12:57:44
|
#chmod +x ld-dh
|
| /l3/users/03-04-2012/NT-BSDnet/freebsd1.local/root :1 :2 :3 :4 :5 :6 |
|
|
#ls -l keys
total 20 -rw-r--r-- 1 root wheel 1245 Apr 4 13:02 ca.crt -rw------- 1 root wheel 891 Apr 4 13:02 ca.key -rw-r--r-- 1 root wheel 0 Apr 4 13:57 devel.creolab.edu.crt -rw-r--r-- 1 root wheel 700 Apr 4 13:57 devel.creolab.edu.csr -rw-r--r-- 1 root wheel 887 Apr 4 13:57 devel.creolab.edu.key -rw-r--r-- 1 root wheel 0 Apr 4 13:00 index.txt -rw-r--r-- 1 root wheel 3 Apr 4 13:00 serial |
|
#./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time .......................................................................+.............................................................................................................................................+..........+.....................................+.......................+.+.................................................................................+..+.......................... |
|
#./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time .......................................................................+.............................................................................................................................................+..........+.....................................+.......................+.+.................................................................................+..+.......................... |
|
#kldstat
Id Refs Address Size Name 1 27 0xc0400000 be116c kernel 2 1 0xc7e08000 3000 pflog.ko 3 1 0xc7e0b000 35000 pf.ko 4 1 0xc8203000 9000 i915.ko 5 1 0xc820c000 14000 drm.ko 6 1 0xc91ce000 9000 cd9660.ko 7 2 0xcf1c0000 26000 linux.ko 8 1 0xcf1f3000 8000 linprocfs.ko 9 1 0xce3e5000 5000 if_tap.ko |
|
#kldstat
Id Refs Address Size Name 1 27 0xc0400000 be116c kernel 2 1 0xc7e08000 3000 pflog.ko 3 1 0xc7e0b000 35000 pf.ko 4 1 0xc8203000 9000 i915.ko 5 1 0xc820c000 14000 drm.ko 6 1 0xc91ce000 9000 cd9660.ko 7 2 0xcf1c0000 26000 linux.ko 8 1 0xcf1f3000 8000 linprocfs.ko 9 1 0xce3e5000 5000 if_tap.ko |
|
#ls -l keys
total 24 -rw-r--r-- 1 root wheel 1245 Apr 4 13:02 ca.crt -rw------- 1 root wheel 891 Apr 4 13:02 ca.key -rw-r--r-- 1 root wheel 0 Apr 4 13:57 devel.creolab.edu.crt -rw-r--r-- 1 root wheel 700 Apr 4 13:57 devel.creolab.edu.csr -rw-r--r-- 1 root wheel 887 Apr 4 13:57 devel.creolab.edu.key -rw-r--r-- 1 root wheel 245 Apr 4 13:59 dh1024.pem -rw-r--r-- 1 root wheel 0 Apr 4 13:00 index.txt -rw-r--r-- 1 root wheel 3 Apr 4 13:00 serial |
|
#ls -l keys
total 24 -rw-r--r-- 1 root wheel 1245 Apr 4 13:02 ca.crt -rw------- 1 root wheel 891 Apr 4 13:02 ca.key -rw-r--r-- 1 root wheel 0 Apr 4 13:57 devel.creolab.edu.crt -rw-r--r-- 1 root wheel 700 Apr 4 13:57 devel.creolab.edu.csr -rw-r--r-- 1 root wheel 887 Apr 4 13:57 devel.creolab.edu.key -rw-r--r-- 1 root wheel 245 Apr 4 13:59 dh1024.pem -rw-r--r-- 1 root wheel 0 Apr 4 13:00 index.txt -rw-r--r-- 1 root wheel 3 Apr 4 13:00 serial |
|
#ls
2.0 build-key-pkcs12 make-crl README build-key-server openssl.cnf build-ca build-req revoke-crt build-dh build-req-pass revoke-full build-inter clean-all sign-req build-key keys vars build-key-pass list-crl |
|
#ls
2.0 build-key-pkcs12 make-crl README build-key-server openssl.cnf build-ca build-req revoke-crt build-dh build-req-pass revoke-full build-inter clean-all sign-req build-key keys vars build-key-pass list-crl |
|
#ee openvpn.conf
--- /tmp/l3-saved-96701.25680.30010 2012-04-04 14:03:00.000000000 +0300 +++ openvpn.conf 2012-04-04 14:03:16.000000000 +0300 @@ -0,0 +1,60 @@ +# +# Sample OpenVPN configuration file for +# office using SSL/TLS mode and RSA certificates/keys. +# +# '#' or ';' may be used to delimit comments. + +# Use a dynamic tun device. +# For Linux 2.2 or non-Linux OSes, +# you may want to use an explicit +# unit number such as "tun1". +# OpenVPN also supports virtual +# ethernet "tap" devices. +dev tap + +# 192.168.100.2 is our local VPN endpoint (home). +# 192.168.100.3 is our remote VPN endpoint (office). +ifconfig 192.168.100.3 255.255.255.0 + +# In SSL/TLS key exchange, Office will +# assume server role and Home +# will assume client role. +tls-server + +# Diffie-Hellman Parameters (tls-server only) +dh /usr/local/etc/openvpn/keys/dh1024.pem + +# Certificate Authority file +ca /usr/local/etc/openvpn/keys/ca.crt + +# Our certificate/public key +cert /usr/local/etc/openvpn/keys/myserver.example.com.crt + +# Our private key +key /usr/local/etc/openvpn/keys/myserver.example.com.key + +# OpenVPN 2.0 uses UDP port 1194 by default +# (official port assignment by iana.org 11/04). +# OpenVPN 1.x uses UDP port 5000 by default. +# Each OpenVPN tunnel must use +# a different port number. +# lport or rport can be used +# to denote different ports +# for local and remote. +port 1194 + +# Downgrade UID and GID to +# "nobody" after initialization +# for extra security. +; user nobody +; group nobody + +# Verbosity level. +# 0 -- quiet except for fatal errors. +# 1 -- mostly quiet, but display non-fatal network errors. +# 3 -- medium output, good for normal operation. +# 9 -- verbose, good for troubleshooting +verb 3 + +status openvpn-status.log + |
|
#ee openvpn.conf
--- /tmp/l3-saved-96701.16086.22183 2012-04-04 14:03:20.000000000 +0300 +++ openvpn.conf 2012-04-04 14:06:28.000000000 +0300 @@ -22,10 +22,10 @@ tls-server # Diffie-Hellman Parameters (tls-server only) -dh /usr/local/etc/openvpn/keys/dh1024.pem +dh /usr/local/etc/openvpn/core_keys/dh1024.pem # Certificate Authority file -ca /usr/local/etc/openvpn/keys/ca.crt +ca /usr/local/etc/openvpn/cocore_keys/ca.crt # Our certificate/public key cert /usr/local/etc/openvpn/keys/myserver.example.com.crt |
|
#ls
2.0 build-key-server openssl.cnf README build-req openvpn.conf build-ca build-req-pass revoke-crt build-dh clean-all revoke-full build-inter core_keys sign-req build-key keys vars build-key-pass list-crl build-key-pkcs12 make-crl |
|
#cd core_keys/
|
|
#ls
ca.crt devel.creolab.edu.csr index.txt ca.key devel.creolab.edu.key serial devel.creolab.edu.crt dh1024.pem |
|
#ls
ca.crt devel.creolab.edu.csr index.txt ca.key devel.creolab.edu.key serial devel.creolab.edu.crt dh1024.pem |
|
#ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:0f:fe:7e:b9:39
inet 192.168.13.62 netmask 0xffffff00 broadcast 192.168.13.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33200
|
|
#/usr/local/etc/rc.d/openvpn start
Starting openvpn. /usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn |
|
#stats openvpn-status.log
bash: stats: command not found |
|
#statu openvpn-status.log
bash: status: command not found |
|
#cat /var/log/messages
Apr 4 10:00:00 freebsd1 newsyslog[27429]: logfile turned over due to size>100K Apr 4 10:22:07 freebsd1 kernel: pid 39892 (pango-querymodules-), uid 0: exited on signal 8 (core dumped) Apr 4 11:00:55 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:00:58 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:05:58 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:11:01 freebsd1 last message repeated 2 times Apr 4 11:25:34 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:32:33 freebsd1 last message repeated 2 times Apr 4 11:37:39 freebsd1 last message repeated 2 times Apr 4 11:52:08 freebsd1 last message repeated 4 times Apr 4 12:02:16 freebsd1 last message repeated 4 times Apr 4 12:16:09 freebsd1 last message repeated 4 times Apr 4 13:10:04 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 13:48:58 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 14:12:18 freebsd1 openvpn[27112]: OpenVPN 2.0.9 i386-portbld-freebsd8.2 [SSL] [LZO] built on Apr 4 2012 Apr 4 14:12:18 freebsd1 openvpn[27112]: Diffie-Hellman initialized with 1024 bit key Apr 4 14:12:18 freebsd1 openvpn[27112]: Cannot load certificate file /usr/local/etc/openvpn/core_keys/devel.creolab.edu.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Apr 4 14:12:18 freebsd1 openvpn[27112]: Exiting Apr 4 14:12:18 freebsd1 root: /usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn |
|
#whereis ssl
ssl: |
|
#whereis ssl
ssl: |
|
#whereis openssl
openssl: /usr/bin/openssl /usr/share/openssl/man/man1/openssl.1.gz /usr/src/secure/usr.bin/openssl |
|
#ls
.ICEauthority .gnupg .recently-used.xbel .bash_history .history .rnd .bash_profile .icons .w3m .bashrc .k5login .xsession-errors .cache .l3rc .xsession-errors.old .config .lilalo Desktop .cshrc .local Lection1 .dbus .login download .dmrc .macromedia install .gconf .mozilla kernels .gconfd .nautilus mbox .gnome .profile rc.conf .gnome2 .pulse sim-0.9.4.3 .gnome2_private .pulse-cookie sim-0.9.4.3.tar.gz |
|
#./build-key-server devel1.creolab.edu
you must define KEY_DIR |
|
#pwd
/usr/local/etc/openvpn |
|
#chmod+x build-key-server
bash: chmod+x: command not found |
|
#chmod+x build-key-server
bash: chmod+x: command not found |
|
#cd /usr/local/etc/openvpn/
|
|
#ls
2.0 build-key-server openssl.cnf README build-req openvpn-status.log build-ca build-req-pass openvpn.conf build-dh clean-all revoke-crt build-inter core_keys revoke-full build-key keys sign-req build-key-pass list-crl vars build-key-pkcs12 make-crl |
|
#chmod +x build-key-server
|
|
#./build-key-server devel1.creolab.edu
you must define KEY_DIR |
|
#ee build-key-server
|
|
#ls
2.0 build-key-server openssl.cnf README build-req openvpn-status.log build-ca build-req-pass openvpn.conf build-dh clean-all revoke-crt build-inter core_keys revoke-full build-key keys sign-req build-key-pass list-crl vars build-key-pkcs12 make-crl |
|
#ee vars
|
|
#./build-key-server
usage: build-key-server <name> |
|
#./build-key-server devel.edu
you must define KEY_DIR |
|
#ls
2.0 build-key-server openssl.cnf README build-req openvpn-status.log build-ca build-req-pass openvpn.conf build-dh clean-all revoke-crt build-inter core_keys revoke-full build-key keys sign-req build-key-pass list-crl vars build-key-pkcs12 make-crl |
|
#cd keys/
|
|
#ls
|
|
#ee vars
|
|
#ls
|
|
#pwd
/usr/local/etc/openvpn/keys |
|
#cd ..
|
|
#ls
2.0 build-key-server openssl.cnf README build-req openvpn-status.log build-ca build-req-pass openvpn.conf build-dh clean-all revoke-crt build-inter core_keys revoke-full build-key keys sign-req build-key-pass list-crl vars build-key-pkcs12 make-crl |
|
#ee vars
|
|
#./vars
NOTE: when you run ./clean-all, I will be doing a rm -rf on /usr/local/etc/openvpn/keys |
|
#./clean-all
you must define KEY_DIR |
|
#ls
2.0 build-key-server openssl.cnf README build-req openvpn-status.log build-ca build-req-pass openvpn.conf build-dh clean-all revoke-crt build-inter core_keys revoke-full build-key keys sign-req build-key-pass list-crl vars build-key-pkcs12 make-crl |
|
#^C
|
|
#pwd
/usr/local/etc/openvpn |
|
#ls
easy-rsa |
|
#mkdir keys
|
|
#ls
easy-rsa keys |
|
#cd keys/
|
|
#touch ewwerwer
|
|
#cd ..
|
|
#cd easy-rsa/
|
|
#ls
2.0 build-key-pkcs12 openssl.cnf README build-key-server revoke-crt build-ca build-req revoke-full build-dh build-req-pass sign-req build-inter clean-all vars build-key list-crl build-key-pass make-crl |
|
#chmod +x vars
|
|
#. vars
bash: /usr/local/etc/openvpn/keys: is a directory NOTE: when you run ./clean-all, I will be doing a rm -rf on /keys |
|
#./clean-all
bash: ./clean-all: /bin/sh: bad interpreter: Permission denied |
|
#chmod + clean-all
|
|
#./clean-all
bash: ./clean-all: /bin/sh: bad interpreter: Permission denied |
|
#chmod +xclean-all
|
|
#./clean-all
|
|
#./vars
./vars: line 15: /usr/local/etc/openvpn/keys: is a directory NOTE: when you run ./clean-all, I will be doing a rm -rf on /keys |
|
#chmod +x build-ca
|
|
#./build-ca
error on line -1 of /openssl.cnf
27635:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('/openssl.cnf','rb')
27635:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
27635:error:0E078072:configuration file routines:DEF_LOAD:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:197:
|
|
#pkd_info | openvpn
bash: pkd_info: command not found OpenVPN 2.0.9 i386-portbld-freebsd8.2 [SSL] [LZO] built on Apr 4 2012 General Options: --config file : Read configuration options from file. --help : Show options. --version : Show copyright and version information. Tunnel Options: --local host : Local host name or ip address. --remote host [port] : Remote host name or ip address. --remote-random : If multiple --remote options specified, choose one randomly. ... nsCertType designation t = 'client' | 'server'. SSL Library information: --show-ciphers : Show cipher algorithms to use with --cipher option. --show-digests : Show message digest algorithms to use with --auth option. --show-engines : Show hardware crypto accelerator engines (if available). --show-tls : Show all TLS ciphers (TLS used only as a control channel). Generate a random key (only for non-TLS static key encryption mode): --genkey : Generate a random key to be used as a shared secret, for use with the --secret option. --secret file : Write key to file. |
|
#pkd_info grep
bash: pkd_info: command not found OpenVPN 2.0.9 i386-portbld-freebsd8.2 [SSL] [LZO] built on Apr 4 2012 General Options: --config file : Read configuration options from file. --help : Show options. --version : Show copyright and version information. Tunnel Options: --local host : Local host name or ip address. --remote host [port] : Remote host name or ip address. --remote-random : If multiple --remote options specified, choose one randomly. ... nsCertType designation t = 'client' | 'server'. SSL Library information: --show-ciphers : Show cipher algorithms to use with --cipher option. --show-digests : Show message digest algorithms to use with --auth option. --show-engines : Show hardware crypto accelerator engines (if available). --show-tls : Show all TLS ciphers (TLS used only as a control channel). Generate a random key (only for non-TLS static key encryption mode): --genkey : Generate a random key to be used as a shared secret, for use with the --secret option. --secret file : Write key to file. |
|
#pkginfo grep | openvpn
OpenVPN 2.0.9 i386-portbld-freebsd8.2 [SSL] [LZO] built on Apr 4 2012 General Options: --config file : Read configuration options from file. --help : Show options. --version : Show copyright and version information. Tunnel Options: --local host : Local host name or ip address. --remote host [port] : Remote host name or ip address. --remote-random : If multiple --remote options specified, choose one randomly. --mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'. ... nsCertType designation t = 'client' | 'server'. SSL Library information: --show-ciphers : Show cipher algorithms to use with --cipher option. --show-digests : Show message digest algorithms to use with --auth option. --show-engines : Show hardware crypto accelerator engines (if available). --show-tls : Show all TLS ciphers (TLS used only as a control channel). Generate a random key (only for non-TLS static key encryption mode): --genkey : Generate a random key to be used as a shared secret, for use with the --secret option. --secret file : Write key to file. |
|
#pkg_info | grep n
openvpn-2.0.9_2 Secure IP/Ethernet tunnel daemon |
|
#whereis openssl
openssl: /usr/bin/openssl /usr/share/openssl/man/man1/openssl.1.gz /usr/src/secure/usr.bin/openssl |
|
#pkg_info | grep openssl
linux-f10-openssl-0.9.8g The OpenSSL toolkit (Linux Fedora 10) py26-openssl-0.11 Python interface to the OpenSSL library |
|
#cd /usr/ports/security/openssl
|
|
#make install clean
gnome-config: not found Package xorg-macros was not found in the pkg-config search path. Perhaps you should add the directory containing `xorg-macros.pc' to the PKG_CONFIG_PATH environment variable No package 'xorg-macros' found checking return type of signal handlers... void checking for rename... yes checking for fchmod... yes checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no ... /usr/local/lib/libcrypto.so.7 If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.openssl.org/ ===> Cleaning for makedepend-1.0.3,1 ===> Cleaning for openssl-1.0.0_10 |
|
#cd /usr/local/etc/openvpn/easy-rsa/
|
|
#ls
2.0 build-key-pkcs12 openssl.cnf README build-key-server revoke-crt build-ca build-req revoke-full build-dh build-req-pass sign-req build-inter clean-all vars build-key list-crl build-key-pass make-crl |
|
#./build-ca
error on line -1 of /openssl.cnf
47179:error:02001002:system library:fopen:No such file or directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:126:fopen('/openssl.cnf','rb')
47179:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:129:
47179:error:0E078072:configuration file routines:DEF_LOAD:no such file:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:197:
|
|
#whereis openvpn20
openvpn20: /usr/ports/security/openvpn20 |
|
#cd cd /usr/ports/security/openssl
bash: cd: cd: No such file or directory |
|
#cd /usr/ports/security/openvpn20/
|
|
#make install clean
===> License check disabled, port has not defined LICENSE
===> Found saved configuration for openvpn-2.0.9_2
You may use the following build options:
LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}
EXAMPLE: make LOG_OPENVPN=LOG_DAEMON
===> Extracting for openvpn-2.0.9_2
=> SHA256 Checksum OK for openvpn-2.0.9.tar.gz.
===> Patching for openvpn-2.0.9_2
===> Applying FreeBSD patches for openvpn-2.0.9_2
/usr/bin/find /usr/ports/security/openvpn20/work/openvpn-2.0.9/plugin -name Makefile -exec /usr/bin/sed -i.bak 's;gcc;cc;g' '{}' +
...
checking for sys/sockio.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking netinet/in_systm.h usability... ^C===> Script "configure" failed unexpectedly.
Please report the problem to mandree@FreeBSD.org [maintainer] and attach the
"/usr/ports/security/openvpn20/work/openvpn-2.0.9/config.log" including the
output of the failure of your make command. Also, it might be a good idea to
provide an overview of all packages installed on your system (e.g. an `ls
/var/db/pkg`).
|
|
#make install deinstall
===> openvpn-2.0.9_2 depends on file: /usr/local/lib/libcrypto.so.7 - found ===> openvpn-2.0.9_2 depends on shared library: lzo2.2 - found ===> Configuring for openvpn-2.0.9_2 checking for ifconfig... /sbin/ifconfig checking for ip... ip checking for route... /sbin/route checking build system type... i386-portbld-freebsd8.2 checking host system type... i386-portbld-freebsd8.2 checking target system type... i386-portbld-freebsd8.2 checking for a BSD-compatible install... /usr/bin/install -c -o root -g wheel ... ===> openvpn-2.0.9_2 is already installed You may wish to ``make deinstall'' and install this port again by ``make reinstall'' to upgrade it properly. If you really wish to overwrite the old port of security/openvpn20 without deleting it first, set the variable "FORCE_PKG_REGISTER" in your environment or the "make install" command line. *** Error code 1 Stop in /usr/ports/security/openvpn20. *** Error code 1 Stop in /usr/ports/security/openvpn20. |
|
#make einstall
===> Deinstalling for security/openvpn20 ===> Deinstalling openvpn-2.0.9_2 |
|
#make install
===> Installing for openvpn-2.0.9_2 ===> openvpn-2.0.9_2 depends on file: /usr/local/lib/libcrypto.so.7 - found ===> openvpn-2.0.9_2 depends on shared library: lzo2.2 - found ===> Generating temporary packing list ===> Checking if security/openvpn20 already installed test -z "/usr/local/sbin" || /usr/ports/security/openvpn20/work/openvpn-2.0.9/install-sh -d "/usr/local/sbin" install -s -o root -g wheel -m 555 'openvpn' '/usr/local/sbin/openvpn' test -z "/usr/local/man/man8" || /usr/ports/security/openvpn20/work/openvpn-2.0.9/install-sh -d "/usr/local/man/man8" install -o root -g wheel -m 444 './openvpn.8' '/usr/local/man/man8/openvpn.8' ===> Installing rc.d startup script(s) ... This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/openvpn If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://openvpn.net/index.php/open-source.html |
Apr 4 10:00:00 freebsd1 newsyslog[27429]: logfile turned over due to size>100K Apr 4 10:22:07 freebsd1 kernel: pid 39892 (pango-querymodules-), uid 0: exited on signal 8 (core dumped) Apr 4 11:00:55 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:00:58 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:05:58 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:11:01 freebsd1 last message repeated 2 times Apr 4 11:25:34 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 11:32:33 freebsd1 last message repeated 2 times Apr 4 11:37:39 freebsd1 last message repeated 2 times Apr 4 11:52:08 freebsd1 last message repeated 4 times Apr 4 12:02:16 freebsd1 last message repeated 4 times Apr 4 12:16:09 freebsd1 last message repeated 4 times Apr 4 13:10:04 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 13:48:58 freebsd1 console-kit-daemon[1260]: WARNING: kvm_getenvv failed: cannot open /proc/1525/mem Apr 4 14:12:18 freebsd1 openvpn[27112]: OpenVPN 2.0.9 i386-portbld-freebsd8.2 [SSL] [LZO] built on Apr 4 2012 Apr 4 14:12:18 freebsd1 openvpn[27112]: Diffie-Hellman initialized with 1024 bit key Apr 4 14:12:18 freebsd1 openvpn[27112]: Cannot load certificate file /usr/local/etc/openvpn/core_keys/devel.creolab.edu.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Apr 4 14:12:18 freebsd1 openvpn[27112]: Exiting Apr 4 14:12:18 freebsd1 root: /usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn
| Время первой команды журнала | 12:57:22 2012- 4- 4 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 13:45:15 2012- 4- 4 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 11.88 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 7.92 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 0.80 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 2.11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назнач