17:26:42
|
#test $EUID -ne 0 -a -r /etc/shadow && \echo `Alert: The file /etc/shadow is unavailable fore reading.`
|
| /l3/users/20-10-2014/NT-Ladm/debian4.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 |
|
|
#unset x
|
|
#unset y
|
|
#x=5
|
|
#y=10
|
|
#test $x -gt -$y
|
|
#echo $?
0 |
|
#test $EUID -ne 0 -a -r /etc/shadow && \
> echo `Alert: The file /etc/shadow is unavailable fore reading.` |
|
#echo $?
127 |
|
#test $EUID -ne 0 -a -r /etc/shadow && \echo `Alert: The file /etc/shadow is unavailable fore reading.`
|
|
#test $EUID -ne 0 -a -r /etc/shadow && \
> echo `Alarm: File /etc/shadow is available for reading.` |
|
#echo $?
1 |
|
#test $EUID -ne 1 -a -r /etc/shadow && \
> echo "Alarm: The file /etc/shadow is unavailable for reading." Alarm: The file /etc/shadow is unavailable for reading. |
|
#echo $?
0 |
|
#ls -l /etc/shadow
-rw-r----- 1 root shadow 909 Окт 21 09:33 /etc/shadow |
|
#man test
|
|
#ls -l /etc/shadow
-rw-r--r-- 1 root shadow 909 Окт 21 09:33 /etc/shadow |
|
#test $EUID -e 0 -a -r /etc/shadow && \
> echo "ALARM: /etc/shadow" l3script: test: слишком много аргументов |
|
#test $EUID -e 0 -a -r /etc/shadow && \
> echo `alarm: /etc/shadow` l3script: test: слишком много аргументов |
|
#test $EUID -ne 0 -a -r /etc/shadow && \
> echo 'alarm: /etc/shadow' |
|
#echo $?
1 |
|
#test $EUID -ze 0 -a -r /etc/shadow && \
> echo^Calarm: /etc/' |
|
#test $EUID -eq 0 -a -r /etc/shadow && \
> echo 'ALARM: /etc/shadow is available for reading to all users.' ALARM: /etc/shadow is available for reading to all users. |
|
#echo $?
0 |
|
#chmod o-r /etc/shadow
|
|
#ls -l /etc/shadow
-rw-r----- 1 root shadow 909 Окт 21 09:33 /etc/shadow |
|
#test $EUID -eq 0 -a -r /etc/shadow && \
> echo 'ALARM: /dev/shadow is available.' ALARM: /dev/shadow is available. |
|
#echo test $EUID -eq 0 -a -r /etc/shadow && > /dev/pts/3
test 0 -eq 0 -a -r /etc/shadow |
|
#echo test $EUID -eq 0 -a -r /etc/shadow && > /dev/pts/2
test 0 -eq 0 -a -r /etc/shadow |
|
#echo test $EUID -eq 0 -a -r /etc/shadow && > /dev/pts/0
test 0 -eq 0 -a -r /etc/shadow l3script: /dev/pts/0: Отказано в доступе |
|
#chmod o+r /etc/shadow
|
|
#chmod o+w /etc/shadow
|
|
#vim .l3rc
--- /tmp/l3-saved-19626.22496.14423 2014-10-23 09:45:03.017051286 +0300 +++ .l3rc 2014-10-23 09:45:44.737041094 +0300 @@ -1 +1 @@ -l3cd=/users/21-10-2014/NT-Ladm/debian4.net.nt/root +l3cd=/users/23-10-2014/NT-Ladm/debian4.net.nt/root |
|
#tree /
/ ├── bin │ ├── bash │ ├── busybox │ ├── cat │ ├── chgrp │ ├── chmod │ ├── chown │ ├── chvt │ ├── cp ... │ │ │ ├── CP1125.so │ │ │ ├── CP1250.so │ │ │ ├── CP1251.so │ │ │ ├── CP1252.so │ │ │ ├── CP1253.so │ │ │ ├── CP1254.so │ │ │ ├── CP1255.so │ │ │ ├── CP1256.so │ │ │ ├── CP1257.so │ │ │ ├── CP1258.so^C |
|
#cat passwd | xargs sort -k1
sort: операция открытия завершилась неудачно: root:x:0:0:root:/root:/bin/bash: Нет такого файла или каталога |
|
#cat passwd | sort -k1
backup:x:34:34:backup:/var/backups:/bin/sh bin:x:2:2:bin:/bin:/bin/sh daemon:x:1:1:daemon:/usr/sbin:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false games:x:5:60:games:/usr/games:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh ... nobody:x:65534:65534:nobody:/nonexistent:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh root:x:0:0:root:/root:/bin/bash sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin student:x:1001:1001::/home/student:/bin/bash sync:x:4:65534:sync:/bin:/bin/sync sys:x:3:3:sys:/dev:/bin/sh user:x:1000:1000:user,,,:/home/user:/bin/bash uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh |
|
#cat passwd | sort -k2
backup:x:34:34:backup:/var/backups:/bin/sh bin:x:2:2:bin:/bin:/bin/sh daemon:x:1:1:daemon:/usr/sbin:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false games:x:5:60:games:/usr/games:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh ... root:x:0:0:root:/root:/bin/bash sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin student:x:1001:1001::/home/student:/bin/bash sync:x:4:65534:sync:/bin:/bin/sync sys:x:3:3:sys:/dev:/bin/sh user:x:1000:1000:user,,,:/home/user:/bin/bash uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh |
|
#cat passwd | sort -k2 -n
backup:x:34:34:backup:/var/backups:/bin/sh bin:x:2:2:bin:/bin:/bin/sh daemon:x:1:1:daemon:/usr/sbin:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false games:x:5:60:games:/usr/games:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh ... nobody:x:65534:65534:nobody:/nonexistent:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh root:x:0:0:root:/root:/bin/bash sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin student:x:1001:1001::/home/student:/bin/bash sync:x:4:65534:sync:/bin:/bin/sync sys:x:3:3:sys:/dev:/bin/sh user:x:1000:1000:user,,,:/home/user:/bin/bash uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh |
|
#who
root pts/4 2014-10-23 09:46 (192.168.15.102) |
|
#who -a
2014-10-17 18:43 157 id=si терминал=0 выход=0
загрузка системы 2014-10-17 18:43
уровень выполнения 2 2014-10-17 18:43 предыдущий=S
2014-10-17 18:43 1871 id=l2 терминал=0 выход=0
ВХОД tty6 2014-10-17 18:43 2325 id=6
ВХОД tty5 2014-10-17 18:43 2324 id=5
ВХОД tty4 2014-10-17 18:43 2323 id=4
ВХОД tty3 2014-10-17 18:43 2322 id=3
ВХОД tty2 2014-10-17 18:43 2321 id=2
ВХОД tty1 2014-10-17 18:43 2320 id=1
pts/0 2014-10-21 12:15 8771 id=ts/0 терминал=0 выход=0
pts/2 2014-10-22 19:10 18442 id=ts/2 терминал=0 выход=0
pts/3 2014-10-20 17:21 4611 id=ts/3 терминал=0 выход=0
root + pts/4 2014-10-23 09:46 . 19676 (192.168.15.102)
pts/5 2014-10-22 17:21 17524 id=ts/5 терминал=0 выход=0
student + pts/6 2014-10-23 10:05 . 19907 (192.168.15.102)
|
|
#cd /etc/s
screenrc services shells staff-group-for-usr-local securetty sgml/ skel/ sysctl.conf security/ shadow ssh/ sysctl.d/ selinux/ shadow- ssl/ systemd/ |
|
#cd /etc/s
screenrc services shells staff-group-for-usr-local securetty sgml/ skel/ sysctl.conf security/ shadow ssh/ sysctl.d/ selinux/ shadow- ssl/ systemd/ |
|
#ls -a /etc
. debconf.conf hosts.deny logrotate.d perl security .. debian_version init lynx-cur ppp selinux acpi default init.d magic profile services adduser.conf deluser.conf initramfs-tools magic.mime profile.d sgml adjtime dhcp inittab mailcap protocols shadow aliases discover.conf.d inputrc mailcap.order .pwd.lock shadow- alternatives discover-modprobe.conf insserv mailname python shells apt dpkg insserv.conf manpath.config python2.7 skel bash.bashrc email-addresses insserv.conf.d mime.types rc0.d ssh bash_completion environment iproute2 mke2fs.conf rc1.d ssl ... ca-certificates.conf groff ld.so.cache nanorc rc.local timezone calendar group ld.so.conf network rcS.d trafshow console-cyrillic group- ld.so.conf.d networks reportbug.conf ucf.conf console-setup grub.d lilalo nsswitch.conf resolv.conf udev cron.d gshadow locale.alias opt rmt ufw cron.daily gshadow- locale.gen os-release rpc vim cron.hourly host.conf localtime pam.conf rsyslog.conf w3m cron.monthly hostname logcheck pam.d rsyslog.d wgetrc crontab hosts login.defs passwd screenrc X11 cron.weekly hosts.allow logrotate.conf passwd- securetty xml |
|
#who
root pts/4 2014-10-23 09:46 (192.168.15.102) student pts/6 2014-10-23 10:05 (192.168.15.102) |
|
#whoami
root |
|
#who -a
2014-10-17 18:43 157 id=si терминал=0 выход=0
загрузка системы 2014-10-17 18:43
уровень выполнения 2 2014-10-17 18:43 предыдущий=S
2014-10-17 18:43 1871 id=l2 терминал=0 выход=0
ВХОД tty6 2014-10-17 18:43 2325 id=6
ВХОД tty5 2014-10-17 18:43 2324 id=5
ВХОД tty4 2014-10-17 18:43 2323 id=4
ВХОД tty3 2014-10-17 18:43 2322 id=3
ВХОД tty2 2014-10-17 18:43 2321 id=2
ВХОД tty1 2014-10-17 18:43 2320 id=1
pts/0 2014-10-21 12:15 8771 id=ts/0 терминал=0 выход=0
pts/2 2014-10-22 19:10 18442 id=ts/2 терминал=0 выход=0
pts/3 2014-10-20 17:21 4611 id=ts/3 терминал=0 выход=0
root + pts/4 2014-10-23 09:46 . 19676 (192.168.15.102)
pts/5 2014-10-22 17:21 17524 id=ts/5 терминал=0 выход=0
student + pts/6 2014-10-23 10:05 00:10 19907 (192.168.15.102)
|
|
#netstat
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 debian4.net.nt:ssh 192.168.15.102:61977 ESTABLISHED tcp 0 432 debian4.net.nt:ssh 192.168.15.102:61875 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 5 [ ] DGRAM 5088 /dev/log unix 3 [ ] STREAM CONNECTED 86431 unix 3 [ ] STREAM CONNECTED 86430 unix 2 [ ] DGRAM 86429 unix 2 [ ] DGRAM 84593 unix 2 [ ] DGRAM 5113 unix 3 [ ] DGRAM 3264 unix 3 [ ] DGRAM 3263 |
|
#last
student pts/6 192.168.15.102 Thu Oct 23 10:05 still logged in root pts/4 192.168.15.102 Thu Oct 23 09:46 still logged in root pts/4 192.168.15.102 Thu Oct 23 09:31 - 09:46 (00:14) student pts/4 192.168.15.102 Wed Oct 22 18:49 - 19:10 (00:20) root pts/2 192.168.15.102 Wed Oct 22 17:21 - 19:10 (01:48) student pts/5 192.168.15.102 Wed Oct 22 15:19 - 17:21 (02:02) student pts/4 192.168.15.102 Wed Oct 22 09:21 - 11:38 (02:16) root pts/2 192.168.15.102 Wed Oct 22 09:20 - 17:21 (08:00) student pts/4 192.168.15.102 Tue Oct 21 14:33 - 17:20 (02:47) root pts/2 192.168.15.102 Tue Oct 21 12:16 - 17:20 (05:03) student pts/2 192.168.15.102 Tue Oct 21 09:42 - 11:29 (01:47) student pts/2 192.168.15.102 Tue Oct 21 09:33 - 09:41 (00:07) root pts/0 192.168.15.102 Tue Oct 21 09:13 - 12:15 (03:02) student pts/3 192.168.15.102 Mon Oct 20 13:29 - 17:21 (03:51) student pts/2 192.168.15.102 Mon Oct 20 13:29 - 13:29 (00:00) root pts/0 192.168.15.102 Mon Oct 20 09:04 - 18:12 (09:08) reboot system boot 3.2.0-4-amd64 Fri Oct 17 18:43 - 10:23 (5+15:39) root pts/0 192.168.13.253 Wed Oct 15 16:25 - down (00:00) root pts/0 192.168.13.253 Wed Oct 15 16:21 - 16:25 (00:03) reboot system boot 3.2.0-4-amd64 Wed Oct 15 16:20 - 16:25 (00:04) wtmp begins Wed Oct 15 16:20:54 2014 |
|
#man last
|
|
#cat /etc/log
logcheck/ login.defs logrotate.conf logrotate.d/ |
|
#cat /etc/logrotate.conf
# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory ... create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here |
|
#last b
wtmp begins Wed Oct 15 16:20:54 2014 |
|
#last -b
last: invalid option -- 'b' Usage: last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-adioxFw] [username..] [tty..] |
|
#last b -a
wtmp begins Wed Oct 15 16:20:54 2014 |
|
#cat /etc/passwd
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh ... backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false user:x:1000:1000:user,,,:/home/user:/bin/bash sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin student:x:1001:1001::/home/student:/bin/bash |
|
#cat /etc/passwd | sed '/s/:/\t/g'
|