.d/         rc.resume     rc.suspend











15:45:49




#/etc/rc.





rc.bluetooth  rc.d/         rc.resume     rc.suspend











15:45:49




#/etc/rc.d/named restart












15:46:43




#/etc/rc.d/routert





route6d  routed











15:46:43




#/etc/rc.d/routedrestart












15:46:59




#/usr/local/etc/rc.d/syslog-ng.sh start


io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Error initializing configuration, exiting.











15:47:02




#/usr/local/etc/rc.d/syslog-ng.sh stop












15:47:17




#/usr/local/etc/rc.d/syslog-ng.sh start


Changing permissions on special file /dev/klog











15:47:24




#ls


.ICE-unix               .snap                   Term-VT102-0.82         kde-user                mysql.sock
.X0-lock                .vi                     Term-VT102-0.82.tar.gz  ksocket-user            pipe
.X11-unix               .xf86config7238         Text-Iconv-1.4          lm-saved-51667          vi.psnSHG4Ux6
.XIM-unix               .xf86config7247         Text-Iconv-1.4.tar.gz   lm-saved-8516
.font-unix              .xf86config7256         ad1                     mcop-user











15:47:25




#ping m02


PING fbsd2.linux.nt (192.168.15.22): 56 data bytes
64 bytes from 192.168.15.22: icmp_seq=0 ttl=64 time=0.069 ms
64 bytes from 192.168.15.22: icmp_seq=1 ttl=64 time=0.049 ms
^C
--- fbsd2.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.049/0.059/0.069/0.010 ms











15:47:36




#ls


.ICE-unix               .snap                   Term-VT102-0.82         kde-user                mysql.sock
.X0-lock                .vi                     Term-VT102-0.82.tar.gz  ksocket-user            pipe
.X11-unix               .xf86config7238         Text-Iconv-1.4          lm-saved-51667          vi.psnSHG4Ux6
.XIM-unix               .xf86config7247         Text-Iconv-1.4.tar.gz   lm-saved-8516
.font-unix              .xf86config7256         ad1                     mcop-user











15:47:38




#ping m01


PING fbsd1.linux.nt (192.168.15.21): 56 data bytes
64 bytes from 192.168.15.21: icmp_seq=0 ttl=64 time=0.387 ms
64 bytes from 192.168.15.21: icmp_seq=1 ttl=64 time=0.217 ms
^C
--- fbsd1.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.217/0.302/0.387/0.085 ms











15:47:48




#ls -al


total 388
drwxrwxrwt  15 root   wheel         1024 Dec 21 15:47 .
drwxr-xr-x  21 root   wheel         1024 Dec 21 09:38 ..
drwxrwxrwt   2 root   wheel          512 Dec 21 09:39 .ICE-unix
-r--r--r--   1 root   wheel           11 Dec 21 09:39 .X0-lock
drwxrwxrwt   2 root   wheel          512 Dec 21 09:39 .X11-unix
drwxrwxrwt   2 root   wheel          512 Dec 21 09:38 .XIM-unix
drwxrwxrwt   2 root   wheel          512 Dec 21 09:38 .font-unix
drwxrwxr-x   2 root   operator       512 Dec 19 12:30 .snap
-r-sr-sr-x   1 root   wheel       281372 Dec 20 10:03 .vi
...
crw-r--r--   1 root   wheel       0,  80 Dec 20 10:07 ad1
-rw-r--r--   1 root   wheel          268 Dec 21 15:47 arp.log
drwx------   2 user   wheel          512 Dec 21 15:38 kde-user
drwx------   2 user   wheel          512 Dec 21 15:38 ksocket-user
-r--r--r--   1 user   wheel         6295 Dec 19 19:22 lm-saved-51667
-r--r--r--   1 user   wheel         5894 Dec 19 17:19 lm-saved-8516
drwx------   3 user   wheel          512 Dec 21 09:39 mcop-user
srwxrwxrwx   1 mysql  wheel            0 Dec 21 09:38 mysql.sock
prw-r--r--   1 root   wheel            0 Dec 19 16:56 pipe
-rw-------   1 user   wheel            0 Dec 21 12:14 vi.psnSHG4Ux6











15:47:51




#cat arp.log


<29>Dec 21 15:47:47 src@fbsd2 arpwatch: new station 192.168.15.21 0:4:75:82:53:43
ip=192.168.15.21
mac=00:04:75:82:53:43
reason=new station
switch port=00:04:75:82:53:43 -> 32 Fa0/18(192.168.12.100)
% nbtscan 192.168.15.21
cant run nbtscan No such file or directory
<22>Dec 21 15:47:47 src@fbsd2 sm-mta[18037]: jBLDllZI018037: from=<user@fbsd2.linux.nt>, size=585, class=0, nrcpts=1, msgid=<200512211347.jBLDllwV018033@fbsd2.linux.nt>, proto=ESMTP, daemon=Daemon0, relay=localhost.linux.nt [127.0.0.1]
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:47:47 src@fbsd2 sendmail[18033]: jBLDllwV018033: to=root, ctladdr=user (1001/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDllZI018037 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:48:19




#cat arp.log


<29>Dec 21 15:47:47 src@fbsd2 arpwatch: new station 192.168.15.21 0:4:75:82:53:43
ip=192.168.15.21
mac=00:04:75:82:53:43
reason=new station
switch port=00:04:75:82:53:43 -> 32 Fa0/18(192.168.12.100)
% nbtscan 192.168.15.21
cant run nbtscan No such file or directory
<22>Dec 21 15:47:47 src@fbsd2 sm-mta[18037]: jBLDllZI018037: from=<user@fbsd2.linux.nt>, size=585, class=0, nrcpts=1, msgid=<200512211347.jBLDllwV018033@fbsd2.linux.nt>, proto=ESMTP, daemon=Daemon0, relay=localhost.linux.nt [127.0.0.1]
ip=127.0.0.1
mac=127.0.0.1
...
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory
<22>Dec 21 15:47:48 src@fbsd2 sendmail[18055]: jBLDlmA5018055: to=root, ctladdr=user (1001/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30292, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (jBLDlmtB018057 Message accepted for delivery)
ip=127.0.0.1
mac=127.0.0.1
reason=127.0.0.1
% nbtscan 127.0.0.1
cant run nbtscan No such file or directory











15:48:20




#vi /etc/rc.conf










15:50:45




#vi /usr/local/etc/syslog-ng/syslog-ng.conf










15:51:49




#/usr/local/etc/rc.d/syslog-ng.sh stop












15:51:57




#/usr/local/etc/rc.d/arpwatch.sh stop












15:52:15




#rm arp.log












15:52:20




#arp -da


192.168.15.21 (192.168.15.21) deleted
192.168.15.22 (192.168.15.22) deleted
192.168.15.24 (192.168.15.24) deleted
192.168.15.254 (192.168.15.254) deleted











15:52:25




#> /usr/local/arpwatch/arp





arp.dat     arp.dat-    arp2ethers











15:52:25




#> /usr/local/arpwatch/arp.dat












15:52:52




#/usr/local/etc/rc.d/syslog-ng.sh start


Changing permissions on special file /dev/klog











15:52:57




#/usr/local/etc/rc.d/arpwatch.sh start












15:53:16




#ping m01


PING fbsd1.linux.nt (192.168.15.21): 56 data bytes
64 bytes from 192.168.15.21: icmp_seq=0 ttl=64 time=0.354 ms
64 bytes from 192.168.15.21: icmp_seq=1 ttl=64 time=0.207 ms
^C
--- fbsd1.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.207/0.280/0.354/0.074 ms











15:53:20




#ping m03


PING linux3.linux.nt (192.168.15.3): 56 data bytes
64 bytes from 192.168.15.3: icmp_seq=0 ttl=64 time=0.423 ms
64 bytes from 192.168.15.3: icmp_seq=1 ttl=64 time=0.221 ms
^C
--- linux3.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.221/0.322/0.423/0.101 ms











15:53:25




#cat arp.log


<29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
reason=new station
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.15.254
cant run nbtscan No such file or directory











15:53:43




#cat arp.log


<29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
...
switch port=00:04:75:82:53:43 -> 32 Fa0/18(192.168.12.100)
% nbtscan 192.168.15.21
cant run nbtscan No such file or directory
<29>Dec 21 15:53:24 src@fbsd2 arpwatch: new station 192.168.15.3 0:4:75:75:46:c1
ip=192.168.15.3
mac=00:04:75:75:46:c1
reason=new station
switch port=00:04:75:75:46:c1 -> 31 Fa0/17(192.168.12.100)
% nbtscan 192.168.15.3
cant run nbtscan No such file or directory









прошло 34 минуты




16:27:43




#cd /var/mail












16:27:47




#ls -al


total 42
drwxrwxr-x   2 root   mail     512 Dec 21 15:54 .
drwxr-xr-x  23 root   wheel    512 Dec 21 11:38 ..
-rw-------   1 cyrus  cyrus      0 Dec 18 21:31 cyrus
-rw-------   1 gdm    gdm        0 Dec 18 21:43 gdm
-rw-------   1 mysql  mysql      0 Dec 19 16:45 mysql
-rw-------   1 root   wheel  37251 Dec 21 15:54 root
-rw-------   1 user   wheel      0 Dec 18 21:51 user











16:27:50




#cat root


        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDlmA5018055
        for root; Wed, 21 Dec 2005 15:47:48 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:47:48 +0200 (EET)
Message-Id: <200512211347.jBLDlmA5018055@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (linux3.linux.nt)
...
Date: Wed, 21 Dec 2005 15:54:22 +0200 (EET)
Message-Id: <200512211354.jBLDsMCH019132@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (ibook.linux.nt)
            hostname: ibook.linux.nt
          ip address: 192.168.15.199
    ethernet address: 0:d:93:c2:15:ac
     ethernet vendor: Apple Computer
           timestamp: Wednesday, December 21, 2005 15:54:21 +0200











16:28:33




#cat root


        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDlmA5018055
        for root; Wed, 21 Dec 2005 15:47:48 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:47:48 +0200 (EET)
Message-Id: <200512211347.jBLDlmA5018055@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (linux3.linux.nt)
...
Date: Wed, 21 Dec 2005 15:54:22 +0200 (EET)
Message-Id: <200512211354.jBLDsMCH019132@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (ibook.linux.nt)
            hostname: ibook.linux.nt
          ip address: 192.168.15.199
    ethernet address: 0:d:93:c2:15:ac
     ethernet vendor: Apple Computer
           timestamp: Wednesday, December 21, 2005 15:54:21 +0200











16:36:54




#vi /usr/local/etc/syslog-ng/syslog-ng.conf










16:43:39




#vi /usr/local/etc/syslog-ng/syslog-ng.conf










16:44:00




#ping m01


PING fbsd1.linux.nt (192.168.15.21): 56 data bytes
64 bytes from 192.168.15.21: icmp_seq=0 ttl=64 time=0.408 ms
64 bytes from 192.168.15.21: icmp_seq=1 ttl=64 time=0.225 ms
^C
--- fbsd1.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.225/0.317/0.408/0.091 ms











16:44:44




#ping m01


PING fbsd1.linux.nt (192.168.15.21): 56 data bytes
64 bytes from 192.168.15.21: icmp_seq=0 ttl=64 time=0.249 ms
^C
--- fbsd1.linux.nt ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.249/0.249/0.249/0.000 ms











16:50:09




#cd /usr/ports












16:52:53




#exit


exit











/dev/ttyp2
16:54:40




$man ppp.conf













/dev/ttyp4
16:54:45




$ssh artem@193.254.233.214


Password:
Last login: Wed Dec 21 16:57:58 2005 from mail.tex.kiev.u
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.
FreeBSD 4.9-RELEASE-p11 (ALL) #0: Thu Sep  8 16:20:31 EEST 2005
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o  Security advisories and updated errata information for all releases are
   at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
   for your release first as it's updated frequently.
...
webalizer-2.1.10_5  A web server log file analysis program pages from program o
wget-1.8.2_6        Retrieve files from the Net via HTTP and FTP
xfree86-dri-4.4.0   OpenGL hardware acceleration drivers for XFree86
xterm-200_2         Terminal emulator for the X Window System
zoo-2.10.1          Manipulate archives of files in compressed formn (.lzh file
php4-tokenizer-4.3.8_2 The tokenizer shared extension for phps
php4-wddx-4.3.8_2   The wddx shared extension for phpision arithmetic
php4-xml-4.3.8_2    The xml shared extension for phpcript
php4-zlib-4.3.8_2   The zlib shared extension for phpript (version 1.5)
php5-5.0.1          PHP Scripting Language (Apache Module and CLI)











16:55:34




$clear










Файлы
  • arp.log
  • root
    • arp.log
    

    >
    <29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.22 0:13:8f:2f:ac:5e
ip=192.168.15.22
mac=00:13:8f:2f:ac:5e
reason=new station
switch port=00:13:8f:2f:ac:5e -> 34 Fa0/20(192.168.12.100)
% nbtscan 192.168.15.22
cant run nbtscan No such file or directory
<29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
ip=192.168.15.254
mac=00:0a:01:d4:d1:39
reason=new station
switch port=00:0a:01:d4:d1:39 -> 38 Fa0/24(192.168.12.100)
% nbtscan 192.168.15.254
cant run nbtscan No such file or directory
<29>Dec 21 15:53:20 src@fbsd2 arpwatch: new station 192.168.15.21 0:4:75:82:53:43
ip=192.168.15.21
mac=00:04:75:82:53:43
reason=new station
switch port=00:04:75:82:53:43 -> 32 Fa0/18(192.168.12.100)
% nbtscan 192.168.15.21
cant run nbtscan No such file or directory
<29>Dec 21 15:53:24 src@fbsd2 arpwatch: new station 192.168.15.3 0:4:75:75:46:c1
ip=192.168.15.3
mac=00:04:75:75:46:c1
reason=new station
switch port=00:04:75:75:46:c1 -> 31 Fa0/17(192.168.12.100)
% nbtscan 192.168.15.3
cant run nbtscan No such file or directory

    root
    

    >
            (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDlmA5018055
        for root; Wed, 21 Dec 2005 15:47:48 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:47:48 +0200 (EET)
Message-Id: <200512211347.jBLDlmA5018055@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (linux3.linux.nt)
            hostname: linux3.linux.nt
          ip address: 192.168.15.3
    ethernet address: 0:4:75:75:46:c1
     ethernet vendor: 3 Com Corporation
           timestamp: Wednesday, December 21, 2005 15:47:47 +0200
From user@fbsd2.linux.nt Wed Dec 21 15:53:20 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBLDrKom018870
        for <root@fbsd2.linux.nt>; Wed, 21 Dec 2005 15:53:20 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDrK88018866
        for root; Wed, 21 Dec 2005 15:53:20 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:53:20 +0200 (EET)
Message-Id: <200512211353.jBLDrK88018866@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (fbsd1.linux.nt)
            hostname: fbsd1.linux.nt
          ip address: 192.168.15.21
    ethernet address: 0:4:75:82:53:43
     ethernet vendor: 3 Com Corporation
           timestamp: Wednesday, December 21, 2005 15:53:19 +0200
From user@fbsd2.linux.nt Wed Dec 21 15:53:20 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBLDrKsQ018871
        for <root@fbsd2.linux.nt>; Wed, 21 Dec 2005 15:53:20 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDrKYZ018864
        for root; Wed, 21 Dec 2005 15:53:20 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:53:20 +0200 (EET)
Message-Id: <200512211353.jBLDrKYZ018864@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (fbsd2.linux.nt)
            hostname: fbsd2.linux.nt
          ip address: 192.168.15.22
    ethernet address: 0:13:8f:2f:ac:5e
     ethernet vendor: <unknown>
           timestamp: Wednesday, December 21, 2005 15:53:19 +0200
From user@fbsd2.linux.nt Wed Dec 21 15:53:20 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBLDrKjm018872
        for <root@fbsd2.linux.nt>; Wed, 21 Dec 2005 15:53:20 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDrKr8018865
        for root; Wed, 21 Dec 2005 15:53:20 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:53:20 +0200 (EET)
Message-Id: <200512211353.jBLDrKr8018865@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (linux.nt)
            hostname: linux.nt
          ip address: 192.168.15.254
    ethernet address: 0:a:1:d4:d1:39
     ethernet vendor: SOHOware, Inc.
           timestamp: Wednesday, December 21, 2005 15:53:19 +0200
From user@fbsd2.linux.nt Wed Dec 21 15:53:24 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBLDrOJ0018933
        for <root@fbsd2.linux.nt>; Wed, 21 Dec 2005 15:53:24 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDrOvu018932
        for root; Wed, 21 Dec 2005 15:53:24 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:53:24 +0200 (EET)
Message-Id: <200512211353.jBLDrOvu018932@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (linux3.linux.nt)
            hostname: linux3.linux.nt
          ip address: 192.168.15.3
    ethernet address: 0:4:75:75:46:c1
     ethernet vendor: 3 Com Corporation
           timestamp: Wednesday, December 21, 2005 15:53:23 +0200
From user@fbsd2.linux.nt Wed Dec 21 15:54:22 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBLDsMnH019139
        for <root@fbsd2.linux.nt>; Wed, 21 Dec 2005 15:54:22 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDsM3S019133
        for root; Wed, 21 Dec 2005 15:54:22 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:54:22 +0200 (EET)
Message-Id: <200512211354.jBLDsM3S019133@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (fbsd4.linux.nt)
            hostname: fbsd4.linux.nt
          ip address: 192.168.15.24
    ethernet address: 0:a:5e:5:36:92
     ethernet vendor: 3COM Corporation
           timestamp: Wednesday, December 21, 2005 15:54:22 +0200
From user@fbsd2.linux.nt Wed Dec 21 15:54:22 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBLDsM3v019137
        for <root@fbsd2.linux.nt>; Wed, 21 Dec 2005 15:54:22 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBLDsMCH019132
        for root; Wed, 21 Dec 2005 15:54:22 +0200 (EET)
        (envelope-from user)
Date: Wed, 21 Dec 2005 15:54:22 +0200 (EET)
Message-Id: <200512211354.jBLDsMCH019132@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station (ibook.linux.nt)
            hostname: ibook.linux.nt
          ip address: 192.168.15.199
    ethernet address: 0:d:93:c2:15:ac
     ethernet vendor: Apple Computer
           timestamp: Wednesday, December 21, 2005 15:54:21 +0200

    Статистика
    Время первой команды журнала15:31:27 2006-12-21
    Время последней команды журнала16:55:34 2006-12-21
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %10.89
    Процент синтаксически неверно набранных команд, % 0.00
    Суммарное время работы с терминалом *, час 0.84
    Количество командных строк в единицу времени, команда/мин 2.02
    Частота использования команд
    cat22|===================| 19.64%
    /usr/local/etc/rc.d/syslog-ng.sh12|==========| 10.71%
    ping9|========|  8.04%
    vi9|========|  8.04%
    ls7|======|  6.25%
    /usr/local/etc/rc.d/arpwatch.sh6|=====|  5.36%
    arp6|=====|  5.36%
    sudo5|====|  4.46%
    >4|===|  3.57%
    rm4|===|  3.57%
    cd4|===|  3.57%
    arp.dat4|===|  3.57%
    ps3|==|  2.68%
    /etc/rc.2|=|  1.79%
    bash2|=|  1.79%
    grep2|=|  1.79%
    clear2|=|  1.79%
    exit2|=|  1.79%
    ifconfig1||  0.89%
    man1||  0.89%
    /etc/rc.d/routert1||  0.89%
    /etc/rc.d/named1||  0.89%
    user1||  0.89%
    /etc/rc.d/routedrestart1||  0.89%
    ssh1||  0.89%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$