/l3/users/eb/2009/linux1/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Вторник (06/02/09)

/dev/pts/0
15:18:54
#iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
15:18:57
#iptables -A INPUT -p tcp -j REJECT










15:19:22




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED
REJECT     tcp  --  anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











15:19:42




#nmap -sF 192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:20 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1714 filtered ports
PORT   STATE         SERVICE
22/tcp open|filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 1.297 seconds











15:24:14




#iptables -D INPUT 3












15:24:36




#iptables -A INPUT -p tcp --syn -j REJECT












15:25:10




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED
REJECT     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











15:25:12




#nmap -sF 192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:25 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1712 closed ports
PORT     STATE         SERVICE
22/tcp   open|filtered ssh
110/tcp  open|filtered pop3
9999/tcp open|filtered abyss
Nmap done: 1 IP address (1 host up) scanned in 1.288 seconds











15:25:53




#nmap  192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:26 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1714 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 0.148 seconds











15:26:40




#iptables -A INPUT -p tcp --syn -j REJECT --reject-with tcp-reset












15:29:48




#iptables -sF 192.168.15.1





Bad argument `192.168.15.1'
Try `iptables -h' or 'iptables --help' for more information.











15:30:13




#nmap -sF 192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:30 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1712 closed ports
PORT     STATE         SERVICE
22/tcp   open|filtered ssh
110/tcp  open|filtered pop3
9999/tcp open|filtered abyss
Nmap done: 1 IP address (1 host up) scanned in 1.293 seconds











15:30:24




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED
REJECT     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN reject-with tcp-reset
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











15:30:52




#nmap -sS 192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:31 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1714 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 0.115 seconds











15:31:08




#nmap -sF 192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:31 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1712 closed ports
PORT     STATE         SERVICE
22/tcp   open|filtered ssh
110/tcp  open|filtered pop3
9999/tcp open|filtered abyss
Nmap done: 1 IP address (1 host up) scanned in 1.300 seconds











15:31:42




#iptables -F










прошло 15 минут




15:47:37




#nmap -sF 192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:47 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1712 closed ports
PORT     STATE         SERVICE
22/tcp   open|filtered ssh
110/tcp  open|filtered pop3
9999/tcp open|filtered abyss
Nmap done: 1 IP address (1 host up) scanned in 1.397 seconds











15:47:49




#nmap  192.168.15.1


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:48 EEST
Interesting ports on linux1.unix.nt (192.168.15.1):
Not shown: 1712 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
110/tcp  open  pop3
9999/tcp open  abyss
Nmap done: 1 IP address (1 host up) scanned in 0.125 seconds











15:49:34




#cat /proc/net/ip_conntrack


tcp      6 429795 ESTABLISHED src=192.168.107.2 dst=192.168.101.2 sport=43586 dport=22 packets=3 bytes=204 src=192.168.101.2 dst=192.168.107.2 sport=22 dport=43586 packets=2 bytes=312 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431934 ESTABLISHED src=10.0.35.100 dst=192.168.101.2 sport=22 dport=44992 packets=1910 bytes=455720 src=192.168.101.2 dst=10.0.35.100 sport=44992 dport=22 packets=1729 bytes=90640 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431934 ESTABLISHED src=10.0.35.100 dst=192.168.15.1 sport=22 dport=35465 packets=462 bytes=110216 src=192.168.15.1 dst=10.0.35.100 sport=35465 dport=22 packets=457 bytes=23824 [ASSURED] mark=0 secmark=0 use=1









прошло 10 минут




16:00:00




#netstat -np -A inet


Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.15.1:35465      10.0.35.100:22          ESTABLISHED 6080/ssh











16:07:32




#cat /proc/net/ip_conntrack


tcp      6 429306 ESTABLISHED src=192.168.107.2 dst=192.168.101.2 sport=43586 dport=22 packets=3 bytes=204 src=192.168.101.2 dst=192.168.107.2 sport=22 dport=43586 packets=2 bytes=312 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431994 ESTABLISHED src=10.0.35.100 dst=192.168.101.2 sport=22 dport=44992 packets=2175 bytes=506108 src=192.168.101.2 dst=10.0.35.100 sport=44992 dport=22 packets=1982 bytes=103844 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431994 ESTABLISHED src=10.0.35.100 dst=192.168.15.1 sport=22 dport=35465 packets=733 bytes=162548 src=192.168.15.1 dst=10.0.35.100 sport=35465 dport=22 packets=721 bytes=37600 [ASSURED] mark=0 secmark=0 use=1











16:08:08




#cat /proc/net/ip_conntrack | grep src=192.168.102.2















16:09:02




#cat /proc/net/ip_conntrack | grep src=192.168.101.2


tcp      6 429246 ESTABLISHED src=192.168.107.2 dst=192.168.101.2 sport=43586 dport=22 packets=3 bytes=204 src=192.168.101.2 dst=192.168.107.2 sport=22 dport=43586 packets=2 bytes=312 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431981 ESTABLISHED src=10.0.35.100 dst=192.168.101.2 sport=22 dport=44992 packets=2226 bytes=511848 src=192.168.101.2 dst=10.0.35.100 sport=44992 dport=22 packets=2033 bytes=106496 [ASSURED] mark=0 secmark=0 use=1











16:09:09




#iptables -t mnat -l





iptables v1.4.3.2: option `-l' requires an argument
Try `iptables -h' or 'iptables --help' for more information.











16:18:53




#iptables -t nat -l





iptables v1.4.3.2: option `-l' requires an argument
Try `iptables -h' or 'iptables --help' for more information.











16:19:01




#iptables -t nat -L


Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











16:19:16




#iptables -t nat -POSTROTING -o eth0.100 -s 192.168.101.2 -j MASQUERADE





iptables v1.4.3.2: -P requires a chain and a policy
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
16:24:31




$ls


10:53:38\   etc-2009.05.26  MUSIC       Templates
10:53:38\\  fhdaskfh        nfdnasf     TEMPLATES
1324        FHDASKFH        NFDNASF     user_create
2009        FHJ             Pictures    user_passwd
2009.05.26  file            PICTURES    Videos
26\         FILE            Public      VIDEOS
26\\        fkdsjaf         PUBLIC      yslogd: rsyslogd.
blackroom   FKDSJAF         READM       zlo
Desktop     harddisk.img    README      Втр\
DESKTOP     iceweasel.dot   README2     Втр\\
din         iceweasel.png   RTE         Втр Май 26 10:53:38 EEST 2009
Documents   iseweasel.dot   ryuweqi     Май\
DOCUMENTS   JK              RYUWEQI     Май\\
Download    mirrors_full    screen.dot
DOWNLOAD    Music           screen.png











/dev/pts/0
16:28:03




#iptables -t nat -POSTROUTING -o eth0.100 -s 192.168.101.2 -j MASQUERADE





iptables v1.4.3.2: -P requires a chain and a policy
Try `iptables -h' or 'iptables --help' for more information.











16:28:26




#iptables -t nat -A -POSTROUTING -o eth0.100 -s 192.168.101.2 -j MASQUERADE





iptables: No chain/target/match by that name.











16:28:47




#iptables -t nat -A -POSTROUTING -o eth0.101 -s 192.168.101.2 -j MASQUERADE





iptables: No chain/target/match by that name.











16:29:12




#iptables -t nat -A -POSTROUTING -o eth0.101 -s 192.168.101.2 -j MASQUERADE





iptables: No chain/target/match by that name.











16:30:21




#ifconfig -a


eth0      Link encap:Ethernet  HWaddr 00:1b:fc:7d:bb:47
          inet addr:192.168.15.1  Bcast:192.168.15.255  Mask:255.255.255.0
          inet6 addr: fe80::21b:fcff:fe7d:bb47/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:354417 errors:0 dropped:0 overruns:0 frame:0
          TX packets:371488 errors:0 dropped:0 overruns:0 carrier:4
          collisions:0 txqueuelen:1000
          RX bytes:164711354 (157.0 MiB)  TX bytes:128141648 (122.2 MiB)
eth0.101  Link encap:Ethernet  HWaddr 00:1b:fc:7d:bb:47
          inet addr:192.168.101.1  Bcast:192.168.101.255  Mask:255.255.255.0
...
          collisions:0 txqueuelen:0
          RX bytes:14074619 (13.4 MiB)  TX bytes:34107905 (32.5 MiB)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:48886 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48886 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2443494 (2.3 MiB)  TX bytes:2443494 (2.3 MiB)











16:30:38




#iptables -t nat -A -POSTROUTING -o eth0.101 -s 192.168.101.2/24 -j MASQUERADE





iptables: No chain/target/match by that name.











16:30:47




#iptables -t nat -A -POSTROUTING -o eth0 -s 192.168.101.2/24 -j MASQUERADE





iptables: No chain/target/match by that name.











16:31:20




#iptables -t nat -A -POSTROUTING -s 192.168.101.2/24 -j MASQUERADE





iptables: No chain/target/match by that name.











16:31:29




#iptables -t nat -A -POSTROUTING -s 192.168.101.0/24 -j MASQUERADE





iptables: No chain/target/match by that name.











16:34:04




#ip route


192.168.101.0/24 dev eth0.101  proto kernel  scope link  src 192.168.101.1
192.168.15.0/24 dev eth0  proto kernel  scope link  src 192.168.15.1
default via 192.168.15.254 dev eth0











16:37:41




#iptables -t nat -A POSTROUTING -o eth0.101 -s 192.168.101.2 -j MASQUERADE












16:38:20




#iptables -t nat -F












16:38:39




#iptables -t nat -L


Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











16:38:41




#iptables -t nat -A POSTROUTING -o eth0.101 -s 192.168.101.0/24 -j MASQUERADE












/dev/pts/8
16:47:10




$su


Пароль:











16:47:19




#apt-get install apache





Чтение списков пакетов... Готово
Построение дерева зависимостей
Чтение информации о состоянии... Готово
Пакет apache недоступен, но упомянут в списке зависимостей другого пакета.
Это может означать, что пакет отсутствует, устарел, или доступен из источников, не упомянутых в sources.list
E: Для пакета apache не найдены кандидаты на установку











16:47:37




#apt-cashe search apache





bash: apt-cashe: команда не найдена











16:48:04




#apt-cache search apache


libmemcache0 - C client API for memcached memory object caching system
libmina-java - Java network application framework
libmina-java-doc - Java network application framework - documentation
libmodule-refresh-perl - Refresh %INC files when updated on disk
libnekohtml-java - HTML parser for Java
libnet-bittorrent-libbt-tracker-perl - Perl bindings for libbttracker
libnet-server-perl - An extensible, general perl server engine
libnet-stomp-perl - A Streaming Text Orientated Messaging Protocol Client
libocamlnet-ocaml-dev - OCaml application-level Internet libraries - core development libraries
libplexus-io-java - Plexus IO Components
...
libapache2-mod-perl2 - интеграция perl с веб-сервером Apache2
libapache2-mod-php5 - встраиваемый в HTML интерпретируемый язык на стороне сервера (модуль Apache 2)
libapr1 - переносимая библиотека Apache
libaprutil1 - переносимая библиотека утилит Apache
libbcel-java - анализ, создание и управление (двоичными) файлами классов Java
libserf-0-0 - высокопроизводительная клиентская библиотека HTTP с асинхронным интерфейсом
libssl0.9.8 - Динамическая библиотека для SSL
lire - полнофункциональный анализатор журналов и генератор отчетов
nginx - маленький, но очень мощный и эффективный веб-сервер
pootle - программа для управления и перевода на различные языки через веб











16:48:12




#apt-get install apache2


Чтение списков пакетов... Готово
Построение дерева зависимостей
Чтение информации о состоянии... Готово
Будут установлены следующие дополнительные пакеты:
  apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1
  libaprutil1 libaprutil1-dbd-mysql libaprutil1-ldap libmysqlclient15off
  mysql-common openssl-blacklist ssl-cert
Предлагаемые пакеты:
  apache2-doc apache2-suexec apache2-suexec-custom
НОВЫЕ пакеты, которые будут установлены:
...
Программа `dselect' или `aptitude' предоставляет дружественный интерфейс
управления пакетами;
Чтобы получить список значений флагов отладки dpkg, введите dpkg -Dhelp;
Чтобы получить информацию об игнорировании проблем, введите dpkg --force-help;
Чтобы получить справку об работе с файлами *.deb, введите dpkg-deb --help;
Чтобы получить информацию об авторских правах и отсутствии гарантий (GNU GPL),
введите dpkg --license [*].
Команды, отмеченные [*], выводят большое количество информации.
Объедините их в конвейер с программами `less' или `more'!
Настраивается пакет ssl-cert (1.0.23) ...











16:48:44




#ps -ef | apach





bash: apach: команда не найдена











/dev/pts/0
16:54:28




#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.0/24 -j MASQUERADE












16:54:43




#iptables -t nat -F












16:55:47