14:23:01
|
#telnet ya.ru 80
Trying 213.180.204.8... telnet: connect to address 213.180.204.8: Permission denied telnet: Unable to connect to remote host |
| /l3/trainings/xg-ids/2005-12-19/fbsd2.linux.nt/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 |
|
|
#ipfw add 10llow tcp from any to me 22
00010 allow tcp from any to me dst-port 22 |
|
#ipfw show
00010 0 0 allow tcp from any to me dst-port 22 65000 27 3962 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#ipfw add 100deny tcp from any to any setup via rl0
00100 deny tcp from any to any setup via rl0 |
|
#ipfw show
00010 0 0 allow tcp from any to me dst-port 22 00100 2 128 deny tcp from any to any setup via rl0 65000 35 4956 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#telnet ya.ru 80
Trying 213.180.204.8... telnet: connect to address 213.180.204.8: Permission denied telnet: Unable to connect to remote host |
|
#ipfw add 11 allow tcp from any to me 23
00011 allow tcp from any to me dst-port 23 |
|
#ipfshow
bash: ipfshow: command not found |
|
#ipfwhow
bash: ipfwshow: command not found |
|
#ipfw how
00010 69 6260 allow tcp from any to me dst-port 22 00011 0 0 allow tcp from any to me dst-port 23 00100 9006 428748 deny tcp from any to any setup via rl0 65000 169 18656 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#ipfw show
00010 71 6340 allow tcp from any to me dst-port 22 00011 1 40 allow tcp from any to me dst-port 23 00100 9064 432316 deny tcp from any to any setup via rl0 65000 175 18876 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#ipfw show
00010 71 6340 allow tcp from any to me dst-port 22 00011 1 40 allow tcp from any to me dst-port 23 00100 9081 433404 deny tcp from any to any setup via rl0 65000 175 18876 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
$sudo tcpdump -n -i rl0
Password: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 14:36:40.105803 802.1d config 8000.00:03:e3:6c:37:80.8022 root 8000.00:03:e3:6c:37:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 14:36:42.108425 802.1d config 8000.00:03:e3:6c:37:80.8022 root 8000.00:03:e3:6c:37:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 14:36:44.110240 802.1d config 8000.00:03:e3:6c:37:80.8022 root 8000.00:03:e3:6c:37:80 pathcost 0 age 0 max 20 hello 2 fdelay 15 ^C 3 packets captured 4 packets received by filter 0 packets dropped by kernel |
|
$sudo tcpdump -n -i rl0 icmp or udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 14:37:12.353496 IP 192.168.15.22.50418 > 192.168.15.254.53: 19349+ A? mail.ru. (25) 14:37:14.655264 IP 192.168.15.254.53 > 192.168.15.22.50418: 19349 1/6/0 A 194.67.57.26 (148) 14:37:14.656206 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:37:14.656765 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:37:14.657322 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:37:14.658573 IP 10.0.1.1 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:14.660949 IP 10.0.1.1 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:14.665009 IP 10.0.1.1 > 192.168.15.22: ICMP time exceeded in-transit, length 36 ... 14:37:30.175295 IP 194.186.156.33 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:30.307901 IP 194.186.156.33 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:30.438645 IP 194.186.156.33 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:30.580546 IP 194.186.157.70 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:30.712472 IP 194.186.157.70 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:37:30.845914 IP 194.186.157.70 > 192.168.15.22: ICMP time exceeded in-transit, length 36 ^C 23 packets captured 78 packets received by filter 0 packets dropped by kernel |
|
#traceroute -n mail.ru
traceroute to mail.ru (194.67.57.26), 64 hops max, 40 byte packets 1 192.168.15.254 0.558 ms 0.513 ms 0.951 ms 2 10.0.1.1 2.380 ms 4.023 ms 6.014 ms 3 * * * 4 62.64.113.245 40.531 ms 40.054 ms 40.091 ms 5 212.109.37.9 42.398 ms 42.059 ms 39.844 ms 6 85.223.224.99 41.671 ms 43.734 ms 40.189 ms 7 194.186.156.33 130.912 ms 132.548 ms 130.681 ms 8 194.186.157.70 141.851 ms 131.868 ms 133.387 ms 9 *^C |
|
$sudo tcpdump -n -i rl0 icmp or udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 3 packets received by filter 0 packets dropped by kernel |
|
#traceroute -n mail.ru
traceroute to mail.ru (194.67.57.26), 64 hops max, 40 byte packets 1 192.168.15.254 1.650 ms 1.801 ms 5.179 ms 2 10.0.1.1 2.713 ms 12.726 ms 2.182 ms 3 * * * 4 62.64.113.245 46.053 ms 40.696 ms 43.062 ms 5 212.109.37.9 52.009 ms 40.490 ms 41.389 ms 6 85.223.224.99 235.462 ms 241.050 ms 215.305 ms 7 194.186.156.33 139.261 ms 134.888 ms 140.440 ms 8 194.186.157.70 132.208 ms 132.310 ms 131.592 ms 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * ^C |
|
$sudo tcpdump -n -i rl0 icmp or udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 14:38:02.647132 IP 192.168.15.22.51819 > 192.168.15.254.53: 56069+ A? mail.ru. (25) 14:38:02.647785 IP 192.168.15.254.53 > 192.168.15.22.51819: 56069 1/6/0 A 194.67.57.26 (148) 14:38:02.648552 IP 192.168.15.22.34870 > 194.67.57.26.33435: UDP, length 12 14:38:02.648712 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:38:02.650277 IP 192.168.15.22.34870 > 194.67.57.26.33436: UDP, length 12 14:38:02.650396 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:38:02.652123 IP 192.168.15.22.34870 > 194.67.57.26.33437: UDP, length 12 14:38:02.652240 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 ... 14:38:19.180676 IP 194.186.157.70 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:38:19.180853 IP 192.168.15.22.34870 > 194.67.57.26.33457: UDP, length 12 14:38:19.313049 IP 194.186.157.70 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:38:19.313216 IP 192.168.15.22.34870 > 194.67.57.26.33458: UDP, length 12 14:38:19.444333 IP 194.186.157.70 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:38:19.444888 IP 192.168.15.22.34870 > 194.67.57.26.33459: UDP, length 12 ^C 48 packets captured 63 packets received by filter 0 packets dropped by kernel |
|
#traceroute -n ukr.net
traceroute to ukr.net (212.42.64.8), 64 hops max, 40 byte packets 1 192.168.15.254 0.558 ms 0.505 ms 4.037 ms 2 10.0.1.1 3.004 ms 1.929 ms 1.112 ms 3 * * * 4 62.64.113.245 48.999 ms 41.758 ms 40.060 ms 5 212.109.37.9 42.995 ms 41.227 ms 42.056 ms 6 85.223.224.101 41.518 ms 41.655 ms 40.552 ms 7 195.35.65.8 42.655 ms 43.215 ms 42.813 ms ^C |
|
$sudo tcpdump -n -i rl0 icmp or udp
14:40:37.689142 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:40:37.689475 IP 192.168.15.22.34926 > 64.21.37.199.33437: UDP, length 12 14:40:37.689591 IP 192.168.15.254 > 192.168.15.22: ICMP time exceeded in-transit, length 48 14:40:37.690051 IP 192.168.15.22.34926 > 64.21.37.199.33438: UDP, length 12 14:40:37.690546 IP 10.0.1.1 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:40:37.693102 IP 192.168.15.22.34926 > 64.21.37.199.33439: UDP, length 12 14:40:37.701753 IP 10.0.1.1 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:40:37.708042 IP 192.168.15.22.34926 > 64.21.37.199.33440: UDP, length 12 14:40:37.708532 IP 10.0.1.1 > 192.168.15.22: ICMP time exceeded in-transit, length 36 14:40:37.714310 IP 192.168.15.22.34926 > 64.21.37.199.33441: UDP, length 12 ... 14:41:46.174617 IP 212.42.64.8 > 192.168.15.22: ICMP echo reply, id 34935, seq 23, length 40 14:41:46.174777 IP 192.168.15.22 > 212.42.64.8: ICMP echo request, id 34935, seq 24, length 40 14:41:46.214266 IP 212.42.64.8 > 192.168.15.22: ICMP echo reply, id 34935, seq 24, length 40 14:41:59.877035 IP 192.168.15.254.32824 > 192.168.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 14:42:00.146915 IP 192.168.15.254.32824 > 192.168.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 14:42:00.416904 IP 192.168.15.254.32824 > 192.168.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST ^C 196 packets captured 302 packets received by filter 0 packets dropped by kernel |
|
#traceroute -n alba.org.ua
traceroute to alba.org.ua (64.21.37.199), 64 hops max, 40 byte packets
1 192.168.15.254 0.472 ms 0.410 ms 0.511 ms
2 10.0.1.1 2.991 ms 14.871 ms 6.215 ms
3 * * *
4 62.64.113.245 45.010 ms 40.371 ms 45.141 ms
5 212.109.37.9 50.680 ms 40.262 ms 40.570 ms
6 85.223.224.18 82.581 ms 82.899 ms 201.574 ms
7 166.63.204.97 82.906 ms 82.588 ms 82.660 ms
8 166.63.193.205 81.177 ms 85.857 ms 84.865 ms
9 195.2.10.78 91.189 ms 81.794 ms 82.881 ms
10 195.2.10.149 94.645 ms 97.524 ms 96.286 ms
11 195.2.10.154 98.145 ms 96.138 ms 96.492 ms
12 195.2.10.146 106.303 ms 101.498 ms 103.651 ms
13 195.2.10.125 113.770 ms 182.815 ms 106.189 ms
14 *
195.66.224.94 104.482 ms 104.132 ms
15 209.123.11.209 177.206 ms 177.129 ms 177.362 ms
16 209.123.11.62 176.142 ms 180.166 ms 182.931 ms
17 64.21.37.199 184.209 ms 180.068 ms 177.607 ms
|
|
#traceroute -I ukr.net
traceroute to ukr.net (212.42.64.8), 64 hops max, 60 byte packets 1 192.168.15.254 3.290 ms 0.958 ms 6.003 ms 2 10.0.1.1 3.910 ms 9.950 ms 4.962 ms 3 * * * 4 62.64.113.245 44.995 ms 38.661 ms 38.416 ms 5 212.109.37.9 44.864 ms 39.354 ms 45.431 ms 6 85.223.224.101 44.920 ms 39.128 ms 38.744 ms 7 195.35.65.8 43.959 ms 40.207 ms 41.413 ms 8 212.42.64.8 45.251 ms 39.571 ms 39.596 ms |
|
#clear
|
|
#ipfw show
00010 71 6340 allow tcp from any to me dst-port 22 00011 1 40 allow tcp from any to me dst-port 23 00100 14780 798140 deny tcp from any to any setup via rl0 65000 502 37558 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#ipfw delete 100
|
|
#ipfw add 100 resetfrom any to any setup via rl0
00100 reset tcp from any to any setup via rl0 |
|
#ipfw show
00010 71 6340 allow tcp from any to me dst-port 22 00011 1 40 allow tcp from any to me dst-port 23 00100 2 128 reset tcp from any to any setup via rl0 65000 561 67488 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#telnet 127.0.0.1 80
Trying 127.0.0.1... Connected to localhost.linux.nt. Escape character is '^]'. Connection closed by foreign host. |
|
#telnet 127.0.0.1 80
Trying 127.0.0.1... Connected to localhost.linux.nt. Escape character is '^]'. ^C Connection closed by foreign host. |
|
$sudo tcpdump -n -i rl0 port 26
Password: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 14:54:32.276430 IP 192.168.15.254.58650 > 192.168.15.22.26: F 0:0(0) win 4096 14:54:32.276488 IP 192.168.15.22.26 > 192.168.15.254.58650: R 0:0(0) ack 0 win 0 ^C 2 packets captured 40 packets received by filter 0 packets dropped by kernel |
|
$sudo tcpdump -n -i rl0 port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 14:55:31.954786 IP 192.168.15.254.57017 > 192.168.15.22.22: F 0:0(0) win 3072 14:55:32.264451 IP 192.168.15.254.57018 > 192.168.15.22.22: F 0:0(0) win 3072 ^C 2 packets captured 53 packets received by filter 0 packets dropped by kernel |
|
$ipfw -d show
ipfw: socket: Operation not permitted |
|
$sudo -d show
Password: 00005 866 78177 allow tcp from any to me dst-port 22 keep-state 00011 6 240 allow tcp from any to me dst-port 23 00050 517 64547 allow tcp from me to any out keep-state 00150 3318 132720 reset tcp from any to any 65000 9081 423371 allow ip from any to any 65535 111 7281 deny ip from any to any ## Dynamic rules (5): 00005 4 259 (293s) STATE tcp 192.168.15.254 55136 <-> 192.168.15.22 22 |
|
$sudo ipfw -d show
00005 903 85600 allow tcp from any to me dst-port 22 keep-state 00011 6 240 allow tcp from any to me dst-port 23 00050 536 66734 allow tcp from me to any out keep-state 00150 3318 132720 reset tcp from any to any 65000 9101 425166 allow ip from any to any 65535 111 7281 deny ip from any to any ## Dynamic rules (8): 00005 36 7363 (298s) STATE tcp 192.168.15.3 33605 <-> 192.168.15.22 22 00005 4 259 (234s) STATE tcp 192.168.15.254 55136 <-> 192.168.15.22 22 |
|
$sudo ipfw -d show
00005 955 89936 allow tcp from any to me dst-port 22 keep-state 00011 6 240 allow tcp from any to me dst-port 23 00050 560 69871 allow tcp from me to any out keep-state 00150 3318 132720 reset tcp from any to any 65000 9101 425166 allow ip from any to any 65535 111 7281 deny ip from any to any ## Dynamic rules (11): 00005 88 11699 (1s) STATE tcp 192.168.15.3 33605 <-> 192.168.15.22 22 00005 4 259 (213s) STATE tcp 192.168.15.254 55136 <-> 192.168.15.22 22 |
|
$sudo ipfw -d show
00005 955 89936 allow tcp from any to me dst-port 22 keep-state 00011 6 240 allow tcp from any to me dst-port 23 00050 568 71231 allow tcp from me to any out keep-state 00150 3318 132720 reset tcp from any to any 65000 9104 425400 allow ip from any to any 65535 111 7281 deny ip from any to any ## Dynamic rules (12): 00005 4 259 (191s) STATE tcp 192.168.15.254 55136 <-> 192.168.15.22 22 |
|
$sudo ipfw -d show
00005 1213 117782 allow tcp from any to me dst-port 22 keep-state 00011 6 240 allow tcp from any to me dst-port 23 00050 659 84585 allow tcp from me to any out keep-state 00150 3318 132720 reset tcp from any to any 65000 9130 427476 allow ip from any to any 65535 111 7281 deny ip from any to any ## Dynamic rules (23): 00005 253 27578 (2995s) STATE tcp 192.168.15.254 55137 <-> 192.168.15.22 22 |
|
$sudo nmap 193.254.233.214
Password: Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-12-22 16:03 EET Interesting ports on hotel.so.net.ua (193.254.233.214): (The 1581 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 12/tcp open unknown 20/tcp open ftp-data 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp ... 2432/tcp open codasrv 2602/tcp open ripd 6105/tcp open isdninfo 13705/tcp open VeritasNetbackup 13708/tcp open VeritasNetbackup 20005/tcp open btx 22370/tcp open hpnpd 27004/tcp open flexlm4 27010/tcp open flexlm10 Nmap finished: 1 IP address (1 host up) scanned in 33.580 seconds |
|
$clear
|
|
$man pcmail-srv
|
|
$sd /usr/ports/
bash: sd: command not found |
|
$c /usr/ports/
|
|
$make search name=pcmail-srv
|
|
#ipfw show
00005 2362 262890 allow tcp from any to me dst-port 22 keep-state 00011 6 240 allow tcp from any to me dst-port 23 00050 5358 796233 allow tcp from me to any out keep-state 00150 3318 132720 reset tcp from any to any 65000 9367 451507 allow ip from any to any 65535 111 7281 deny ip from any to any |
|
#ipfw flush
Are you sure? [yn] y Flushed all rules. |
|
#ipfw show
65535 118 7757 deny ip from any to any |
|
#ipfw add 65000 9367 451507 allow ip from any to any
ipfw: invalid action 9367 |
|
#ipfw add 65000 allow ip from any to any
65000 allow ip from any to any |
|
#ipfw show
65000 8 2391 allow ip from any to any 65535 145 9849 deny ip from any to any |
|
#ping ya.ru
PING ya.ru (213.180.204.8): 56 data bytes 64 bytes from 213.180.204.8: icmp_seq=0 ttl=50 time=142.051 ms 64 bytes from 213.180.204.8: icmp_seq=1 ttl=50 time=138.575 ms ^C --- ya.ru ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 138.575/140.313/142.051/1.738 ms |
|
#pkg_info | grep scanlog
scanlogd-2.2.5_2 TCP port scan detection tool |
|
#ps -waux | grep shut
root 36517 0.0 0.1 1508 1024 p5 S+ 4:41PM 0:00.00 grep shut |
|
#cat /etc/f
fbtab fstab ftpusers |
|
#cat /etc/
Display all 100 possibilities? (y or n) X11/ fstab mac.conf nsswitch.conf rc rpc aliases ftpusers mail/ ntp/ rc.bluetooth security/ amd.map gettytab mail.rc opieaccess rc.bsdextended services apmd.conf gnats/ make.conf opiekeys rc.conf shells auth.conf group manpath.config pam.d/ rc.d/ skel/ bluetooth/ host.conf manpath.config.bak passwd rc.firewall snmpd.config crontab hosts master.passwd pccard_ether rc.firewall6 spwd.db csh.cshrc hosts.allow motd periodic/ rc.initdiskless ssh/ csh.login hosts.equiv mtree/ pf.conf rc.local ssl/ csh.logout hosts.lpd my.firewall pf.os rc.resume sysctl.conf defaults/ inetd.conf namedb/ phones rc.sendmail syslog.conf devd.conf isdn/ netconfig portsnap.conf rc.shutdown termcap devfs.conf localtime netstart ppp/ rc.subr ttys dhclient.conf locate.rc network.subr printcap rc.suspend usbd.conf disktab login.access networks profile remote wall_cmos_clock dumpdates login.conf newsyslog.conf protocols resolv.conf fbtab login.conf.db nsmb.conf pwd.db rmt |
|
#cat /etc/
Display all 100 possibilities? (y or n) |
|
#cat /etc/rc.firewall
net="192.0.2.0"
mask="255.255.255.0"
ip="192.0.2.1"
setup_loopback
# Allow any traffic to or from my own net.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
...
setup_loopback
;;
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
if [ -r "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
fi
;;
esac
|
|
#find / -name firewall
/usr/share/examples/ipfilter/firewall /usr/src/contrib/ipfilter/rules/firewall |
|
#tail /var/log/messages
Dec 22 16:44:04 src@fbsd2 scanlogd: 192.168.15.254 to 192.168.15.22 ports 22, 2784, 1536, 505, 638, 270, 1490, 1989, 92, ..., ??rp?uxy, TOS 00 @16:44:04 Dec 22 16:44:05 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:06 src@fbsd2 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:44:08 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:09 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:10 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:12 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:13 src@fbsd2 Limiting closed port RST response from 326 to 200 packets/sec Dec 22 16:44:14 src@fbsd2 Limiting closed port RST response from 322 to 200 packets/sec Dec 22 16:48:52 src@fbsd2 scanlogd: 192.168.15.254 to 192.168.15.22 ports 716, 2017, 1542, 1486, 365, 697, 532, 1350, 1, ..., fSrpauxy, TOS 00 @16:48:52 |
|
#tail /var/log/messages
Dec 22 16:44:05 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:06 src@fbsd2 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:44:08 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:09 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:10 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:12 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:13 src@fbsd2 Limiting closed port RST response from 326 to 200 packets/sec Dec 22 16:44:14 src@fbsd2 Limiting closed port RST response from 322 to 200 packets/sec Dec 22 16:48:52 src@fbsd2 scanlogd: 192.168.15.254 to 192.168.15.22 ports 716, 2017, 1542, 1486, 365, 697, 532, 1350, 1, ..., fSrpauxy, TOS 00 @16:48:52 Dec 22 16:50:21 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 |
|
#tail /var/log/messages
Dec 22 16:44:05 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:06 src@fbsd2 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:44:08 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:09 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:10 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:12 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:13 src@fbsd2 Limiting closed port RST response from 326 to 200 packets/sec Dec 22 16:44:14 src@fbsd2 Limiting closed port RST response from 322 to 200 packets/sec Dec 22 16:48:52 src@fbsd2 scanlogd: 192.168.15.254 to 192.168.15.22 ports 716, 2017, 1542, 1486, 365, 697, 532, 1350, 1, ..., fSrpauxy, TOS 00 @16:48:52 Dec 22 16:50:21 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 |
|
#tail /var/log/messages
Dec 22 16:44:05 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:06 src@fbsd2 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:44:08 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:09 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:10 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:12 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:13 src@fbsd2 Limiting closed port RST response from 326 to 200 packets/sec Dec 22 16:44:14 src@fbsd2 Limiting closed port RST response from 322 to 200 packets/sec Dec 22 16:48:52 src@fbsd2 scanlogd: 192.168.15.254 to 192.168.15.22 ports 716, 2017, 1542, 1486, 365, 697, 532, 1350, 1, ..., fSrpauxy, TOS 00 @16:48:52 Dec 22 16:50:21 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 |
|
#tail /var/log/messages
Dec 22 16:44:05 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:06 src@fbsd2 Limiting closed port RST response from 367 to 200 packets/sec Dec 22 16:44:08 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:09 src@fbsd2 Limiting closed port RST response from 379 to 200 packets/sec Dec 22 16:44:10 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:12 src@fbsd2 Limiting closed port RST response from 380 to 200 packets/sec Dec 22 16:44:13 src@fbsd2 Limiting closed port RST response from 326 to 200 packets/sec Dec 22 16:44:14 src@fbsd2 Limiting closed port RST response from 322 to 200 packets/sec Dec 22 16:48:52 src@fbsd2 scanlogd: 192.168.15.254 to 192.168.15.22 ports 716, 2017, 1542, 1486, 365, 697, 532, 1350, 1, ..., fSrpauxy, TOS 00 @16:48:52 Dec 22 16:50:21 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 |
|
#tail /var/log/messages
Dec 22 16:56:59 src@fbsd2 scanlogd: 212.98.224.170:34969 to 192.168.15.3 ports 554, 256, 80, 3389, 113, 53, 443, ..., fSrpauxy, TOS 00 @16:56:59 Dec 22 16:56:59 src@fbsd2 scanlogd: 73.195.82.64:34969 to 192.168.15.3 ports 554, 256, 80, 3389, 113, 53, 443, ..., fSrpauxy, TOS 00 @16:56:59 Dec 22 16:56:59 src@fbsd2 scanlogd: More possible port scans follow Dec 22 17:00:22 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 Dec 22 17:02:35 src@fbsd2 scanlogd: 192.168.15.22 to 192.168.15.24 and others, ports 342, 330, 5800, 5145, 2020, 5400, ..., ??rp?uxy, TOS 00 @17:02:35 Dec 22 17:02:35 src@fbsd2 scanlogd: 6.62.9.144:40574 to 192.168.15.21 ports 3389, 389, 554, 443, 21, 1723, 113, 256, ..., fSrpauxy, TOS 00 @17:02:35 Dec 22 17:02:35 src@fbsd2 scanlogd: 102.214.164.167:40574 to 192.168.15.21 ports 3389, 389, 554, 443, 21, 1723, 113, 256, ..., fSrpauxy, TOS 00 @17:02:35 Dec 22 17:02:35 src@fbsd2 scanlogd: 159.64.175.24:40574 to 192.168.15.21 ports 3389, 389, 554, 443, 21, 1723, 113, 256, ..., fSrpauxy, TOS 00 @17:02:35 Dec 22 17:02:35 src@fbsd2 scanlogd: 251.16.85.137:40574 to 192.168.15.21 ports 3389, 389, 554, 443, 21, 1723, 113, 256, ..., fSrpauxy, TOS 00 @17:02:35 Dec 22 17:02:35 src@fbsd2 scanlogd: More possible port scans follow |
|
#cat /etc/groups
cat: /etc/groups: No such file or directory |
|
#vipw
toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin ... ~ ~ ~ ~ ~ ~ ~ ~ :q! vipw: no changes made |
|
#find / -name group
/usr/share/examples/etc/group /usr/src/etc/group /usr/src/release/picobsd/mfs_tree/etc/group /usr/X11R6/lib/X11/xkb/symbols/group /etc/group |
|
#cat /etc/group
# $FreeBSD: src/etc/group,v 1.32 2005/06/06 20:19:56 brooks Exp $ # wheel:*:0:root daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root mail:*:6: bin:*:7: ... dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: cyrus:*:60: gdm:*:92: gnokii:*:1001: mysql:*:88: scanlogd:*:1002: |
|
#ipfw show
65000 113574 4805894 allow ip from any to any 65535 145 9849 deny ip from any to any |
|
#ipfw add 00010 allow tcp from any to me dst-port 22
00010 allow tcp from any to me dst-port 22 |
|
#ipfw flush
Are you sure? [yn] y Flushed all rules. |
|
#/etc/rc.d/
Display all 129 possibilities? (y or n) |
|
#/etc/rc.d/ipfw restart
net.inet.ip.fw.enable: 1 -> 0 Starting divert daemons:Flushed all rules. 00005 allow tcp from any to me dst-port 22 keep-state 00011 allow tcp from any to me dst-port 23 00050 allow tcp from me to any out keep-state 00150 reset tcp from any to any 65000 allow ip from any to any Firewall rules loaded. net.inet.ip.fw.enable: 0 -> 1 |
|
#ipfw delete 150
|
|
#ipfw flush
Are you sure? [yn] n |
|
#ipfw show
00005 0 0 allow tcp from any to me dst-port 22 keep-state 00011 0 0 allow tcp from any to me dst-port 23 00050 30 4253 allow tcp from me to any out keep-state 65000 3 234 allow ip from any to any 65535 162 10937 deny ip from any to any |
|
#ipfw add 00150 reset tcp from any to any
00150 reset tcp from any to any |
|
#ipfw delete 150
|
|
#ipfw add 00150 reset tcp from any to any log
ipfw: unrecognised option [-1] log |
|
#ipfw delete 150
ipfw: rule 150: setsockopt(IP_FW_DEL): Invalid argument |
|
#ipfw shoe
ipfw: bad command `shoe' |
|
#ipfw show
00005 3 252 allow tcp from any to me dst-port 22 keep-state 00011 0 0 allow tcp from any to me dst-port 23 00050 81 10107 allow tcp from me to any out keep-state 65000 6 468 allow ip from any to any 65535 162 10937 deny ip from any to any |
|
#ipfw add 150 log t tcp from any to any log
ipfw: invalid action log |
|
#ipfw add 150 reset log from any to any log
ipfw: unrecognised option [-1] log |
|
#ipfw add 150 reset log tcp from any to any
00150 reset log tcp from any to any |
|
#ipfw show
00005 17 3831 allow tcp from any to me dst-port 22 keep-state 00011 0 0 allow tcp from any to me dst-port 23 00050 113 14028 allow tcp from me to any out keep-state 00150 0 0 reset log tcp from any to any 65000 12 936 allow ip from any to any 65535 162 10937 deny ip from any to any |
|
#sysctl -a | grep ipfw
net.link.ether.ipfw: 0 |
|
#sysctl -a | grep fw
net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 3000 net.inet.ip.fw.static_count: 6 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 18 ... net.inet.ip.fw.enable: 1 net.link.ether.ipfw: 0 debug.fwmem_debug: 0 debug.if_fwe_debug: 0 hw.firewire.fwmem.eui64_hi: 0 hw.firewire.fwmem.eui64_lo: 0 hw.firewire.fwmem.speed: 2 hw.firewire.fwe.stream_ch: 1 hw.firewire.fwe.tx_speed: 2 hw.firewire.fwe.rx_queue_len: 128 |
|
#tail -f /var/log/security
Dec 18 19:53:16 fbsd2 newsyslog[277]: logfile first created ^C |
|
#sysctl net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose: 0 -> 1 |
|
#tail -f /var/log/security
Dec 18 19:53:16 fbsd2 newsyslog[277]: logfile first created ^C |
|
#sysctl -a | grep fw
net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 3000 net.inet.ip.fw.static_count: 6 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 26 ... net.inet.ip.fw.enable: 1 net.link.ether.ipfw: 0 debug.fwmem_debug: 0 debug.if_fwe_debug: 0 hw.firewire.fwmem.eui64_hi: 0 hw.firewire.fwmem.eui64_lo: 0 hw.firewire.fwmem.speed: 2 hw.firewire.fwe.stream_ch: 1 hw.firewire.fwe.tx_speed: 2 hw.firewire.fwe.rx_queue_len: 128 |
|
#tail -f /var/log/security
Dec 18 19:53:16 fbsd2 newsyslog[277]: logfile first created ^C |
|
$ssh artem@193.254.233.214
ip="192.0.2.1"
setup_loopback
# Allow any traffic to or from my own net.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
...
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
if [ -r "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
fi
;;
esac
[root@roomsdhcp rc.d]#
[root@roomsdhcp rc.d]#cat /etc/rc.firewall | less
|
|
#ipfw show
00005 121 14715 allow tcp from any to me dst-port 22 keep-state 00011 0 0 allow tcp from any to me dst-port 23 00050 252 32063 allow tcp from me to any out keep-state 00150 1 60 reset log tcp from any to any 65000 54 5051 allow ip from any to any 65535 162 10937 deny ip from any to any |
|
#ipfw show
00005 8368 7152371 allow tcp from any to me dst-port 22 keep-state 00011 0 0 allow tcp from any to me dst-port 23 00050 263 33358 allow tcp from me to any out keep-state 00150 1 60 reset log tcp from any to any 65000 93 8292 allow ip from any to any 65535 162 10937 deny ip from any to any |
|
#tail -f /var/log/security
Dec 18 19:53:16 fbsd2 newsyslog[277]: logfile first created Dec 22 17:29:08 src@fbsd2 ipfw: 150 Reset TCP 192.168.15.254:57843 192.168.15.22:11 in via rl0 ^C |
|
#tail -f /var/log/messages
Dec 22 17:04:59 src@fbsd2 Limiting closed port RST response from 282 to 200 packets/sec Dec 22 17:05:01 src@fbsd2 Limiting closed port RST response from 302 to 200 packets/sec Dec 22 17:07:06 src@fbsd2 scanlogd: 10.10.10.10:53613 to 192.168.15.22 ports 12345, 225, 358, 3128, 159, 313, 150, 125, ..., fSrpauxy, TOS 00 @17:07:06 Dec 22 17:07:06 src@fbsd2 scanlogd: 192.168.15.24:53613 to 192.168.15.22 ports 12345, 225, 358, 3128, 159, 313, 150, 125, ..., fSrpauxy, TOS 00 @17:07:06 Dec 22 17:07:07 src@fbsd2 Limiting closed port RST response from 302 to 200 packets/sec Dec 22 17:07:08 src@fbsd2 Limiting closed port RST response from 238 to 200 packets/sec Dec 22 17:07:10 src@fbsd2 Limiting closed port RST response from 282 to 200 packets/sec Dec 22 17:07:12 src@fbsd2 Limiting closed port RST response from 302 to 200 packets/sec Dec 22 17:10:23 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 Dec 22 17:20:23 src@fbsd2 syslog-ng[18808]: STATS: dropped 0 ^C |
|
#tail -f /var/log/security
Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 141.15.127.100:55622 192.168.15.22:659 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 229.34.202.219:55622 192.168.15.22:659 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 192.168.15.254:55622 192.168.15.22:659 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 22.57.69.225:55622 192.168.15.22:638 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 153.183.231.104:55622 192.168.15.22:638 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 110.195.58.11:55622 192.168.15.22:638 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 150.200.207.54:55622 192.168.15.22:638 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 35.151.139.59:55622 192.168.15.22:638 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 31.32.44.77:55622 192.168.15.22:638 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 136.86.156.133:55622 192.168.15.22:638 in via rl0 ... Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 31.32.44.77:55622 192.168.15.22:796 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 136.86.156.133:55622 192.168.15.22:796 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 84.63.240.129:55622 192.168.15.22:796 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 141.15.127.100:55622 192.168.15.22:796 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 229.34.202.219:55622 192.168.15.22:796 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 192.168.15.254:55622 192.168.15.22:796 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 22.57.69.225:55622 192.168.15.22:455 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 153.183.231.104:55622 192.168.15.22:455 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 110.195.58.11:55622 192.168.15.22:455 in via rl0 Dec 22 17:29:53 src@fbsd2 ipfw: 150 Reset TCP 150.200.207.54:55622 192.168.15.22:455 in via rl0 |
|
#sysctl -a | grep fw
<110>ipfw: 150 Reset TCP 192.168.15.254:55622 192.168.15.22:1017 in via rl0 <110>ipfw: 150 Reset TCP 22.57.69.225:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 153.183.231.104:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 110.195.58.11:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 150.200.207.54:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 35.151.139.59:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 31.32.44.77:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 136.86.156.133:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 84.63.240.129:55622 192.168.15.22:55 in via rl0 <110>ipfw: 150 Reset TCP 141.15.127.100:55622 192.168.15.22:55 in via rl0 ... net.inet.ip.fw.enable: 1 net.link.ether.ipfw: 0 debug.fwmem_debug: 0 debug.if_fwe_debug: 0 hw.firewire.fwmem.eui64_hi: 0 hw.firewire.fwmem.eui64_lo: 0 hw.firewire.fwmem.speed: 2 hw.firewire.fwe.stream_ch: 1 hw.firewire.fwe.tx_speed: 2 hw.firewire.fwe.rx_queue_len: 128 |
|
#sysctl net.inet.ip.fw.verbose_limit=10
net.inet.ip.fw.verbose_limit: 0 -> 10 |
|
#tail -f /var/log/security
Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 44.113.96.58:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 249.7.53.76:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 12.33.216.76:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 43.64.69.139:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 148.156.194.113:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 32.113.170.52:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 69.164.111.227:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 14.91.77.28:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 192.168.15.254:60707 192.168.15.22:19 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 211.84.134.207:60707 192.168.15.22:78 in via rl0 ... Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 69.164.111.227:60707 192.168.15.22:729 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 14.91.77.28:60707 192.168.15.22:729 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 192.168.15.254:60707 192.168.15.22:729 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 211.84.134.207:60707 192.168.15.22:2008 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 35.177.234.233:60707 192.168.15.22:2008 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 44.113.96.58:60707 192.168.15.22:2008 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 249.7.53.76:60707 192.168.15.22:2008 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 12.33.216.76:60707 192.168.15.22:2008 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 43.64.69.139:60707 192.168.15.22:2008 in via rl0 Dec 22 17:31:01 src@fbsd2 ipfw: 150 Reset TCP 148.156.194.113:60707 192.168.15.22:2008 in via rl0 |
Display all 100 possibilities? (y or n)
fbtab fstab ftpusers
# $FreeBSD: src/etc/group,v 1.32 2005/06/06 20:19:56 brooks Exp $ # wheel:*:0:root daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31: bind:*:53: proxy:*:62: authpf:*:63: _pflogd:*:64: _dhcp:*:65: uucp:*:66: dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: cyrus:*:60: gdm:*:92: gnokii:*:1001: mysql:*:88: scanlogd:*:1002:
net="192.0.2.0"
mask="255.255.255.0"
ip="192.0.2.1"
setup_loopback
# Allow any traffic to or from my own net.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${ip} 25 setup
# Allow setup of outgoing TCP connections only
${fwcmd} add pass tcp from ${ip} to any setup
# Disallow setup of all other TCP connections
${fwcmd} add deny tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${ip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${ip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Ss][Ii][Mm][Pp][Ll][Ee])
############
# This is a prototype setup for a simple firewall. Configure this
# machine as a DNS and NTP server, and point all the machines
# on the inside at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="ed0"
onet="192.0.2.0"
omask="255.255.255.240"
oip="192.0.2.1"
# set these to your inside interface network and netmask and ip
iif="ed1"
inet="192.0.2.16"
imask="255.255.255.240"
iip="192.0.2.17"
setup_loopback
# Stop spoofing
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
# Network Address Translation. This rule is placed here deliberately
# so that it does not interfere with the surrounding address-checking
# rules. If for example one of your internal LAN machines had its IP
# address set to 192.0.2.1 then an incoming packet for it after being
# translated by natd(8) would match the `deny' rule above. Similarly
# an outgoing packet originated from it before being translated would
# match the `deny' rule below.
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd all from any to any via ${natd_interface}
fi
;;
esac
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${oip} 25 setup
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
# Allow access to our WWW
${fwcmd} add pass tcp from any to ${oip} 80 setup
# Reject&Log all setup of incoming connections from the outside
${fwcmd} add deny log tcp from any to any in via ${oif} setup
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Cc][Ll][Oo][Ss][Ee][Dd])
setup_loopback
;;
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
if [ -r "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
fi
;;
esac
| Время первой команды журнала | 14:20:22 2006-12-22 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 17:30:49 2006-12-22 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 11.88 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 2.97 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 2.32 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 0.73 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008