| /l3/users/16-10-2018/NT-Ladm/debian3.net.nt/root :1 :2 :3 :4 :5 |
|
|
#netstat -tan
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.13.3:22 192.168.15.216:49884 ESTABLISHED tcp 0 384 192.168.13.3:22 192.168.15.216:49898 ESTABLISHED tcp 0 0 192.168.13.3:22 192.168.15.216:55439 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN |
|
#netstat -tan
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.13.3:22 192.168.15.216:49884 ESTABLISHED tcp 0 384 192.168.13.3:22 192.168.15.216:49898 ESTABLISHED tcp 0 0 192.168.13.3:22 192.168.15.216:55439 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN |
|
#~
"/etc/ssh/sshd_config" 87L, 2489C
32 #AuthorizedKeysFile %h/.ssh/authorized_keys
33
34 ListenAddress 192.168.16.216
ListenAddr
9 # HostKeys for protocol version 2
10 HostKey /etc/ssh/ssh_host_rsa_key
36 # For this to work you wi_d also need host keys in /etc/ssh_known_hosts
_ecdsa_key
37 #Privilege Separation is turned on for security
...
# Kerberos options
57 #KerberosAuthentication no
sGetAFSToken no
58 sOrLocalPasswd yes
sTicketCleanup
59
# GSSAPI options
60 #GSSAPIAuthentication no
ICleanupCredentials yes
"/etc/ssh/sshd_config" 87L, 2497C written
|
|
#~
4 # What ports, IPs and protocols we listen for 5 Port 22 6 # Use these options to restrict which interfaces/protocols sshd will bind to 7 #ListenAddress :: 8 #ListenAddress 0.0.0.0 9 Protocol 2 10 # HostKeys for protocol version 2 11 HostKey /etc/ssh/ssh_host_rsa_key 12 HostKey /etc/ssh/ssh_host_dsa_key 13 HostKey /etc/ssh/ssh_host_ecdsa_key ... 59 #PasswordAuthentication yes 60 # Kerberos options #KerberosAuthentication no 61 #GSSAPICsGetAFSToken no sOrLocalPasswd yes sTicketCleanup # GSSAPI options #GSSAPIAuthentication no ICleanupCredentials yes "/etc/ssh/sshd_config" 87L, 2497C written |
|
#netstat -tan
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.13.3:50611 5.9.243.178:18030 TIME_WAIT tcp 0 0 192.168.13.3:22 192.168.15.216:49884 ESTABLISHED tcp 0 592 192.168.13.3:22 192.168.15.216:49898 ESTABLISHED tcp 0 0 192.168.13.3:22 192.168.15.216:55439 ESTABLISHED tcp 0 0 192.168.13.3:50612 5.9.243.178:18030 TIME_WAIT tcp6 0 0 ::1:25 :::* LISTEN |
|
#netstat -tan
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.13.3:50611 5.9.243.178:18030 TIME_WAIT tcp 0 0 192.168.13.3:22 192.168.15.216:49884 ESTABLISHED tcp 0 592 192.168.13.3:22 192.168.15.216:49898 ESTABLISHED tcp 0 0 192.168.13.3:22 192.168.15.216:55439 ESTABLISHED tcp 0 0 192.168.13.3:50612 5.9.243.178:18030 TIME_WAIT tcp6 0 0 ::1:25 :::* LISTEN |
|
#ps l
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 2288 1 20 0 18368 972 - Ss+ tty1 0:00 /sbin/getty 38400 tty1 4 0 2289 1 20 0 18368 964 - Ss+ tty2 0:00 /sbin/getty 38400 tty2 4 0 2290 1 20 0 18368 972 - Ss+ tty3 0:00 /sbin/getty 38400 tty3 4 0 2291 1 20 0 18368 968 - Ss+ tty4 0:00 /sbin/getty 38400 tty4 4 0 2292 1 20 0 18368 972 - Ss+ tty5 0:00 /sbin/getty 38400 tty5 4 0 2293 1 20 0 18368 976 - Ss+ tty6 0:00 /sbin/getty 38400 tty6 4 0 7169 7167 20 0 22096 2696 - Ss+ pts/0 0:00 -bash 0 0 7214 7169 20 0 18164 840 - S+ pts/0 0:00 script -f -c l3script -q /root/.lilalo//75832744 1 0 7245 7214 20 0 18168 464 - S+ pts/0 0:00 script -f -c l3script -q /root/.lilalo//75832744 0 0 7246 7245 20 0 21648 2388 - Ss pts/1 0:00 l3script 0 0 11373 7246 20 0 18164 844 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 1 0 11404 11373 20 0 18168 468 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 0 0 11405 11404 20 0 21664 2388 - Ss pts/3 0:00 l3script 0 0 12061 11405 20 0 7728 320 - T pts/3 0:00 cat 0 0 14269 11405 20 0 7708 320 - S pts/3 0:00 sleep 1000 4 0 14277 11405 20 0 10536 840 - R+ pts/3 0:00 ps l |
|
#ps l
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 2288 1 20 0 18368 972 - Ss+ tty1 0:00 /sbin/getty 38400 tty1 4 0 2289 1 20 0 18368 964 - Ss+ tty2 0:00 /sbin/getty 38400 tty2 4 0 2290 1 20 0 18368 972 - Ss+ tty3 0:00 /sbin/getty 38400 tty3 4 0 2291 1 20 0 18368 968 - Ss+ tty4 0:00 /sbin/getty 38400 tty4 4 0 2292 1 20 0 18368 972 - Ss+ tty5 0:00 /sbin/getty 38400 tty5 4 0 2293 1 20 0 18368 976 - Ss+ tty6 0:00 /sbin/getty 38400 tty6 4 0 7169 7167 20 0 22096 2696 - Ss+ pts/0 0:00 -bash 0 0 7214 7169 20 0 18164 840 - S+ pts/0 0:00 script -f -c l3script -q /root/.lilalo//75832744 1 0 7245 7214 20 0 18168 464 - S+ pts/0 0:00 script -f -c l3script -q /root/.lilalo//75832744 0 0 7246 7245 20 0 21648 2388 - Ss pts/1 0:00 l3script 0 0 11373 7246 20 0 18164 844 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 1 0 11404 11373 20 0 18168 468 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 0 0 11405 11404 20 0 21664 2388 - Ss pts/3 0:00 l3script 0 0 12061 11405 20 0 7728 320 - T pts/3 0:00 cat 0 0 14269 11405 20 0 7708 320 - S pts/3 0:00 sleep 1000 4 0 14277 11405 20 0 10536 840 - R+ pts/3 0:00 ps l |
|
#ps lф
error: unsupported option (BSD syntax) Usage: ps [options] Try 'ps --help <simple|list|output|threads|misc|all>' or 'ps --help <s|l|o|t|m|a>' for additional help text. For more details see ps(1). |
|
#ps lф
error: unsupported option (BSD syntax) Usage: ps [options] Try 'ps --help <simple|list|output|threads|misc|all>' or 'ps --help <s|l|o|t|m|a>' for additional help text. For more details see ps(1). |
|
#ps lÑa
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 2288 1 20 0 18368 972 - Ss+ tty1 0:00 /sbin/getty 38400 tty1 4 0 2289 1 20 0 18368 964 - Ss+ tty2 0:00 /sbin/getty 38400 tty2 4 0 2290 1 20 0 18368 972 - Ss+ tty3 0:00 /sbin/getty 38400 tty3 4 0 2291 1 20 0 18368 968 - Ss+ tty4 0:00 /sbin/getty 38400 tty4 4 0 2292 1 20 0 18368 972 - Ss+ tty5 0:00 /sbin/getty 38400 tty5 4 0 2293 1 20 0 18368 976 - Ss+ tty6 0:00 /sbin/getty 38400 tty6 0 1001 6981 6980 20 0 22604 3408 - Ss+ pts/4 0:00 -bash 4 0 7169 7167 20 0 22096 2696 - Ss+ pts/0 0:00 -bash 0 0 7214 7169 20 0 18164 840 - S+ pts/0 0:00 script -f -c l3script -q /root/.lilalo//75832744 ... 0 1000 11007 11006 20 0 22248 3056 - Ss pts/2 0:00 -bash 0 0 11373 7246 20 0 18164 844 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 1 0 11404 11373 20 0 18168 468 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 0 0 11405 11404 20 0 21664 2388 - Ss pts/3 0:00 l3script 0 0 12061 11405 20 0 7728 320 - T pts/3 0:00 cat 0 1000 12335 11007 20 0 18164 836 - S+ pts/2 0:00 script -f -c l3script -q /home/user/.lilalo//425 1 1000 12406 12335 20 0 18168 464 - S+ pts/2 0:00 script -f -c l3script -q /home/user/.lilalo//425 0 1000 12407 12406 20 0 22192 2876 - Ss+ pts/5 0:00 l3script 0 0 14269 11405 20 0 7708 320 - S pts/3 0:00 sleep 1000 4 0 14293 11405 20 0 10536 836 - R+ pts/3 0:00 ps la |
|
#ps lÑa
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 2288 1 20 0 18368 972 - Ss+ tty1 0:00 /sbin/getty 38400 tty1 4 0 2289 1 20 0 18368 964 - Ss+ tty2 0:00 /sbin/getty 38400 tty2 4 0 2290 1 20 0 18368 972 - Ss+ tty3 0:00 /sbin/getty 38400 tty3 4 0 2291 1 20 0 18368 968 - Ss+ tty4 0:00 /sbin/getty 38400 tty4 4 0 2292 1 20 0 18368 972 - Ss+ tty5 0:00 /sbin/getty 38400 tty5 4 0 2293 1 20 0 18368 976 - Ss+ tty6 0:00 /sbin/getty 38400 tty6 0 1001 6981 6980 20 0 22604 3408 - Ss+ pts/4 0:00 -bash 4 0 7169 7167 20 0 22096 2696 - Ss+ pts/0 0:00 -bash 0 0 7214 7169 20 0 18164 840 - S+ pts/0 0:00 script -f -c l3script -q /root/.lilalo//75832744 ... 0 1000 11007 11006 20 0 22248 3056 - Ss pts/2 0:00 -bash 0 0 11373 7246 20 0 18164 844 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 1 0 11404 11373 20 0 18168 468 - S+ pts/1 0:00 script -f -c l3script -q /root/.lilalo//81541232 0 0 11405 11404 20 0 21664 2388 - Ss pts/3 0:00 l3script 0 0 12061 11405 20 0 7728 320 - T pts/3 0:00 cat 0 1000 12335 11007 20 0 18164 836 - S+ pts/2 0:00 script -f -c l3script -q /home/user/.lilalo//425 1 1000 12406 12335 20 0 18168 464 - S+ pts/2 0:00 script -f -c l3script -q /home/user/.lilalo//425 0 1000 12407 12406 20 0 22192 2876 - Ss+ pts/5 0:00 l3script 0 0 14269 11405 20 0 7708 320 - S pts/3 0:00 sleep 1000 4 0 14293 11405 20 0 10536 836 - R+ pts/3 0:00 ps la |
|
#ls -l
total 64 -rw-r--r-- 1 root root 384 May 26 2012 chfn -rw-r--r-- 1 root root 92 May 26 2012 chpasswd -rw-r--r-- 1 root root 581 May 26 2012 chsh -rw-r--r-- 1 root root 1208 Jun 27 2014 common-account -rw-r--r-- 1 root root 1221 Jun 27 2014 common-auth -rw-r--r-- 1 root root 1440 Jun 27 2014 common-password -rw-r--r-- 1 root root 1156 Jun 27 2014 common-session -rw-r--r-- 1 root root 1154 Jun 27 2014 common-session-noninteractive -rw-r--r-- 1 root root 527 Jul 4 2012 cron -rw-r--r-- 1 root root 4779 May 26 2012 login -rw-r--r-- 1 root root 92 May 26 2012 newusers -rw-r--r-- 1 root root 520 Apr 29 2012 other -rw-r--r-- 1 root root 92 May 26 2012 passwd -rw-r--r-- 1 root root 1462 Apr 3 2014 sshd -rw-r--r-- 1 root root 2305 May 26 2012 su |
|
#ls -l
total 64 -rw-r--r-- 1 root root 384 May 26 2012 chfn -rw-r--r-- 1 root root 92 May 26 2012 chpasswd -rw-r--r-- 1 root root 581 May 26 2012 chsh -rw-r--r-- 1 root root 1208 Jun 27 2014 common-account -rw-r--r-- 1 root root 1221 Jun 27 2014 common-auth -rw-r--r-- 1 root root 1440 Jun 27 2014 common-password -rw-r--r-- 1 root root 1156 Jun 27 2014 common-session -rw-r--r-- 1 root root 1154 Jun 27 2014 common-session-noninteractive -rw-r--r-- 1 root root 527 Jul 4 2012 cron -rw-r--r-- 1 root root 4779 May 26 2012 login -rw-r--r-- 1 root root 92 May 26 2012 newusers -rw-r--r-- 1 root root 520 Apr 29 2012 other -rw-r--r-- 1 root root 92 May 26 2012 passwd -rw-r--r-- 1 root root 1462 Apr 3 2014 sshd -rw-r--r-- 1 root root 2305 May 26 2012 su |
|
#ls -l /lib64/security
ls: cannot access /lib64/security: No such file or directory |
|
#ls -l /lib64/security
ls: cannot access /lib64/security: No such file or directory |
|
#:q
31 PubkeyAuthentication yes "/etc/ssh/sshd_config" 87L, 2497C 32 #AuthorizedKeysFile %h/.ssh/authorized_keys 33 34 # Don't read the user's ~/.rhosts and ~/.shosts files 35 IgnoreRhosts yes 36 # For this to work you will also need host keys in /etc/ssh_known_hosts 37 RhostsRSAAuthentication no 38 # similar for protocol version 2 39 HostbasedAuthentication no ... 51 #PasswordAuthentication yes 52 53 # Kerberos options 54 #KerberosAuthentication no 55 #KerberosGetAFSToken no 56 #KerberosOrLocalPasswd yes 57 #KerberosTicketCleanup yes 58 59 # GSSAPI options 60 #GSSAPIAuthentication no |
|
#:q
31 PubkeyAuthentication yes "/etc/ssh/sshd_config" 87L, 2497C 32 #AuthorizedKeysFile %h/.ssh/authorized_keys 33 34 # Don't read the user's ~/.rhosts and ~/.shosts files 35 IgnoreRhosts yes 36 # For this to work you will also need host keys in /etc/ssh_known_hosts 37 RhostsRSAAuthentication no 38 # similar for protocol version 2 39 HostbasedAuthentication no ... 51 #PasswordAuthentication yes 52 53 # Kerberos options 54 #KerberosAuthentication no 55 #KerberosGetAFSToken no 56 #KerberosOrLocalPasswd yes 57 #KerberosTicketCleanup yes 58 59 # GSSAPI options 60 #GSSAPIAuthentication no |
|
#GSSAPICleanupCredentials yes
68 user.* -/var/log/user.log 69 70 # 71 # Logging for the mail system. Split it up so that 72 # it is easy to write scripts to parse these files. 73 # 74 mail.info -/var/log/mail.info 75 mail.warn -/var/log/mail.warn 76 mail.err /var/log/mail.err 77 ... 110 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, 111 # you must invoke `xconsole' with the `-file' option: 112 # 113 # $ xconsole -file /dev/xconsole [...] 114 # 115 # NOTE: adjust the list below, or you'll go crazy if you have a reasonably 116 # busy site.. 117 # 118 daemon.*;mail.*;\ 119 news.err;\ |
|
#GSSAPICleanupCredentials yes
60 # 61 auth,authpriv.* /var/log/auth.log 62 *.*;auth,authpriv.none -/var/log/syslog 63 #cron.* /var/log/cron.log 64 daemon.* -/var/log/daemon.log 65 kern.* -/var/log/kern.log 66 lpr.* -/var/log/lpr.log 67 mail.* -/var/log/mail.log 68 user.* -/var/log/user.log 69 ... 110 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, 111 # you must invoke `xconsole' with the `-file' option: 112 # 113 # $ xconsole -file /dev/xconsole [...] 114 # 115 # NOTE: adjust the list below, or you'll go crazy if you have a reasonably 116 # busy site.. 117 # 118 daemon.*;mail.*;\ 119 news.err;\ |
|
#120 *.=debug;*.=info;\
"/etc/ssh/sshd_config" 87L, 2497C 32 #AuthorizedKeysFile %h/.ssh/authorized_keys 33 34 # Don't read the user's ~/.rhosts and ~/.shosts files 35 IgnoreRhosts yes 36 # For this to work you will also need host keys in /etc/ssh_known_hosts 37 RhostsRSAAuthentication no 38 # similar for protocol version 2 39 HostbasedAuthentication no 40 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication ... 52 53 # Kerberos options 54 #KerberosAuthentication no 55 #KerberosGetAFSToken no 56 #KerberosOrLocalPasswd yes 57 #KerberosTicketCleanup yes 58 59 # GSSAPI options 60 #GSSAPIAuthentication no "/etc/ssh/sshd_config" 87L, 2500C written |
|
#120 *.=debug;*.=info;\
"/etc/ssh/sshd_config" 87L, 2497C 32 #AuthorizedKeysFile %h/.ssh/authorized_keys 33 34 # Don't read the user's ~/.rhosts and ~/.shosts files 35 IgnoreRhosts yes 36 # For this to work you will also need host keys in /etc/ssh_known_hosts 37 RhostsRSAAuthentication no 38 # similar for protocol version 2 39 HostbasedAuthentication no 40 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication ... 52 53 # Kerberos options 54 #KerberosAuthentication no 55 #KerberosGetAFSToken no 56 #KerberosOrLocalPasswd yes 57 #KerberosTicketCleanup yes 58 59 # GSSAPI options 60 #GSSAPIAuthentication no "/etc/ssh/sshd_config" 87L, 2500C written |
|
#vi /etc/rsyslog.conf
--- /tmp/l3-saved-11405.9487.17346 2018-10-20 12:22:00.957586753 +0300 +++ /etc/rsyslog.conf 2018-10-20 12:23:58.849613107 +0300 @@ -66,6 +66,7 @@ lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log +local5.* /var/log/ssh.log # # Logging for the mail system. Split it up so that |
|
#service rsyslog restart
[ ok ] Stopping enhanced syslogd: rsyslogd. [ ok ] Starting enhanced syslogd: rsyslogd. |
|
#service rsyslog restart
[ ok ] Stopping enhanced syslogd: rsyslogd. [ ok ] Starting enhanced syslogd: rsyslogd. |
|
#ls /var/log
alternatives.log btmp debug.3.gz dpkg.log.2.gz kern.log.3.gz messages.2.gz syslog.5.gz alternatives.log.1 btmp.1 dmesg exim4 lastlog messages.3.gz syslog.6.gz apt daemon.log dmesg.0 faillog lpr.log news syslog.7.gz aptitude daemon.log.1 dmesg.1.gz fsck mail.err ssh.log user.log aptitude.1.gz daemon.log.2.gz dmesg.2.gz installer mail.info syslog user.log.1 auth.log daemon.log.3.gz dmesg.3.gz iptraf mail.log syslog.1 user.log.2.gz auth.log.1 debug dmesg.4.gz kern.log mail.warn syslog.2.gz user.log.3.gz auth.log.2.gz debug.1 dpkg.log kern.log.1 messages syslog.3.gz wtmp auth.log.3.gz debug.2.gz dpkg.log.1 kern.log.2.gz messages.1 syslog.4.gz wtmp.1 |
|
#ls /var/log
alternatives.log btmp debug.3.gz dpkg.log.2.gz kern.log.3.gz messages.2.gz syslog.5.gz alternatives.log.1 btmp.1 dmesg exim4 lastlog messages.3.gz syslog.6.gz apt daemon.log dmesg.0 faillog lpr.log news syslog.7.gz aptitude daemon.log.1 dmesg.1.gz fsck mail.err ssh.log user.log aptitude.1.gz daemon.log.2.gz dmesg.2.gz installer mail.info syslog user.log.1 auth.log daemon.log.3.gz dmesg.3.gz iptraf mail.log syslog.1 user.log.2.gz auth.log.1 debug dmesg.4.gz kern.log mail.warn syslog.2.gz user.log.3.gz auth.log.2.gz debug.1 dpkg.log kern.log.1 messages syslog.3.gz wtmp auth.log.3.gz debug.2.gz dpkg.log.1 kern.log.2.gz messages.1 syslog.4.gz wtmp.1 |
|
#cat /var/log/ssh.log
|
|
#service ssh reload
[ ok ] Reloading OpenBSD Secure Shell server's configuration: sshd. |
|
#service ssh reload
[ ok ] Reloading OpenBSD Secure Shell server's configuration: sshd. |
|
#vi /etc/rsyslog.conf
--- /tmp/l3-saved-11405.839.23512 2018-10-20 12:34:43.361598198 +0300 +++ /etc/rsyslog.conf 2018-10-20 12:35:20.185592889 +0300 @@ -13,12 +13,12 @@ #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception -#$ModLoad imudp -#$UDPServerRun 514 +$ModLoad imudp +$UDPServerRun 514 # provides TCP syslog reception -#$ModLoad imtcp -#$InputTCPServerRun 514 +$ModLoad imtcp +$InputTCPServerRun 514 ########################### |
|
#service rsyslog restart
[ ok ] Stopping enhanced syslogd: rsyslogd. [ ok ] Starting enhanced syslogd: rsyslogd. |