/l3/trainings/xg-ids/2005-12-19/fbsd2.linux.nt/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Суббота (12/23/06)

/dev/ttyp4
11:14:37
#tail /var/log/security
Dec 22 18:00:00 fbsd2 newsyslog[38525]: logfile turned over due to size>100K
11:14:41
#tail /var/log/security
Dec 22 18:00:00 fbsd2 newsyslog[38525]: logfile turned over due to size>100K
11:14:42
#tail /var/log/messages
Dec 23 09:54:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:01:51 src@fbsd2 sudo:     user : TTY=ttyp3 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/vi /etc/rc.d/named
Dec 23 10:04:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:14:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:24:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:34:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:44:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:54:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 11:04:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 11:14:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
11:15:19
#ipfshow 
bash: ipfshow: command not found
11:15:21
#ipfw ow
00005    506    47502 allow tcp from any to me dst-port 22 keep-state
00011      4      160 allow tcp from any to me dst-port 23
00050 106832 25494027 allow tcp from me to any out keep-state
00150      0        0 reset log logamount 10 tcp from any to any
65000    924    79487 allow ip from any to any
65535      0        0 deny ip from any to any
11:16:22
#tail /var/log/messages
Dec 23 09:54:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:01:51 src@fbsd2 sudo:     user : TTY=ttyp3 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/vi /etc/rc.d/named
Dec 23 10:04:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:14:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:24:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:34:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:44:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:54:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 11:04:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 11:14:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
11:16:24
#tail /var/log/security
Dec 22 18:00:00 fbsd2 newsyslog[38525]: logfile turned over due to size>100K
11:17:10
#net.inet.ip.fw.verbose_limit: 10 -> 10 
bash: net.inet.ip.fw.verbose_limit:: command not found
11:17:25
#sysctl net.inet.ip.fw.verbose_limit=10
net.inet.ip.fw.verbose_limit: 0 -> 10
11:17:30
#sysctl net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose: 0 -> 1
11:18:17
#sysctl net.inet.ip.fw.verbose_limit=10
net.inet.ip.fw.verbose_limit: 10 -> 10
11:18:26
#tail /var/log/security
Dec 22 18:00:00 fbsd2 newsyslog[38525]: logfile turned over due to size>100K
11:18:30
#tail /var/log/messages
Dec 23 09:54:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:01:51 src@fbsd2 sudo:     user : TTY=ttyp3 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/vi /etc/rc.d/named
Dec 23 10:04:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:14:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:24:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:34:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:44:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 10:54:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 11:04:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
Dec 23 11:14:04 src@fbsd2 syslog-ng[557]: STATS: dropped 0
прошло 18 минут
11:36:40
#ping 10.0.23.1 
PING 10.0.23.1 (10.0.23.1): 56 data bytes
^C
--- 10.0.23.1 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
11:37:52
#ping 10.0.23.1 
PING 10.0.23.1 (10.0.23.1): 56 data bytes
^C
--- 10.0.23.1 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
11:42:08
#host 217.25.199.57
57.199.25.217.in-addr.arpa domain name pointer mail.galacton.kiev.ua.
11:43:09
#nessus &
[1] 37875
прошло 13 минут
11:56:26
#host 217.25.199.57
57.199.25.217.in-addr.arpa domain name pointer mail.galacton.kiev.ua.
11:57:55
#nessus &
[1] 38011
11:58:23
#nessus










11:58:29




#nessus &


[1] 38053









прошло 52 минуты




12:50:42




#exit


exit









прошло 76 минут




14:07:15




$ping 192.168.15.222





PING 192.168.15.222 (192.168.15.222): 56 data bytes
^C
--- 192.168.15.222 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss











14:07:22




$sudo bash


Password:











14:07:29




#clear












14:07:31




#cd /usr/ports












14:07:41




#make search name=honeyd | less










14:07:56




#make search name=honeyd | less










14:08:01




#cd net/honeyd/












14:08:13




#ls


Makefile        distinfo        files           pkg-descr       pkg-plist











14:08:14




#cat pkg-descr


Honeyd is a small daemon that creates virtual hosts on a network. The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems. Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
simulation.
WWW: http://www.citi.umich.edu/u/provos/honeyd/
- Dominic <dominic_marks@btinternet.com>











14:09:11




#pkg_add -r honeyd


Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/honeyd.tbz... Done.











14:09:40




#pkg_info | grep honeyd


honeyd-1.0_1        Simulate virtual network hosts (honeypots)











14:09:53




#man honeyd










14:11:25




#which honeyd


/usr/local/bin/honeyd











14:11:43




#ls /usr/local/etc/rc.d/





000.mysql-client.sh  arpwatch.sh          genkdmconf.sh        mdnsresponder.sh     scanlogd.sh          swatch.sh
001slpd.sh           arpwatch.sh.sample   kdelibs.sh           mysql-server.sh      snmpd.sh             syslog-ng.sh
apache.sh            cups.sh.sample       mdnsd.sh             nessusd.sh           snmptrapd.sh         syslog-ng.sh.sample











14:11:43




#ls /usr/local/etc/rc.d/





000.mysql-client.sh  arpwatch.sh          genkdmconf.sh        mdnsresponder.sh     scanlogd.sh          swatch.sh
001slpd.sh           arpwatch.sh.sample   kdelibs.sh           mysql-server.sh      snmpd.sh             syslog-ng.sh
apache.sh            cups.sh.sample       mdnsd.sh             nessusd.sh           snmptrapd.sh         syslog-ng.sh.sample











14:11:43




#ls /usr/local/etc/rc.d/





000.mysql-client.sh  arpwatch.sh          genkdmconf.sh        mdnsresponder.sh     scanlogd.sh          swatch.sh
001slpd.sh           arpwatch.sh.sample   kdelibs.sh           mysql-server.sh      snmpd.sh             syslog-ng.sh
apache.sh            cups.sh.sample       mdnsd.sh             nessusd.sh           snmptrapd.sh         syslog-ng.sh.sample











14:11:43




#ls /usr/local/etc/rc.d/





000.mysql-client.sh  arpwatch.sh          genkdmconf.sh        mdnsresponder.sh     scanlogd.sh          swatch.sh
001slpd.sh           arpwatch.sh.sample   kdelibs.sh           mysql-server.sh      snmpd.sh             syslog-ng.sh
apache.sh            cups.sh.sample       mdnsd.sh             nessusd.sh           snmptrapd.sh         syslog-ng.sh.sample











14:11:43




#ls /etc/rc.d/





Display all 129 possibilities? (y or n)











14:11:43




#ls /etc/rc.d/hostname





Makefile   distinfo   files/     pkg-descr  pkg-plist











14:11:43




#find / -name honeyd


/usr/local/bin/honeyd
/usr/local/include/honeyd
/usr/local/lib/honeyd
/usr/local/share/honeyd
/usr/ports/net/honeyd











14:14:21




#ls -la /usr/local/share/honeyd/


total 594
drwxr-xr-x   4 root  wheel     512 Dec 23 14:09 .
drwxr-xr-x  65 root  wheel    1536 Dec 23 14:09 ..
-r--r--r--   1 root  wheel    3694 Oct 12 12:47 README
-r--r--r--   1 root  wheel     247 Oct 12 12:47 config.ethernet
-r--r--r--   1 root  wheel    1226 Oct 12 12:47 config.sample
-r--r--r--   1 root  wheel   45556 Oct 12 12:47 nmap.assoc
-r--r--r--   1 root  wheel  451139 Oct 12 12:47 nmap.prints
-r--r--r--   1 root  wheel   22492 Oct 12 12:47 pf.os
drwxr-xr-x   3 root  wheel     512 Dec 23 14:09 scripts
drwxr-xr-x   3 root  wheel     512 Dec 23 14:09 webserver
-r--r--r--   1 root  wheel   45207 Oct 12 12:47 xprobe2.conf











14:14:53




#cat /usr/local/share/honeyd/README


Honeyd 0.8a
Copyright (c) 2002, 2003, 2004 Niels Provos <provos@citi.umich.edu>
-------------------------------------------------------------------
About Honeyd:
-------------
Honeyd is a small daemon that creates virtual hosts on a network.  The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems.  Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
...
  Dug Song <dugsong@monkey.org>
  Jamie Van Randwyk <jvanran@sandia.gov>
  Eric Thomas <edthoma@sandia.gov>
  Christopher Kolina
  Derek Cotton
  Yuqing Mai
  Lance Spitzner <lance@honeynet.org>
  Christian Kreibich <christian.kreibich@cl.cam.ac.uk>
  Bill Cheswick <ches@lumeta.com>
  Lauren Oudot <oudot@rstack.org>











14:15:02




#lessr/local/share/honeyd/README


Honeyd 0.8a
Copyright (c) 2002, 2003, 2004 Niels Provos <provos@citi.umich.edu>
-------------------------------------------------------------------
About Honeyd:
-------------
Honeyd is a small daemon that creates virtual hosts on a network.  The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems.  Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
...
If your compilation stops due to Python related errors, you can try to
run configure as
$ ./configure --without-python
Documentation:
--------------
You can find documentation as part of this release.  The manual
page can be accessed with the following commands:
$ man honeyd
or in the source directory
$ nroff -mdoc honeyd.8











14:15:20




#ifconfig


rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::213:8fff:fe2f:ac5e%rl0 prefixlen 64 scopeid 0x1
        inet 192.168.15.22 netmask 0xffffff00 broadcast 192.168.15.255
        ether 00:13:8f:2f:ac:5e
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000











14:15:24




#less /usr/local/share/honeyd/README










14:16:44




#ifconfig


rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::213:8fff:fe2f:ac5e%rl0 prefixlen 64 scopeid 0x1
        inet 192.168.15.22 netmask 0xffffff00 broadcast 192.168.15.255
        ether 00:13:8f:2f:ac:5e
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000











14:16:47




#less /usr/local/share/honeyd/README










14:17:07




#honeyd -d -f config.sample 10.0.0.0/8





/libexec/ld-elf.so.1: Shared object "libevent-1.1a.so.1" not found, required by "honeyd"











14:17:16




#pkg_deleteneyd





pkg_delete: no such package 'honeyd' installed











14:17:29




#pkg_delete  honeyd





pkg_delete: no such package 'honeyd' installed











14:17:32




#pkg_info | grep


honeyd-1.0_1        Simulate virtual network hosts (honeypots)











14:18:07




#pkg_delete  honeyd-1.0.1





pkg_delete: no such package 'honeyd-1.0.1' installed











14:18:15




#pkg_delete  honeyd-1.0_1












14:19:02




#pwd


/usr/ports/net/honeyd











14:19:05




#make


checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/queue.h usability... yes
checking sys/queue.h presence... yes
checking for sys/queue.h... yes
checking sys/event.h usability... yes
checking sys/event.h presence... yes
checking for sys/event.h... yes
checking sys/ioctl.h usability... yes
...
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
See any operating system documentation about shared libraries for











14:23:28




#make install


===>  Installing for honeyd-1.0_1
===>   Generating temporary packing list
===>  Checking if net/honeyd already installed
/bin/sh ./libtool --mode=link cc  -O2 -Wall -g  -DPATH_HONEYDINCLUDE="\"/usr/local/include/honeyd\""    -DPATH_HONEYDDATA="\"/usr/local/share/honeyd\""         -DPATH_HONEYDLIB="\"/usr/local/lib/honeyd\""    -DHONEYD_PLUGINS_DECLARE=""     -DHONEYD_PLUGINS=""     -DPATH_RRDTOOL="\"\""  -o honeyd -export-dynamic honeyd.o command.o parse.o lex.o config.o  personality.o util.o ipfrag.o router.o tcp.-
cc -O2 -Wall -g -DPATH_HONEYDINCLUDE=\"/usr/local/include/honeyd\" -DPATH_HONEYDDATA=\"/usr/local/share/honeyd\" -DPATH_HONEYDLIB=\"/usr/local/lib/honeyd\" -DHONEYD_PLUGINS_DECLARE= -DHONEYD_PLUGINS= -DPATH_RRDTOOL=\"\" -o honeyd honeyd.o command.o parse.o lex.o config.o personality.o util.o ipfrag.o router.o tcp.o udp.o xprobe_assoc.o log.o fdpass.o atomicio.o subsystem.o hooks.o plugins.o plugin
/bin/sh ./mkinstalldirs /usr/local/bin
 /bin/sh ./libtool  --mode=install install  -s -o root -g wheel -m 555  honeyd /usr/local/bin/honeyd
install -o root -g wheel -m 555 -s honeyd /usr/local/bin/honeyd
 /bin/sh ./libtool  --mode=install install  -s -o root -g wheel -m 555  honeydctl /usr/local/bin/honeydctl
install -o root -g wheel -m 555 -s honeydctl /usr/local/bin/honeydctl
...
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/bin/honeyd
      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.
      For more information, and contact details about the security
      status of this software, see the following webpage:
http://www.citi.umich.edu/u/provos/honeyd/











14:23:59




#screen -x








прошло 73 минуты




/dev/ttyp2
15:37:04




$cd /var/mail












15:37:07




$ls


cyrus           mysql           scanlogd
gdm             root            user











15:37:09




$sudo cp root user


Password:











15:37:21




$ls -al


total 20
drwxrwxr-x   2 root      mail       512 Dec 23 09:23 .
drwxr-xr-x  23 root      wheel      512 Dec 23 11:23 ..
-rw-------   1 cyrus     cyrus        0 Dec 18 21:31 cyrus
-rw-------   1 gdm       gdm          0 Dec 18 21:43 gdm
-rw-------   1 mysql     mysql        0 Dec 19 16:45 mysql
-rw-------   1 root      wheel     7823 Dec 23 09:23 root
-rw-------   1 scanlogd  scanlogd     0 Dec 22 16:35 scanlogd
-rw-------   1 user      wheel     7823 Dec 23 15:37 user











15:37:51




$chown user user


You have mail in /var/mail/user











15:38:22




$cat user


Cleaning out old system announcements:
Removing stale files from /var/rwho:
Backup passwd and group files:
no /var/backups/master.passwd.bak
no /var/backups/group.bak
Verifying group file syntax:
/etc/group is fine
Backing up mail aliases:
no /var/backups/aliases.bak
Disk status:
...
From: root@fbsd2.linux.nt (Nvi recovery program)
To: root@fbsd2.linux.nt
Subject: Nvi saved the file sudoers
Precedence: bulk
On Mon Dec 19 11:33:15 2005, the user root was editing a
file named /usr/local/etc/sudoers on the machine
fbsd2.linux.nt, when it was saved for recovery. You can
recover most, if not all, of the changes to this file using
the -r option to vi.orig:
        vi.orig -r /usr/local/etc/sudoers











15:38:34




$q





bash: q: command not found









прошло 23 минуты




/dev/ttypa
16:02:12




$sudo bash


Password:











/dev/ttyp4
16:03:01




#screen -x










/dev/ttypa
16:03:45




#killall top





No matching processes were found











16:03:50




#ps -waux | grep screen


root     60236 15.5  0.2  2316  2020  ??  Ss    2:26PM   0:16.58 screen
root     63216  0.0  0.1  1928  1556  p5  S+    4:03PM   0:00.02 screen -x
root     60474  0.0  0.1  1904  1532  p7  S+    2:28PM   0:00.04 screen -x
root     60235  0.0  0.1  1904  1528  p9  S+    2:26PM   0:00.04 screen
root     62824  0.0  0.1  1904  1532  pd  S+    3:44PM   0:00.02 screen -x
root     63051  0.0  0.1  1904  1532  ph  S+    4:01PM   0:00.02 screen -x
root     63251  0.0  0.1  1508  1024  po  S+    4:04PM   0:00.00 grep screen











16:04:10




#killall top





No matching processes were found











16:06:16




#exit





exit











/dev/ttyp4
16:06:28




#vi /usr/local/etc/













16:06:28




#vi /usr/local/etc/













16:06:28




#vi /usr/local/etc/ho










16:07:11




#rm /usr/local/etc/ho












16:07:29




#pkg_info | grep hon


boost-python-1.32.0_2 Free peer-reviewed portable C++ source libraries
gnokii-0.6.7,1      Tools to talk to GSM cellular phones
honeyd-1.0_1        Simulate virtual network hosts (honeypots)
py24-libxml2-2.6.20_2 Python interface for XML parser library for GNOME
python-2.4.1_3      An interpreted object-oriented programming language











16:08:00




#cd /












16:08:06




#pkg_info -Lx | grep etc





pkg_info: missing package name(s)
usage: pkg_info [-bcdDEfgGiIjkLmopPqQrRsvVxX] [-e package] [-l prefix]
                [-t template] -a | pkg-name ...
       pkg_info [-qQ] -W filename
       pkg_info [-qQ] -O origin
       pkg_info











16:08:28




#pkg_info -Lx honeyd |tc















16:08:53




#pkg_info -Lx honeyd


Information for honeyd-1.0_1:
Files:
/usr/local/man/man1/honeydctl.1.gz
/usr/local/man/man8/honeyd.8.gz
/usr/local/bin/honeyd
/usr/local/bin/honeydctl
/usr/local/include/honeyd/debug.h
/usr/local/include/honeyd/hooks.h
/usr/local/include/honeyd/plugins.h
/usr/local/include/honeyd/plugins_config.h
...
/usr/local/share/honeyd/scripts/mydoom.pl
/usr/local/share/honeyd/scripts/README.mydoom
/usr/local/share/honeyd/scripts/cmdexe.pl
/usr/local/share/honeyd/scripts/README.cmdexe
/usr/local/share/honeyd/scripts/README.kuang2
/usr/local/share/honeyd/scripts/INSTALL.kuang2
/usr/local/share/honeyd/scripts/kuang2.pl
/usr/local/share/honeyd/scripts/kuang2.conf
/usr/local/share/honeyd/scripts/smtp.pl
/usr/local/share/honeyd/scripts/proxy.pl











16:09:07




#pkg_info -Lx honeyd | grep etc















16:09:12




#pkg_info -Lx honeyd | grep conf


/usr/local/include/honeyd/plugins_config.h
/usr/local/share/honeyd/config.ethernet
/usr/local/share/honeyd/config.sample
/usr/local/share/honeyd/webserver/htdocs/config.py
/usr/local/share/honeyd/webserver/htdocs/templates/config_ip.tmpl
/usr/local/share/honeyd/xprobe2.conf
/usr/local/share/honeyd/scripts/kuang2.conf











16:09:19




#cp /usr/local/share/honeyd/config.sample





usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-pv] source_file target_file
       cp [-R [-H | -L | -P]] [-f | -i | -n] [-pv] source_file ... target_directory











16:09:54




#cp /usr/local/share/honeyd/config.sample /usr/local/etc/honeyd.conf












16:10:16




#vi r/local/etc/honeyd.conf










/dev/ttyp2
16:15:46




$clear




honeyd krytaya ssylka
ttp://www.paladion.net/papers/simulating_networks_with_honeyd.pdf












16:20:24




$[user@fbsd2:mail]$












/dev/ttyp4
16:25:52




#man honeyd










16:26:33




#cd /usr/local/share/honeyd/












16:26:45




#ls


README          config.sample   nmap.prints     scripts         xprobe2.conf
config.ethernet nmap.assoc      pf.os           webserver











16:26:46




#ls -al


total 594
drwxr-xr-x   4 root  wheel     512 Dec 23 14:23 .
drwxr-xr-x  66 root  wheel    1536 Dec 23 14:25 ..
-r--r--r--   1 root  wheel    3694 Dec 23 14:23 README
-r--r--r--   1 root  wheel     247 Dec 23 14:23 config.ethernet
-r--r--r--   1 root  wheel    1226 Dec 23 14:23 config.sample
-r--r--r--   1 root  wheel   45556 Dec 23 14:23 nmap.assoc
-r--r--r--   1 root  wheel  451139 Dec 23 14:23 nmap.prints
-r--r--r--   1 root  wheel   22492 Dec 23 14:23 pf.os
drwxr-xr-x   3 root  wheel     512 Dec 23 14:23 scripts
drwxr-xr-x   3 root  wheel     512 Dec 23 14:19 webserver
-r--r--r--   1 root  wheel   45207 Dec 23 14:23 xprobe2.conf











16:26:54




#cat nmap.prints





T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Fingerprint Ascend Pipeline 50
Class Ascend | embedded || router
TSeq(Class=TD%gcd=<714%SI=<14)
T1(DF=N%W=200%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=200%ACK=S++%Flags=AS%Ops=M)
T4(DF=N%W=0%ACK=S%Flags=R%Ops=)
T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
...
Class Apple | Mac OS | 8.X | general purpose
TSeq(Class=64K%IPID=I%TS=U)
T1(DF=Y%W=455B%ACK=S++%Flags=AS%Ops=MEWL)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=455B%ACK=S++%Flags=AS%Ops=MEWL)
T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(DF=Y%W=0%ACK=S%Flags=AR%Ops=)
PU(DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)











16:27:15




#lessp.prints


T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=800%ACK=S++%Flags=AS%Ops=M))provos Exp $
T4(DF=N%W=0%ACK=S%Flags=R%Ops=)s=).0.37))ss LAN bridge16
T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)rsion 2.0.2.%UCK=E%ULEN=134%DAT=E)
T6(DF=N%W=0%ACK=S%Flags=R%Ops=)s=)ID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)%DAT=F)
T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=)ID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E))
PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Fingerprint Ascend P130 RouterRMral purposeK=E%UCK=E%ULEN=134%DAT=F)
Fingerprint Apple Airport Extreme Base Station (WAP)ion: E/AT400/46.8
Class Apple | embedded || WAPuterB)=I)M)ps=MNWNNT)0.003a main image 1.17 hardware 2.00 web 604
...
T3(Resp=Y%DF=N%W=455B%ACK=S++%Flags=AS%Ops=MEWL)iccson HiS V2.0
T4(DF=N%W=0%ACK=O%Flags=R%Ops=)s=AR%Ops=)PCK=E%UCK=E%ULEN=134%DAT=E)
T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)ps=)%RIPCK=E%UCK=F%ULEN=134%DAT=E)
T6(DF=N%W=0%ACK=O%Flags=R%Ops=)s=AR%Ops=)PCK=E%UCK=0%ULEN=134%DAT=E)E)
T7(DF=N%W=0%ACK=S%Flags=AR%Ops=)%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
PU(DF=N%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)%DAT=F)
Fingerprint Ascend TNT OS +5.0Ap48+ng Ascend Embedded/OS 2.1 7.0.2+T=E)B,10.1)
Fingerprint Apple Mac OS 8.6nal serverID=I%TS=U)%UCK=E|F%ULEN=134%DAT=E)
Class Apple | Mac OS | 8.X | general purpose)of device?ULEN=134%DAT=E)
TSeq(Class=64K)CK=S++%Flags=AS%Ops=M)NWNNT)E)THOMSON Unix embeded Version 4.0.0.9.0)DSL, or Cisco 360 Access Point











16:27:53




#ls -al


total 594
drwxr-xr-x   4 root  wheel     512 Dec 23 14:23 .
drwxr-xr-x  66 root  wheel    1536 Dec 23 14:25 ..
-r--r--r--   1 root  wheel    3694 Dec 23 14:23 README
-r--r--r--   1 root  wheel     247 Dec 23 14:23 config.ethernet
-r--r--r--   1 root  wheel    1226 Dec 23 14:23 config.sample
-r--r--r--   1 root  wheel   45556 Dec 23 14:23 nmap.assoc
-r--r--r--   1 root  wheel  451139 Dec 23 14:23 nmap.prints
-r--r--r--   1 root  wheel   22492 Dec 23 14:23 pf.os
drwxr-xr-x   3 root  wheel     512 Dec 23 14:23 scripts
drwxr-xr-x   3 root  wheel     512 Dec 23 14:19 webserver
-r--r--r--   1 root  wheel   45207 Dec 23 14:23 xprobe2.conf











16:27:55




#cd scripts/












16:28:09




#ls -al


total 104
drwxr-xr-x  3 root  wheel    512 Dec 23 14:23 .
drwxr-xr-x  4 root  wheel    512 Dec 23 14:23 ..
-r--r--r--  1 root  wheel   1284 Dec 23 14:23 INSTALL.kuang2
-r--r--r--  1 root  wheel   2761 Dec 23 14:23 README.cmdexe
-r--r--r--  1 root  wheel   2250 Dec 23 14:23 README.kuang2
-r--r--r--  1 root  wheel   2817 Dec 23 14:23 README.mydoom
-r-xr-xr-x  1 root  wheel   9230 Dec 23 14:23 cmdexe.pl
-r--r--r--  1 root  wheel    395 Dec 23 14:23 kuang2.conf
-r-xr-xr-x  1 root  wheel  17761 Dec 23 14:23 kuang2.pl
-r-xr-xr-x  1 root  wheel  12674 Dec 23 14:23 mydoom.pl
-r-xr-xr-x  1 root  wheel   2643 Dec 23 14:23 proxy.pl
-r-xr-xr-x  1 root  wheel   2499 Dec 23 14:23 router-telnet.pl
-r-xr-xr-x  1 root  wheel  26529 Dec 23 14:23 smtp.pl
drwxr-xr-x  2 root  wheel    512 Dec 23 14:23 snmp
-r-xr-xr-x  1 root  wheel    151 Dec 23 14:23 test.sh
-r-xr-xr-x  1 root  wheel   2126 Dec 23 14:23 web.sh











16:28:17




#farpd





bash: farpd: command not found











16:28:23




#arpd





bash: arpd: command not found











16:28:44




#cd /usr/ports










Файлы
  • /usr/local/share/honeyd/README
  • pkg-descr
  • ssylka
  • user
    • /usr/local/share/honeyd/README
    

    >
    Honeyd 0.8a
Copyright (c) 2002, 2003, 2004 Niels Provos <provos@citi.umich.edu>
-------------------------------------------------------------------
About Honeyd:
-------------
Honeyd is a small daemon that creates virtual hosts on a network.  The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems.  Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
simulation.
It is possible to ping the virtual machines, or to traceroute them.
Any type of service on the virtual machine can be simulated according
to a simple configuration file.  Instead of simulating a service, it
is also possible to proxy it to another machine.
Installation:
-------------
Honeyd depends on three libraries:  libevent, libdnet, libpcap.  Make
sure that you have them installed.
To build honeyd, run the following commands:
$ ./configure
$ make
$ make install
If your compilation stops due to Python related errors, you can try to
run configure as
$ ./configure --without-python
Documentation:
--------------
You can find documentation as part of this release.  The manual
page can be accessed with the following commands:
$ man honeyd
or in the source directory
$ nroff -mdoc honeyd.8
More information can be found at http://www.honeyd.org/
Running:
--------
Honeyd requires root-privileges for execution.  Normally, you run it
with arguments similiar to the following:
$ sudo ./honeyd -d -f config.sample 10.0.0.0/8
It is strongly recommend that you run Honeyd in a chroot environment
under a sandbox like systrace.  If possible, Honeyd drops privileges
after creating its raw sockets.  This depends on your configuration
file.  You can force privileges to be dropped by setting Honeyd's uid
and gid via the -u <uid> and -g <gid> flags.
License:
--------
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
Acknowledgments:
----------------
The following people have helped with suggestions, ideas or code:
  Dug Song <dugsong@monkey.org>
  Jamie Van Randwyk <jvanran@sandia.gov>
  Eric Thomas <edthoma@sandia.gov>
  Christopher Kolina
  Derek Cotton
  Yuqing Mai
  Lance Spitzner <lance@honeynet.org>
  Christian Kreibich <christian.kreibich@cl.cam.ac.uk>
  Bill Cheswick <ches@lumeta.com>
  Lauren Oudot <oudot@rstack.org>

    pkg-descr
    

    >
    Honeyd is a small daemon that creates virtual hosts on a network. The
hosts can be configured to run arbitrary services, and their TCP
personality can be adapted so that they appear to be running certain
versions of operating systems. Honeyd enables a single host to claim
multiple addresses - I have tested up to 65536 - on a LAN for network
simulation.
WWW: http://www.citi.umich.edu/u/provos/honeyd/
- Dominic <dominic_marks@btinternet.com>

    ssylka
    

    >
    ttp://www.paladion.net/papers/simulating_networks_with_honeyd.pdf

    user
    

    >
    Cleaning out old system announcements:
Removing stale files from /var/rwho:
Backup passwd and group files:
no /var/backups/master.passwd.bak
no /var/backups/group.bak
Verifying group file syntax:
/etc/group is fine
Backing up mail aliases:
no /var/backups/aliases.bak
Disk status:
Filesystem  1K-blocks    Used   Avail Capacity  Mounted on
/dev/ad1s1a    507630   56948  410072    12%    /
devfs               1       1       0   100%    /dev
/dev/ad1s1f   1982798   10834 1813342     1%    /home
/dev/ad1s1e    507630    3122  463898     1%    /tmp
/dev/ad1s1g   4954158 2731622 1826204    60%    /usr
/dev/ad1s1d   2004526   98388 1745776     5%    /var
Last dump(s) done (Dump '>' file systems):
Network interface status:
Name    Mtu Network       Address              Ipkts Ierrs    Opkts Oerrs  Coll
rl0    1500 <Link#1>      00:13:8f:2f:ac:5e   101372     0    88692     0     0
rl0    1500 fe80:1::213:8 fe80:1::213:8fff:        0     -        4     -     -
rl0    1500 192.168.15    fbsd2                38013     -    35837     -     -
plip0  1500 <Link#2>                               0     0        0     0     0
lo0   16384 <Link#3>                            1351     0     1351     0     0
lo0   16384 localhost.lin ::1                     54     -       54     -     -
lo0   16384 fe80:3::1     fe80:3::1                0     -        0     -     -
lo0   16384 your-net      localhost             1293     -     1293     -     -
tun0*  1500 <Link#4>                             282     0     6391     0     0
tun1*  1500 <Link#5>                              23     0     2540     0     0
tun2*  1500 <Link#6>                               0     0      759     0     0
tun3*  1500 <Link#7>                               0     0      246     0     0
Local system status:
 3:01AM  up 17:23, 4 users, load averages: 0.09, 0.05, 0.01
Mail in local queue:
/var/spool/mqueue is empty
                Total requests: 0
Mail in submit queue:
/var/spool/clientmqueue is empty
                Total requests: 0
Security check:
    (output mailed separately)
Checking for rejected mail hosts:
Checking for denied zone transfers (AXFR and IXFR):
-- End of daily output --
From user@fbsd2.linux.nt Thu Dec 22 11:40:03 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBM9e23n031835
        for <root@fbsd2.linux.nt>; Thu, 22 Dec 2005 11:40:02 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBM9e2Ah031827;
        Thu, 22 Dec 2005 11:40:02 +0200 (EET)
        (envelope-from user)
Date: Thu, 22 Dec 2005 11:40:02 +0200 (EET)
From: NT-IDS Student #2 <user@fbsd2.linux.nt>
Message-Id: <200512220940.jBM9e2Ah031827@fbsd2.linux.nt>
To: root@fbsd2.linux.nt
Subject: *** SECURITY information for fbsd2.linux.nt ***
fbsd2.linux.nt : Dec 22 11:40:02 : user : user NOT in sudoers ; TTY=ttyp5 ; PWD=/tmp ; USER=root ; COMMAND=/sbin/sysctl net.inet.ip.forwarding=1
From user@fbsd2.linux.nt Thu Dec 22 12:10:12 2005
Return-Path: <user@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBMAACH7032435
        for <root@fbsd2.linux.nt>; Thu, 22 Dec 2005 12:10:12 +0200 (EET)
        (envelope-from user@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBMAACx1032431
        for root; Thu, 22 Dec 2005 12:10:12 +0200 (EET)
        (envelope-from user)
Date: Thu, 22 Dec 2005 12:10:12 +0200 (EET)
Message-Id: <200512221010.jBMAACx1032431@fbsd2.linux.nt>
From: arpwatch@fbsd2.linux.nt (Arpwatch)
To: root@fbsd2.linux.nt
Subject: new station
            hostname: <unknown>
          ip address: 192.168.15.197
    ethernet address: 0:c:29:ae:c5:df
     ethernet vendor: VMware, Inc.
           timestamp: Thursday, December 22, 2005 12:10:11 +0200
From root@fbsd2.linux.nt Thu Dec 22 16:56:54 2005
Return-Path: <root@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBMEusB6037040
        for <root@fbsd2.linux.nt>; Thu, 22 Dec 2005 16:56:54 +0200 (EET)
        (envelope-from root@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBMEusFs037034;
        Thu, 22 Dec 2005 16:56:54 +0200 (EET)
        (envelope-from root)
Date: Thu, 22 Dec 2005 16:56:54 +0200 (EET)
From: Charlie Root <root@fbsd2.linux.nt>
Message-Id: <200512221456.jBMEusFs037034@fbsd2.linux.nt>
To: root@fbsd2.linux.nt
Subject: *** SECURITY information for fbsd2.linux.nt ***
fbsd2.linux.nt : Dec 22 16:56:54 : root : user NOT in sudoers ; TTY=ttyp7 ; PWD=/root ; USER=root ; COMMAND=/usr/local/bin/nmap -D 160.60.184.223,233.167.181.96,191.61.150.24,189.185.59.201,141.142.11.99,154.19.204.27,93.203.10.64,14.111.72.98,161.91.210.185,54.175.31.103,me m03
From root@fbsd2.linux.nt Fri Dec 23 09:23:58 2005
Return-Path: <root@fbsd2.linux.nt>
Received: from fbsd2.linux.nt (localhost.linux.nt [127.0.0.1])
        by fbsd2.linux.nt (8.13.4/8.13.4) with ESMTP id jBN7Nwjc000449
        for <root@fbsd2.linux.nt>; Fri, 23 Dec 2005 09:23:58 +0200 (EET)
        (envelope-from root@fbsd2.linux.nt)
Received: (from root@localhost)
        by fbsd2.linux.nt (8.13.4/8.13.4/Submit) id jBN7NvnM000360;
        Fri, 23 Dec 2005 09:23:57 +0200 (EET)
        (envelope-from root)
Date: Fri, 23 Dec 2005 09:23:57 +0200 (EET)
Message-Id: <200512230723.jBN7NvnM000360@fbsd2.linux.nt>
X-vi-recover-file: /usr/local/etc/sudoers
X-vi-recover-path: /var/tmp/vi.recover/vi.AcMjjY
Reply-To: root@fbsd2.linux.nt
From: root@fbsd2.linux.nt (Nvi recovery program)
To: root@fbsd2.linux.nt
Subject: Nvi saved the file sudoers
Precedence: bulk
On Mon Dec 19 11:33:15 2005, the user root was editing a
file named /usr/local/etc/sudoers on the machine
fbsd2.linux.nt, when it was saved for recovery. You can
recover most, if not all, of the changes to this file using
the -r option to vi.orig:
        vi.orig -r /usr/local/etc/sudoers

    Статистика
    Время первой команды журнала11:14:37 2006-12-23
    Время последней команды журнала16:28:44 2006-12-23
    Количество командных строк в журнале100
    Процент команд с ненулевым кодом завершения, %16.00
    Процент синтаксически неверно набранных команд, % 5.00
    Суммарное время работы с терминалом *, час 1.87
    Количество командных строк в единицу времени, команда/мин 0.89
    Частота использования команд
    ls14|============| 12.07%
    pkg_info8|======|  6.90%
    cd7|======|  6.03%
    tail7|======|  6.03%
    grep7|======|  6.03%
    cat5|====|  4.31%
    make4|===|  3.45%
    nessus4|===|  3.45%
    vi4|===|  3.45%
    less4|===|  3.45%
    cp3|==|  2.59%
    sudo3|==|  2.59%
    ping3|==|  2.59%
    sysctl3|==|  2.59%
    pkg_delete3|==|  2.59%
    ifconfig2|=|  1.72%
    screen2|=|  1.72%
    man2|=|  1.72%
    host2|=|  1.72%
    killall2|=|  1.72%
    bash2|=|  1.72%
    clear2|=|  1.72%
    exit2|=|  1.72%
    README1||  0.86%
    ipfshow1||  0.86%
    rm1||  0.86%
    find1||  0.86%
    lessp.prints1||  0.86%
    ps1||  0.86%
    101||  0.86%
    q1||  0.86%
    [user@fbsd2:mail]$1||  0.86%
    arpd1||  0.86%
    pwd1||  0.86%
    tc1||  0.86%
    chown1||  0.86%
    null1||  0.86%
    pkg_deleteneyd1||  0.86%
    honeyd1||  0.86%
    farpd1||  0.86%
    ipfw1||  0.86%
    net.inet.ip.fw.verbose_limit:1||  0.86%
    pkg_add1||  0.86%
    which1||  0.86%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$