/l3/trainings/xg-ids/2005-12-19/fbsd2.linux.nt/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Среда (12/20/06)

/dev/ttyp4
11:54:51
#cp databases/aide.db.new aide.db










11:55:38




#aide --check





Couldn't open file /var/db/aide/databases/aide.db for reading











11:55:39




#cp databases/aide.db.new databases/












11:56:40




#aide --check


AIDE found differences between database and filesystem!!
Start timestamp: 2005-12-20 11:56:41
Summary:
Total number of files=88587,added files=2,removed files=0,changed files=2
Added files:
added:/dev/ptyp8
added:/dev/ttyp8
Changed files:
changed:/root/.lilalo/.report.dat
changed:/dev/ttyp6
Detailed information about changes:
File: /root/.lilalo/.report.dat
  Mtime    : 2005-12-20 11:51:04               , 2005-12-20 11:56:42
  Ctime    : 2005-12-20 11:51:04               , 2005-12-20 11:56:42
File: /dev/ttyp6
  Permissions: crw-rw-rw-                        , crw--w----
  Uid      : 0                                 , 1001











/dev/ttyp6
12:00:09




$man aide










12:00:27




$man aide.conf










12:01:59




$ping ya.ru


PING ya.ru (213.180.204.8): 56 data bytes
64 bytes from 213.180.204.8: icmp_seq=0 ttl=50 time=141.237 ms
64 bytes from 213.180.204.8: icmp_seq=1 ttl=50 time=143.757 ms
64 bytes from 213.180.204.8: icmp_seq=2 ttl=50 time=141.042 ms
64 bytes from 213.180.204.8: icmp_seq=3 ttl=50 time=143.305 ms
64 bytes from 213.180.204.8: icmp_seq=5 ttl=50 time=140.425 ms
64 bytes from 213.180.204.8: icmp_seq=6 ttl=50 time=139.483 ms
64 bytes from 213.180.204.8: icmp_seq=7 ttl=50 time=139.068 ms
64 bytes from 213.180.204.8: icmp_seq=8 ttl=50 time=141.545 ms
64 bytes from 213.180.204.8: icmp_seq=9 ttl=50 time=142.234 ms
...
64 bytes from 213.180.204.8: icmp_seq=13 ttl=50 time=140.653 ms
64 bytes from 213.180.204.8: icmp_seq=14 ttl=50 time=141.059 ms
64 bytes from 213.180.204.8: icmp_seq=15 ttl=50 time=143.670 ms
64 bytes from 213.180.204.8: icmp_seq=16 ttl=50 time=139.023 ms
64 bytes from 213.180.204.8: icmp_seq=17 ttl=50 time=140.970 ms
64 bytes from 213.180.204.8: icmp_seq=18 ttl=50 time=139.173 ms
^C
--- ya.ru ping statistics ---
19 packets transmitted, 18 packets received, 5% packet loss
round-trip min/avg/max/stddev = 139.023/141.514/149.251/2.368 ms











/dev/ttyp4
12:02:07




#ls -al /root


total 52
drwxr-xr-x  10 root  wheel   512 Dec 19 17:40 .
drwxr-xr-x  21 root  wheel   512 Dec 20 09:16 ..
-rw-------   1 root  wheel  4818 Dec 20 10:10 .bash_history
-rw-r--r--   1 root  wheel    39 Dec 19 13:59 .bash_profile
-rw-r--r--   1 root  wheel  1297 Dec 19 10:51 .bashrc
-rw-r--r--   2 root  wheel   801 Nov  3 10:12 .cshrc
drwx------   2 root  wheel   512 Dec 19 11:38 .gconf
drwx------   2 root  wheel   512 Dec 18 21:49 .gconfd
-rw-r--r--   1 root  wheel     0 Dec 19 15:32 .gnokii-errors
...
-rw-------   1 root  wheel   109 Dec 18 20:13 .history
-rw-r--r--   1 root  wheel   143 Nov  3 10:12 .k5login
drwx------   2 root  wheel   512 Dec 19 11:38 .kde
drwxr-xr-x   2 root  wheel  3072 Dec 20 10:08 .lilalo
-rw-r--r--   1 root  wheel   293 Nov  3 10:12 .login
-rw-------   1 root  wheel   864 Dec 19 18:25 .mysql_history
-rw-r--r--   2 root  wheel   251 Nov  3 10:12 .profile
drwxr-xr-x   2 root  wheel   512 Dec 19 10:36 .ssh
-rw-r--r--   1 root  wheel  3072 Dec 19 15:16 .swatch_script.3080
-rw-r--r--   1 root  wheel  2666 Dec 19 16:57 xorg.conf.new











12:05:17




#cat test >> /root/.gno





.gnokii-errors   .gnome2/         .gnome2_private/











12:05:17




#cat test >> /root/.gnokii-errors





cat: test: No such file or directory











12:05:41




#cat 'test'> /root/.gnokii-errors





cat: test: No such file or directory











12:05:50




#echost' >> /root/.gnokii-errors












12:06:10




#cat /root/.gnokii-errors


test











12:06:23




#aide --compare





Must have both input databases defined for database compare.











12:06:34




#ls -al databases/


total 24228
drwx------  2 root  wheel       512 Dec 20 11:56 .
drwx------  3 root  wheel       512 Dec 20 11:55 ..
-rw-------  1 root  wheel  12379872 Dec 20 11:56 aide.db
-rw-------  1 root  wheel  12379872 Dec 20 11:54 aide.db.new











12:07:33




#man  aida













12:07:46




#man  aide










12:08:40




#aide --compare





Must have both input databases defined for database compare.











12:08:44




#man  aide.conf










12:09:15




#vi /usr/local/etc/aide.conf


77c77
< 
---
> database_new=file:///var/db/aide/databases/aide.db.new









12:12:15




#aide --compare


AIDE, version 0.10











12:21:33




#cd /












12:30:54




#pkg_add -r chkrootkit


Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/chkrootkit.tbz... Done.











12:31:14




#chkrootkit


ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
...
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... xl0 is not promisc
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted









прошло 73 минуты




13:45:02




#man rsync













13:46:25




#man rsync













13:46:29




#cd /usr/ports/












13:48:14




#make search name=rsync


Port:   p5-File-DirSync-1.11
Path:   /usr/ports/devel/p5-File-DirSync
Info:   Perl5 module for synchronizing two directories rapidly
Maint:  svenasse@polaris.ca
B-deps: perl-5.8.7
R-deps: perl-5.8.7
WWW:    http://freeware.roobik.com/filedirsync/
Port:   maildirsync-1.0
Path:   /usr/ports/mail/maildirsync
Info:   Online synchronizer for Maildir-format mailboxes
...
B-deps: ruby-1.8.2_4
R-deps: pdumpfs-1.3 rsync-2.6.6 ruby-1.8.2_4
WWW:
Port:   rsyncmanager-1.1
Path:   /usr/ports/sysutils/rsyncmanager
Info:   Flexible rsync resource manager daemon written in ruby
Maint:  kelley@insidesystems.net
B-deps: ruby-1.8.2_4
R-deps: rsync-2.6.6 ruby-1.8.2_4
WWW:











13:57:01




#clear












13:57:04




#tcpdump


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes
13:57:30.792994 IP fbsd2.linux.nt.49510 > linux.nt.domain:  41647+ A? ya.ru. (23)
13:57:30.793697 IP linux.nt.domain > fbsd2.linux.nt.49510:  41647 1/4/1 A ya.ru (138)
13:57:30.797325 IP fbsd2.linux.nt > ya.ru: ICMP echo request, id 61506, seq 0, length 64
13:57:30.938452 IP ya.ru > fbsd2.linux.nt: ICMP echo reply, id 61506, seq 0, length 64
13:57:31.415263 IP fbsd2.linux.nt.52268 > linux.nt.domain:  64610+ PTR? 254.15.168.192.in-addr.arpa. (45)
13:57:31.415766 IP linux.nt.domain > fbsd2.linux.nt.52268:  64610* 1/1/1 (97)
13:57:31.417515 IP fbsd2.linux.nt.53979 > linux.nt.domain:  64611+ PTR? 8.204.180.213.in-addr.arpa. (44)
13:57:31.798514 IP fbsd2.linux.nt > ya.ru: ICMP echo request, id 61506, seq 1, length 64
...
14:00:05.120045 IP linux.nt.32802 > 192.168.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:00:05.255937 IP fbsd2.linux.nt.59407 > linux.nt.domain:  64613+ PTR? 255.15.168.192.in-addr.arpa. (45)
14:00:05.256947 arp who-has fbsd2.linux.nt tell linux.nt
14:00:05.256976 arp reply fbsd2.linux.nt is-at 00:04:76:a1:ef:bc (oui Unknown)
14:00:05.257078 IP linux.nt.domain > fbsd2.linux.nt.59407:  64613 NXDomain* 0/1/0 (107)
14:00:05.390000 IP linux.nt.32802 > 192.168.15.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
^C
94 packets captured
94 packets received by filter
0 packets dropped by kernel











/dev/ttyp6
13:57:49




$ifconfig


xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=9<RXCSUM,VLAN_MTU>
        inet6 fe80::204:76ff:fea1:efbc%xl0 prefixlen 64 scopeid 0x1
        inet 192.168.15.22 netmask 0xffffff00 broadcast 192.168.15.255
        ether 00:04:76:a1:ef:bc
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000











/dev/ttyp4
14:00:24




#pkg_info | grep ethe















14:00:38




#pkg_add -r ethereal


Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/Latest/ethereal.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All/adns-1.1.tbz... Done.











14:07:16




#ethereal












/dev/ttyp6
14:08:04




$telnet linux.nt





Trying 192.168.15.254...
Connected to linux.nt.
Escape character is '^]'.
Password:
Login incorrect
herz.linux.nt login: user
Password:
Last login: Wed Dec  7 17:16:07 2005 from linux16-66.linux.nt on pts/4
Linux herz.linux.nt 2.6.10 #1 Fri Mar 11 12:21:52 EET 2005 i686 GNU/Linux
The programs included with the Debian GNU/Linux system are free software;
...
permitted by applicable law.
No mail.
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)
Identity added: /home/user/.ssh/identity (user@herz)
Agent pid 11589
user@herz:~$ ls
192.168.15.1  hostname   hostname_M3  john.pot  microsoftdead.jpg  obj_101.html   obj_102.html     restore              typescript
915a77e5.jpg  host.name  index.html   mbox      obj_101_files      obj_102_files  rastomanam2.jpg  root@192.168.15.111
user@herz:~$ Connection closed by foreign host.











14:13:08




$telnet linux.nt 4566





Trying 192.168.15.254...
telnet: connect to address 192.168.15.254: Connection refused
telnet: Unable to connect to remote host











14:13:30




$telnet linux87.nt





linux87.nt: hostname nor servname provided, or not known











14:15:12




$telnet 123.456





.Trying 123.0.1.200...
^C











14:16:01




$telnet 192.168.15.100





Trying 192.168.15.100...
^C











14:16:14




$telnet 192.168.15.101





Trying 192.168.15.101...
^C











14:16:30




$ping 68.15.101





PING 192.168.15.101 (192.168.15.101): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 192.168.15.101 ping statistics ---
19 packets transmitted, 0 packets received, 100% packet loss









прошло 23 минуты




14:40:06




$cd /usr/ports/net/m





mDNSResponder/        merlinmon/            mldonkey-core/        mldonkey-serverspy/   mrt/                  mute-net/
mad_fcl/              mgen/                 mldonkey-core-devel/  mldonkey-urlslave/    mrtg-ping-probe/      mute-net-gui/
magictun/             micq/                 mldonkey-devel/       mmucl/                msend/                mute-net-text/
mars_nwe/             minder/               mldonkey-gui/         mopd/                 msntp/                mutella/
meanwhile/            minisapserver/        mldonkey-gui-devel/   morebalance/          mtr/
meanwhile-gaim/       mknbi/                mldonkey-perlreactor/ mpd/                  mu-conference/
mercury/              mldonkey/             mldonkey-sancho/      mpich/                mudix/











14:40:06




$cd /usr/ports/net-mgmt/ettercap/












14:40:32




$make WITHOUT_GTK=yes





You may use the following build option(s):
WITHOUT_ICONV=yes       builds without support for UTF-8
WITHOUT_PCRE=yes        builds without support for perl regexps in filters
WITHOUT_PLUGINS=yes     builds without ettercap plugins
WITHOUT_SSL=yes         builds without support for SSH1 and SSL decryption
===>  Vulnerability check disabled, database not found
=> ettercap-NG-0.7.3.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> /usr/ports/distfiles is not writable by you; cannot fetch.
*** Error code 1
Stop in /usr/ports/net-mgmt/ettercap.











14:41:03




$sudo WITHOUT_GTK=yes


checking for strsep... yes
checking for memmem... yes
checking for memcmp... yes
checking for basename... yes
checking for getopt_long... yes
checking for strcasestr... yes
checking for scandir... yes
checking for inet_aton... yes
checking for inet_aton in -lresolv... no
Checking user defined options...
...
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -I. -O2 -fno-strict-aliasing -pipe -MT libec_text_a-ec_text_profile.o -MD -MP -MF ".deps/libec_text_a-ec_text_profile.Tpo" -c -o libec_text_a-ec_text_profile.o `test -f 'ec_text_profile.c' || echo './'`ec_text_profile.c;  then mv -f ".deps/lib
rm -f libec_text.a
ar cru libec_text.a libec_text_a-ec_text.o  libec_text_a-ec_text_conn.o  libec_text_a-ec_text_display.o  libec_text_a-ec_text_plugin.o  libec_text_a-ec_text_profile.o
ranlib libec_text.a
Making all in curses
Making all in widgets
if cc -DHAVE_CONFIG_H -I. -I. -I../../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT libwdg_a-wdg.o -MD -MP -MF ".deps/libwdg_a-wdg.Tpo" -c -o libwdg_a-wdg.o `test -f 'wdg.c' || echo './'`wdg.c;  then mv -f ".deps/libwdg_a-wdg.Tpo" ".deps/libwdg_a-wdg.Po"; else rm -f ".deps/libwdg_a-wdg.Tp
if cc -DHAVE_CONFIG_H -I. -I. -I../../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT libwdg_a-wdg_compound.o -MD -MP -MF ".deps/libwdg_a-wdg_compound.Tpo" -c -o libwdg_a-wdg_compound.o `test -f 'wdg_compound.c' || echo './'`wdg_compound.c;  then mv -f ".deps/libwdg_a-wdg_compound.Tpo" ".de
if cc -DHAVE_CONFIG_H -I. -I. -I../../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT libwdg_a-wdg_debug.o -MD -MP -MF ".deps/libwdg_a-wdg_debug.Tpo" -c -o libwdg_a-wdg_debug.o `test -f 'wdg_debug.c' || echo './'`wdg_debug.c;  then mv -f ".deps/libwdg_a-wdg_debug.Tpo" ".deps/libwdg_a-wdg_de
if cc -DHAVE_CONFIG_H -I. -I. -I../../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT libwdg_a-wdg_dialog.o -MD -MP -MF ".deps/libwdg_a-wdg_dialog.Tpo" -c -o libwdg_a-wdg_dialog.o `test -f 'wdg_dialog.c' || echo './'`wdg_dialog.c;  then mv -f ".deps/libwdg_a-wdg_dialog.Tpo" ".deps/libwdg_a-











14:48:16




$sudo bash


Password:











14:48:30




#make install clean





You may use the following build option(s):
WITHOUT_GTK=yes         builds without GTK2+ GUI
WITHOUT_ICONV=yes       builds without support for UTF-8
WITHOUT_PCRE=yes        builds without support for perl regexps in filters
WITHOUT_PLUGINS=yes     builds without ettercap plugins
WITHOUT_SSL=yes         builds without support for SSH1 and SSL decryption
===>  Vulnerability check disabled, database not found
===>  Extracting for ettercap-gtk2-0.7.3,1
=> Checksum OK for ettercap-NG-0.7.3.tar.gz.
===>  Patching for ettercap-gtk2-0.7.3,1
...
checking whether c++ accepts -g... yes
checking dependency style of c++... gcc3
checking how to run the C++ preprocessor... c++ -E
checking for g77... no
^C===>  Script "configure" failed unexpectedly.
Please report the problem to ports@FreeBSD.org [maintainer] and attach the
"/usr/ports/net-mgmt/ettercap/work/ettercap-NG-0.7.3/config.log" including
the output of the failure of your make command. Also, it might be a good idea
to provide an overview of all packages installed on your system (e.g. an `ls
/var/db/pkg`).











14:48:54




#make clean


===>  Cleaning for atk-1.9.1
===>  Cleaning for libiconv-1.9.2_1
===>  Cleaning for gettext-0.14.5
===>  Cleaning for glib-2.6.6
===>  Cleaning for gmake-3.80_2
===>  Cleaning for imake-6.8.2
===>  Cleaning for libltdl-1.5.18
===>  Cleaning for libtool-1.5.18
===>  Cleaning for pcre-6.2
===>  Cleaning for pkgconfig-0.17.2
...
===>  Cleaning for fontconfig-2.2.3,1
===>  Cleaning for libXft-2.1.7
===>  Cleaning for xorg-fonts-encodings-6.8.2
===>  Cleaning for xorg-fonts-truetype-6.8.2
===>  Cleaning for gtk-2.6.9
===>  Cleaning for pango-1.8.2
===>  Cleaning for xorg-clients-6.8.2
===>  Cleaning for xorg-libraries-6.8.2
===>  Cleaning for xterm-203
===>  Cleaning for ettercap-gtk2-0.7.3,1











14:49:41




#make install WITHOUTGTK





config.status: creating src/interfaces/text/Makefile
config.status: creating src/interfaces/curses/Makefile
config.status: creating src/interfaces/curses/widgets/Makefile
config.status: creating src/interfaces/gtk/Makefile
config.status: creating include/Makefile
config.status: creating utils/Makefile
config.status: creating utils/etterlog/Makefile
config.status: creating utils/etterfilter/Makefile
config.status: creating plug-ins/Makefile
config.status: creating plug-ins/arp_cop/Makefile
...
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/
if cc -DHAVE_CONFIG_H -I. -I. -I../../../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -DXTHREADS -DXUSE_MTSAFE_API -I/usr/local/include/atk-1.0 -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/X11R6/include/gtk-2.0 -I/usr/X11R6/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/X11R6/include/pango-1.0 -I/usr/









прошло 25 минут




15:15:27




#make clean


===>  Cleaning for atk-1.9.1
===>  Cleaning for libiconv-1.9.2_1
===>  Cleaning for gettext-0.14.5
===>  Cleaning for glib-2.6.6
===>  Cleaning for gmake-3.80_2
===>  Cleaning for imake-6.8.2
===>  Cleaning for libltdl-1.5.18
===>  Cleaning for libtool-1.5.18
===>  Cleaning for pcre-6.2
===>  Cleaning for pkgconfig-0.17.2
...
===>  Cleaning for fontconfig-2.2.3,1
===>  Cleaning for libXft-2.1.7
===>  Cleaning for xorg-fonts-encodings-6.8.2
===>  Cleaning for xorg-fonts-truetype-6.8.2
===>  Cleaning for gtk-2.6.9
===>  Cleaning for pango-1.8.2
===>  Cleaning for xorg-clients-6.8.2
===>  Cleaning for xorg-libraries-6.8.2
===>  Cleaning for xterm-203
===>  Cleaning for ettercap-gtk2-0.7.3,1











15:16:35




#make install WITHOUT_GTK=yes





config.status: creating plug-ins/dns_spoof/Makefile
config.status: creating plug-ins/dummy/Makefile
config.status: creating plug-ins/find_conn/Makefile
config.status: creating plug-ins/find_ettercap/Makefile
config.status: creating plug-ins/find_ip/Makefile
config.status: creating plug-ins/finger/Makefile
config.status: creating plug-ins/finger_submit/Makefile
config.status: creating plug-ins/gre_relay/Makefile
config.status: creating plug-ins/gw_discover/Makefile
config.status: creating plug-ins/isolate/Makefile
...
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_inject.o -MD -MP -MF ".deps/ettercap-ec_inject.Tpo" -c -o ettercap-ec_inject.o `test -f 'ec_inject.c' || echo './'`ec_inject.c;  then mv -f ".deps/ettercap-ec_inject.Tpo" ".deps/ettercap-ec_inject.Po";
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_interfaces.o -MD -MP -MF ".deps/ettercap-ec_interfaces.Tpo" -c -o ettercap-ec_interfaces.o `test -f 'ec_interfaces.c' || echo './'`ec_interfaces.c;  then mv -f ".deps/ettercap-ec_interfaces.Tpo" ".deps/
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_log.o -MD -MP -MF ".deps/ettercap-ec_log.Tpo" -c -o ettercap-ec_log.o `test -f 'ec_log.c' || echo './'`ec_log.c;  then mv -f ".deps/ettercap-ec_log.Tpo" ".deps/ettercap-ec_log.Po"; else rm -f ".deps/ett
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_main.o -MD -MP -MF ".deps/ettercap-ec_main.Tpo" -c -o ettercap-ec_main.o `test -f 'ec_main.c' || echo './'`ec_main.c;  then mv -f ".deps/ettercap-ec_main.Tpo" ".deps/ettercap-ec_main.Po"; else rm -f ".d
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_manuf.o -MD -MP -MF ".deps/ettercap-ec_manuf.Tpo" -c -o ettercap-ec_manuf.o `test -f 'ec_manuf.c' || echo './'`ec_manuf.c;  then mv -f ".deps/ettercap-ec_manuf.Tpo" ".deps/ettercap-ec_manuf.Po"; else rm
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_mitm.o -MD -MP -MF ".deps/ettercap-ec_mitm.Tpo" -c -o ettercap-ec_mitm.o `test -f 'ec_mitm.c' || echo './'`ec_mitm.c;  then mv -f ".deps/ettercap-ec_mitm.Tpo" ".deps/ettercap-ec_mitm.Po"; else rm -f ".d
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_packet.o -MD -MP -MF ".deps/ettercap-ec_packet.Tpo" -c -o ettercap-ec_packet.o `test -f 'ec_packet.c' || echo './'`ec_packet.c;  then mv -f ".deps/ettercap-ec_packet.Tpo" ".deps/ettercap-ec_packet.Po";
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_parser.o -MD -MP -MF ".deps/ettercap-ec_parser.Tpo" -c -o ettercap-ec_parser.o `test -f 'ec_parser.c' || echo './'`ec_parser.c;  then mv -f ".deps/ettercap-ec_parser.Tpo" ".deps/ettercap-ec_parser.Po";
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_passive.o -MD -MP -MF ".deps/ettercap-ec_passive.Tpo" -c -o ettercap-ec_passive.o `test -f 'ec_passive.c' || echo './'`ec_passive.c;  then mv -f ".deps/ettercap-ec_passive.Tpo" ".deps/ettercap-ec_passiv
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_plugins.o -MD -MP -MF ".deps/ettercap-ec_plugins.Tpo" -c -o ettercap-ec_plugins.o `test -f 'ec_plugins.c' || echo './'`ec_plugins.c;  then mv -f ".deps/ettercap-ec_plugins.Tpo" ".deps/ettercap-ec_plugin











/dev/ttyp4
15:18:46




#telnet 192.168.15.254





Trying 192.168.15.254...
Connected to linux.nt.
Escape character is '^]'.
Login incorrect
herz.linux.nt login:
Login incorrect
herz.linux.nt login: user
Password:
Last login: Tue Dec 20 14:09:21 2005 from fbsd2.linux.nt on pts/3
Linux herz.linux.nt 2.6.10 #1 Fri Mar 11 12:21:52 EET 2005 i686 GNU/Linux
...
No mail.
Agent pid 11589
user@herz:~$
user@herz:~$ ls
192.168.15.1  hostname   hostname_M3  john.pot  microsoftdead.jpg  obj_101.html   obj_102.html     restore              typescript
915a77e5.jpg  host.name  index.html   mbox      obj_101_files      obj_102_files  rastomanam2.jpg  root@192.168.15.111
user@herz:~$
user@herz:~$
user@herz:~$ exit
Connection closed by foreign host.











/dev/ttyp6
15:22:20




#make deinstall


===>  Deinstalling for net-mgmt/ettercap
===>   Deinstalling ettercap-gtk2-0.7.3,1











15:22:29




#make clean


===>  Cleaning for atk-1.9.1
===>  Cleaning for libiconv-1.9.2_1
===>  Cleaning for gettext-0.14.5
===>  Cleaning for glib-2.6.6
===>  Cleaning for gmake-3.80_2
===>  Cleaning for imake-6.8.2
===>  Cleaning for libltdl-1.5.18
===>  Cleaning for libtool-1.5.18
===>  Cleaning for pcre-6.2
===>  Cleaning for pkgconfig-0.17.2
...
===>  Cleaning for fontconfig-2.2.3,1
===>  Cleaning for libXft-2.1.7
===>  Cleaning for xorg-fonts-encodings-6.8.2
===>  Cleaning for xorg-fonts-truetype-6.8.2
===>  Cleaning for gtk-2.6.9
===>  Cleaning for pango-1.8.2
===>  Cleaning for xorg-clients-6.8.2
===>  Cleaning for xorg-libraries-6.8.2
===>  Cleaning for xterm-203
===>  Cleaning for ettercap-gtk2-0.7.3,1











15:23:07




#make install WITHOUT_GTK=yes


config.status: creating plug-ins/dns_spoof/Makefile
config.status: creating plug-ins/dummy/Makefile
config.status: creating plug-ins/find_conn/Makefile
config.status: creating plug-ins/find_ettercap/Makefile
config.status: creating plug-ins/find_ip/Makefile
config.status: creating plug-ins/finger/Makefile
config.status: creating plug-ins/finger_submit/Makefile
config.status: creating plug-ins/gre_relay/Makefile
config.status: creating plug-ins/gw_discover/Makefile
config.status: creating plug-ins/isolate/Makefile
...
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_inject.o -MD -MP -MF ".deps/ettercap-ec_inject.Tpo" -c -o ettercap-ec_inject.o `test -f 'ec_inject.c' || echo './'`ec_inject.c;  then mv -f ".deps/ettercap-ec_inject.Tpo" ".deps/ettercap-ec_inject.Po";
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_interfaces.o -MD -MP -MF ".deps/ettercap-ec_interfaces.Tpo" -c -o ettercap-ec_interfaces.o `test -f 'ec_interfaces.c' || echo './'`ec_interfaces.c;  then mv -f ".deps/ettercap-ec_interfaces.Tpo" ".deps/
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_log.o -MD -MP -MF ".deps/ettercap-ec_log.Tpo" -c -o ettercap-ec_log.o `test -f 'ec_log.c' || echo './'`ec_log.c;  then mv -f ".deps/ettercap-ec_log.Tpo" ".deps/ettercap-ec_log.Po"; else rm -f ".deps/ett
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_main.o -MD -MP -MF ".deps/ettercap-ec_main.Tpo" -c -o ettercap-ec_main.o `test -f 'ec_main.c' || echo './'`ec_main.c;  then mv -f ".deps/ettercap-ec_main.Tpo" ".deps/ettercap-ec_main.Po"; else rm -f ".d
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_manuf.o -MD -MP -MF ".deps/ettercap-ec_manuf.Tpo" -c -o ettercap-ec_manuf.o `test -f 'ec_manuf.c' || echo './'`ec_manuf.c;  then mv -f ".deps/ettercap-ec_manuf.Tpo" ".deps/ettercap-ec_manuf.Po"; else rm
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_mitm.o -MD -MP -MF ".deps/ettercap-ec_mitm.Tpo" -c -o ettercap-ec_mitm.o `test -f 'ec_mitm.c' || echo './'`ec_mitm.c;  then mv -f ".deps/ettercap-ec_mitm.Tpo" ".deps/ettercap-ec_mitm.Po"; else rm -f ".d
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_packet.o -MD -MP -MF ".deps/ettercap-ec_packet.Tpo" -c -o ettercap-ec_packet.o `test -f 'ec_packet.c' || echo './'`ec_packet.c;  then mv -f ".deps/ettercap-ec_packet.Tpo" ".deps/ettercap-ec_packet.Po";
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_parser.o -MD -MP -MF ".deps/ettercap-ec_parser.Tpo" -c -o ettercap-ec_parser.o `test -f 'ec_parser.c' || echo './'`ec_parser.c;  then mv -f ".deps/ettercap-ec_parser.Tpo" ".deps/ettercap-ec_parser.Po";
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_passive.o -MD -MP -MF ".deps/ettercap-ec_passive.Tpo" -c -o ettercap-ec_passive.o `test -f 'ec_passive.c' || echo './'`ec_passive.c;  then mv -f ".deps/ettercap-ec_passive.Tpo" ".deps/ettercap-ec_passiv
if cc -DHAVE_CONFIG_H -I. -I. -I../include   -I/usr/local/include -Wall  -I/usr/local/include -I/usr/include -I/usr/local/include -I/usr/local/include -O2 -fno-strict-aliasing -pipe -MT ettercap-ec_plugins.o -MD -MP -MF ".deps/ettercap-ec_plugins.Tpo" -c -o ettercap-ec_plugins.o `test -f 'ec_plugins.c' || echo './'`ec_plugins.c;  then mv -f ".deps/ettercap-ec_plugins.Tpo" ".deps/ettercap-ec_plugin











/dev/ttyp4
15:26:08




#ifconfig


xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=9<RXCSUM,VLAN_MTU>
        inet6 fe80::204:76ff:fea1:efbc%xl0 prefixlen 64 scopeid 0x1
        inet 192.168.15.22 netmask 0xffffff00 broadcast 192.168.15.255
        ether 00:04:76:a1:ef:bc
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000











15:26:14




#tcpdmp -n -i xl0 arp





bash: tcpdmp: command not found











15:27:20




#tcpdup -n -i xl0 arp


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes
15:27:39.933520 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:27:49.945003 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:27:59.956867 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:28:09.967745 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:28:12.094639 arp who-has 192.168.15.24 tell 192.168.15.3
15:28:12.126673 arp who-has 192.168.15.254 tell 192.168.15.3
15:28:19.980383 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:28:29.994108 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
...
15:30:40.152315 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:30:50.164018 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
15:30:55.183052 arp who-has 192.168.15.199 tell 192.168.15.254
15:30:56.182862 arp who-has 192.168.15.199 tell 192.168.15.254
15:30:57.182697 arp who-has 192.168.15.199 tell 192.168.15.254
15:31:00.176764 arp reply 192.168.15.254 is-at 00:04:75:82:53:43
^C
30 packets captured
149 packets received by filter
0 packets dropped by kernel











/dev/ttyp2
15:27:56




$telnet 192.168.15.254





Trying 192.168.15.254...
Connected to linux.nt.
Escape character is '^]'.
Password:
Last login: Tue Dec 20 15:20:14 2005 from fbsd2.linux.nt on pts/3
Linux herz.linux.nt 2.6.10 #1 Fri Mar 11 12:21:52 EET 2005 i686 GNU/Linux
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
...
-rw-r--r--   1 user root     111 2003-11-19 11:57 .xinitrc
-rw-r--r--   1 user root     832 2003-12-17 16:23 .Xresources
user@herz:~$
user@herz:~$
user@herz:~$
user@herz:~$
user@herz:~$
user@herz:~$ exit
logout
Connection closed by foreign host.











/dev/ttyp4
15:31:06




#exit


exit









прошло 27 минут




/dev/ttyp6
15:58:54




#cd /usr/ports












15:59:33




#make search name=arpwatch


Port:   arpwatch-2.1.a13
Path:   /usr/ports/net-mgmt/arpwatch
Info:   Monitor arp & rarp requests
Maint:  krion@FreeBSD.org
B-deps:
R-deps:
WWW:
Port:   arpwatch-devel-2.1.a13
Path:   /usr/ports/net-mgmt/arpwatch-devel
Info:   Monitor arp & rarp requests
Maint:  mdg@secureworks.net
B-deps:
R-deps:
WWW:











15:59:45




#cd net-mgmt/arpwatch












16:00:03




#make install clean


===>  Vulnerability check disabled, database not found
=> arpwatch-2.1a13.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.Awfulhak.org/arpwatch/.
fetch: http://www.Awfulhak.org/arpwatch/arpwatch-2.1a13.tar.gz: Not Found
=> Attempting to fetch from ftp://ftp.ee.lbl.gov/.
arpwatch-2.1a13.tar.gz                        100% of  149 kB   54 kBps
===>  Extracting for arpwatch-2.1.a13
=> Checksum OK for arpwatch-2.1a13.tar.gz.
===>  Patching for arpwatch-2.1.a13
===>  Applying FreeBSD patches for arpwatch-2.1.a13
...
/bin/chmod 644 /usr/local/arpwatch/arp.dat
for file in ethercodes.dat d.awk e.awk p.awk; do                 install  -o root -g wheel -m 444 /usr/ports/net-mgmt/arpwatch/work/arpwatch-2.1a13/$file /usr/local/arpwatch;   done
install  -o root -g wheel -m 555 /usr/ports/net-mgmt/arpwatch/work/arpwatch-2.1a13/arp2ethers /usr/local/arpwatch
install  -o root -g wheel -m 555 /usr/ports/net-mgmt/arpwatch/files/arpwatch.sh /usr/local/etc/rc.d/arpwatch.sh.sample
#####################################################################
Installing /usr/local/etc/rc.d/arpwatch.sh.sample file.
#####################################################################
===>   Compressing manual pages for arpwatch-2.1.a13
===>   Registering installation for arpwatch-2.1.a13
===>  Cleaning for arpwatch-2.1.a13











16:00:32




#vi /etc/rc.





31a32,33
> arpwatch_enable="YES"
> arpwatch_interface=xl0









16:00:32




#vi /etc/rc.













16:00:32




#vi /etc/rc.conf










16:02:19




#cd /usr/local/etc/rc.d/












16:02:32




#ls


000.mysql-client.sh     arpwatch.sh.sample      kdelibs.sh              mysql-server.sh         swatch.sh
001slpd.sh              cups.sh.sample          mdnsd.sh                snmpd.sh                syslog-ng.sh
apache.sh               genkdmconf.sh           mdnsresponder.sh        snmptrapd.sh            syslog-ng.sh.sample











16:02:33




#whereis arpwatch


arpwatch: /usr/local/sbin/arpwatch /usr/local/man/man8/arpwatch.8.gz /usr/ports/net-mgmt/arpwatch











16:02:52




#string `which arpwatch` | grep etc





bash: string: command not found











16:03:15




#strings`which arpwatch` | grep etc















16:03:19




#cp arpwatch.sh.sample arpwatch.sh












16:03:32




#ls -al


total 38
drwxr-xr-x   2 root  wheel   512 Dec 20 16:03 .
drwxr-xr-x  13 root  wheel  1024 Dec 20 15:26 ..
-rwxr-x---   1 root  wheel   181 Oct 12 06:18 000.mysql-client.sh
-r-xr-xr-x   1 root  wheel   471 Oct 12 06:06 001slpd.sh
-r-xr-xr-x   1 root  wheel   739 Dec 19 18:35 apache.sh
-r-xr-xr-x   1 root  wheel  1137 Dec 20 16:03 arpwatch.sh
-r-xr-xr-x   1 root  wheel  1137 Dec 20 16:00 arpwatch.sh.sample
-rwxr-xr-x   1 root  wheel  3957 Oct 12 15:10 cups.sh.sample
-r-xr-xr-x   1 root  wheel   464 Oct 13 18:35 genkdmconf.sh
-r-xr-xr-x   1 root  wheel    57 Oct 13 11:58 kdelibs.sh
-r-xr-xr-x   1 root  wheel   337 Oct 12 10:22 mdnsd.sh
-r-xr-xr-x   1 root  wheel   785 Oct 12 12:26 mdnsresponder.sh
-r-xr-xr-x   1 root  wheel  1689 Oct 12 09:25 mysql-server.sh
-r-xr-xr-x   1 root  wheel   777 Oct 12 15:14 snmpd.sh
-r-xr-xr-x   1 root  wheel   838 Oct 12 15:14 snmptrapd.sh
-r-xr-xr-x   1 root  wheel   860 Oct 12 09:33 swatch.sh
-r-xr-xr-x   1 root  wheel   369 Dec 19 12:58 syslog-ng.sh
-r-xr-xr-x   1 root  wheel   369 Dec 19 12:36 syslog-ng.sh.sample











16:03:36




#./arpwatch.sh





Usage: arpwatch.sh {start|stop}











16:03:52




#./arpwatch.sh start












16:04:00




#cat /var/log/messages


Dec 20 16:00:01 fbsd2 newsyslog[96988]: logfile turned over due to size>100K
Dec 20 16:00:02 src@fbsd2 syslog-ng[529]: new configuration initialized
Dec 20 16:04:00 src@fbsd2 xl0: promiscuous mode enabled











16:04:10




#tailr/log/messages


Dec 20 16:00:01 fbsd2 newsyslog[96988]: logfile turned over due to size>100K
Dec 20 16:00:02 src@fbsd2 syslog-ng[529]: new configuration initialized
Dec 20 16:04:00 src@fbsd2 xl0: promiscuous mode enabled











16:04:15




#ps -aux | grep arp


root  98061  0.0  0.3  2892  2420  p8  S     4:04PM   0:00.07 /usr/local/sbin/arpwatch
root  98089  0.0  0.1  1504   936  p8  S+    4:04PM   0:00.00 grep arp











16:04:26




#vi /etc/rc.conf










16:04:47




#ifconfig


xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=9<RXCSUM,VLAN_MTU>
        inet6 fe80::204:76ff:fea1:efbc%xl0 prefixlen 64 scopeid 0x1
        inet 192.168.15.22 netmask 0xffffff00 broadcast 192.168.15.255
        ether 00:04:76:a1:ef:bc
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000











16:04:50




#ps -aux | grep arp


root  98061  0.0  0.3  2892  2420  p8  S     4:04PM   0:00.07 /usr/local/sbin/arpwatch
root  98163  0.0  0.3  3200  2160  p8  R+    4:05PM   0:00.00 grep arp (bash)











16:05:01




#ls -al /var/log


total 364
drwxr-xr-x   5 root  wheel     1024 Dec 20 16:00 .
drwxr-xr-x  23 root  wheel      512 Dec 20 11:15 ..
-rw-r--r--   1 root  wheel    43533 Dec 20 14:09 Xorg.0.log
-rw-r--r--   1 root  wheel    43468 Dec 19 19:51 Xorg.0.log.old
-rw-r--r--   1 root  wheel    42535 Dec 19 17:10 Xorg.8.log
-rw-r--r--   1 root  wheel    26277 Dec 19 17:10 Xorg.8.log.old
-rw-------   1 root  wheel     5995 Dec 20 13:29 auth.log
drw-------   2 root  wheel      512 Dec 19 17:33 backup
-rw-------   1 root  wheel    25174 Dec 20 16:05 cron
...
-rw-r--r--   1 root  wheel    42957 Dec 18 21:50 scrollkeeper.log
-rw-------   1 root  wheel       60 Dec 18 19:53 security
-rw-r-----   1 root  wheel      728 Dec 20 09:16 sendmail.st
-rw-r-----   1 root  wheel        0 Dec 18 20:00 sendmail.st.0
-rw-r-----   1 root  wheel        0 Nov  3 10:12 sendmail.st.1
-rw-r-----   1 root  network     60 Dec 18 19:53 slip.log
-rw-r--r--   1 root  wheel      200 Dec 19 15:34 swatch.log
-rw-------   1 root  wheel      677 Dec 19 16:45 userlog
-rw-r--r--   1 root  wheel     4092 Dec 20 15:59 wtmp
-rw-------   1 root  wheel       60 Dec 18 19:53 xferlog











16:05:11




#grep -ir arpwatch /var/log





/var/log/messages:Dec 20 16:05:18 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
/var/log/messages:Dec 20 16:05:23 src@fbsd2 arpwatch: new station 192.168.15.22 0:4:76:a1:ef:bc
^C











16:05:29




#tail /var/log/messages


Dec 20 16:00:01 fbsd2 newsyslog[96988]: logfile turned over due to size>100K
Dec 20 16:00:02 src@fbsd2 syslog-ng[529]: new configuration initialized
Dec 20 16:04:00 src@fbsd2 xl0: promiscuous mode enabled
Dec 20 16:05:18 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
Dec 20 16:05:23 src@fbsd2 arpwatch: new station 192.168.15.22 0:4:76:a1:ef:bc











16:05:33




#tail /var/log/messages


Dec 20 16:00:01 fbsd2 newsyslog[96988]: logfile turned over due to size>100K
Dec 20 16:00:02 src@fbsd2 syslog-ng[529]: new configuration initialized
Dec 20 16:04:00 src@fbsd2 xl0: promiscuous mode enabled
Dec 20 16:05:18 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
Dec 20 16:05:23 src@fbsd2 arpwatch: new station 192.168.15.22 0:4:76:a1:ef:bc
Dec 20 16:05:48 src@fbsd2 arpwatch: new station 192.168.15.21 0:4:75:82:53:43











16:05:51




#tail /var/log/messages


Dec 20 16:00:01 fbsd2 newsyslog[96988]: logfile turned over due to size>100K
Dec 20 16:00:02 src@fbsd2 syslog-ng[529]: new configuration initialized
Dec 20 16:04:00 src@fbsd2 xl0: promiscuous mode enabled
Dec 20 16:05:18 src@fbsd2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39
Dec 20 16:05:23 src@fbsd2 arpwatch: new station 192.168.15.22 0:4:76:a1:ef:bc
Dec 20 16:05:48 src@fbsd2 arpwatch: new station 192.168.15.21 0:4:75:82:53:43
Dec 20 16:05:56 src@fbsd2 arpwatch: new station 192.168.15.199 0:d:93:c2:15:ac
Dec 20 16:06:12 src@fbsd2 arp: 192.168.15.254 moved from 00:0a:01:d4:d1:39 to 00:04:75:82:53:43 on xl0
Dec 20 16:06:12 src@fbsd2 arpwatch: changed ethernet address 192.168.15.254 0:4:75:82:53:43 (0:a:1:d4:d1:39)











16:06:16




#ping m01


PING fbsd1.linux.nt (192.168.15.21): 56 data bytes
64 bytes from 192.168.15.21: icmp_seq=0 ttl=64 time=0.262 ms
^C
--- fbsd1.linux.nt ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.262/0.262/0.262/0.000 ms











16:08:49




#ping m02


PING fbsd2.linux.nt (192.168.15.22): 56 data bytes
64 bytes from 192.168.15.22: icmp_seq=0 ttl=64 time=0.099 ms
64 bytes from 192.168.15.22: icmp_seq=1 ttl=64 time=0.075 ms
^C
--- fbsd2.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.075/0.087/0.099/0.012 ms











16:08:52




#ping m03


PING linux3.linux.nt (192.168.15.3): 56 data bytes
64 bytes from 192.168.15.3: icmp_seq=0 ttl=64 time=0.480 ms
64 bytes from 192.168.15.3: icmp_seq=1 ttl=64 time=0.243 ms
^C
--- linux3.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.243/0.361/0.480/0.119 ms











16:08:56




#ping m04


PING fbsd4.linux.nt (192.168.15.24): 56 data bytes
64 bytes from 192.168.15.24: icmp_seq=0 ttl=64 time=0.413 ms
64 bytes from 192.168.15.24: icmp_seq=1 ttl=64 time=0.224 ms
^C
--- fbsd4.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.224/0.319/0.413/0.094 ms











16:08:59




#ping m04


PING fbsd4.linux.nt (192.168.15.24): 56 data bytes
64 bytes from 192.168.15.24: icmp_seq=0 ttl=64 time=0.255 ms
64 bytes from 192.168.15.24: icmp_seq=1 ttl=64 time=0.234 ms
^C
--- fbsd4.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.234/0.244/0.255/0.010 ms











16:09:32




#ping m04


PING fbsd4.linux.nt (192.168.15.24): 56 data bytes
64 bytes from 192.168.15.24: icmp_seq=0 ttl=64 time=0.254 ms
64 bytes from 192.168.15.24: icmp_seq=1 ttl=64 time=0.243 ms
^C
--- fbsd4.linux.nt ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.243/0.248/0.254/0.006 ms











16:10:42




#host





Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]
            [-R number] hostname [server]
       -a is equivalent to -v -t *
       -c specifies query class for non-IN data
       -C compares SOA records on authoritative nameservers
       -d is equivalent to -v
       -l lists all hosts in a domain, using AXFR
       -i IP6.INT reverse lookups
       -N changes the number of dots allowed before root lookup is done
       -r disables recursive processing
       -R specifies number of retries for UDP packets
       -t specifies the query type
       -T enables TCP/IP mode
       -v enables verbose output
       -w specifies to wait forever for a reply
       -W specifies how long to wait for a reply
       -4 use IPv4 query transport only
       -6 use IPv6 query transport only









прошло 16 минут




16:27:23




#host google.com


google.com has address 64.233.187.99
google.com has address 72.14.207.99
google.com mail is handled by 10 smtp2.google.com.
google.com mail is handled by 10 smtp3.google.com.
google.com mail is handled by 10 smtp4.google.com.
google.com mail is handled by 10 smtp1.google.com.











16:27:31




#host mail.ru


mail.ru has address 192.168.15.254
mail.ru mail is handled by 10 mxs.mail.ru.











16:27:39




#cmd





bash: cmd: command not found









прошло 12 минут




16:40:13




#ping nt.com.ua


PING nt.com.ua (212.40.34.157): 56 data bytes
64 bytes from 212.40.34.157: icmp_seq=0 ttl=57 time=43.152 ms
64 bytes from 212.40.34.157: icmp_seq=1 ttl=57 time=41.193 ms
64 bytes from 212.40.34.157: icmp_seq=2 ttl=57 time=40.792 ms
^C
--- nt.com.ua ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.792/41.712/43.152/1.031 ms











16:40:44




#netstat -n


c2aee2bc stream      0      0        0 c28064ec        0        0 /tmp/.ICE-unix/dcop825-1135063010
c28064ec stream      0      0        0 c2aee2bc        0        0
c2aee71c stream      0      0        0 c2879af0        0        0 /tmp/.ICE-unix/846
c2879af0 stream      0      0        0 c2aee71c        0        0
c2aee348 stream      0      0        0 c2aeec08        0        0 /tmp/.X11-unix/X0
c2aeec08 stream      0      0        0 c2aee348        0        0
c2806460 stream      0      0        0 c2aee118        0        0 /tmp/.ICE-unix/dcop825-1135063010
c2aee118 stream      0      0        0 c2806460        0        0
c2aeedac stream      0      0        0 c2bcb4ec        0        0 /tmp/.ICE-unix/dcop825-1135063010
c2bcb4ec stream      0      0        0 c2aeedac        0        0
...
c217f118 stream      0      0        0 c217f08c        0        0
c217f2bc stream      0      0 c228fcc0        0        0        0 /tmp/mysql.sock
c217faf0 stream      0      0        0 c217fb7c        0        0
c217fb7c stream      0      0        0 c217faf0        0        0
c2180000 stream      0      0 c211e550        0        0        0 /var/run/devd.pipe
c28793d4 dgram       0      0        0 c2bcb000        0        0
c2bcb000 dgram       0      0 c2dfdbb0        0 c28793d4        0 /var/run/logpriv
c2bcb94c dgram       0      0 c2def000        0        0        0 /var/run/log
c2180dac dgram       0      0        0        0        0        0
c217f000 dgram       0      0        0        0        0        0









прошло 19 минут




17:00:05




#netstat -n -A inet


c2aee2bc stream      0      0        0 c28064ec        0        0 /tmp/.ICE-unix/dcop825-1135063010
c28064ec stream      0      0        0 c2aee2bc        0        0
c2aee71c stream      0      0        0 c2879af0        0        0 /tmp/.ICE-unix/846
c2879af0 stream      0      0        0 c2aee71c        0        0
c2aee348 stream      0      0        0 c2aeec08        0        0 /tmp/.X11-unix/X0
c2aeec08 stream      0      0        0 c2aee348        0        0
c2806460 stream      0      0        0 c2aee118        0        0 /tmp/.ICE-unix/dcop825-1135063010
c2aee118 stream      0      0        0 c2806460        0        0
c2aeedac stream      0      0        0 c2bcb4ec        0        0 /tmp/.ICE-unix/dcop825-1135063010
c2bcb4ec stream      0      0        0 c2aeedac        0        0
...
c217f118 stream      0      0        0 c217f08c        0        0
c217f2bc stream      0      0 c228fcc0        0        0        0 /tmp/mysql.sock
c217faf0 stream      0      0        0 c217fb7c        0        0
c217fb7c stream      0      0        0 c217faf0        0        0
c2180000 stream      0      0 c211e550        0        0        0 /var/run/devd.pipe
c28793d4 dgram       0      0        0 c2bcb000        0        0
c2bcb000 dgram       0      0 c2dfdbb0        0 c28793d4        0 /var/run/logpriv
c2bcb94c dgram       0      0 c2def000        0        0        0 /var/run/log
c2180dac dgram       0      0        0        0        0        0
c217f000 dgram       0      0        0        0        0        0











17:00:10




#netstat -n -finet


Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  192.168.15.22.63710    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.63709    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.63708    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.63707    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.63706    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.63705    192.168.15.254.80      TIME_WAIT
tcp4       0      0  192.168.15.22.63704    192.168.15.254.80      TIME_WAIT
tcp4       0      0  192.168.15.22.63703    192.168.15.254.80      TIME_WAIT
...
tcp4       0      0  192.168.15.22.61941    192.168.15.254.80      TIME_WAIT
tcp4       0      0  192.168.15.22.54985    81.176.66.211.80       TIME_WAIT
tcp4       0      0  192.168.15.22.58012    192.168.15.254.80      TIME_WAIT
tcp4       0      0  192.168.15.22.57878    213.59.0.100.80        TIME_WAIT
tcp4       0      0  192.168.15.22.57113    192.168.15.254.80      TIME_WAIT
tcp4       0      0  192.168.15.22.52515    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.57926    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.59547    192.168.15.254.80      ESTABLISHED
tcp4       0      0  192.168.15.22.60497    192.168.15.254.80      TIME_WAIT
udp4       0      0  192.168.15.22.59859    192.168.15.3.514









Файлы
  • /root/.gno
  • /root/.gnokii-errors
  • /var/log/messages
    • /root/.gno
    

    >
    .gnokii-errors   .gnome2/         .gnome2_private/

    /root/.gnokii-errors
    

    >
    test

    /var/log/messages
    

    >
    Dec 20 16:00:01 fbsd2 newsyslog[96988]: logfile turned over due to size>100K
Dec 20 16:00:02 src@fbsd2 syslog-ng[529]: new configuration initialized
Dec 20 16:04:00 src@fbsd2 xl0: promiscuous mode enabled

    Статистика
    Время первой команды журнала11:54:51 2006-12-20
    Время последней команды журнала17:00:10 2006-12-20
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %22.77
    Процент синтаксически неверно набранных команд, % 1.98
    Суммарное время работы с терминалом *, час 3.86
    Количество командных строк в единицу времени, команда/мин 0.44
    Частота использования команд
    make12|==========| 10.43%
    ping9|=======|  7.83%
    telnet8|======|  6.96%
    man7|======|  6.09%
    cd7|======|  6.09%
    grep6|=====|  5.22%
    aide5|====|  4.35%
    cat5|====|  4.35%
    ls5|====|  4.35%
    vi5|====|  4.35%
    ifconfig3|==|  2.61%
    host3|==|  2.61%
    cp3|==|  2.61%
    netstat3|==|  2.61%
    .gnokii-errors3|==|  2.61%
    >3|==|  2.61%
    tail3|==|  2.61%
    ps2|=|  1.74%
    sudo2|=|  1.74%
    arpwatch.sh2|=|  1.74%
    pkg_add2|=|  1.74%
    whereis1||  0.87%
    pkg_info1||  0.87%
    WITHOUT_GTK=yes1||  0.87%
    ethereal1||  0.87%
    chkrootkit1||  0.87%
    echost'1||  0.87%
    tcpdup1||  0.87%
    tcpdump1||  0.87%
    .gno1||  0.87%
    cmd1||  0.87%
    messages1||  0.87%
    tcpdmp1||  0.87%
    bash1||  0.87%
    string1||  0.87%
    exit1||  0.87%
    clear1||  0.87%
    strings`which1||  0.87%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$