[ править ]

Журнал лабораторных работ

Содержание

Журнал

Пятница (06/22/07)

Файлы
Статистика
Справка
О программе

Журнал

Пятница (06/22/07)

/dev/tty3

16:20:56

#man nessus

16:22:18

# nessus linux3

 nessus -R <sessionid> -q <host> <port> <user> <pass> <result-file>
Report conversion :
 nessus -i in.[nsr|nbe] -o out.[html|xml|nsr|nbe]
General options :
        -v : shows version number
        -h : shows this help
        -n : No pixmaps
        -T : Output format: 'nbe', 'html', 'html_graph', 'text', 'xml',
            'old-xml' 'tex' or 'nsr'
        -V : make the batch mode display status messages
...
        host     : nessusd host
        port     : nessusd host port
        user     : user name
        pass     : password
        targets  : file containing the list of targets
        result   : name of the file where
                   nessus will store the results
        -p       : obtain list of plugins installed on the server.
        -P       : obtain list of server and plugin preferences.
        -S       : issue SQL output for -p and -P (experimental).

16:22:32

# nessus linux3 -T text

 nessus -R <sessionid> -q <host> <port> <user> <pass> <result-file>
Report conversion :
 nessus -i in.[nsr|nbe] -o out.[html|xml|nsr|nbe]
General options :
        -v : shows version number
        -h : shows this help
        -n : No pixmaps
        -T : Output format: 'nbe', 'html', 'html_graph', 'text', 'xml',
            'old-xml' 'tex' or 'nsr'
        -V : make the batch mode display status messages
...
        host     : nessusd host
        port     : nessusd host port
        user     : user name
        pass     : password
        targets  : file containing the list of targets
        result   : name of the file where
                   nessus will store the results
        -p       : obtain list of plugins installed on the server.
        -P       : obtain list of server and plugin preferences.
        -S       : issue SQL output for -p and -P (experimental).

16:23:06

# nessus target linux3 -T text

 nessus -R <sessionid> -q <host> <port> <user> <pass> <result-file>
Report conversion :
 nessus -i in.[nsr|nbe] -o out.[html|xml|nsr|nbe]
General options :
        -v : shows version number
        -h : shows this help
        -n : No pixmaps
        -T : Output format: 'nbe', 'html', 'html_graph', 'text', 'xml',
            'old-xml' 'tex' or 'nsr'
        -V : make the batch mode display status messages
...
        host     : nessusd host
        port     : nessusd host port
        user     : user name
        pass     : password
        targets  : file containing the list of targets
        result   : name of the file where
                   nessus will store the results
        -p       : obtain list of plugins installed on the server.
        -P       : obtain list of server and plugin preferences.
        -S       : issue SQL output for -p and -P (experimental).

16:28:17

#man nessus

16:32:41

#iptables

iptables v1.3.6: no command specified
Try `iptables -h' or 'iptables --help' for more information.

16:32:49

#iptables -l

iptables v1.3.6: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.

16:32:52

#iptables -h

iptables v1.3.6
Usage: iptables -[AD] chain rule-specification [options]
       iptables -[RI] chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LFZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)
Commands:
...
  --out-interface -o [!] output name[+]
                                network interface name ([+] for wildcard)
  --table       -t table        table to manipulate (default: `filter')
  --verbose     -v              verbose mode
  --line-numbers                print line numbers when listing
  --exact       -x              expand numbers (display exact values)
[!] --fragment  -f              match second or further fragments only
  --modprobe=<command>          try to insert modules using this command
  --set-counters PKTS BYTES     set the counter during insert/append
[!] --version   -V              print package version.

16:32:56

#netstat

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 192.168.15.201:59082    chub.in:18030           TIME_WAIT
tcp        0      0 192.168.15.201:59081    chub.in:18030           TIME_WAIT
tcp        0      0 192.168.15.201:59080    chub.in:18030           TIME_WAIT
tcp        0      0 192.168.15.201:43655    192.168.15.200:shell    ESTABLISHED
tcp        0      0 192.168.15.201:59148    192.168.15.200:ssh      ESTABLISHED
tcp        0      0 192.168.15.201:44440    192.168.15.200:ssh      ESTABLISHED
tcp6       0      0 ::ffff:192.168.15.2:ssh ::ffff:192.168.15:51601 ESTABLISHED
Active UNIX domain sockets (w/o servers)
...
unix  2      [ ]         STREAM     CONNECTED     6847     /var/run/acpid.socket
unix  3      [ ]         STREAM     CONNECTED     6520     /dev/log
unix  3      [ ]         STREAM     CONNECTED     6519
unix  2      [ ]         STREAM     CONNECTED     6458     /var/run/acpid.socket
unix  3      [ ]         STREAM     CONNECTED     6258     /dev/log
unix  3      [ ]         STREAM     CONNECTED     6257
unix  3      [ ]         STREAM     CONNECTED     6178     /var/run/mysqld/mysqld.sock
unix  3      [ ]         STREAM     CONNECTED     6177
unix  3      [ ]         STREAM     CONNECTED     5592     /dev/log
unix  3      [ ]         STREAM     CONNECTED     5591

16:33:05

#netstat | grep nessus

16:33:18

#netstat | grep nessus

16:33:20

#ps -ef | grep nessus

root     10771  3756  0 09:33 pts/2    00:00:00 grep nessus

16:33:32

#which nessus

/usr/bin/nessus

16:33:45

#cd /etc

16:33:49

#ls

acpi                 fstab            lvmtab          profile
adduser.conf         groff            lynx.cfg        protocols
adjtime              group            magic           rc0.d
aide                 group-           mailcap         rc1.d
aliases              gshadow          mailcap.order   rc2.d
alternatives         gshadow-         mailname        rc3.d
apache               gtk-2.0          mail.rc         rc4.d
apt                  host.conf        manpath.config  rc5.d
arpwatch.conf        hostname         mc              rc6.d
bash.bashrc          hosts            menu            rc.local
...
deluser.conf         ld.so.conf.d     openoffice      syslog.conf
devfs                ld.so.hwcappkgs  opt             syslog-ng
dhcp3                locale.gen       pam.conf        terminfo
dictionaries-common  localtime        pam.d           timezone
dpkg                 logcheck         pango           ucf.conf
emacs                login.defs       passwd          udev
email-addresses      logrotate.conf   passwd-         updatedb.conf
environment          logrotate.d      perl            vim
exim4                lsb-base         php4            wgetrc
fonts                lvm              ppp             X11

16:33:51

#ls | gerp nessus

bash: gerp: command not found

16:34:19

#ls | grep nessus

16:34:27

#ls | grep nessus

16:34:28

#ls | grep nes

16:34:37

#cd

16:34:44

#which nessus

/usr/bin/nessus

16:34:49

#cd /usr/bin/

16:34:59

#ls

compose                 mozilla                     su-to-root
consolechars            mozilla-firefox             synclient
cpan                    msql2mysql                  syndaemon
cpp                     myisamchk                   tac
cpp-4.1                 myisam_ftdump               tack
crontab                 myisamlog                   tail
csplit                  myisampack                  tasksel
cut                     my_print_defaults           tbl
dbiprof                 mysql                       tee
dbiproxy                mysqlaccess                 test
...
innochecksum            rlogin                      x-window-manager
install                 rpcinfo                     xwininfo
install-menu            rsh                         xwud
instmodsh               rstart                      x-www-browser
ipcrm                   rstartd                     xxd
ipcs                    runcon                      yes
ispell-wrapper          run-mailcap                 zdump
join                    rview                       zsoelim
kbd-config              rvim
kbd_mode                s2p

16:35:00

#cd

16:35:05

#apt-get install nessus-plugind

Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package nessus-plugind

16:37:00

#apt-get install nessus-plugins

       --connlimit-mask bits
              group hosts using mask
       Examples:
       # allow 2 telnet connections per client host
       # you can also match the other way around:
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
       # limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
              iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
   conn--mark value[/mask]
...
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1723kB of archives.
After unpacking 14.6MB of additional disk space will be used.
Get:1 http://debian.ZLO.ZLO.ZLO etch/main nessus-plugins 2.2.8-1.1 [1723kB]
Fetched 1723kB in 0s (6410kB/s)
Preconfiguring packages ...
Selecting previously deselected package nessus-plugins.
(Reading database ... 22610 files and directories currently installed.)
Unpacking nessus-plugins (from .../nessus-plugins_2.2.8-1.1_i386.deb) ...
Setting up nessus-plugins (2.2.8-1.1) ...

16:37:09

#cat /etc/rc.local

   conn[!] --connlimit-above n
       Allows match if the number of existing tcp connections is (not) above ner per client IP address (or address block).
       --connlimit-mask bits
              group hosts using mask
       Examples:
       # allow 2 telnet connections per client host
       # you can also match the other way around:
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
       # limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
...
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
nohup /usr/local/sbin/syslog_mysql.sh &
exit 0

16:37:21

#cat /etc/rc.local

   conn[!] --connlimit-above n
       Allows match if the number of existing tcp connections is (not) above ner per client IP address (or address block).
       --connlimit-mask bits
              group hosts using mask
       Examples:
       # allow 2 telnet connections per client host
       # you can also match the other way around:
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
       # limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
...
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
nohup /usr/local/sbin/syslog_mysql.sh &
exit 0

16:37:28

#nessus -adduser ingvar

nessus: invalid option -- a
nessus, version 2.2.8.
Common options :
 nessus [-vnh] [-c .rcfile] [-V] [-T <format>]
Batch-mode scan:
 nessus -q [-pPS] <host> <port> <user> <pass> <targets-file> <result-file>
List sessions  :
 nessus -s -q <host> <port> <user> <pass>
Restore session:
 nessus -R <sessionid> -q <host> <port> <user> <pass> <result-file>
...
        host     : nessusd host
        port     : nessusd host port
        user     : user name
        pass     : password
        targets  : file containing the list of targets
        result   : name of the file where
                   nessus will store the results
        -p       : obtain list of plugins installed on the server.
        -P       : obtain list of server and plugin preferences.
        -S       : issue SQL output for -p and -P (experimental).

/dev/pts/10

16:38:44

#nessus

(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
...
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed
(nessus:10995): Gdk-CRITICAL **: gdk_text_width: assertion `font != NULL' failed

/dev/tty3

16:39:57

#nessus-adduser ingvar

bash: nessus-adduser: command not found

16:40:09

#apt-get install nessus-server

Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package nessus-server

16:41:20

#apt-get install nessus

Reading package lists... Done
Building dependency tree... Done
nessus is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

16:41:23

#apt-get install nessusd

Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  libnasl2 openssl
Suggested packages:
  ca-certificates
The following NEW packages will be installed:
  libnasl2 nessusd openssl
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1532kB of archives.
...
/var/lib/nessus/CA created
Congratulations. Your server certificate was properly created.
/etc/nessus/nessusd.conf updated
The following files were created :
. Certification authority :
   Certificate = /var/lib/nessus/CA/cacert.pem
   Private key = /var/lib/nessus/private/CA/cakey.pem
. Nessus Server :
    Certificate = /var/lib/nessus/CA/servercert.pem
    Private key = /var/lib/nessus/private/CA/serverkey.pem

16:41:48

#/etc/init.d/nessusd start

Starting Nessus daemon: smb_hotfixes.inc: No such file or directory
smb_hotfixes.inc: No such file or directory
byte_func.inc: No such file or directory
nessusd.

16:42:45

#nessus -adduser ingvar

nessus: invalid option -- a
nessus, version 2.2.8.
Common options :
 nessus [-vnh] [-c .rcfile] [-V] [-T <format>]
Batch-mode scan:
 nessus -q [-pPS] <host> <port> <user> <pass> <targets-file> <result-file>
List sessions  :
 nessus -s -q <host> <port> <user> <pass>
Restore session:
 nessus -R <sessionid> -q <host> <port> <user> <pass> <result-file>
...
        host     : nessusd host
        port     : nessusd host port
        user     : user name
        pass     : password
        targets  : file containing the list of targets
        result   : name of the file where
                   nessus will store the results
        -p       : obtain list of plugins installed on the server.
        -P       : obtain list of server and plugin preferences.
        -S       : issue SQL output for -p and -P (experimental).

16:43:08

#nessus-adduser ingvar

Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------
Login : ingvar
Authentication (pass/cert) [pass] : password
Authentication (pass/cert) [pass] : password
Authentication (pass/cert) [pass] : pass
Login password :
Login password (again) :
User rules
...
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
Login             : ingvar
Password          : ***********
DN                :
Rules             :
Is that ok ? (y/n) [y] y
user added.

16:44:09

#top

top - 09:48:41 up 1 day,  3:46,  6 users,  load average: 1.17, 0.63, 0.33
Tasks:  91 total,   4 running,  87 sleeping,   0 stopped,   0 zombie
Cpu(s): 36.4%us, 56.3%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  7.3%si,  0.0%st
Mem:    516680k total,   506228k used,    10452k free,    37868k buffers
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
Swap:  1548280k total,       48k used,  1548232k free,   259640k cached
11514 root      25   0  9632 6704  780 S 78.5  1.3   1:42.26 nessusd
 2379 root      25   0  9644 6652 1452 S 21.3  1.3  24:14.15 l3-agent
    1 root      15   0  1944  640  548 S  0.0  0.1   0:01.41 init
    2 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0
...
    9 root      10  -5     0    0    0 S  0.0  0.0   0:00.01 kblockd/0
   10 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 kacpid
   85 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kseriod
   85 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kseriod
  121 root      25   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
  122 root      15   0     0    0    0 S  0.0  0.0   0:00.12 pdflush
  123 root      10  -5     0    0    0 S  0.0  0.0   0:00.74 kswapd0
  124 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 aio/0
  580 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 khubd
  859 root      14  -5     0    0    0 S  0.0  0.0   0:00.00 kmirrord

16:49:44

#apt-cache search rerina

       The transfered bytes per connection can also be viewed through /proc/net/ip_conntrack and accessed via ctnetlink
       [!] --connbytes from:[to]
              if TO is omitted only FROM check is done. "!" is used to match packets not falling in the range.less than TO bytes/packets.
       --connbytes-dir [original|reply|both]
              which packets to consider
       --connbytes-mode [packets|bytes|avgpkt]
              whether to check the amount of packets, number of bytes transferred or the average size (in bytes) of all packets  received
              so far. Note that when "both" is used together with "avgpkt", and data is going (mainly) only in one direction (for example
       Example:
              HTTP), the average packet size will be about half of theZLO.ZLO.ZLOl data packets.
...
              group hosts using mask
       Examples:
       # allow 2 telnet connections per client host
       # you can also match the other way around:
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
       # limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
              iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
   conn--mark value[/mask]
       This module matches the netfilter mark field associated with a connection (which can be set using the CONNMARK target below).

16:50:03

#apt-cache search retina

16:50:10

#apt-cache search tina

anon-proxy - Proxy to surf the web anonymously
d-shlibs - Debian shared library package building helper scripts
dnstop - console tool to analyze DNS traffic
ht - Viewer/editor/analyser (mostly) for executables
hunspell - spell checker and morphological analyzer (program)
iceweasel-l10n-es-ar - Spanish (Argentina) ZLO.ZLO.ZLOge package for Iceweasel
icmpush - ICMP packet builder
inetutils-ping - ICMP ECHO tool
libhunspell-dev - spell checker and morphological analyzer (static library)
liblog4cpp-doc - A C++ library for flexible logging (documentation)
...
tcptrack - Displays a TCP connection list, with states and speeds
tina - A curses personal information manager.
trackballs - An OpenGL-based game of marbles through a labyrinth
udpcast - multicast file transfer tool
ulog-acctd - Accounting daemon for Linux 2.4+ netfilter
vobcopy - A tool to copy DvD VOBs to hard disk
xarclock - reversed xclock
xmldiff - tree to tree correction between xml documents
xmpi - A graphical user interface for MPI program development
xt - A graphical traceroute

16:50:19

#top

top - 09:51:24 up 1 day,  3:48,  5 users,  load average: 0.79, 0.77, 0.43
Tasks:  83 total,   1 running,  82 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0%us,100.0%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:    516680k total,   503080k used,    13600k free,    38296k buffers
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
Swap:  1548280k total,       48k used,  1548232k free,   264240k cached
12088 root      15   0  2232 1132  860 R 99.9  0.2   0:00.08 top
    1 root      15   0  1944  640  548 S  0.0  0.1   0:01.41 init
    2 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0
    3 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/0
...
   10 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 kacpid
   85 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kseriod
  121 root      25   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
  122 root      15   0     0    0    0 S  0.0  0.0   0:00.12 pdflush
  123 root      10  -5     0    0    0 S  0.0  0.0   0:00.75 kswapd0
  124 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 aio/0
  580 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 khubd
  859 root      14  -5     0    0    0 S  0.0  0.0   0:00.00 kmirrord
  955 root      10  -5     0    0    0 S  0.0  0.0   0:00.36 kjournald
 1117 root      15  -4  2304  636  360 S  0.0  0.1   0:00.24 udevd

16:51:27

#top

top - 09:51:57 up 1 day,  3:49,  5 users,  load average: 0.52, 0.70, 0.42
Tasks:  83 total,   2 running,  81 sleeping,   0 stopped,   0 zombie
Cpu(s): 85.6%us,  0.0%sy,  0.0%ni, 14.4%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 3755 root      15   0  2764  408  324 S  3.1  0.1   0:00.36 script
 2379 root      21   0  9644 6652 1452 R 85.0  1.3  24:39.41 l3-agent
12094 root      15   0  2228 1136  868 R  3.1  0.2   0:00.12 top
 2483 user      15   0  9412 6464 1452 S  0.4  1.3  10:13.35 l3-agent
    1 root      15   0  1944  640  548 S  0.0  0.1   0:01.41 init
12094 root      15   0  2228 1136  868 R  0.4  0.2   0:00.13 top
...
  859 root      14  -5     0    0    0 S  0.0  0.0   0:00.00 kmirrord
  859 root      14  -5     0    0    0 S  0.0  0.0   0:00.00 kmirrord
  955 root      10  -5     0    0    0 S  0.0  0.0   0:00.36 kjournald
  955 root      10  -5     0    0    0 S  0.0  0.0   0:00.36 kjournald
 1117 root      15  -4  2304  636  360 S  0.0  0.1   0:00.24 udevd
 1117 root      15  -4  2304  636  360 S  0.0  0.1   0:00.24 udevd
 1410 root      19  -5     0    0    0 S  0.0  0.0   0:00.00 kpsmoused
 1410 root      19  -5     0    0    0 S  0.0  0.0   0:00.00 kpsmoused
 1702 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kjournald
 1702 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kjournald

16:52:00

#which nessusd

/usr/sbin/nessusd

/dev/tty1

16:55:11

#ping 192.168.15.201

PING 192.168.15.201 (192.168.15.201) 56(84) bytes of data.
64 bytes from 192.168.15.201: icmp_seq=1 ttl=64 time=0.185 ms
64 bytes from 192.168.15.201: icmp_seq=2 ttl=64 time=0.224 ms
--- 192.168.15.201 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.185/0.204/0.224/0.024 ms

16:55:31

#ping 192.168.15.101

PING 192.168.15.101 (192.168.15.101) 56(84) bytes of data.
64 bytes from 192.168.15.101: icmp_seq=1 ttl=64 time=2005 ms
64 bytes from 192.168.15.101: icmp_seq=2 ttl=64 time=1004 ms
64 bytes from 192.168.15.101: icmp_seq=3 ttl=64 time=5.41 ms
64 bytes from 192.168.15.101: icmp_seq=4 ttl=64 time=0.318 ms
64 bytes from 192.168.15.101: icmp_seq=5 ttl=64 time=0.342 ms
64 bytes from 192.168.15.101: icmp_seq=6 ttl=64 time=0.351 ms
64 bytes from 192.168.15.101: icmp_seq=7 ttl=64 time=0.340 ms
64 bytes from 192.168.15.101: icmp_seq=8 ttl=64 time=0.283 ms
64 bytes from 192.168.15.101: icmp_seq=9 ttl=64 time=0.354 ms
64 bytes from 192.168.15.101: icmp_seq=10 ttl=64 time=0.307 ms
64 bytes from 192.168.15.101: icmp_seq=11 ttl=64 time=0.390 ms
64 bytes from 192.168.15.101: icmp_seq=12 ttl=64 time=0.342 ms
--- 192.168.15.101 ping statistics ---
12 packets transmitted, 12 received, 0% packet loss, time 11004ms
rtt min/avg/max/mdev = 0.283/251.545/2005.439/596.648 ms, pipe 3

16:55:46

#ping 192.168.15.101

PING 192.168.15.101 (192.168.15.101) 56(84) bytes of data.
64 bytes from 192.168.15.101: icmp_seq=1 ttl=64 time=0.299 ms
64 bytes from 192.168.15.101: icmp_seq=2 ttl=64 time=0.337 ms
64 bytes from 192.168.15.101: icmp_seq=3 ttl=64 time=0.344 ms
--- 192.168.15.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 0.299/0.326/0.344/0.028 ms

16:55:50

#ping 192.168.15.101

PING 192.168.15.101 (192.168.15.101) 56(84) bytes of data.
64 bytes from 192.168.15.101: icmp_seq=1 ttl=64 time=0.293 ms
64 bytes from 192.168.15.101: icmp_seq=2 ttl=64 time=0.285 ms
64 bytes from 192.168.15.101: icmp_seq=3 ttl=64 time=0.313 ms
64 bytes from 192.168.15.101: icmp_seq=4 ttl=64 time=0.283 ms
64 bytes from 192.168.15.101: icmp_seq=5 ttl=64 time=0.267 ms
64 bytes from 192.168.15.101: icmp_seq=6 ttl=64 time=0.236 ms
64 bytes from 192.168.15.101: icmp_seq=7 ttl=64 time=0.281 ms
64 bytes from 192.168.15.101: icmp_seq=8 ttl=64 time=0.322 ms
64 bytes from 192.168.15.101: icmp_seq=9 ttl=64 time=0.282 ms
...
64 bytes from 192.168.15.101: icmp_seq=15 ttl=64 time=0.282 ms
64 bytes from 192.168.15.101: icmp_seq=16 ttl=64 time=0.271 ms
64 bytes from 192.168.15.101: icmp_seq=17 ttl=64 time=0.281 ms
64 bytes from 192.168.15.101: icmp_seq=18 ttl=64 time=0.263 ms
64 bytes from 192.168.15.101: icmp_seq=19 ttl=64 time=0.316 ms
64 bytes from 192.168.15.101: icmp_seq=20 ttl=64 time=0.337 ms
64 bytes from 192.168.15.101: icmp_seq=21 ttl=64 time=0.400 ms
--- 192.168.15.101 ping statistics ---
21 packets transmitted, 21 received, 0% packet loss, time 20004ms
rtt min/avg/max/mdev = 0.236/0.293/0.400/0.035 ms

16:56:13

#nc 192.168.15.101 80

get

16:56:36

#nc 192.168.15.101 81

ddd

16:56:42

#ssh 192.168.15.101 22

/dev/pts/10

16:56:44

#nessus

/dev/tty1

16:57:09

#ssh 192.168.15.101

16:57:27

#ping 192.168.15.101

PING 192.168.15.101 (192.168.15.101) 56(84) bytes of data.
64 bytes from 192.168.15.101: icmp_seq=1 ttl=64 time=0.314 ms
64 bytes from 192.168.15.101: icmp_seq=2 ttl=64 time=0.333 ms
64 bytes from 192.168.15.101: icmp_seq=3 ttl=64 time=0.316 ms
64 bytes from 192.168.15.101: icmp_seq=4 ttl=64 time=0.323 ms
--- 192.168.15.101 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.314/0.321/0.333/0.019 ms

16:57:37

#nmap -h

Nmap 4.20 ( http://insecure.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
...
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -P0 -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

16:57:42

#nmap 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 16:58 EEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.251 seconds

16:58:48

#nmap -P 192.168.15.101

Illegal Argument to -P, use -P0, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, or -PT80 (or whatever number you want for the TCP probe destination port)
QUITTING!

16:59:00

#nmap 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 16:59 EEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.252 seconds

16:59:18

#nmap 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 16:59 EEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.255 seconds

16:59:25

#nmap -h

Nmap 4.20 ( http://insecure.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
...
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -P0 -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

16:59:36

#nmap -P0 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 17:00 EEST
Nmap finished: 1 IP address (0 hosts up) scanned in 0.248 seconds

17:00:22

#nmap -P0 -V 192.168.15.101

Nmap version 4.20 ( http://insecure.org )

17:00:39

#nmap -h

Nmap 4.20 ( http://insecure.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
...
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -P0 -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

17:00:49

#nmap -P0 -V 192.168.15.101

Nmap version 4.20 ( http://insecure.org )

17:04:17

#nmap -P0 -A 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 17:04 EEST
Nmap finished: 1 IP address (0 hosts up) scanned in 0.310 seconds

17:04:47

#nmap -P0 -A 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 17:04 EEST
Nmap finished: 1 IP address (0 hosts up) scanned in 0.369 seconds

17:05:09

#nmap 192.168.15.101

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-22 17:05 EEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.261 seconds

17:05:17

#nc 192.168.15.101 80

get
helo

17:05:59

#exit

exit
Connection to linux3 closed.

прошло 13 минут

17:19:27

#screen -x

17:19:32

#screen -x

17:19:42

#screen -x

17:19:46

#screen -x

17:19:50

#screen -l

17:20:11

#screen -x

17:20:14

#screen -x

17:20:16

#screen -x

17:20:26

#screen -x

17:20:28

#su user

прошло 38 минут

/dev/tty3

17:59:00

#cd /etc/

17:59:11

#ls

acpi                 groff            magic           rc0.d
adduser.conf         group            mailcap         rc1.d
adjtime              group-           mailcap.order   rc2.d
aide                 gshadow          mailname        rc3.d
aliases              gshadow-         mail.rc         rc4.d
alternatives         gtk-2.0          manpath.config  rc5.d
apache               host.conf        mc              rc6.d
apt                  hostname         menu            rc.local
arpwatch.conf        hosts            menu-methods    rcS.d
bash.bashrc          hosts.allow      mime.types      resolv.conf
...
devfs                locale.gen       pam.conf        terminfo
dhcp3                localtime        pam.d           timezone
dictionaries-common  logcheck         pango           ucf.conf
dpkg                 login.defs       passwd          udev
emacs                logrotate.conf   passwd-         updatedb.conf
email-addresses      logrotate.d      perl            vim
environment          lsb-base         php4            wgetrc
exim4                lvm              ppp             X11
fonts                lvmtab           profile
fstab                lynx.cfg         protocols

17:59:13

#ls |grep nessus

nessus

17:59:22

#cd nessus/

17:59:29

#ls

nessusd.conf  nessusd.rules  nessus-services

17:59:30

#cat nessus-services

netview-aix-11  1671/udp
netview-aix-12  1672/tcp
netview-aix-12  1672/udp
proshare-mc-1   1673/tcp
proshare-mc-1   1673/udp
proshare-mc-2   1674/tcp
proshare-mc-2   1674/udp
pdp     1675/tcp
pdp     1675/udp
netcomm1        1676/tcp
...
cisco-net-mgmt  1741/tcp
cisco-net-mgmt  1741/udp
3Com-nsd        1742/tcp
3Com-nsd        1742/udp
cinegrfx-lm     1743/tcp
cinegrfx-lm     1743/udp
ncpm-ft 1744/tcp
ncpm-ft 1744/udp
remote-winsock  1745/tcp
remote-winsock  1745/udp

17:59:40

#cat nessus-services | more

18:00:20

#ls

nessusd.conf  nessusd.rules  nessus-services

18:00:26

#ls- a

bash: ls-: command not found

18:00:28

#ls -a

.  ..  nessusd.conf  nessusd.rules  nessus-services

18:00:31

bash: l: command not found

18:00:39

#la

bash: la: command not found

18:00:42

#lc

bash: lc: command not found

18:00:45

#man ls

18:02:08

#ls -lh

total 170K
-rw------- 1 root root 4.7K 2007-06-22 09:41 nessusd.conf
-rw-r--r-- 1 root root  106 2007-06-22 09:42 nessusd.rules
-rw-r--r-- 1 root root 163K 2006-06-05 19:30 nessus-services

18:02:13

#cat nessusd.conf

# Maximum number of hosts
max_hosts = 255
# Number of plugins that will run against each host,
# i.e. simultaneous tests
# Total number of processes will be max_checks x max_hosts
max_checks = 15
# File used to log activity. Set it to 'syslog' if you want to use syslogd.
logfile = /var/log/nessus/nessusd.messages
# Log every detail of the attack in nessusd.messages
# If disabled only the beginning and end are logged, and
...
# Added by nessus-mkcert
#
cert_file=/var/lib/nessus/CA/servercert.pem
key_file=/var/lib/nessus/private/CA/serverkey.pem
ca_file=/var/lib/nessus/CA/cacert.pem
# If you decide to protect your private key with a password,
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes

18:02:33

#cd /etc

18:03:43

#cat rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
nohup /usr/local/sbin/syslog_mysql.sh &
exit 0

18:04:01

#cat i

icedove/         init.d/          inputrc
iceweasel/       initramfs-tools/ issue
inetd.conf       inittab          issue.net

18:04:01

#cat i

icedove/         init.d/          inputrc
iceweasel/       initramfs-tools/ issue
inetd.conf       inittab          issue.net

18:04:01

#cat inittab

# /etc/inittab: init(8) configuration.
# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
# The default runlevel.
id:2:initdefault:
# Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS
# What to do in single-user mode.
~~:S:wait:/sbin/sulogin
# /etc/init.d executes the S and K scripts upon change
...
4:23:respawn:/sbin/getty 38400 tty4
5:23:respawn:/sbin/getty 38400 tty5
6:23:respawn:/sbin/getty 38400 tty6
# Example how to put a getty on a serial line (for a terminal)
#
#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
# Example how to put a getty on a modem line.
#
#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3

18:04:22

#cat init

init.d/          initramfs-tools/ inittab

Файлы

/etc/rc.local

   conn[!] --connlimit-above n
       Allows match if the number of existing tcp connections is (not) above ner per client IP address (or address block).
       --connlimit-mask bits
              group hosts using mask
       Examples:
       # allow 2 telnet connections per client host
       # you can also match the other way around:
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
       # limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
              iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
   conn--mark value[/mask]
       This mo#!/bin/sh -e the netfilter mark field associated with a connection (which can be set using the CONNMARK target below).
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
nohup /usr/local/sbin/syslog_mysql.sh &
exit 0

icedove/         init.d/          inputrc
iceweasel/       initramfs-tools/ issue
inetd.conf       inittab          issue.net

init

init.d/          initramfs-tools/ inittab

inittab

# /etc/inittab: init(8) configuration.
# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
# The default runlevel.
id:2:initdefault:
# Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS
# What to do in single-user mode.
~~:S:wait:/sbin/sulogin
# /etc/init.d executes the S and K scripts upon change
# of runlevel.
#
# Runlevel 0 is halt.
# Runlevel 1 is single-user.
# Runlevels 2-5 are multi-user.
# Runlevel 6 is reboot.
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
# Action on special keypress (ALT-UpArrow).
#kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."
# What to do when the power fails/returns.
pf::powerwait:/etc/init.d/powerfail start
pn::powerfailnow:/etc/init.d/powerfail now
po::powerokwait:/etc/init.d/powerfail stop
# /sbin/getty invocations for the runlevels.
#
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
#
# Format:
#  <id>:<runlevels>:<action>:<process>
#
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
1:2345:respawn:/sbin/getty 38400 tty1
2:23:respawn:/sbin/getty 38400 tty2
3:23:respawn:/sbin/getty 38400 tty3
4:23:respawn:/sbin/getty 38400 tty4
5:23:respawn:/sbin/getty 38400 tty5
6:23:respawn:/sbin/getty 38400 tty6
# Example how to put a getty on a serial line (for a terminal)
#
#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
# Example how to put a getty on a modem line.
#
#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3

nessus-services

netview-aix-11  1671/udp
netview-aix-12  1672/tcp
netview-aix-12  1672/udp
proshare-mc-1   1673/tcp
proshare-mc-1   1673/udp
proshare-mc-2   1674/tcp
proshare-mc-2   1674/udp
pdp     1675/tcp
pdp     1675/udp
netcomm1        1676/tcp
netcomm2        1676/udp
groupwise       1677/tcp
groupwise       1677/udp
prolink 1678/tcp
prolink 1678/udp
darcorp-lm      1679/tcp
darcorp-lm      1679/udp
microcom-sbp    1680/tcp
microcom-sbp    1680/udp
sd-elmd 1681/tcp
sd-elmd 1681/udp
lanyon-lantern  1682/tcp
lanyon-lantern  1682/udp
ncpm-hip        1683/tcp
ncpm-hip        1683/udp
snaresecure     1684/tcp
snaresecure     1684/udp
n2nremote       1685/tcp
n2nremote       1685/udp
cvmon   1686/tcp
cvmon   1686/udp
nsjtp-ctrl      1687/tcp
nsjtp-ctrl      1687/udp
nsjtp-data      1688/tcp
nsjtp-data      1688/udp
firefox 1689/tcp
firefox 1689/udp
ng-umds 1690/tcp
ng-umds 1690/udp
empire-empuma   1691/tcp
empire-empuma   1691/udp
sstsys-lm       1692/tcp
sstsys-lm       1692/udp
rrirtr  1693/tcp
rrirtr  1693/udp
rrimwm  1694/tcp
rrimwm  1694/udp
rrilwm  1695/tcp
rrilwm  1695/udp
rrifmm  1696/tcp
rrifmm  1696/udp
rrisat  1697/tcp
rrisat  1697/udp
rsvp-encap-1    1698/tcp
rsvp-encap-1    1698/udp
rsvp-encap-2    1699/tcp
rsvp-encap-2    1699/udp
mps-raft        1700/tcp
mps-raft        1700/udp
l2f     1701/tcp
l2f     1701/udp
deskshare       1702/tcp
deskshare       1702/udp
hb-engine       1703/tcp
hb-engine       1703/udp
bcs-broker      1704/tcp
bcs-broker      1704/udp
slingshot       1705/tcp
slingshot       1705/udp
jetform 1706/tcp
jetform 1706/udp
vdmplay 1707/tcp
vdmplay 1707/udp
gat-lmd 1708/tcp
gat-lmd 1708/udp
centra  1709/tcp
centra  1709/udp
impera  1710/tcp
impera  1710/udp
pptconference   1711/tcp
pptconference   1711/udp
registrar       1712/tcp
registrar       1712/udp
conferencetalk  1713/tcp
conferencetalk  1713/udp
sesi-lm 1714/tcp
sesi-lm 1714/udp
houdini-lm      1715/tcp
houdini-lm      1715/udp
xmsg    1716/tcp
xmsg    1716/udp
fj-hdnet        1717/tcp
fj-hdnet        1717/udp
h323gatedisc    1718/tcp
h323gatedisc    1718/udp
h323gatestat    1719/tcp
h323gatestat    1719/udp
h323hostcall    1720/tcp
h323hostcall    1720/udp
caicci  1721/tcp
caicci  1721/udp
hks-lm  1722/tcp
hks-lm  1722/udp
pptp    1723/tcp
pptp    1723/udp
csbphonemaster  1724/tcp
csbphonemaster  1724/udp
iden-ralp       1725/tcp
iden-ralp       1725/udp
iberiagames     1726/tcp
iberiagames     1726/udp
winddx  1727/tcp
winddx  1727/udp
telindus        1728/tcp
telindus        1728/udp
citynl  1729/tcp
citynl  1729/udp
roketz  1730/tcp
roketz  1730/udp
msiccp  1731/tcp
msiccp  1731/udp
proxim  1732/tcp
proxim  1732/udp
siipat  1733/tcp
siipat  1733/udp
cambertx-lm     1734/tcp
cambertx-lm     1734/udp
privatechat     1735/tcp
privatechat     1735/udp
street-stream   1736/tcp
street-stream   1736/udp
ultimad 1737/tcp
ultimad 1737/udp
gamegen1        1738/tcp
gamegen1        1738/udp
webaccess       1739/tcp
webaccess       1739/udp
encore  1740/tcp
encore  1740/udp
cisco-net-mgmt  1741/tcp
cisco-net-mgmt  1741/udp
3Com-nsd        1742/tcp
3Com-nsd        1742/udp
cinegrfx-lm     1743/tcp
cinegrfx-lm     1743/udp
ncpm-ft 1744/tcp
ncpm-ft 1744/udp
remote-winsock  1745/tcp
remote-winsock  1745/udp

nessusd.conf

# Maximum number of hosts
max_hosts = 255
# Number of plugins that will run against each host,
# i.e. simultaneous tests
# Total number of processes will be max_checks x max_hosts
max_checks = 15
# File used to log activity. Set it to 'syslog' if you want to use syslogd.
logfile = /var/log/nessus/nessusd.messages
# Log every detail of the attack in nessusd.messages
# If disabled only the beginning and end are logged, and
# not the time each plugin takes to execute
log_whole_attack = yes
# Log the name of the plugins that are loaded by the server
log_plugins_name_at_load = no
# Dump file for debugging output, use `-' for stdout
dumpfile = /var/lib/nessus/nessusd.dump
# File that contains rules database that apply to all users
rules = /etc/nessus/nessusd.rules
# Users database file
users = /etc/nessus/nessusd.users
# Path where it will find information for all users
per_user_base = /var/lib/nessus/users
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin
# Optimize the test
optimize_test = yes
# Read timeout (in seconds) for the sockets of the tests
# Increase this value if running on a slow network link (dialup)
checks_read_timeout = 15
# Delay (in seconds) to pass for between two tests against the same port
# (to be inetd friendly)
delay_between_tests = 1
# Do not run simultaneous ports for these tests. Default value:
# non_simul_ports = 139, 445
# Remote file that the plugins will try to read:
test_file = /etc/passwd
# Range of the ports that nmap will scan
port_range = 1-15000
# Ping hosts before scanning them?
ping_hosts = yes
# Only test the IPs that can be reversely looked up?
reverse_lookup = no
# Host expansion:
# dns:  performs and AXFR on the remote name server
#       and test the host obtained
# nfs:  test hosts that have the right to mount the
#       filesystems exported by the remote host
# ip:   scan the entire subnet
host_expansion = dns;ip
subnet_class = C
# Use the MAC address as host identifier (useful in
# local LANs with dynamic addresses, e.g. DHCP)
# use_mac_addr = yes
# Slice the network IPs into portions and rotate them
# between scanning each slice. Instead of the (default)
# behaviour of scanning a network incrementally.
# slice_network_addresses = yes
scan_level = normal
outside_firewall = no
# Enable plugins that are depended on
# auto_enable_dependencies = yes
# Enable safe checks (this overrides the client's configuration)
# safe_checks = yes
# Allow users to upload plugins to the server
# Note: This effectively gives administrative permissions
# to Nessus users and, when using local checks, could grant
# them execute permissions in remote systems, so use with care!
plugin_upload = no
# Filename suffixes that are allowed when uploading
# plugin_upload_suffixes = .nasl, .inc
# ZLO.ZLO.ZLOge to use in plugins.
# Current valid options are 'english' and 'french'
ZLO.ZLO.ZLOge = english
# Public key client server encryption (crypto options)
peks_username = nessusd
peks_keylen = 1024
peks_keyfile = /etc/nessus/nessusd.private-keys
peks_usrkeys = /etc/nessus/nessusd.user-keys
peks_pwdfail = 5
track_iothreads = yes
cookie_logpipe = /etc/nessus/nessusd.logpipe
cookie_logpipe_suptmo = 2
# Define SSL version, use NONE to disable SSL
# ssl_version = 3
# Full path and filename of a trusted certificate authority
# see /usr/share/doc/nessus/README_SSL.gz
# trusted_ca =
# SSL Ciphers to use
# The following removes all SSLv3 ciphers except RC4.
# This has been implemented to workaround an OpenSSL 0.9.8
# bug, for more information please read
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
# and
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
# NASL scripts cryptographic checks of some plugins (trusted
# scripts). Nessus will refuse to load and execute trusted
# scripts that are not signed. Use extreme caution when
# setting this to 'yes'
#nasl_no_signature_check = no
# Uncomment the following for IO thread debugging
#track_iothreads = yes
# Set this to 'yes' if you want each child to be nice(2)d
# be_nice = yes
# End of /etc/nessus/nessusd.conf file.
#
# Added by nessus-mkcert
#
cert_file=/var/lib/nessus/CA/servercert.pem
key_file=/var/lib/nessus/private/CA/serverkey.pem
ca_file=/var/lib/nessus/CA/cacert.pem
# If you decide to protect your private key with a password,
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes

rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
nohup /usr/local/sbin/syslog_mysql.sh &
exit 0

Статистика

Время первой команды журнала 16:20:56 2007- 6-22

Время последней команды журнала 18:04:22 2007- 6-22

Количество командных строк в журнале 101

Процент команд с ненулевым кодом завершения, % 23.76

Процент синтаксически неверно набранных команд, % 5.94

Суммарное время работы с терминалом ^*, час 1.08

Количество командных строк в единицу времени, команда/мин 1.56

Частота использования команд

`nmap`	13	\|===========\| 11.82%
`ls`	12	\|==========\| 10.91%
`cat`	10	\|=========\| 9.09%
`screen`	9	\|========\| 8.18%
`nessus`	7	\|======\| 6.36%
`cd`	7	\|======\| 6.36%
`grep`	7	\|======\| 6.36%
`ping`	5	\|====\| 4.55%
`apt-get`	5	\|====\| 4.55%
`top`	3	\|==\| 2.73%
`man`	3	\|==\| 2.73%
`iptables`	3	\|==\| 2.73%
`nc`	3	\|==\| 2.73%
`netstat`	3	\|==\| 2.73%
`apt-cache`	3	\|==\| 2.73%
`which`	3	\|==\| 2.73%
`nessus-adduser`	2	\|=\| 1.82%
`ssh`	2	\|=\| 1.82%
`more`	1	\|\| 0.91%
`ps`	1	\|\| 0.91%
`lc`	1	\|\| 0.91%
`/etc/init.d/nessusd`	1	\|\| 0.91%
`l`	1	\|\| 0.91%
`la`	1	\|\| 0.91%
`exit`	1	\|\| 0.91%
`gerp`	1	\|\| 0.91%
`ls-`	1	\|\| 0.91%
`su`	1	\|\| 0.91%

____
*) Интервалы неактивности длительностью 30 минут и более не учитываются

Справка

Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:

В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l

bash: l: command not found
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4
Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

$ find / -name abc

find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C

Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id

uid=0(root) gid=0(root) Gruppen=0(root)
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc

2a3,5 > if [ -f /usr/local/etc/bash_completion ]; then > . /usr/local/etc/bash_completion > fi
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc
В данном случае изменения применяются к файлу ~/.bashrc
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
```
$ whoami
```
```
user
```
```
$ #^ Интересно, кто я?
```
в журнале это будет выглядеть так:
```
$ whoami
```
```
user
```
Интересно, кто я?

Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

$ whoami

user

$ cat > /dev/null #^ Интересно, кто я?

Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

В журнале это будет выглядеть так:

$ whoami

user

Интересно, кто я?

Программа whoami выводит имя пользователя, под которым
мы зарегистрировались в системе.

Она не может ответить на вопрос о нашем назначении
в этом мире.

Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.

Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.

Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
```
1
    2
3   
    4
```
Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

$Id$