/l3/users/eb/2009/linux3/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24 :25 :26 :27 :28 :29 :30 :31 :32 :33 :34 :35 :36 :37 :38
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Вторник (06/02/09)

/dev/pts/6
16:04:46
#tcpdump -i eth0.102 -n host 192.168.102.2
16:05:03.301211 IP 192.168.102.2.38754 > 192.168.102.1.838: Flags [F], seq 3821804689, win 1024, length 0
16:05:03.301247 IP 192.168.102.1.838 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.301256 IP 192.168.102.2.38754 > 192.168.102.1.52: Flags [F], seq 3821804689, win 3072, length 0
16:05:03.301266 IP 192.168.102.1.52 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.301270 IP 192.168.102.2.38754 > 192.168.102.1.221: Flags [F], seq 3821804689, win 1024, length 0
16:05:03.301279 IP 192.168.102.1.221 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.301282 IP 192.168.102.2.38754 > 192.168.102.1.135: Flags [F], seq 3821804689, win 3072, length 0
16:05:03.301289 IP 192.168.102.1.135 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.301292 IP 192.168.102.2.38754 > 192.168.102.1.240: Flags [F], seq 3821804689, win 2048, length 0
16:05:03.301305 IP 192.168.102.1.240 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
...
16:05:03.304835 IP 192.168.102.1.205 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.304839 IP 192.168.102.2.38754 > 192.168.102.1.638: Flags [F], seq 3821804689, win 3072, length 0
16:05:03.304847 IP 192.168.102.1.638 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.304851 IP 192.168.102.2.38754 > 192.168.102.1.446: Flags [F], seq 3821804689, win 2048, length 0
16:05:03.304858 IP 192.168.102.1.446 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.304861 IP 192.168.102.2.38754 > 192.168.102.1.726: Flags [F], seq 3821804689, win 4096, length 0
16:05:03.304873 IP 192.168.102.1.726 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.304878 IP 192.168.102.2.38754 > 192.168.102.1.75: Flags [F], seq 3821804689, win 2048, length 0
16:05:03.304887 IP 192.168.102.1.75 > 192.168.102.2.38754: Flags [R.], seq 0, ack 3821804690, win 0, length 0
16:05:03.304890 IP 192.168.102.2.38754 > 192.168.102.1.67: Flags [F], seq 3821804689, win 4096, length 0
/dev/pts/5
16:05:56
#tcpdump -i eth0.102 -n host 192.168.102.2 not port 22 
tcpdump: syntax error
/dev/pts/6
16:05:56
#tcpdump -i eth0.102 -n host 192.168.102.2 not port 22 
tcpdump: syntax error
16:06:11
#tcpdump -i eth0.102 -n host 192.168.102.2 
16:06:53.883677 IP 192.168.102.1.606 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883686 IP 192.168.102.2.33449 > 192.168.102.1.97: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.883700 IP 192.168.102.1.97 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883706 IP 192.168.102.2.33449 > 192.168.102.1.297: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.883718 IP 192.168.102.1.297 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883723 IP 192.168.102.2.33449 > 192.168.102.1.908: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.883734 IP 192.168.102.1.908 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883743 IP 192.168.102.2.33449 > 192.168.102.1.961: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.883757 IP 192.168.102.1.961 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883762 IP 192.168.102.2.33449 > 192.168.102.1.753: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
...
16:06:53.885784 IP 192.168.102.2.33449 > 192.168.102.1.390: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.885796 IP 192.168.102.1.390 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.885800 IP 192.168.102.2.33449 > 192.168.102.1.701: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.885813 IP 192.168.102.1.701 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.886122 IP 192.168.102.2.33449 > 192.168.102.1.451: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.886164 IP 192.168.102.1.451 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.886176 IP 192.168.102.2.33449 > 192.168.102.1.967: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.886219 IP 192.168.102.1.967 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.886228 IP 192.168.102.2.33449 > 192.168.102.1.264: Flags [S], seq 2796257610, win 4096, options [mss 1460], length 0
16:06:53.886240 IP 192.168.102.1.264 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
/dev/pts/5
16:06:11
#tcpdump -i eth0.102 -n host 192.168.102.2
16:06:53.883677 IP 192.168.102.1.606 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883686 IP 192.168.102.2.33449 > 192.168.102.1.97: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.883700 IP 192.168.102.1.97 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883706 IP 192.168.102.2.33449 > 192.168.102.1.297: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.883718 IP 192.168.102.1.297 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883723 IP 192.168.102.2.33449 > 192.168.102.1.908: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.883734 IP 192.168.102.1.908 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883743 IP 192.168.102.2.33449 > 192.168.102.1.961: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.883757 IP 192.168.102.1.961 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.883762 IP 192.168.102.2.33449 > 192.168.102.1.753: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
...
16:06:53.885784 IP 192.168.102.2.33449 > 192.168.102.1.390: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.885796 IP 192.168.102.1.390 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.885800 IP 192.168.102.2.33449 > 192.168.102.1.701: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.885813 IP 192.168.102.1.701 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.886122 IP 192.168.102.2.33449 > 192.168.102.1.451: Flags [S], seq 2796257610, win 3072, options [mss 1460], length 0
16:06:53.886164 IP 192.168.102.1.451 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.886176 IP 192.168.102.2.33449 > 192.168.102.1.967: Flags [S], seq 2796257610, win 2048, options [mss 1460], length 0
16:06:53.886219 IP 192.168.102.1.967 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:06:53.886228 IP 192.168.102.2.33449 > 192.168.102.1.264: Flags [S], seq 2796257610, win 4096, options [mss 1460], length 0
16:06:53.886240 IP 192.168.102.1.264 > 192.168.102.2.33449: Flags [R.], seq 0, ack 2796257611, win 0, length 0
16:07:15
#tcpdump -i eth0.102 -n host 192.168.102.2 port not 22 
tcpdump: syntax error
/dev/pts/6
16:07:15
#tcpdump -i eth0.102 -n host 192.168.102.2 port not 22 
tcpdump: syntax error
/dev/pts/5
16:07:29
#tcpdump -i eth0.102 -n host 192.168.102.2 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
/dev/pts/6
16:07:29
#tcpdump -i eth0.102 -n host 192.168.102.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
/dev/pts/5
16:07:43
#cat /proc/net/ip_conntrack 
udp      17 10 src=192.168.15.3 dst=10.0.35.1 sport=43231 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=43231 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 100 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58220 dport=18030 packets=6 bytes=1946 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58220 packets=5 bytes=292 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431991 ESTABLISHED src=192.168.102.2 dst=10.0.35.100 sport=48057 dport=22 packets=2671 bytes=146087 src=10.0.35.100 dst=192.168.102.2 sport=22 dport=48057 packets=3429 bytes=959383 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431925 ESTABLISHED src=192.168.102.1 dst=192.168.102.2 sport=51693 dport=22 packets=131 bytes=11111 src=192.168.102.2 dst=192.168.102.1 sport=22 dport=51693 packets=84 bytes=11299 [ASSURED] mark=0 secmark=0 use=1
udp      17 10 src=192.168.15.3 dst=10.0.35.1 sport=58554 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=58554 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 90 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58218 dport=18030 packets=5 bytes=1506 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58218 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 13 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58215 dport=18030 packets=5 bytes=891 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58215 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
udp      17 0 src=192.168.15.3 dst=10.0.35.1 sport=59453 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=59453 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 6 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58214 dport=18030 packets=5 bytes=1500 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58214 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 66 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58216 dport=18030 packets=12 bytes=19301 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58216 packets=15 bytes=788 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431991 ESTABLISHED src=192.168.15.3 dst=10.0.35.100 sport=33397 dport=22 packets=2390 bytes=127172 src=10.0.35.100 dst=192.168.15.3 sport=22 dport=33397 packets=2488 bytes=544464 [ASSURED] mark=0 secmark=0 use=1
tcp      6 427183 ESTABLISHED src=10.0.35.100 dst=192.168.102.2 sport=39855 dport=80 packets=1 bytes=40 [UNREPLIED] src=192.168.102.2 dst=10.0.35.100 sport=80 dport=39855 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 431995 ESTABLISHED src=192.168.15.3 dst=213.180.203.19 sport=49016 dport=5222 packets=91 bytes=14511 src=213.180.203.19 dst=192.168.15.3 sport=5222 dport=49016 packets=82 bytes=36022 [ASSURED] mark=0 secmark=0 use=1
tcp      6 100 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58219 dport=18030 packets=5 bytes=1113 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58219 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 427163 ESTABLISHED src=10.0.35.100 dst=192.168.102.2 sport=43520 dport=80 packets=1 bytes=40 [UNREPLIED] src=192.168.102.2 dst=10.0.35.100 sport=80 dport=43520 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 79 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58217 dport=18030 packets=11 bytes=19249 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58217 packets=16 bytes=852 [ASSURED] mark=0 secmark=0 use=1
tcp      6 46 TIME_WAIT src=192.168.102.2 dst=194.150.93.78 sport=36404 dport=18030 packets=5 bytes=1104 src=194.150.93.78 dst=192.168.102.2 sport=18030 dport=36404 packets=4 bytes=216 [ASSURED] mark=0 secmark=0 use=1
/dev/pts/6
16:07:43
#cat /proc/net/ip_conntrack
udp      17 10 src=192.168.15.3 dst=10.0.35.1 sport=43231 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=43231 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 100 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58220 dport=18030 packets=6 bytes=1946 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58220 packets=5 bytes=292 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431991 ESTABLISHED src=192.168.102.2 dst=10.0.35.100 sport=48057 dport=22 packets=2671 bytes=146087 src=10.0.35.100 dst=192.168.102.2 sport=22 dport=48057 packets=3429 bytes=959383 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431925 ESTABLISHED src=192.168.102.1 dst=192.168.102.2 sport=51693 dport=22 packets=131 bytes=11111 src=192.168.102.2 dst=192.168.102.1 sport=22 dport=51693 packets=84 bytes=11299 [ASSURED] mark=0 secmark=0 use=1
udp      17 10 src=192.168.15.3 dst=10.0.35.1 sport=58554 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=58554 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 90 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58218 dport=18030 packets=5 bytes=1506 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58218 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 13 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58215 dport=18030 packets=5 bytes=891 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58215 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
udp      17 0 src=192.168.15.3 dst=10.0.35.1 sport=59453 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=59453 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 6 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58214 dport=18030 packets=5 bytes=1500 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58214 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 66 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58216 dport=18030 packets=12 bytes=19301 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58216 packets=15 bytes=788 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431991 ESTABLISHED src=192.168.15.3 dst=10.0.35.100 sport=33397 dport=22 packets=2390 bytes=127172 src=10.0.35.100 dst=192.168.15.3 sport=22 dport=33397 packets=2488 bytes=544464 [ASSURED] mark=0 secmark=0 use=1
tcp      6 427183 ESTABLISHED src=10.0.35.100 dst=192.168.102.2 sport=39855 dport=80 packets=1 bytes=40 [UNREPLIED] src=192.168.102.2 dst=10.0.35.100 sport=80 dport=39855 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 431995 ESTABLISHED src=192.168.15.3 dst=213.180.203.19 sport=49016 dport=5222 packets=91 bytes=14511 src=213.180.203.19 dst=192.168.15.3 sport=5222 dport=49016 packets=82 bytes=36022 [ASSURED] mark=0 secmark=0 use=1
tcp      6 100 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58219 dport=18030 packets=5 bytes=1113 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58219 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 427163 ESTABLISHED src=10.0.35.100 dst=192.168.102.2 sport=43520 dport=80 packets=1 bytes=40 [UNREPLIED] src=192.168.102.2 dst=10.0.35.100 sport=80 dport=43520 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 79 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58217 dport=18030 packets=11 bytes=19249 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58217 packets=16 bytes=852 [ASSURED] mark=0 secmark=0 use=1
tcp      6 46 TIME_WAIT src=192.168.102.2 dst=194.150.93.78 sport=36404 dport=18030 packets=5 bytes=1104 src=194.150.93.78 dst=192.168.102.2 sport=18030 dport=36404 packets=4 bytes=216 [ASSURED] mark=0 secmark=0 use=1
/dev/pts/5
16:08:08
#lsmod | grep trac 
nf_conntrack_ipv4      11568  1
nf_defrag_ipv4          1648  1 nf_conntrack_ipv4
xt_conntrack            3168  1
nf_conntrack           58228  2 nf_conntrack_ipv4,xt_conntrack
x_tables               13672  4 xt_conntrack,xt_tcpudp,ipt_REJECT,ip_tables
/dev/pts/6
16:08:08
#lsmod | grep trac
nf_conntrack_ipv4      11568  1
nf_defrag_ipv4          1648  1 nf_conntrack_ipv4
xt_conntrack            3168  1
nf_conntrack           58228  2 nf_conntrack_ipv4,xt_conntrack
x_tables               13672  4 xt_conntrack,xt_tcpudp,ipt_REJECT,ip_tables
/dev/pts/5
16:14:50
#iptables -v --list 
Chain INPUT (policy ACCEPT 1 packets, 350 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 1383 packets, 250K bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 3167 packets, 325K bytes)
 pkts bytes target     prot opt in     out     source               destination
/dev/pts/6
16:14:50
#iptables -v --list
Chain INPUT (policy ACCEPT 1 packets, 350 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 1383 packets, 250K bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 3167 packets, 325K bytes)
 pkts bytes target     prot opt in     out     source               destination
/dev/pts/5
16:22:20
#iptables -t nat -D PREROUTING -i eth0.102 -p tcp --dport 22 -j DNAT --to-destination 10.0.35.100:22 










/dev/pts/6
16:22:20




#iptables -t nat -D PREROUTING -i eth0.102 -p tcp --dport 22 -j DNAT --to-destination 10.0.35.100:22












/dev/pts/5
16:24:16




#iptables -t nat -D PREROUTING -i eth0.102 -p tcp --dport 22 -j DNAT --to-destination 192.168.15.1:22















/dev/pts/6
16:24:16




#iptables -t nat -D PREROUTING -i eth0.102 -p tcp --dport 22 -j DNAT --to-destination 192.168.15.1:22












/dev/pts/5
16:25:36




#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE















/dev/pts/6
16:25:36




#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE












16:27:26




#iptables -t nat -v --list





Chain PREROUTING (policy ACCEPT 16 packets, 1465 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain POSTROUTING (policy ACCEPT 23 packets, 1320 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   224 MASQUERADE  all  --  any    eth0    anywhere             anywhere
Chain OUTPUT (policy ACCEPT 12 packets, 672 bytes)
 pkts bytes target     prot opt in     out     source               destination











/dev/pts/5
16:27:26




#iptables -t nat -v --list


Chain PREROUTING (policy ACCEPT 16 packets, 1465 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain POSTROUTING (policy ACCEPT 23 packets, 1320 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   224 MASQUERADE  all  --  any    eth0    anywhere             anywhere
Chain OUTPUT (policy ACCEPT 12 packets, 672 bytes)
 pkts bytes target     prot opt in     out     source               destination











16:27:45




#iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE















/dev/pts/6
16:27:45




#iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE












/dev/pts/5
16:28:25




#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.102.0/32 -j MASQUERADE















/dev/pts/6
16:28:25




#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.102.0/32 -j MASQUERADE










прошло 11 минут




/dev/pts/5
16:39:32




#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.102.0/32 -d 192.168.15.0/24 -j MASQUERADE















/dev/pts/6
16:39:32




#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.102.0/32 -d 192.168.15.0/24 -j MASQUERADE












/dev/pts/5
16:40:11




#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.15.3















/dev/pts/6
16:40:11




#iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.15.3










прошла 21 минута




/dev/pts/5
17:02:07




#iptables -t nat -A PREROUTING -i eth0 --sport 8080 -j DNAT --to-destination 192.168.102.2:80





iptables v1.4.3.2: unknown option `--sport'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
17:02:07




#iptables -t nat -A PREROUTING -i eth0 --sport 8080 -j DNAT --to-destination 192.168.102.2:80





iptables v1.4.3.2: unknown option `--sport'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
17:04:21




#iptables -t nat -A PREROUTING -i eth0 --dport 8080 -j DNAT --to-destination 192.168.102.2:80





iptables v1.4.3.2: unknown option `--dport'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
17:04:21




#iptables -t nat -A PREROUTING -i eth0 --dport 8080 -j DNAT --to-destination 192.168.102.2:80





iptables v1.4.3.2: unknown option `--dport'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
17:04:28




#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.102.2:80















/dev/pts/6
17:04:28




#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.102.2:80












/dev/pts/5
17:04:50




#iptables -t nat -A POSTROUTING -o eth0.102 -p tcp --sport 80 -j SNAT --to 192.168.102.1















/dev/pts/6
17:04:50




#iptables -t nat -A POSTROUTING -o eth0.102 -p tcp --sport 80 -j SNAT --to 192.168.102.1












/dev/pts/5
17:06:28




#iptables -t nat -D POSTROUTING -o eth0.102 -p tcp --sport 80 -j SNAT --to 192.168.102.1















/dev/pts/6
17:06:28




#iptables -t nat -D POSTROUTING -o eth0.102 -p tcp --sport 80 -j SNAT --to 192.168.102.1












/dev/pts/5
17:11:00




#iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.102.2:80















/dev/pts/6
17:11:00




#iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.102.2:80










прошла 91 минута




/dev/pts/2
18:42:29




#cat /etc/crontab





# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#











/dev/pts/3
18:42:29




#cat /etc/crontab


# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#











/dev/pts/2
18:42:36




#tail -f -n 30 /var/log/syslog





Jun  2 18:41:06 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:41:06 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:41:26 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:41:26 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:41:26 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:41:26 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:41:46 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:41:46 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:41:46 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:41:46 linux4 monit[2812]: 'cron' failed to start
...
Jun  2 18:43:26 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:43:47 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:43:47 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:43:47 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:43:47 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:44:07 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:44:07 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:44:07 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:44:07 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
^C











/dev/pts/3
18:42:36




#tail -f -n 30 /var/log/syslog





Jun  2 18:41:06 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:41:06 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:41:26 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:41:26 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:41:26 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:41:26 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:41:46 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:41:46 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:41:46 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:41:46 linux4 monit[2812]: 'cron' failed to start
...
Jun  2 18:43:26 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:43:47 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:43:47 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:43:47 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
Jun  2 18:43:47 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:44:07 linux4 monit[2812]: 'cron' process is not running
Jun  2 18:44:07 linux4 monit[2812]: 'cron' failed to start
Jun  2 18:44:07 linux4 monit[2812]: 'cron' trying to restart
Jun  2 18:44:07 linux4 monit[2812]: 'cron' start: /etc/init.d/cron
^C











/dev/pts/2
18:44:21




#vi /etc/mo













18:44:21




#vi /etc/mo













/dev/pts/3
18:44:21




#vi /etc/mo













18:44:21




#vi /etc/mo













18:44:21




#vi /etc/monit/monitrc





--- /tmp/l3-saved-2913.655.16604	2009-06-02 18:44:59.000000000 +0300
+++ /etc/monit/monitrc	2009-06-02 18:45:36.000000000 +0300
@@ -133,10 +133,10 @@
 ## statement. This service depends on another service (apache_bin) which
 ## is defined above.
 #    
-   check process cron   with pidfile /var/run/cron.pid
+#   check process cron   with pidfile /var/run/cron.pid
 #  check process apache with pidfile /usr/local/apache/logs/httpd.pid
-    start program = "/etc/init.d/cron start"
-    stop program  = "/etc/init.d/cron stop"
+#    start program = "/etc/init.d/cron start"
+#    stop program  = "/etc/init.d/cron stop"
 #    if cpu > 60% for 2 cycles then alert
 #    if cpu > 80% for 5 cycles then restart
 #    if totalmem > 200.0 MB for 5 cycles then restart









/dev/pts/2
18:44:21




#vi /etc/monit/monitrc










18:45:36




#pkill -HUP monit















/dev/pts/3
18:45:36




#pkill -HUP monit












/dev/pts/2
18:47:00




#grep sys /etc/passwd





sys:x:3:3:sys:/dev:/bin/sh











/dev/pts/3
18:47:00




#grep sys /etc/passwd


sys:x:3:3:sys:/dev:/bin/sh











/dev/pts/2
18:47:16




#grep adm /etc/gro





groff/  group   group-











18:47:16




#grep adm /etc/group





adm:x:4:











/dev/pts/3
18:47:16




#grep adm /etc/gro





groff/  group   group-











18:47:16




#grep adm /etc/group


adm:x:4:











/dev/pts/2
18:47:48




#cat /etc/syslog.conf





cat: /etc/syslog.conf: No such file or directory











/dev/pts/3
18:47:48




#cat /etc/syslog.conf





cat: /etc/syslog.conf: No such file or directory











/dev/pts/2
18:49:57




#cat /etc/r





rc0.d/        rc2.d/        rc4.d/        rc6.d/        rcS.d/        rmt           rsyslog.conf
rc1.d/        rc3.d/        rc5.d/        rc.local      resolv.conf   rpc











/dev/pts/3
18:49:57




#cat /etc/r





rc0.d/        rc2.d/        rc4.d/        rc6.d/        rcS.d/        rmt           rsyslog.conf
rc1.d/        rc3.d/        rc5.d/        rc.local      resolv.conf   rpc











/dev/pts/2
18:49:57




#cat /etc/rsyslog.conf





#  /etc/rsyslog.conf    Configuration file for rsyslog v3.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability
...
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole











/dev/pts/3
18:49:57




#cat /etc/rsyslog.conf


#  /etc/rsyslog.conf    Configuration file for rsyslog v3.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability
...
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole









Среда (06/03/09)


/dev/pts/6
09:35:19




#ssh --help





usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-w local_tun[:remote_tun]] [user@]hostname [command]











/dev/pts/5
09:35:19




#ssh --help





usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-w local_tun[:remote_tun]] [user@]hostname [command]









прошло 12 минут




/dev/pts/6
09:47:38




#whois





bash: whois: command not found











/dev/pts/5
09:47:38




#whois





bash: whois: command not found











/dev/pts/6
09:51:32




#apt-get install whois





Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  whois
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 56.1kB of archives.
After this operation, 332kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main whois 4.7.33 [56.1kB]
Fetched 56.1kB in 0s (307kB/s)
Selecting previously deselected package whois.
(Reading database ... 55589 files and directories currently installed.)
Unpacking whois (from .../archives/whois_4.7.33_i386.deb) ...
Processing triggers for man-db ...
Setting up whois (4.7.33) ...











/dev/pts/5
09:51:32




#apt-get install whois


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  whois
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 56.1kB of archives.
After this operation, 332kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main whois 4.7.33 [56.1kB]
Fetched 56.1kB in 0s (307kB/s)
Selecting previously deselected package whois.
(Reading database ... 55589 files and directories currently installed.)
Unpacking whois (from .../archives/whois_4.7.33_i386.deb) ...
Processing triggers for man-db ...
Setting up whois (4.7.33) ...











/dev/pts/6
09:51:57




#host ukrtelecom.ua





ukrtelecom.ua           A       195.5.46.19











/dev/pts/5
09:51:57




#host ukrtelecom.ua


ukrtelecom.ua           A       195.5.46.19











/dev/pts/6
09:54:34




#whois 195.5.46.19





% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag
% Information related to '195.5.46.0 - 195.5.46.255'
inetnum:        195.5.46.0 - 195.5.46.255
netname:        UKRTELNET
...
phone:          +380 (44) 230-9024
nic-hdl:        ARM42-RIPE
mnt-by:         AS6849-MNT
source:         RIPE # Filtered
% Information related to '195.5.32.0/19AS6849'
route:        195.5.32.0/19
descr:        AGGREGATE BLOCK FOR UKRTELECOM.
origin:       AS6849
mnt-by:       AS6849-MNT
source:       RIPE # Filtered











/dev/pts/5
09:54:34




#whois 195.5.46.19


% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag
% Information related to '195.5.46.0 - 195.5.46.255'
inetnum:        195.5.46.0 - 195.5.46.255
netname:        UKRTELNET
...
phone:          +380 (44) 230-9024
nic-hdl:        ARM42-RIPE
mnt-by:         AS6849-MNT
source:         RIPE # Filtered
% Information related to '195.5.32.0/19AS6849'
route:        195.5.32.0/19
descr:        AGGREGATE BLOCK FOR UKRTELECOM.
origin:       AS6849
mnt-by:       AS6849-MNT
source:       RIPE # Filtered











/dev/pts/6
09:54:47




#ls -l /etc/ssh





total 152
-rw-r--r-- 1 root root 125749 2009-05-04 23:39 moduli
-rw-r--r-- 1 root root   1595 2009-05-04 23:39 ssh_config
-rw-r--r-- 1 root root   1874 2009-05-24 13:23 sshd_config
-rw------- 1 root root    668 2009-05-24 13:23 ssh_host_dsa_key
-rw-r--r-- 1 root root    599 2009-05-24 13:23 ssh_host_dsa_key.pub
-rw------- 1 root root   1675 2009-05-24 13:23 ssh_host_rsa_key
-rw-r--r-- 1 root root    391 2009-05-24 13:23 ssh_host_rsa_key.pub











/dev/pts/5
09:54:47




#ls -l /etc/ssh


total 152
-rw-r--r-- 1 root root 125749 2009-05-04 23:39 moduli
-rw-r--r-- 1 root root   1595 2009-05-04 23:39 ssh_config
-rw-r--r-- 1 root root   1874 2009-05-24 13:23 sshd_config
-rw------- 1 root root    668 2009-05-24 13:23 ssh_host_dsa_key
-rw-r--r-- 1 root root    599 2009-05-24 13:23 ssh_host_dsa_key.pub
-rw------- 1 root root   1675 2009-05-24 13:23 ssh_host_rsa_key
-rw-r--r-- 1 root root    391 2009-05-24 13:23 ssh_host_rsa_key.pub











/dev/pts/6
09:59:33




#ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub





1024 fa:0a:dd:c2:37:53:40:c3:1a:64:cf:fb:7a:78:18:ac /etc/ssh/ssh_host_dsa_key.pub (DSA)











/dev/pts/5
09:59:33




#ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub


1024 fa:0a:dd:c2:37:53:40:c3:1a:64:cf:fb:7a:78:18:ac /etc/ssh/ssh_host_dsa_key.pub (DSA)











/dev/pts/6
10:01:46




#ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key





1024 fa:0a:dd:c2:37:53:40:c3:1a:64:cf:fb:7a:78:18:ac /etc/ssh/ssh_host_dsa_key.pub (DSA)











/dev/pts/5
10:01:46




#ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key


1024 fa:0a:dd:c2:37:53:40:c3:1a:64:cf:fb:7a:78:18:ac /etc/ssh/ssh_host_dsa_key.pub (DSA)











/dev/pts/3
10:02:24




#ping mail.ru





PING mail.ru (10.0.35.1) 56(84) bytes of data.
64 bytes from 10.0.35.1: icmp_seq=1 ttl=63 time=0.166 ms
64 bytes from 10.0.35.1: icmp_seq=2 ttl=63 time=0.173 ms
64 bytes from 10.0.35.1: icmp_seq=3 ttl=63 time=0.182 ms
64 bytes from 10.0.35.1: icmp_seq=4 ttl=63 time=0.200 ms
64 bytes from 10.0.35.1: icmp_seq=5 ttl=63 time=0.206 ms
64 bytes from 10.0.35.1: icmp_seq=6 ttl=63 time=0.185 ms
64 bytes from 10.0.35.1: icmp_seq=7 ttl=63 time=0.205 ms
64 bytes from 10.0.35.1: icmp_seq=8 ttl=63 time=0.171 ms
64 bytes from 10.0.35.1: icmp_seq=9 ttl=63 time=0.185 ms
64 bytes from 10.0.35.1: icmp_seq=10 ttl=63 time=0.206 ms
64 bytes from 10.0.35.1: icmp_seq=11 ttl=63 time=0.170 ms
64 bytes from 10.0.35.1: icmp_seq=12 ttl=63 time=0.186 ms
^C
--- mail.ru ping statistics ---
12 packets transmitted, 12 received, 0% packet loss, time 11002ms
rtt min/avg/max/mdev = 0.166/0.186/0.206/0.017 ms











/dev/pts/8
10:02:24




#ping mail.ru


PING mail.ru (10.0.35.1) 56(84) bytes of data.
64 bytes from 10.0.35.1: icmp_seq=1 ttl=63 time=0.166 ms
64 bytes from 10.0.35.1: icmp_seq=2 ttl=63 time=0.173 ms
64 bytes from 10.0.35.1: icmp_seq=3 ttl=63 time=0.182 ms
64 bytes from 10.0.35.1: icmp_seq=4 ttl=63 time=0.200 ms
64 bytes from 10.0.35.1: icmp_seq=5 ttl=63 time=0.206 ms
64 bytes from 10.0.35.1: icmp_seq=6 ttl=63 time=0.185 ms
64 bytes from 10.0.35.1: icmp_seq=7 ttl=63 time=0.205 ms
64 bytes from 10.0.35.1: icmp_seq=8 ttl=63 time=0.171 ms
64 bytes from 10.0.35.1: icmp_seq=9 ttl=63 time=0.185 ms
64 bytes from 10.0.35.1: icmp_seq=10 ttl=63 time=0.206 ms
64 bytes from 10.0.35.1: icmp_seq=11 ttl=63 time=0.170 ms
64 bytes from 10.0.35.1: icmp_seq=12 ttl=63 time=0.186 ms
^C
--- mail.ru ping statistics ---
12 packets transmitted, 12 received, 0% packet loss, time 11002ms
rtt min/avg/max/mdev = 0.166/0.186/0.206/0.017 ms











/dev/pts/3
10:02:41




#ls -l





1               hello           screen.dot      t1.txt
.bash_history   .l3rc           screen.png      .vim/
.bash_profile   .lilalo/        .screenrc       .viminfo
.bashrc         m1/             .sendxmpprc
.gqview/        .profile        .ssh/
harddisk.img    .scapy_history  .swp











/dev/pts/8
10:02:41




#ls -l





1               hello           screen.dot      t1.txt
.bash_history   .l3rc           screen.png      .vim/
.bash_profile   .lilalo/        .screenrc       .viminfo
.bashrc         m1/             .sendxmpprc
.gqview/        .profile        .ssh/
harddisk.img    .scapy_history  .swp











/dev/pts/3
10:02:41




#ls -l .ssh/





total 8
-rw-r--r-- 1 root root  609 2009-05-25 02:40 authorized_keys
-rw-r--r-- 1 root root 1326 2009-06-02 11:44 known_hosts











/dev/pts/8
10:02:41




#ls -l .ssh/


total 8
-rw-r--r-- 1 root root  609 2009-05-25 02:40 authorized_keys
-rw-r--r-- 1 root root 1326 2009-06-02 11:44 known_hosts











/dev/pts/6
10:05:04




#ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub





2048 34:6c:c2:da:38:7c:d7:17:e9:cd:17:8d:e7:cf:f1:a6 /etc/ssh/ssh_host_rsa_key.pub (RSA)











/dev/pts/5
10:05:04




#ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub


2048 34:6c:c2:da:38:7c:d7:17:e9:cd:17:8d:e7:cf:f1:a6 /etc/ssh/ssh_host_rsa_key.pub (RSA)











/dev/pts/3
10:06:13




#cat .ssh/known_hosts





|1|HJKm4E7WUi6fRJCt+13xQJR83x8=|x1odf9WQrl/Wo604TykXZVz+trY= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6XXgrwWrb1ZSYdGOCZziwKRREKfhW++NiammHOqMhMUDs67dwxdjYJjp9/bjChmCW7wA3djmPkFjUHeC/xbvaNTFO+NCS0iwbewz+Srl8E283aQUkTRuXdREQMkL7N3endUqOB7bROJ3oxMY7nURectgkHynnZ2hA1WANrPs8XpwV2bYuwpB9hrvJMw6+sxNojvp28lcDLnEXXh9pOuKkdkVtoUPGhRNr/IliRA2LRZg3QuUSkiEVL0R78k6siMV93W1J9ZhslSpW8XijCjkK4ZVyk1IXBVKAgltZRjVfJpizNF
|1|qtEVun0S61umycM76aQKT5Ccp3A=|1PHdFdJxlJiSnpN+P2u2y3qs9GQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2MKci5Bhj9AzgVtUDRapesSxLzafVqE/0Zb9Yd3hVnYSA8SAZ5V635nHjOZyGr/3twLQDX0Dr3BAemmBMmrbQi/MbRxSCUXumdeMQ9yIbfT3YxMJskqdpQEkLiCrqm2/0wEMUh0qqTzbAGdqBM+z3nWPeZE5EGdIVuVf++iV4GwvhWVlx5NDONG6tGfmpF9P4KV99/J1jhjf5s+ssMYJAbEgPlbi45ZLfV9uzIuk8RhN3yv6+kcg9K3dNLeaq+QB8pNAxqVNitOh13G2jyxD7ea3IDTiH1q8WfsSSJIwtN3AQsP
|1|/xAHFOfmbMFePSG9EsEEgXzkalg=|wjNQOikQdtBdeyEuaQ+YMytwUlU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6XXgrwWrb1ZSYdGOCZziwKRREKfhW++NiammHOqMhMUDs67dwxdjYJjp9/bjChmCW7wA3djmPkFjUHeC/xbvaNTFO+NCS0iwbewz+Srl8E283aQUkTRuXdREQMkL7N3endUqOB7bROJ3oxMY7nURectgkHynnZ2hA1WANrPs8XpwV2bYuwpB9hrvJMw6+sxNojvp28lcDLnEXXh9pOuKkdkVtoUPGhRNr/IliRA2LRZg3QuUSkiEVL0R78k6siMV93W1J9ZhslSpW8XijCjkK4ZVyk1IXBVKAgltZRjVfJpizNF











/dev/pts/8
10:06:13




#cat .ssh/known_hosts


|1|HJKm4E7WUi6fRJCt+13xQJR83x8=|x1odf9WQrl/Wo604TykXZVz+trY= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6XXgrwWrb1ZSYdGOCZziwKRREKfhW++NiammHOqMhMUDs67dwxdjYJjp9/bjChmCW7wA3djmPkFjUHeC/xbvaNTFO+NCS0iwbewz+Srl8E283aQUkTRuXdREQMkL7N3endUqOB7bROJ3oxMY7nURectgkHynnZ2hA1WANrPs8XpwV2bYuwpB9hrvJMw6+sxNojvp28lcDLnEXXh9pOuKkdkVtoUPGhRNr/IliRA2LRZg3QuUSkiEVL0R78k6siMV93W1J9ZhslSpW8XijCjkK4ZVyk1IXBVKAgltZRjVfJpizNF
|1|qtEVun0S61umycM76aQKT5Ccp3A=|1PHdFdJxlJiSnpN+P2u2y3qs9GQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2MKci5Bhj9AzgVtUDRapesSxLzafVqE/0Zb9Yd3hVnYSA8SAZ5V635nHjOZyGr/3twLQDX0Dr3BAemmBMmrbQi/MbRxSCUXumdeMQ9yIbfT3YxMJskqdpQEkLiCrqm2/0wEMUh0qqTzbAGdqBM+z3nWPeZE5EGdIVuVf++iV4GwvhWVlx5NDONG6tGfmpF9P4KV99/J1jhjf5s+ssMYJAbEgPlbi45ZLfV9uzIuk8RhN3yv6+kcg9K3dNLeaq+QB8pNAxqVNitOh13G2jyxD7ea3IDTiH1q8WfsSSJIwtN3AQsP
|1|/xAHFOfmbMFePSG9EsEEgXzkalg=|wjNQOikQdtBdeyEuaQ+YMytwUlU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6XXgrwWrb1ZSYdGOCZziwKRREKfhW++NiammHOqMhMUDs67dwxdjYJjp9/bjChmCW7wA3djmPkFjUHeC/xbvaNTFO+NCS0iwbewz+Srl8E283aQUkTRuXdREQMkL7N3endUqOB7bROJ3oxMY7nURectgkHynnZ2hA1WANrPs8XpwV2bYuwpB9hrvJMw6+sxNojvp28lcDLnEXXh9pOuKkdkVtoUPGhRNr/IliRA2LRZg3QuUSkiEVL0R78k6siMV93W1J9ZhslSpW8XijCjkK4ZVyk1IXBVKAgltZRjVfJpizNF











/dev/pts/3
10:06:32




#cat .ssh/authorized_keys





ssh-dss AAAAB3NzaC1kc3MAAACBAPM7secFkeM6KVrBL00ogESqHhZsItP2Pe2+hNt1FSvIZlNgFOvQUnAoC0TNVv8nASnoii/j4Ts2QNVe68Ox66WcXkV1ybHo9k75Bvm66mn0EZmhd7CfiQb2i+frZlM0TxDCPVBE8245M+5nU0neihE7OkGy6Y+fUT9/5PCREzOfAAAAFQDlSO+CParevDU1EMnFnyCWgHrgLwAAAIEA6xZUtORCvJDQAdLmfLkW4bfge5gzYuLkf3eWy8hbe5yWlHATC/YM1QefDzHZOJEvBjN6UXJ8AdeTa/9Qh6xysWsE66HJQhnfRLqG1gynsIqeaF0i8c1P48zwsNfCjWv8jgHdg/SXeAFemawY8q7eITZvdmun2Y3n











/dev/pts/8
10:06:32




#cat .ssh/authorized_keys


ssh-dss AAAAB3NzaC1kc3MAAACBAPM7secFkeM6KVrBL00ogESqHhZsItP2Pe2+hNt1FSvIZlNgFOvQUnAoC0TNVv8nASnoii/j4Ts2QNVe68Ox66WcXkV1ybHo9k75Bvm66mn0EZmhd7CfiQb2i+frZlM0TxDCPVBE8245M+5nU0neihE7OkGy6Y+fUT9/5PCREzOfAAAAFQDlSO+CParevDU1EMnFnyCWgHrgLwAAAIEA6xZUtORCvJDQAdLmfLkW4bfge5gzYuLkf3eWy8hbe5yWlHATC/YM1QefDzHZOJEvBjN6UXJ8AdeTa/9Qh6xysWsE66HJQhnfRLqG1gynsIqeaF0i8c1P48zwsNfCjWv8jgHdg/SXeAFemawY8q7eITZvdmun2Y3n











/dev/pts/3
10:06:48




#ssh 192.168.15.1





The authenticity of host '192.168.15.1 (192.168.15.1)' can't be established.
RSA key fingerprint is 34:6c:c2:da:38:7c:d7:17:e9:cd:17:8d:e7:cf:f1:a6.
+--[ RSA 2048]----+
|                 |
|     . .     . ..|
|      o =   o ..o|
|   . + + o . + o.|
|    = o S . o o.o|
|     o .   .   o+|
|                =|
...
Warning: Permanently added '192.168.15.1' (RSA) to the list of known hosts.
root@192.168.15.1's password:
Linux linux1 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Jun  3 10:11:05 2009 from linux12.unix.nt
l3-agent is already running: pid=4276; pidfile=/root/.lilalo/l3-agent.pid











/dev/pts/8
10:06:48




#ssh 192.168.15.1


The authenticity of host '192.168.15.1 (192.168.15.1)' can't be established.
RSA key fingerprint is 34:6c:c2:da:38:7c:d7:17:e9:cd:17:8d:e7:cf:f1:a6.
+--[ RSA 2048]----+
|                 |
|     . .     . ..|
|      o =   o ..o|
|   . + + o . + o.|
|    = o S . o o.o|
|     o .   .   o+|
|                =|
...
Warning: Permanently added '192.168.15.1' (RSA) to the list of known hosts.
root@192.168.15.1's password:
Linux linux1 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Jun  3 10:11:05 2009 from linux12.unix.nt
l3-agent is already running: pid=4276; pidfile=/root/.lilalo/l3-agent.pid











/dev/pts/6
10:11:21




#vi ~/.ssh/config





--- /dev/null	2009-06-03 09:24:49.512751715 +0300
+++ /root/.ssh/config	2009-06-03 10:13:53.000000000 +0300
@@ -0,0 +1,2 @@
+Host *
+	VisualHostKey yes









/dev/pts/5
10:11:21




#vi ~/.ssh/config













/dev/pts/6
10:13:53




#vi /etc/ssh/ssh













/dev/pts/5
10:13:53




#vi /etc/ssh/ssh











Файлы
  • .ssh/authorized_keys
  • .ssh/known_hosts
  • /etc/crontab
  • /etc/rsyslog.conf
  • /proc/net/ip_conntrack
    • .ssh/authorized_keys
    

    >
    ssh-dss AAAAB3NzaC1kc3MAAACBAPM7secFkeM6KVrBL00ogESqHhZsItP2Pe2+hNt1FSvIZlNgFOvQUnAoC0TNVv8nASnoii/j4Ts2QNVe68Ox66WcXkV1ybHo9k75Bvm66mn0EZmhd7CfiQb2i+frZlM0TxDCPVBE8245M+5nU0neihE7OkGy6Y+fUT9/5PCREzOfAAAAFQDlSO+CParevDU1EMnFnyCWgHrgLwAAAIEA6xZUtORCvJDQAdLmfLkW4bfge5gzYuLkf3eWy8hbe5yWlHATC/YM1QefDzHZOJEvBjN6UXJ8AdeTa/9Qh6xysWsE66HJQhnfRLqG1gynsIqeaF0i8c1P48zwsNfCjWv8jgHdg/SXeAFemawY8q7eITZvdmun2Y3n

    .ssh/known_hosts
    

    >
    |1|HJKm4E7WUi6fRJCt+13xQJR83x8=|x1odf9WQrl/Wo604TykXZVz+trY= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6XXgrwWrb1ZSYdGOCZziwKRREKfhW++NiammHOqMhMUDs67dwxdjYJjp9/bjChmCW7wA3djmPkFjUHeC/xbvaNTFO+NCS0iwbewz+Srl8E283aQUkTRuXdREQMkL7N3endUqOB7bROJ3oxMY7nURectgkHynnZ2hA1WANrPs8XpwV2bYuwpB9hrvJMw6+sxNojvp28lcDLnEXXh9pOuKkdkVtoUPGhRNr/IliRA2LRZg3QuUSkiEVL0R78k6siMV93W1J9ZhslSpW8XijCjkK4ZVyk1IXBVKAgltZRjVfJpizNF
|1|qtEVun0S61umycM76aQKT5Ccp3A=|1PHdFdJxlJiSnpN+P2u2y3qs9GQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2MKci5Bhj9AzgVtUDRapesSxLzafVqE/0Zb9Yd3hVnYSA8SAZ5V635nHjOZyGr/3twLQDX0Dr3BAemmBMmrbQi/MbRxSCUXumdeMQ9yIbfT3YxMJskqdpQEkLiCrqm2/0wEMUh0qqTzbAGdqBM+z3nWPeZE5EGdIVuVf++iV4GwvhWVlx5NDONG6tGfmpF9P4KV99/J1jhjf5s+ssMYJAbEgPlbi45ZLfV9uzIuk8RhN3yv6+kcg9K3dNLeaq+QB8pNAxqVNitOh13G2jyxD7ea3IDTiH1q8WfsSSJIwtN3AQsP
|1|/xAHFOfmbMFePSG9EsEEgXzkalg=|wjNQOikQdtBdeyEuaQ+YMytwUlU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6XXgrwWrb1ZSYdGOCZziwKRREKfhW++NiammHOqMhMUDs67dwxdjYJjp9/bjChmCW7wA3djmPkFjUHeC/xbvaNTFO+NCS0iwbewz+Srl8E283aQUkTRuXdREQMkL7N3endUqOB7bROJ3oxMY7nURectgkHynnZ2hA1WANrPs8XpwV2bYuwpB9hrvJMw6+sxNojvp28lcDLnEXXh9pOuKkdkVtoUPGhRNr/IliRA2LRZg3QuUSkiEVL0R78k6siMV93W1J9ZhslSpW8XijCjkK4ZVyk1IXBVKAgltZRjVfJpizNF

    /etc/crontab
    

    >
    # /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

    /etc/rsyslog.conf
    

    >
    #  /etc/rsyslog.conf    Configuration file for rsyslog v3.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log
#*.*                        @192.168.15.3
#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err
#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg                         *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#       news.=crit;news.=err;news.=notice;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole

    /proc/net/ip_conntrack
    

    >
    udp      17 10 src=192.168.15.3 dst=10.0.35.1 sport=43231 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=43231 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 100 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58220 dport=18030 packets=6 bytes=1946 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58220 packets=5 bytes=292 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431991 ESTABLISHED src=192.168.102.2 dst=10.0.35.100 sport=48057 dport=22 packets=2671 bytes=146087 src=10.0.35.100 dst=192.168.102.2 sport=22 dport=48057 packets=3429 bytes=959383 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431925 ESTABLISHED src=192.168.102.1 dst=192.168.102.2 sport=51693 dport=22 packets=131 bytes=11111 src=192.168.102.2 dst=192.168.102.1 sport=22 dport=51693 packets=84 bytes=11299 [ASSURED] mark=0 secmark=0 use=1
udp      17 10 src=192.168.15.3 dst=10.0.35.1 sport=58554 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=58554 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 90 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58218 dport=18030 packets=5 bytes=1506 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58218 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 13 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58215 dport=18030 packets=5 bytes=891 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58215 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
udp      17 0 src=192.168.15.3 dst=10.0.35.1 sport=59453 dport=53 packets=1 bytes=52 src=10.0.35.1 dst=192.168.15.3 sport=53 dport=59453 packets=1 bytes=182 mark=0 secmark=0 use=1
tcp      6 6 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58214 dport=18030 packets=5 bytes=1500 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58214 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 66 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58216 dport=18030 packets=12 bytes=19301 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58216 packets=15 bytes=788 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431991 ESTABLISHED src=192.168.15.3 dst=10.0.35.100 sport=33397 dport=22 packets=2390 bytes=127172 src=10.0.35.100 dst=192.168.15.3 sport=22 dport=33397 packets=2488 bytes=544464 [ASSURED] mark=0 secmark=0 use=1
tcp      6 427183 ESTABLISHED src=10.0.35.100 dst=192.168.102.2 sport=39855 dport=80 packets=1 bytes=40 [UNREPLIED] src=192.168.102.2 dst=10.0.35.100 sport=80 dport=39855 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 431995 ESTABLISHED src=192.168.15.3 dst=213.180.203.19 sport=49016 dport=5222 packets=91 bytes=14511 src=213.180.203.19 dst=192.168.15.3 sport=5222 dport=49016 packets=82 bytes=36022 [ASSURED] mark=0 secmark=0 use=1
tcp      6 100 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58219 dport=18030 packets=5 bytes=1113 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58219 packets=4 bytes=228 [ASSURED] mark=0 secmark=0 use=1
tcp      6 427163 ESTABLISHED src=10.0.35.100 dst=192.168.102.2 sport=43520 dport=80 packets=1 bytes=40 [UNREPLIED] src=192.168.102.2 dst=10.0.35.100 sport=80 dport=43520 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 79 TIME_WAIT src=192.168.15.3 dst=194.150.93.78 sport=58217 dport=18030 packets=11 bytes=19249 src=194.150.93.78 dst=192.168.15.3 sport=18030 dport=58217 packets=16 bytes=852 [ASSURED] mark=0 secmark=0 use=1
tcp      6 46 TIME_WAIT src=192.168.102.2 dst=194.150.93.78 sport=36404 dport=18030 packets=5 bytes=1104 src=194.150.93.78 dst=192.168.102.2 sport=18030 dport=36404 packets=4 bytes=216 [ASSURED] mark=0 secmark=0 use=1

    Статистика
    Время первой команды журнала16:04:46 2009- 6- 2
    Время последней команды журнала10:13:53 2009- 6- 3
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %17.82
    Процент синтаксически неверно набранных команд, % 1.98
    Суммарное время работы с терминалом *, час 1.87
    Количество командных строк в единицу времени, команда/мин 0.90
    Частота использования команд
    iptables30|=============================| 29.13%
    cat14|=============| 13.59%
    vi10|=========|  9.71%
    tcpdump9|========|  8.74%
    grep8|=======|  7.77%
    ls6|=====|  5.83%
    ssh-keygen6|=====|  5.83%
    ssh4|===|  3.88%
    whois4|===|  3.88%
    tail2|=|  1.94%
    ping2|=|  1.94%
    apt-get2|=|  1.94%
    host2|=|  1.94%
    pkill2|=|  1.94%
    lsmod2|=|  1.94%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$