[ править ]

Журнал лабораторных работ

Содержание

Суббота (12/23/06)
Воскресенье (12/24/06)

Файлы
Статистика
Справка
О программе

Журнал

Суббота (12/23/06)

/dev/ttyp2

18:42:03

$telnet 192.168.15.110 80

Trying 192.168.15.110...
^C

/dev/ttyp4

18:42:13

#ipfw show

65100   0     0 allow tcp from any to me dst-port 22 keep-state
65200   0     0 allow tcp from any to me dst-port 23
65300   8   480 allow ip from any to 192.168.15.110
65400   0     0 allow tcp from any to 192.168.15.110
65500 129 17080 allow tcp from me to any out keep-state
65500   6   448 reset log logamount 10 tcp from any to any
65500  13  1139 allow ip from any to any
65535  64  6845 deny ip from any to any

18:42:14

#[root@fbsd2:arpd]#

18:43:20

#honeyd -d -i rl0 -f /usr/local/etc/honeyd.conf 192.168.15.110

Honeyd V1.0 Copyright (c) 2002-2004 Niels Provos
honeyd[73301]: started with -d -i rl0 -f /usr/local/etc/honeyd.conf 192.168.15.110
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[73301]: listening promiscuously on rl0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.15.110))) and not ether src 00:13:8f:2f:ac:5e
honeyd[73301]: Demoting process privileges to uid 32767, gid 32767
honeyd[73301]: Sending ICMP Echo Reply: 192.168.15.110 -> 192.168.15.24
honeyd[73301]: Sending ICMP Echo Reply: 192.168.15.110 -> 192.168.15.24
honeyd[73301]: Sending ICMP Echo Reply: 192.168.15.110 -> 192.168.15.24
honeyd[73301]: Connection request: tcp (192.168.15.24:56432 - 192.168.15.110:80)
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
honeyd[73301]: couldn't send packet: Permission denied
^Choneyd[73301]: exiting on signal 2

18:43:55

#ipfw show

65100   0     0 allow tcp from any to me dst-port 22 keep-state
65200   0     0 allow tcp from any to me dst-port 23
65300  25  1740 allow ip from any to 192.168.15.110
65400   0     0 allow tcp from any to 192.168.15.110
65500 417 44814 allow tcp from me to any out keep-state
65500  14   928 reset log logamount 10 tcp from any to any
65500  18  1584 allow ip from any to any
65535  64  6845 deny ip from any to any

/dev/ttyp2

18:44:29

$ping 192.168.15.110

PING 192.168.15.110 (192.168.15.110): 56 data bytes
^C
--- 192.168.15.110 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

18:44:35

$arng 192.168.15.110

arping: must run as root

18:44:39

$sudo g 192.168.15.110

Password:
ARPING 192.168.15.110
60 bytes from 00:13:8f:2f:ac:5e (192.168.15.110): index=0 time=9.952 msec
60 bytes from 00:13:8f:2f:ac:5e (192.168.15.110): index=1 time=9.954 msec
60 bytes from 00:13:8f:2f:ac:5e (192.168.15.110): index=2 time=9.958 msec
^C
--- 192.168.15.110 statistics ---
4 packets transmitted, 3 packets received,  25% unanswered

18:44:53

$arping 192.168.15.110

arping: must run as root

18:44:55

$ping 192.168.15.110

PING 192.168.15.110 (192.168.15.110): 56 data bytes
^C
--- 192.168.15.110 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

/dev/ttyp4

18:45:06

#ipfw show

65100  13  3688 allow tcp from any to me dst-port 22 keep-state
65200   0     0 allow tcp from any to me dst-port 23
65300  28  1884 allow ip from any to 192.168.15.110
65400   0     0 allow tcp from any to 192.168.15.110
65500 420 45210 allow tcp from me to any out keep-state
65500  14   928 reset log logamount 10 tcp from any to any
65500  19  1813 allow ip from any to any
65535  64  6845 deny ip from any to any

18:45:13

#ipfw delete 65400

/dev/ttyp2

18:45:27

$ping 192.168.15.110

PING 192.168.15.110 (192.168.15.110): 56 data bytes
64 bytes from 192.168.15.110: icmp_seq=0 ttl=128 time=0.799 ms
64 bytes from 192.168.15.110: icmp_seq=1 ttl=128 time=0.461 ms
64 bytes from 192.168.15.110: icmp_seq=2 ttl=128 time=0.460 ms
^C
--- 192.168.15.110 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.460/0.573/0.799/0.160 ms

18:45:31

$telnet 192.168.15.110 80

Trying 192.168.15.110...
telnet: connect to address 192.168.15.110: Operation timed out
telnet: Unable to connect to remote host

/dev/ttyp4

18:45:47

#ipfw add 65400 allow ip from 192.168.15.110 to any

65400 allow ip from 192.168.15.110 to any

18:46:12

#ipfw show

65100  13  3688 allow tcp from any to me dst-port 22 keep-state
65200   0     0 allow tcp from any to me dst-port 23
65300  28  1884 allow ip from any to 192.168.15.110
65400   0     0 allow ip from 192.168.15.110 to any
65500 420 45210 allow tcp from me to any out keep-state
65500  14   928 reset log logamount 10 tcp from any to any
65500  25  2281 allow ip from any to any
65535  64  6845 deny ip from any to any

18:46:14

#honeyd -d -i rl0 -f /usr/local/etc/honeyd.conf 192.168.15.110

Honeyd V1.0 Copyright (c) 2002-2004 Niels Provos
honeyd[73547]: started with -d -i rl0 -f /usr/local/etc/honeyd.conf 192.168.15.110
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[73547]: listening promiscuously on rl0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.15.110))) and not ether src 00:13:8f:2f:ac:5e
honeyd[73547]: Demoting process privileges to uid 32767, gid 32767
honeyd[73547]: Connection request: tcp (192.168.15.24:55179 - 192.168.15.110:80)
honeyd[73547]: Connection established: tcp (192.168.15.24:55179 - 192.168.15.110:80) <-> /usr/local/share/honeyd/scripts/web.sh
honeyd[73547]: Expiring TCP (192.168.15.24:55179 - 192.168.15.110:80) (0x81d8c00) in state 7
^Choneyd[73547]: exiting on signal 2

18:47:59

#man honeyd

18:48:17

#honeyd -d -i rl0 -f /usr/local/etc/honeyd.conf --webserver-port 8080

Honeyd V1.0 Copyright (c) 2002-2004 Niels Provos
honeyd[73632]: started with -d -i rl0 -f /usr/local/etc/honeyd.conf --webserver-port 8080 192.168.15.110
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[73632]: listening promiscuously on rl0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.15.110))) and not ether src 00:13:8f:2f:ac:5e
honeyd[73632]: Demoting process privileges to uid 32767, gid 32767
^Choneyd[73632]: exiting on signal 2

/dev/ttyp2

18:48:30

$telnet 192.168.15.110 80

Trying 192.168.15.110...
Connected to 192.168.15.110.
Escape character is '^]'.
HTTP/1.1 404 NOT FOUND
Server: Microsoft-IIS/5.0
P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
Content-Location: http://cpmsftwbw27/default.htm
Date: Thu, 04 Apr 2002 06:42:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
<html><title>You are in Error</title>
<body>
<h1>You are in Error</h1>
O strange and inconceivable thing! We did not really die, we were not really buried, we were not really crucified and raised again, but our imitation was but a figure, while our salvation is in reality. Christ was actually crucified, and actually buried, and truly rose again; and all these things have been vouchsafed to us, that we, by imitation communicating in His sufferings, might gain salvatio
<p>
St. Cyril of Jerusalem, On the Christian Sacraments.
</body>
</html>
Connection closed by foreign host.

/dev/ttyp4

18:49:12

#honeyd -d -i rl0 -f /usr/local/etc/honeyd.conf 192.168.15.110

Honeyd V1.0 Copyright (c) 2002-2004 Niels Provos
honeyd[73674]: started with -d -i rl0 -f /usr/local/etc/honeyd.conf 192.168.15.110
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[73674]: listening promiscuously on rl0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.15.110))) and not ether src 00:13:8f:2f:ac:5e
honeyd[73674]: Demoting process privileges to uid 32767, gid 32767
^Choneyd[73674]: exiting on signal 2

18:50:01

#cowsay

^C

18:50:32

#cowsay

^C

18:50:39

#man cowsay

18:50:54

#cowsay fortune

 _________
< fortune >
 ---------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:51:01

#fortune | cowsay

 ________________________________________
/ In Dr. Johnson's famous dictionary     \
| patriotism is defined as the last      |
| resort of the scoundrel. With all due  |
| respect to an enlightened but inferior |
| lexicographer I beg to submit that it  |
| is the first.                          |
|                                        |
| -- Ambrose Bierce, "The Devil's        |
\ Dictionary"                            /
 ----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:51:14

#fortune | cowsay

 _______________________________________
/ Newpaper editors are men who separate \
| the wheat from the chaff, and then    |
| print the chaff.                      |
|                                       |
\ -- Adlai Stevenson                    /
 ---------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:51:35

#fortune | cowsay

 ________________________________________
/ The world really isn't any worse. It's \
| just that the news coverage is so much |
\ better.                                /
 ----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:51:42

#fortune | cowsay

 ________________________________________
/ The way to make a small fortune in the \
| commodities market is to start with a  |
\ large fortune.                         /
 ----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:51:46

#fortune | cowsay

 _________________________________________
/ For my son, Robert, this is proving to  \
| be the high-point of his entire life to |
| date. He has had his pajamas on for     |
| two, maybe three days now. He has the   |
| sense of joyful independence a          |
| 5-year-old child gets when he suddenly  |
| realizes that he could be operating an  |
| acetylene torch in the coat closet and  |
| neither parent [because of the flu]     |
...
| Lumps o' Froot ("part of this complete  |
| breakfast").                            |
|                                         |
\ -- Dave Barry, "Molecular Homicide"     /
 -----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:51:52

#fortune | cowsay

 ________________________________________
/ I was playing poker the other night... \
| with Tarot cards. I got a full house   |
| and four people died.                  |
|                                        |
\ -- Steven Wright                       /
 ----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

18:52:04

#man cowsay

/dev/ttyp2

18:52:24

$exit

exit
Connection to fbsd4.linux.nt closed.

/dev/ttyp4

18:52:43

#cd /usr/local/share/cows

18:52:48

#ls

beavis.zen.cow          dragon.cow              kitty.cow               ren.cow                 telebears.cow
bong.cow                elephant-in-snake.cow   koala.cow               satanic.cow             three-eyes.cow
box.cow                 elephant.cow            kosh.cow                sheep.cow               turkey.cow
bud-frogs.cow           eyes.cow                luke-koala.cow          skeleton.cow            turtle.cow
bunny.cow               flaming-sheep.cow       mech-and-cow            small.cow               tux-stab.cow
cheese.cow              ghostbusters.cow        meow.cow                sodomized.cow           tux.cow
cower.cow               head-in.cow             milk.cow                stegosaurus.cow         udder.cow
daemon.cow              hellokitty.cow          moofasa.cow             stimpy.cow              vader-koala.cow
default.cow             jkh.cow                 moose.cow               supermilker.cow         vader.cow
dragon-and-cow.cow      kiss.cow                mutilated.cow           surgery.cow             www.cow

18:52:49

#cat box.cow

# Created by Brian Feldman <green@FreeBSD.org>
# Updated for content by Robert Watson <rwatson@FreeBSD.org>
#
$the_cow = "";
$the_cow .= "        $thoughts\n";
$the_cow .= "         $thoughts\n";
$the_cow .= "     .----------------------.\n";
$the_cow .= "    / \\                     |\\\n";
$the_cow .= "     \\ \\____________________|_\\\n";
$the_cow .= "     \\\\/\\______________________\\\n";
$the_cow .= "      \\| BOX O' STUPID PEOPLE |\n";
$the_cow .= "       `----------------------'\n";

18:52:57

#cat wwww

##
## A cow wadvertising the World Wide Web, from lim@csua.berkeley.edu
##
$the_cow = <<EOC;
        $thoughts   ^__^
         $thoughts  ($eyes)\\_______
            (__)\\       )\\/\\
             $tongue ||--WWW |
                ||     ||
EOC

18:53:14

#cat elephant

##
## An elephant out and about
##
$the_cow = <<EOC;
 $thoughts     /\\  ___  /\\
  $thoughts   // \\/   \\/ \\\\
     ((    O O    ))
      \\\\ /     \\ //
       \\/  | |  \\/
        |  | |  |
        |  | |  |
        |   o   |
        | |   | |
        |m|   |m|
EOC

18:53:47

#cat daemon.

##
## 4.4 >> 5.4
##
$the_cow = <<EOC;
   $thoughts         ,        ,
    $thoughts       /(        )`
     $thoughts      \\ \\___   / |
            /- _  `-/  '
           (/\\/ \\ \\   /\\
           / /   | `    \\
...
             `-----' /
<----.     __ / __   \\
<----|====O)))==) \\) /====
<----'    `--' `.__,' \\
             |        |
              \\       /
        ______( (_  / \\______
      ,'  ,-----'   |        \\
      `--{__________)        \\/
EOC

18:54:01

#[root@fbsd2:cows]# man cowsay

       the path specified in the COWPATH environment variable.   To  list  all
NAME
       cowsay/cowthink - configurable speaking/thinking cow (and a bit more)
SYNOPSIS
       cowsay  [-e  eye_string] [-f cowfile] [-h] [-l] [-n] [-T tongue_string]
       [-W column] [-bdgpstwy]
DESCRIPTION
       Cowsay generates an ASCII picture of a cow saying something provided by
       the  user.   If run with no arguments, it accepts standard input, word-
       wraps the message given at about 40 columns, and prints the cow  saying
...
       The  user  may  specify  the  -e option to select the appearance of the
       cow's eyes, in which case the first  two  characters  of  the  argument
       string eye_string will be used.  The default eyes are 'oo'.  The tongue
       is similarly configurable through -T and tongue_string; it must be  two
       characters  and does not appear by default.  However, it does appear in
       the 'dead' and 'stoned' modes.  Any configuration done  by  -e  and  -T
       will be lost if one of the provided modes is used.
       The  -f option specifies a particular cow picture file (``cowfile'') to
       use.  If the cowfile spec contains '/' then it will be interpreted as a
       path  relative to the current directory.  Otherwise, cowsay will search

18:54:17

#cowsay -f daemon.cow domoy

 _______
< domoy >
 -------
   \         ,        ,
    \       /(        )`
     \      \ \___   / |
            /- _  `-/  '
           (/\/ \ \   /\
           / /   | `    \
           O O   ) /    |
...
           `.___/`    /
             `-----' /
<----.     __ / __   \
<----|====O)))==) \) /====
<----'    `--' `.__,' \
             |        |
              \       /
        ______( (_  / \______
      ,'  ,-----'   |        \
      `--{__________)        \/

/dev/ttyp2

19:01:02

$finger

Login            Name                 TTY  Idle  Login  Time   Office  Phone
root             Charlie Root         p6     41  Fri    09:33
root             Charlie Root         p8   1:12  Fri    14:23
root             Charlie Root         pa   2:27  Fri    16:33
root             Charlie Root         pb      1  Fri    18:59
root             Charlie Root         pf     41  Fri    16:05
root             Charlie Root         ph   1:12  Fri    16:34
root             Charlie Root         pi     14  Fri    14:29
root             Charlie Root         pk     27  Fri    14:44
user             NT-IDS Student #2   *v1   9:36  Fri    09:24
user             NT-IDS Student #2    p2         Fri    09:24
user             NT-IDS Student #2    p4      1  Fri    09:26

19:01:21

$finger

Login            Name                 TTY  Idle  Login  Time   Office  Phone
root             Charlie Root         p6     42  Fri    09:33
root             Charlie Root         p8   1:12  Fri    14:23
root             Charlie Root         pa   2:27  Fri    16:33
root             Charlie Root         pb      1  Fri    18:59
root             Charlie Root         pf     42  Fri    16:05
root             Charlie Root         ph   1:12  Fri    16:34
root             Charlie Root         pi     14  Fri    14:29
root             Charlie Root         pk     27  Fri    14:44
user             NT-IDS Student #2   *v1   9:37  Fri    09:24
user             NT-IDS Student #2    p2         Fri    09:24
user             NT-IDS Student #2    p4      1  Fri    09:26

19:01:22

$finger user

Login: _pflogd                          Name: pflogd privsep user
Directory: /var/empty                   Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
Login: mailnull                         Name: Sendmail Default User
Directory: /var/spool/mqueue            Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
...
No Mail.
No Plan.
Login: user                             Name: NT-IDS Student #2
Directory: /home/user                   Shell: /usr/local/bin/bash
On since Fri Dec 23 09:24 (EET) on ttyv1, idle 9:37 (messages off)
On since Fri Dec 23 09:24 (EET) on ttyp2 from :0
On since Fri Dec 23 09:26 (EET) on ttyp4, idle 0:01, from :0
Last login Fri Dec 23 14:29 (EET) on ttypg from fbsd4.linux.nt
No Mail.
No Plan.

19:01:26

$echo est\'nemnogo > ~/lan

19:01:55

$finger user

Login: _pflogd                          Name: pflogd privsep user
Directory: /var/empty                   Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
Login: mailnull                         Name: Sendmail Default User
Directory: /var/spool/mqueue            Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
...
No Mail.
No Plan.
Login: user                             Name: NT-IDS Student #2
Directory: /home/user                   Shell: /usr/local/bin/bash
On since Fri Dec 23 09:24 (EET) on ttyv1, idle 9:37 (messages off)
On since Fri Dec 23 09:24 (EET) on ttyp2 from :0
On since Fri Dec 23 09:26 (EET) on ttyp4, idle 0:01, from :0
Last login Fri Dec 23 14:29 (EET) on ttypg from fbsd4.linux.nt
No Mail.
Plan: est'nemnogo

19:01:57

$echo est\' emnogo > ~/.plan

19:02:06

$finger user

Login: _pflogd                          Name: pflogd privsep user
Directory: /var/empty                   Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
Login: mailnull                         Name: Sendmail Default User
Directory: /var/spool/mqueue            Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
...
No Mail.
No Plan.
Login: user                             Name: NT-IDS Student #2
Directory: /home/user                   Shell: /usr/local/bin/bash
On since Fri Dec 23 09:24 (EET) on ttyv1, idle 9:37 (messages off)
On since Fri Dec 23 09:24 (EET) on ttyp2 from :0
On since Fri Dec 23 09:26 (EET) on ttyp4, idle 0:02, from :0
Last login Fri Dec 23 14:29 (EET) on ttypg from fbsd4.linux.nt
No Mail.
Plan: est' nemnogo

19:02:07

$finger user

Login: _pflogd                          Name: pflogd privsep user
Directory: /var/empty                   Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
Login: mailnull                         Name: Sendmail Default User
Directory: /var/spool/mqueue            Shell: /usr/sbin/nologin
Never logged in.
No Mail.
No Plan.
...
No Mail.
No Plan.
Login: user                             Name: NT-IDS Student #2
Directory: /home/user                   Shell: /usr/local/bin/bash
On since Fri Dec 23 09:24 (EET) on ttyv1, idle 9:38 (messages off)
On since Fri Dec 23 09:24 (EET) on ttyp2 from :0
On since Fri Dec 23 09:26 (EET) on ttyp4 from :0
Last login Fri Dec 23 14:29 (EET) on ttypg from fbsd4.linux.nt
No Mail.
Plan: est' nemnogo

19:02:25

$man finger

19:03:04

$man honeyd

19:04:34

$[user@fbsd2:mail]$ man honeyd

HONEYD(8)               FreeBSD System Manager's Manual              HONEYD(8)
NAME
     honeyd -- Honeypot Daemon
SYNOPSIS
     honeyd [-dP] [-l logfile] [-s servicelog] [-p fingerprints] [-0 p0f-file]
            [-x xprobe] [-a assoc] [-f file] [-i interface] [-u uid] [-g gid]
            [-c host:port:username:password] [--webserver-port port]
            [--webserver-root path] [--rrdtool-path path]
            [--disable-webserver] [--disable-update]
HONEYD(8)               FreeBSD System Manager's Manual              HONEYD(8)
...
            [--fix-webserver-permissions] [-V|--version] [-h|--help]
            [--include-dir] [net ...]
DESCRIPTION
     Honeyd creates virtual hosts for IP addresses matching the specified net.
     The daemon simulates the networking stack of the configured hosts and can
     simulate any TCP and UDP service.  ICMP is fully supported, too. By
     default, all UDP ports are closed and honeyd will generate an ICMP
     unreachable port message if the configured personality permits that.
     Honeyd enables a single host to claim unused addresses on a LAN for net-
     work simulation.  The net argument may contain multiple addresses and

/dev/ttyp4

19:04:48

#[root@fbsd2:cows]# cd /shared/honeyd/webserver/htdocs/

bash: cd: /shared/honeyd/webserver/htdocs/: No such file or directory

19:06:38

#ls

beavis.zen.cow          dragon.cow              kitty.cow               ren.cow                 telebears.cow
bong.cow                elephant-in-snake.cow   koala.cow               satanic.cow             three-eyes.cow
box.cow                 elephant.cow            kosh.cow                sheep.cow               turkey.cow
bud-frogs.cow           eyes.cow                luke-koala.cow          skeleton.cow            turtle.cow
bunny.cow               flaming-sheep.cow       mech-and-cow            small.cow               tux-stab.cow
cheese.cow              ghostbusters.cow        meow.cow                sodomized.cow           tux.cow
cower.cow               head-in.cow             milk.cow                stegosaurus.cow         udder.cow
daemon.cow              hellokitty.cow          moofasa.cow             stimpy.cow              vader-koala.cow
default.cow             jkh.cow                 moose.cow               supermilker.cow         vader.cow
dragon-and-cow.cow      kiss.cow                mutilated.cow           surgery.cow             www.cow

19:06:39

#cd /usr/localneyd/webserver/htdocs/

bash: cd: /usr/local/shared/honeyd/webserver/htdocs/: No such file or directory

19:06:50

#cd /usr/shared/honeyd/webserver/htdocs/

bash: cd: /usr/shared/honeyd/webserver/htdocs/: No such file or directory

19:07:00

#whereis / name=webserver

: /usr/src/bin/
name=webserver:

19:07:16

#whereis / -name bserver

: /usr/src/bin/
-name:
webserver:

19:07:45

#findname webserver

/usr/local/share/honeyd/webserver
^C

19:08:14

#cd /usr/local/honeyd/webserver/htdocs/

19:08:37

#ls

config.py       graphs          images          index.py        styles          templates

19:08:39

#cd /usr/local/www

19:10:17

#ls

cgi-bin         cgi-bin-dist    data            data-dist       icons           proxy

19:10:19

#cd data

19:10:22

#ls

EXAMPLE_DIRECTORY-DONT_ADD_OR_TOUCH_ANYTHING    index.html.lb.utf8
apache_pb.gif                                   index.html.nl
index.html.ca                                   index.html.nn
index.html.cz                                   index.html.no
index.html.de                                   index.html.po.iso-pl
index.html.dk                                   index.html.pt
index.html.ee                                   index.html.pt-br
index.html.el                                   index.html.ru.cp-1251
index.html.en                                   index.html.ru.cp866
index.html.es                                   index.html.ru.iso-ru
index.html.fr                                   index.html.ru.koi8-r
index.html.he.iso8859-8                         index.html.ru.ucs2
index.html.hu                                   index.html.ru.ucs4
index.html.it                                   index.html.ru.utf8
index.html.ja.jis                               index.html.se
index.html.kr.iso-kr                            index.html.zh-tw.big5

19:10:24

#cd /usr/local/share/honeyd/webserver/htdocs/

19:10:51

#ls

config.py       graphs          images          index.py        styles          templates

19:10:53

#ls -al

total 16
drwxr-xr-x  6 root  wheel   512 Dec 23 14:19 .
drwxr-xr-x  3 root  wheel   512 Dec 23 14:19 ..
-rw-r--r--  1 root  wheel   833 Sep 14  2004 config.py
drwxr-xr-x  2 root  wheel   512 Dec 23 14:19 graphs
drwxr-xr-x  2 root  wheel   512 Dec 23 14:19 images
-rw-r--r--  1 root  wheel  1445 Dec  6  2004 index.py
drwxr-xr-x  2 root  wheel   512 Dec 23 14:19 styles
drwxr-xr-x  3 root  wheel   512 Dec 23 14:19 templates

19:10:55

#cat config.py

import time
import support
from htmltmpl import TemplateManager, TemplateProcessor
self.send_response(200)
self.send_header("Content-Type", "text/html")
self.send_nocache()
self.end_headers()
# Process commands given to us
message = support.parse_query(self.query)
# Compile or load already precompiled template.
...
content = "Welcome to the Honeyd Configuration Interface.<p>"
content += support.config_table()
content += "<p>"
content += support.config_ips(self.root)
if message:
    tproc.set("message", message)
tproc.set("content", content)
tproc.set("uptime", support.uptime())
# Print the processed template.
self.wfile.write(tproc.process(template))

19:18:43

#man scp

19:19:33

#scp /tmp/

.ICE-unix/              .xf86config7238/        ad1                     lm-saved-51667          screens/
.X0-lock                .xf86config7247/        arp.log                 lm-saved-8516           scrollkeeper-user/
.X11-unix/              .xf86config7256/        ipfwshow                log                     vi.psnSHG4Ux6
.XIM-unix/              Term-VT102-0.82/        kde-root/               mcop-root/
.font-unix/             Term-VT102-0.82.tar.gz  kde-user/               mcop-user/
.snap/                  Text-Iconv-1.4/         ksocket-root/           mysql.sock
.vi                     Text-Iconv-1.4.tar.gz   ksocket-user/           pipe

19:19:33

#cat /tmp/a

ad1      arp.log

19:19:33

#cat /tmp/ad1

cat: /tmp/ad1: Socket operation on non-socket

19:19:49

#cat /tmp/log

get /

19:19:55

#scp /tmp/log user@m04

19:20:12

#scp /tmp/log user@m04/tmp/

cp: user@m04/tmp: Not a directory

19:20:26

#scp /tmp/log user@m04:tmp/

Password:
scp: /tmp//log: Permission denied

19:20:37

#scp /tmp/log root:/tmp/

Password:
log                                                                                                     100%    6     0.0KB/s   00:00

19:20:51

#ssh m04

Password:
Last login: Fri Dec 23 17:09:17 2005 from linux.nt
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.
FreeBSD 6.0-RELEASE (GENERIC) #0: Thu Nov  3 09:36:13 UTC 2005
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o  Security advisories and updated errata information for all releases are
   at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
   for your release first as it's updated frequently.
o  The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
   along with the mailing lists, can be searched by going to
   http://www.FreeBSD.org/search/.  If the doc distribution has
   been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list.  If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page.  If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility.  Edit /etc/motd to change this login announcement.

19:23:09

#cat /tmp/

.ICE-unix/              Term-VT102-0.82/        kde-user/               mcop-root/              scrollkeeper-user/
.X0-lock                Term-VT102-0.82.tar.gz  ksocket-root/           mcop-user/              swatch.log
.X11-unix/              Text-Iconv-1.4/         ksocket-user/           mysql.sock
.XIM-unix/              Text-Iconv-1.4.tar.gz   log                     nessus-0gaHq6
.font-unix/             arp.log                 mc-root/                nessus-mkcert.19557/
.snap/                  kde-root/               mc-user/                pthread.dump.14351.0

19:23:09

#cat /tmp/log

get /

19:23:17

#exit

exit
Connection to fbsd4.linux.nt closed.

прошло 11 минут

19:35:13

#exit

exit

/dev/ttyp2

19:40:20

$http://en.wikipedia.org/wiki/Image:Unix.png

exit
bash: http://en.wikipedia.org/wiki/Image:Unix.png: No such file or directory

прошло 10 минут

/dev/ttyv1

19:51:04

$sudo shutdown -h now

Password:
Shutdown NOW!
shutdown: [pid 75299]

Воскресенье (12/24/06)

/dev/ttyv1

09:29:29

$startx

X Window System Version 6.8.2
Release Date: 9 February 2005
X Protocol Version 11, Revision 0, Release 6.8.2
Build Operating System: FreeBSD 6.0 i386 [ELF]
Current Operating System: FreeBSD fbsd2.linux.nt 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov  3 09:36:13 UTC 2005     root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
Build Date: 12 October 2005
        Before reporting problems, check http://wiki.X.Org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
...
X Error: BadWindow (invalid Window parameter) 3
  Major opcode:  6
  Minor opcode:  0
  Resource id:  0x1a0000b
kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle 'Office/kword.desktop'
startkde: Shutting down...
klauncher: Exiting on signal 1
startkde: Running shutdown scripts...
startkde: Done.
waiting for X server to shut down FreeFontPath: FPE "/usr/X11R6/lib/X11/fonts/misc/" refcount is 2, should be 1; fixing.

/dev/ttyp2

09:30:55

$sudo bash

Password:
Password:

09:31:06

$sudo bash

Password:
Sorry, try again.
Password:

09:31:17

#ipfw show

65535 36 2307 deny ip from any to any

09:31:22

#vi /etc/rc.local

09:31:38

#vi /etc/rc.conf

09:31:57

#ipwf flush

bash: ipwf: command not found

09:32:02

#ipfwflush

Are you sure? [yn] y
Flushed all rules.

09:32:09

#ping ya.ru

ping: cannot resolve ya.ru: Host name lookup failure

09:32:23

#ipwf show

bash: ipwf: command not found

09:32:31

#ipfwshow

65535 117 7516 deny ip from any to any

09:32:38

#ipfw add 65000 allow ip from any to any

65000 allow ip from any to any

09:33:04

#ping ya.ru

PING ya.ru (213.180.204.8): 56 data bytes
64 bytes from 213.180.204.8: icmp_seq=0 ttl=50 time=142.007 ms
64 bytes from 213.180.204.8: icmp_seq=1 ttl=50 time=139.387 ms
^C
--- ya.ru ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 139.387/140.697/142.007/1.310 ms

09:33:12

#cp /var/mail/root /var/mail/user

You have new mail in /var/mail/user

09:34:24

#chown

usage: chown [-fhv] [-R [-H | -L | -P]] owner[:group] file ...
       chown [-fhv] [-R [-H | -L | -P]] :group file ...

09:34:33

#chown user /var/mail/user

Файлы

/tmp/

.ICE-unix/              Term-VT102-0.82/        kde-user/               mcop-root/              scrollkeeper-user/
.X0-lock                Term-VT102-0.82.tar.gz  ksocket-root/           mcop-user/              swatch.log
.X11-unix/              Text-Iconv-1.4/         ksocket-user/           mysql.sock
.XIM-unix/              Text-Iconv-1.4.tar.gz   log                     nessus-0gaHq6
.font-unix/             arp.log                 mc-root/                nessus-mkcert.19557/
.snap/                  kde-root/               mc-user/                pthread.dump.14351.0

/tmp/a

ad1      arp.log

/tmp/log

get /

box.cow

# Created by Brian Feldman <green@FreeBSD.org>
# Updated for content by Robert Watson <rwatson@FreeBSD.org>
#
$the_cow = "";
$the_cow .= "        $thoughts\n";
$the_cow .= "         $thoughts\n";
$the_cow .= "     .----------------------.\n";
$the_cow .= "    / \\                     |\\\n";
$the_cow .= "     \\ \\____________________|_\\\n";
$the_cow .= "     \\\\/\\______________________\\\n";
$the_cow .= "      \\| BOX O' STUPID PEOPLE |\n";
$the_cow .= "       `----------------------'\n";

config.py

import time
import support
from htmltmpl import TemplateManager, TemplateProcessor
self.send_response(200)
self.send_header("Content-Type", "text/html")
self.send_nocache()
self.end_headers()
# Process commands given to us
message = support.parse_query(self.query)
# Compile or load already precompiled template.
template = TemplateManager().prepare(self.root+"/templates/index.tmpl")
tproc = TemplateProcessor(0)
# Set the title.
tproc.set("title", "Honeyd Configuration Interface")
content = "Welcome to the Honeyd Configuration Interface.<p>"
content += support.config_table()
content += "<p>"
content += support.config_ips(self.root)
if message:
    tproc.set("message", message)
tproc.set("content", content)
tproc.set("uptime", support.uptime())
# Print the processed template.
self.wfile.write(tproc.process(template))

daemon.

##
## 4.4 >> 5.4
##
$the_cow = <<EOC;
   $thoughts         ,        ,
    $thoughts       /(        )`
     $thoughts      \\ \\___   / |
            /- _  `-/  '
           (/\\/ \\ \\   /\\
           / /   | `    \\
           O O   ) /    |
           `-^--'`<     '
          (_.)  _  )   /
           `.___/`    /
             `-----' /
<----.     __ / __   \\
<----|====O)))==) \\) /====
<----'    `--' `.__,' \\
             |        |
              \\       /
        ______( (_  / \\______
      ,'  ,-----'   |        \\
      `--{__________)        \\/
EOC

elephant

##
## An elephant out and about
##
$the_cow = <<EOC;
 $thoughts     /\\  ___  /\\
  $thoughts   // \\/   \\/ \\\\
     ((    O O    ))
      \\\\ /     \\ //
       \\/  | |  \\/
        |  | |  |
        |  | |  |
        |   o   |
        | |   | |
        |m|   |m|
EOC

wwww

##
## A cow wadvertising the World Wide Web, from lim@csua.berkeley.edu
##
$the_cow = <<EOC;
        $thoughts   ^__^
         $thoughts  ($eyes)\\_______
            (__)\\       )\\/\\
             $tongue ||--WWW |
                ||     ||
EOC

Статистика

Время первой команды журнала 18:42:03 2006-12-23

Время последней команды журнала 09:34:33 2006-12-24

Количество командных строк в журнале 101

Процент команд с ненулевым кодом завершения, % 16.83

Процент синтаксически неверно набранных команд, % 2.97

Суммарное время работы с терминалом ^*, час 1.23

Количество командных строк в единицу времени, команда/мин 1.36

Частота использования команд

`cowsay`	10	\|========\| 8.85%
`cat`	10	\|========\| 8.85%
`ipfw`	8	\|=======\| 7.08%
`cd`	7	\|======\| 6.19%
`ls`	7	\|======\| 6.19%
`man`	6	\|=====\| 5.31%
`finger`	6	\|=====\| 5.31%
`fortune`	6	\|=====\| 5.31%
`ping`	5	\|====\| 4.42%
`scp`	5	\|====\| 4.42%
`sudo`	4	\|===\| 3.54%
`honeyd`	4	\|===\| 3.54%
`telnet`	3	\|==\| 2.65%
`exit`	3	\|==\| 2.65%
`whereis`	2	\|=\| 1.77%
`echo`	2	\|=\| 1.77%
`ipwf`	2	\|=\| 1.77%
`[root@fbsd2:cows]#`	2	\|=\| 1.77%
`chown`	2	\|=\| 1.77%
`vi`	2	\|=\| 1.77%
`bash`	2	\|=\| 1.77%
`arping`	1	\|\| 0.88%
`cp`	1	\|\| 0.88%
`.plan`	1	\|\| 0.88%
`arng`	1	\|\| 0.88%
`ipfwflush`	1	\|\| 0.88%
`[user@fbsd2:mail]$`	1	\|\| 0.88%
`lan`	1	\|\| 0.88%
`shutdown`	1	\|\| 0.88%
`g`	1	\|\| 0.88%
`ipfwshow`	1	\|\| 0.88%
`startx`	1	\|\| 0.88%
`findname`	1	\|\| 0.88%
`[root@fbsd2:arpd]#`	1	\|\| 0.88%
`Image:Unix.png`	1	\|\| 0.88%
`ssh`	1	\|\| 0.88%

____
*) Интервалы неактивности длительностью 30 минут и более не учитываются

Справка

Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:

В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l

bash: l: command not found
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4
Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

$ find / -name abc

find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C

Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id

uid=0(root) gid=0(root) Gruppen=0(root)
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc

2a3,5 > if [ -f /usr/local/etc/bash_completion ]; then > . /usr/local/etc/bash_completion > fi
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc
В данном случае изменения применяются к файлу ~/.bashrc
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
```
$ whoami
```
```
user
```
```
$ #^ Интересно, кто я?
```
в журнале это будет выглядеть так:
```
$ whoami
```
```
user
```
Интересно, кто я?

Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

$ whoami

user

$ cat > /dev/null #^ Интересно, кто я?

Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

В журнале это будет выглядеть так:

$ whoami

user

Интересно, кто я?

Программа whoami выводит имя пользователя, под которым
мы зарегистрировались в системе.

Она не может ответить на вопрос о нашем назначении
в этом мире.

Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.

Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.

Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
```
1
    2
3   
    4
```
Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

$Id$