16:42:29
|
#ipfw add 501 allow tcp any to any 22
ipfw: missing ``from'' |
| /l3/users/13-02-2012/NT-Lnet/debian1.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 |
|
|
#ssh-keygen -t rsa1
Generating public/private rsa1 key pair. Enter file in which to save the key (/root/.ssh/identity): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/identity. Your public key has been saved in /root/.ssh/identity.pub. The key fingerprint is: 66:4f:bd:a4:26:74:d4:b4:9d:75:07:bf:03:35:e4:6e root@debian1 The key's randomart image is: +--[RSA1 2048]----+ | . o=+| | o oo++| | . o.o..| | . . o .| | S o o E | | + + o .. .| | . + . | | o | | | +-----------------+ |
|
#ls .ssh/
identity identity.pub id_rsa id_rsa.pub known_hosts |
|
#traceroute 195.182.202.50
traceroute to 195.182.202.50 (195.182.202.50), 30 hops max, 60 byte packets 1 192.168.13.253 (192.168.13.253) 4.585 ms 1.245 ms 0.834 ms 2 10.0.64.155 (10.0.64.155) 1.023 ms 1.411 ms 1.352 ms 3 texekspert.lsr01-kiev-vlan3416.top.net.ua (77.88.206.213) 2.307 ms 39.044 ms 1.837 ms 4 ett-40g-2-gw.ix.net.ua (195.35.65.232) 2.031 ms 1.355 ms 2.440 ms 5 49.223.86.109.triolan.net (109.86.223.49) 2.074 ms 59.739 ms 51.303 ms 6 mvd.skm.com.ua (195.182.202.50) 7.460 ms 7.107 ms 7.350 ms |
|
#ssh root@192.168.13.253
root@192.168.13.253's password: Permission denied, please try again. root@192.168.13.253's password: Linux fobos 2.6.32.26 #1 SMP Sat Dec 4 21:13:18 EET 2010 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Feb 15 14:42:17 2012 from 192.168.13.1 ... # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command */2 * * * * ps aux|egrep 'ssh -R22222:localhost:22 root@pingvin.sumy.ua -N -f'|egrep -v egrep||ssh -R22222:localhost:22 root@pingvin.sumy.ua -N -f * * * * 2 /root/backup_script fobos:~# exit logout Connection to 192.168.13.253 closed. |
|
#ipfw list
00500 allow tcp from any to any dst-port 80 63000 divert 8668 ip from any to any 64000 allow ip from any to any 65000 deny tcp from any to any 65535 allow ip from any to any |
|
#ipfw add 501 allow tcp any to any 22
ipfw: missing ``from'' |
|
#ipfw add 501 allow tcp from any to any 22
00501 allow tcp from any to any dst-port 22 |
|
#ipfw del 501
ipfw: DEPRECATED: 'del' matched 'delete' as a sub-string |
|
#exit
exit Connection to 192.168.168.1 closed. |
|
#ssh root@195.182.202.50
The authenticity of host '195.182.202.50 (195.182.202.50)' can't be established. RSA key fingerprint is ee:64:7a:c0:a2:10:35:8f:9d:10:62:f0:df:f9:78:ac. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '195.182.202.50' (RSA) to the list of known hosts. root@195.182.202.50's password: Permission denied, please try again. root@195.182.202.50's password: Permission denied, please try again. root@195.182.202.50's password: Linux www 2.6.32-5-686 #1 SMP Thu Nov 3 04:23:54 UTC 2011 i686 ... individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Feb 15 17:44:30 2012 from 192.168.13.1 fobos:~# exit logout Connection to localhost closed. www:~# exit logout Connection to 195.182.202.50 closed. |
|
#ssh root@192.168.13.253
root@192.168.13.253's password: Linux fobos 2.6.32.26 #1 SMP Sat Dec 4 21:13:18 EET 2010 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Feb 15 17:46:46 2012 from localhost fobos:~# fobos:~# crontab -l ... # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command */2 * * * * ps aux|egrep 'ssh -R22222:localhost:22 root@pingvin.sumy.ua -N -f'|egrep -v egrep||ssh -R22222:localhost:22 root@pingvin.sumy.ua -N -f * * * * 2 /root/backup_script fobos:~# exit logout Connection to 192.168.13.253 closed. |
|
#ssh -D 5518 -N -f root@195.182.202.50
root@195.182.202.50's password: |
|
#netstat -nlp|less
|
|
#nc
usage: nc [-46DdEhklnrStUuvz] [-e policy] [-I length] [-i interval] [-O length]
[-P proxy_username] [-p source_port] [-s source_ip_address] [-T ToS]
[-V rtable] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port]
|
|
#nc -l -p 80
usage: nc [-46DdEhklnrStUuvz] [-e policy] [-I length] [-i interval] [-O length]
[-P proxy_username] [-p source_port] [-s source_ip_address] [-T ToS]
[-V rtable] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port]
|
|
#man nc
|
|
#nc -p 80 -l
usage: nc [-46DdEhklnrStUuvz] [-e policy] [-I length] [-i interval] [-O length]
[-P proxy_username] [-p source_port] [-s source_ip_address] [-T ToS]
[-V rtable] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port]
|
|
#cat /etc/passwd|nc -p 80 -l
usage: nc [-46DdEhklnrStUuvz] [-e policy] [-I length] [-i interval] [-O length]
[-P proxy_username] [-p source_port] [-s source_ip_address] [-T ToS]
[-V rtable] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port]
|
|
#cat /etc/passwd|nc -l -p 80
usage: nc [-46DdEhklnrStUuvz] [-e policy] [-I length] [-i interval] [-O length]
[-P proxy_username] [-p source_port] [-s source_ip_address] [-T ToS]
[-V rtable] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port]
|
|
#locate netcat
/usr/ports/net/cryptcat/files/patch-netcat.c /usr/ports/net/gnetcat /usr/ports/net/gnetcat/Makefile /usr/ports/net/gnetcat/distinfo /usr/ports/net/gnetcat/files /usr/ports/net/gnetcat/files/patch-src-udphelper.c /usr/ports/net/gnetcat/pkg-descr /usr/ports/net/netcat /usr/ports/net/netcat/Makefile /usr/ports/net/netcat/distinfo /usr/ports/net/netcat/files /usr/ports/net/netcat/files/nc.1 /usr/ports/net/netcat/files/patch-ab /usr/ports/net/netcat/pkg-descr |
|
#cd /usr/ports/net/netcat
|
|
#make install clean
===> Applying FreeBSD patches for netcat-1.10_3 /usr/bin/sed -e 's|%%DOCSDIR%%|/usr/local/share/doc/netcat|g' /usr/ports/net/netcat/files/nc.1 > /usr/ports/net/netcat/work/netcat.1 ===> Configuring for netcat-1.10_3 ===> Building for netcat-1.10_3 make -e nc XFLAGS='-DFREEBSD -DIPV6 -DTELNET -DGAPING_SECURITY_HOLE' STATIC=-static cc -s -O2 -fno-strict-aliasing -pipe -DFREEBSD -DIPV6 -DTELNET -DGAPING_SECURITY_HOLE -static -o nc netcat.c netcat.c: In function 'doexec': netcat.c:724: warning: incompatible implicit declaration of built-in function 'execl' ===> Installing for netcat-1.10_3 ===> Generating temporary packing list ===> Checking if net/netcat already installed install -s -o root -g wheel -m 555 /usr/ports/net/netcat/work/nc /usr/local/bin/netcat install -o root -g wheel -m 444 /usr/ports/net/netcat/work/netcat.1 /usr/local/man/man1 install -o root -g wheel -m 444 /usr/ports/net/netcat/work/README /usr/local/share/doc/netcat ===> Compressing manual pages for netcat-1.10_3 ===> Registering installation for netcat-1.10_3 ===> Cleaning for netcat-1.10_3 |
|
#netcat -l -p 80
^C punt! |
|
#exit
exit Connection to 192.168.168.1 closed. |
|
#nmap 192.168.0.1
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:24 EET |
|
#man nmap
|
|
#nmap -sn 192.168.0.1
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:25 EET Nmap scan report for 192.168.0.1 Host is up (0.0016s latency). MAC Address: 00:16:3E:00:02:02 (Xensource) Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds |
|
#nmap -vn 192.168.0.1
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:26 EET
Initiating ARP Ping Scan at 18:26
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 18:26, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:26
Completed Parallel DNS resolution of 1 host. at 18:26, 0.01s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.012s latency).
MAC Address: 00:16:3E:00:02:02 (Xensource)
Read data files from: /usr/local/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
Raw packets sent: 1 (28B) | Rcvd: 1 (28B)
|
|
#nmap 192.168.0.1
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:27 EET |
|
#nmap 192.168.0.1 1-100
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:28 EET Invalid target host specification: 1-100 QUITTING! |
|
#nmap 192.168.0.1 2
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:28 EET Invalid target host specification: 2 QUITTING! |
|
#nmap 192.168.0.1
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:28 EET Nmap scan report for 192.168.0.1 Host is up (0.017s latency). Not shown: 994 closed ports PORT STATE SERVICE 7/tcp open echo 19/tcp open chargen 22/tcp open ssh 37/tcp open time 110/tcp open pop3 111/tcp open rpcbind MAC Address: 00:16:3E:00:02:02 (Xensource) Nmap done: 1 IP address (1 host up) scanned in 249.13 seconds |
|
#netmap 192.168.0.254
bash: netmap: command not found |
|
#nmap 192.168.0.254
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-15 18:35 EET |
|
#/etc/ss
ssh/ ssl/ |
|
#cat /ssh/sshd_config
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.47.2.2.8.1 2010/12/21 17:10:29 kensmith Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and ... #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server |
|
#cat /etc/ssh/sshd_config |less
|
|
#^C
|
|
#^C
|
|
#^C
|
|
#exit
Connection to 192.168.0.254 closed. |
|
#cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.47.2.2.8.1 2010/12/21 17:10:29 kensmith Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and ... #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server |
|
#cat /etc/ssh/sshd_config | less
|
|
#man ssh
|
|
#ls .root
ls: .root: No such file or directory |
|
#exit
exit Connection to 192.168.168.1 closed. |
|
#ls /oot
.bash_history .bashrc~ .k5login .login .viminfo .bash_profile .cache .l3rc .profile .vimrc .bash_profile~ .cshrc .lesshst .ssh 1111 .bashrc .history .lilalo .vim \ |
|
#tracert mail.ru\
> ^C |
|
#traceroutemail.ru
traceroute: Warning: mail.ru has multiple addresses; using 94.100.191.204 traceroute to mail.ru (94.100.191.204), 64 hops max, 40 byte packets 1 192.168.0.1 (192.168.0.1) 2.472 ms 1.807 ms 5.049 ms 2 192.168.64.1 (192.168.64.1) 11.414 ms 2.802 ms 6.193 ms 3 192.168.13.253 (192.168.13.253) 6.803 ms 9.164 ms 4.584 ms 4 10.0.64.155 (10.0.64.155) 7.925 ms 6.832 ms 8.106 ms 5 texekspert.lsr01-kiev-vlan3416.top.net.ua (77.88.206.213) 12.838 ms 6.242 ms 5.611 ms 6 icg-10g-gw.ix.net.ua (195.35.65.230) 5.994 ms 5.208 ms 6.356 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 *^C |
|
#exit
Connection to 192.168.0.254 closed. |
|
#route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.64.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.16.0 192.168.64.150 255.255.255.0 UG 0 0 0 eth2 192.168.0.0 192.168.64.150 255.255.255.0 UG 0 0 0 eth2 192.168.168.0 192.168.64.150 255.255.255.0 UG 0 0 0 eth2 192.168.13.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.13.253 0.0.0.0 UG 0 0 0 eth0 |
|
#ping 192.168.64.150
PING 192.168.64.150 (192.168.64.150) 56(84) bytes of data. 64 bytes from 192.168.64.150: icmp_req=1 ttl=64 time=2.88 ms 64 bytes from 192.168.64.150: icmp_req=2 ttl=64 time=1.27 ms 64 bytes from 192.168.64.150: icmp_req=3 ttl=64 time=1.22 ms ^C --- 192.168.64.150 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 1.228/1.794/2.881/0.769 ms |
|
#screen -x
|
|
#ssh root@192.168.168.1
Last login: Thu Feb 16 11:26:05 2012 from 192.168.13.253
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 7.4-RELEASE (GENERIC) #1: Sun Feb 12 15:17:17 EET 2012
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
|
|
#alias exit='echo no exit'
|
|
#telnet 192.168.168.1
Trying 192.168.168.1... Connected to 192.168.168.1. Escape character is '^]'. FreeBSD/i386 (freebsd1.net.nt) (ttypa) login: root Password: Login incorrect login: root Password: Login incorrect login: ^C telnet> quit Connection closed. |
|
#telnet 192.168.64.150
Trying 192.168.64.150... Connected to 192.168.64.150. Escape character is '^]'. Debian GNU/Linux 6.0 debian2 login: root Login incorrect debian2 login: user Password: Last login: Thu Feb 16 09:53:42 EET 2012 from localhost.localdomain on pts/2 Linux debian2 2.6.32-5-686 #1 SMP Fri Sep 9 20:51:05 UTC 2011 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. l3-agent is already running: pid=6019; pidfile=/home/user/.lilalo/l3-agent.pid |
|
#apt-get install ssh
Чтение списков пакетов... Готово Построение дерева зависимостей Чтение информации о состоянии... Готово Пакеты, которые будут обновлены: ssh обновлено 1, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 53 пакетов не обновлено. Необходимо скачать 1 250 Б архивов. После данной операции, объём занятого дискового пространства возрастёт на 0 B. Получено:1 http://ftp.ua.debian.org/debian/ squeeze/main ssh all 1:5.5p1-6+squeeze1 [1 250 B] Получено 1 250 Б за 0с (24,9 kБ/c) Чтение журнала изменений... Выполнено (Чтение базы данных ... на данный момент установлено 29736 файлов и каталогов.) Подготовка к замене пакета ssh 1:5.5p1-6 (используется файл .../ssh_1%3a5.5p1-6+squeeze1_all.deb) ... Распаковывается замена для пакета ssh ... Настраивается пакет ssh (1:5.5p1-6+squeeze1) ... |
|
#telnet 192.168.0.254
Trying 192.168.0.254... Connected to 192.168.0.254. Escape character is '^]'. FreeBSD/i386 (freebsd1.net.nt) (ttyp9) login: ^C telnet> quit Connection closed. |
|
#telnet 192.168.0.254
Trying 192.168.0.254... telnet: Unable to connect to remote host: Connection refused |
|
#telnet 192.168.0.254
Trying 192.168.0.254... Connected to 192.168.0.254. Escape character is '^]'. Connection closed by foreign host. |
|
#telnet 192.168.0.254
Trying 192.168.0.254... Connected to 192.168.0.254. Escape character is '^]'. FreeBSD/i386 (freebsd1.net.nt) (ttyp9) login: ^C telnet> quit Connection closed. |
|
#cd /usr/local/src/
|
|
#telnet 192.168.0.254
Trying 192.168.0.254... Connected to 192.168.0.254. Escape character is '^]'. FreeBSD/i386 (freebsd1.net.nt) (ttypb) login: telnet> quit Connection closed. |
|
#cd ~
|
|
#pwd
/root |
|
#scp .ssh/id
.ssh/identity .ssh/id_rsa .ssh/identity.pub .ssh/id_rsa.pub |
|
#ssh root@192.168.168.1
Last login: Thu Feb 16 13:03:15 2012 from 192.168.13.253
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 7.4-RELEASE (GENERIC) #1: Sun Feb 12 15:17:17 EET 2012
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
|
|
#exit
exit Connection to 192.168.168.1 closed. |
|
#apt-get install bind9
^Cтение списков пакетов... 30% |
|
#ssh root@192.168.64.150
root@192.168.64.150's password: Linux debian2 2.6.32-5-686 #1 SMP Fri Sep 9 20:51:05 UTC 2011 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Feb 16 10:19:21 2012 from 192.168.13.253 vim /et bi vim /et bi l3-agent is already running: pid=1322; pidfile=/root/.lilalo/l3-agent.pid l3-agent is already running: pid=1322; pidfile=/root/.lilalo/l3-agent.pid |
|
#vim /etc/bind/
|
|
#vim /etc/bind
|
|
#vim /etc/bind/named.conf
|
|
#~
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
"/etc/bind/named.conf.options" 20L, 572C
|
|
#~ {
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; "/etc/bind/named.conf" 11L, 463C |
|
#~
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; "/etc/bind/named.conf.local" 8L, 165C |
|
#~
12345 .bash_profile .l3rc .ssh/ 12345.pub .bashrc .lilalo/ .vim/ .aptitude/ etc-tha/ .mc/ .viminfo .bash_history install .profile xinetd.conf |
|
#vim /etc/bind/named.conf.default-zones
|
|
#vim /etc/bind/named.conf.default-zones
|
|
# type hint;
// Do any local configuration here
//
zone 'info.kiev.ua' {
type master;
file /etc/bind/info;
allow-transfer { 192.168.13.253; };
}
}
};
~
~
~
~
~
~
~
~
"/etc/bind/named.conf.local" 13L, 263C записано
|
|
#vim /etc/bind/info
|
|
#vim /etc/bind/info
|
|
#/etc/init.d/bind9 restart
Stopping domain name service...: bind9. Starting domain name service...: bind9 failed! |
|
#tail -f -n 15 /var/log/syslog
Feb 16 12:59:36 debian2 named[8349]: stopping command channel on ::1#953 Feb 16 12:59:36 debian2 named[8349]: no longer listening on ::#53 Feb 16 12:59:36 debian2 named[8349]: no longer listening on 127.0.0.1#53 Feb 16 12:59:36 debian2 named[8349]: no longer listening on 192.168.64.150#53 Feb 16 12:59:36 debian2 named[8349]: no longer listening on 192.168.0.1#53 Feb 16 12:59:36 debian2 named[8349]: exiting Feb 16 12:59:37 debian2 named[8789]: starting BIND 9.7.3 -u bind Feb 16 12:59:37 debian2 named[8789]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-fi Feb 16 12:59:37 debian2 named[8789]: adjusted limit on open files from 1024 to 1048576 Feb 16 12:59:37 debian2 named[8789]: found 1 CPU, using 1 worker thread Feb 16 12:59:37 debian2 named[8789]: using up to 4096 sockets Feb 16 12:59:37 debian2 named[8789]: loading configuration from '/etc/bind/named.conf' Feb 16 12:59:37 debian2 named[8789]: /etc/bind/named.conf.local:11: expected quoted string near '/' Feb 16 12:59:37 debian2 named[8789]: loading configuration: unexpected token Feb 16 12:59:37 debian2 named[8789]: exiting (due to fatal error) :q ^[[A^[[A^C |
|
#~
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
type master;
// orga file '/etc/bind/info';
allow-transfer { 192.168.13.253; };
//include "/etc/bind/zones.rfc1918";
};
~
~
~
~
~
~
~
~
~
"/etc/bind/named.conf.local" 13L, 265C записано
|
|
#netstat -nlp|less
|
|
#ping info.kiev.ua
PING info.kiev.ua (91.213.149.36) 56(84) bytes of data. 64 bytes from mail.info.kiev.ua (91.213.149.36): icmp_req=1 ttl=57 time=5.82 ms 64 bytes from mail.info.kiev.ua (91.213.149.36): icmp_req=2 ttl=57 time=19.9 ms 64 bytes from mail.info.kiev.ua (91.213.149.36): icmp_req=3 ttl=57 time=4.51 ms 64 bytes from mail.info.kiev.ua (91.213.149.36): icmp_req=4 ttl=57 time=35.1 ms 64 bytes from mail.info.kiev.ua (91.213.149.36): icmp_req=5 ttl=57 time=113 ms ^C --- info.kiev.ua ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 4.511/35.882/113.928/40.577 ms |
|
#vim /etc/resolv.conf
|
|
#/etc/init.d/bind9 restart
Stopping domain name service...: bind9 waiting for pid 8930 to die. Starting domain name service...: bind9. |
|
#ls -la /etc/bind/
итого 64 drwxr-sr-x 2 root bind 4096 Фев 16 13:01 . drwxr-xr-x 75 root root 4096 Фев 16 13:03 .. -rw-r--r-- 1 root root 2544 Ноя 16 21:43 bind.keys -rw-r--r-- 1 root root 237 Ноя 16 21:43 db.0 -rw-r--r-- 1 root root 271 Ноя 16 21:43 db.127 -rw-r--r-- 1 root root 237 Ноя 16 21:43 db.255 -rw-r--r-- 1 root root 353 Ноя 16 21:43 db.empty -rw-r--r-- 1 root root 270 Ноя 16 21:43 db.local -rw-r--r-- 1 root root 2994 Ноя 16 21:43 db.root -rw-r--r-- 1 root bind 219 Фев 16 12:59 info -rw-r--r-- 1 root bind 463 Ноя 16 21:43 named.conf -rw-r--r-- 1 root bind 490 Ноя 16 21:43 named.conf.default-zones -rw-r--r-- 1 root bind 265 Фев 16 13:01 named.conf.local -rw-r--r-- 1 root bind 572 Ноя 16 21:43 named.conf.options -rw-r----- 1 bind bind 77 Фев 16 12:12 rndc.key -rw-r--r-- 1 root root 1317 Ноя 16 21:43 zones.rfc1918 |
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.47.2.2.8.1 2010/12/21 17:10:29 kensmith Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20080901 #Port 22 #Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit # activation of protocol 1 Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # $FreeBSD: src/crypto/openssh/sshd_config,v 1.47.2.2.8.1 2010/12/21 17:10:29 kensmith Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20080901 #Port 22 #Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit # activation of protocol 1 Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server
| Время первой команды журнала | 16:17:59 2012- 2-15 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 12:04:33 2012- 2-16 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 15.84 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 1.98 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 3.77 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 0.45 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008