/l3/users/ikravchuk/xg-ids/linux2.unix.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Пятница (06/22/07)

/dev/tty3
18:04:22
#cat init 
init.d/          initramfs-tools/ inittab
18:04:22
#cat in 
inetd.conf       initramfs-tools/ inputrc
init.d/          inittab
18:04:22
#cat i 
icedove/         init.d/          inputrc
iceweasel/       initramfs-tools/ issue
inetd.conf       inittab          issue.net
18:04:22
#cat inetd.conf
# /etc/inetd.conf:  see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
...
#time           stream  tcp     nowait  root    internal
#:STANDARD: These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocols.
#:MAIL: Mail, news and uucp services.
#:INFO: Info services
#:BOOT: TFTP service is provided primarily for booting.  Most sites
#       run this only on machines acting as "boot servers."
#:RPC: RPC based services
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services
18:04:47
#cat inetd.conf | more
18:04:54
#cat inetd.conf | more
18:05:16
#cat in 
inetd.conf       initramfs-tools/ inputrc
init.d/          inittab
18:05:16
#cat init.d/ 
cat: init.d/: Is a directory
18:05:32
#cat init.d/ 
acpid                  lvm                    reboot
apache                 makedev                rmnologin
arpwatch               module-init-tools      scanlogd
bootclean              mountall-bootclean.sh  sendsigs
bootlogd               mountall.sh            single
bootmisc.sh            mountdevsubfs.sh       skeleton
checkfs.sh             mountkernfs.sh         ssh
checkroot.sh           mountnfs-bootclean.sh  stop-bootlogd
console-screen.sh      mountnfs.sh            stop-bootlogd-single
cron                   mtab.sh                sudo
exim4                  mysql                  sysklogd
glibc.sh               mysql-ndb              syslog-ng
halt                   mysql-ndb-mgm          udev
hostname.sh            nessusd                udev-mtab
hwclock.sh             networking             umountfs
ifupdown               openbsd-inetd          umountnfs.sh
ifupdown-clean         procps.sh              umountroot
keymap.sh              rc                     urandom
killprocs              rc.local               x11-common
klogd                  rcS
libdevmapper1.02       README
18:05:32
#cat init.d/nessusd
# Debian GNU/Linux distribution
# daemon options (-D implied, not needed)
DAEMONOPTS="-q"
# time to wait for daemons death, in seconds
# don't set it too low or you might not let nessusd die gracefully
DODTIME=5
[ -r /etc/default/nessusd ] && . /etc/default/nessusd
DAEMON=/usr/sbin/nessusd
PIDFILE=/var/run/nessusd.pid
NAME=nessusd
...
            echo " not running."
            exit 1
    fi
    ;;
  *)
    echo "Usage: /etc/init.d/$NAME {start|stop|restart|reload|status}"
    exit 1
    ;;
esac
exit 0
18:06:11
#cat init.d/ 
acpid                  lvm                    reboot
apache                 makedev                rmnologin
arpwatch               module-init-tools      scanlogd
bootclean              mountall-bootclean.sh  sendsigs
bootlogd               mountall.sh            single
bootmisc.sh            mountdevsubfs.sh       skeleton
checkfs.sh             mountkernfs.sh         ssh
checkroot.sh           mountnfs-bootclean.sh  stop-bootlogd
console-screen.sh      mountnfs.sh            stop-bootlogd-single
cron                   mtab.sh                sudo
exim4                  mysql                  sysklogd
glibc.sh               mysql-ndb              syslog-ng
halt                   mysql-ndb-mgm          udev
hostname.sh            nessusd                udev-mtab
hwclock.sh             networking             umountfs
ifupdown               openbsd-inetd          umountnfs.sh
ifupdown-clean         procps.sh              umountroot
keymap.sh              rc                     urandom
killprocs              rc.local               x11-common
klogd                  rcS
libdevmapper1.02       README
18:06:11
#cat init.d/r 
rc         rc.local   rcS        reboot     rmnologin
18:06:11
#cat init.d/rc 
rc        rc.local  rcS
18:06:11
#cat init.d/rc
                                ;;
                        esac
                done
        }
        ;;
esac
# Is there an rc directory for this new runlevel?
if [ -d /etc/rc$runlevel.d ]
then
        # Find out where in the progress bar the initramfs got to.
...
fi
if [ S = "$runlevel" ]
then
        #
        # For compatibility, run the files in /etc/rc.boot too.
        #
        [ -d /etc/rc.boot ] && run-parts /etc/rc.boot
fi
trap - EXIT # Disable emergency handler
exit 0
18:06:47
#cat rc 
rc0.d/    rc2.d/    rc4.d/    rc6.d/    rcS.d/
rc1.d/    rc3.d/    rc5.d/    rc.local
18:06:47
#cat rc2.d/ 
cat: rc2.d/: Is a directory
18:07:02
#ls
acpi                 groff            magic           rc0.d
adduser.conf         group            mailcap         rc1.d
adjtime              group-           mailcap.order   rc2.d
aide                 gshadow          mailname        rc3.d
aliases              gshadow-         mail.rc         rc4.d
alternatives         gtk-2.0          manpath.config  rc5.d
apache               host.conf        mc              rc6.d
apt                  hostname         menu            rc.local
arpwatch.conf        hosts            menu-methods    rcS.d
bash.bashrc          hosts.allow      mime.types      resolv.conf
...
devfs                locale.gen       pam.conf        terminfo
dhcp3                localtime        pam.d           timezone
dictionaries-common  logcheck         pango           ucf.conf
dpkg                 login.defs       passwd          udev
emacs                logrotate.conf   passwd-         updatedb.conf
email-addresses      logrotate.d      perl            vim
environment          lsb-base         php4            wgetrc
exim4                lvm              ppp             X11
fonts                lvmtab           profile
fstab                lynx.cfg         protocols
18:07:04
#ls -lh | gerp nessus 
bash: gerp: command not found
18:07:16
#ls -lh | grep nessus
drwxr-xr-x 2 root root   1.0K 2007-06-22 09:42 nessus
18:07:26
#cd rc2.d/










18:07:55




#ls


README        S17mysql-ndb-mgm  S20exim4          S20ssh       S99rc.local
s10sysklogd   S18mysql-ndb      S20makedev        S40arpwatch  S99rmnologin
S10syslog-ng  S19mysql          S20openbsd-inetd  S89cron      S99stop-bootlogd
S11klogd      S20acpid          S20scanlogd       S91apache











18:07:56




#apt-get install honeyd


Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  libdnsres0 libdumbnet1 libevent1
Suggested packages:
  iisemulator
Recommended packages:
  farpd honeyd-common rrdtool
The following NEW packages will be installed:
  honeyd libdnsres0 libdumbnet1 libevent1
...
Unpacking libdumbnet1 (from .../libdumbnet1_1.8-1.4_i386.deb) ...
Selecting previously deselected package honeyd.
Unpacking honeyd (from .../honeyd_1.5b-1_i386.deb) ...
Setting up libevent1 (1.1a-1) ...
Setting up libdnsres0 (0.1a-4) ...
Setting up libdumbnet1 (1.8-1.4) ...
Setting up honeyd (1.5b-1) ...
Adding group honeyd....done
Adding user honeyd....done
Granting ownership of /var/log/honeypot to honeyd.....done









прошло 29 минут




18:37:08




#apt-get install farpd


Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
  farpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 13.2kB of archives.
After unpacking 106kB of additional disk space will be used.
Get:1 http://debian.ZLO.ZLO.ZLO etch/main farpd 0.2-8 [13.2kB]
Fetched 13.2kB in 0s (805kB/s)
Selecting previously deselected package farpd.
(Reading database ... 25950 files and directories currently installed.)
Unpacking farpd (from .../archives/farpd_0.2-8_i386.deb) ...
Setting up farpd (0.2-8) ...











18:37:20




#man farpd










18:40:22




#farpd -i eth0 net 192.168.15.101





farpd: arpd_expandips: Invalid network range: net











18:42:34




#farpd -i eth0 net 192.168.15.101/32





farpd: arpd_expandips: Invalid network range: net











18:42:40




#farpd -i eth0 net 192.168.15.101





farpd: arpd_expandips: Invalid network range: net











18:43:24




#farpd -i eth0 net 192.168.15.101/32





farpd: arpd_expandips: Invalid network range: net











18:43:33




#man farpd










18:43:58




#farpd -i eth0  192.168.15.101/32





farpd: bad pcap filter: Mask syntax for networks only











18:44:39




#farpd -i eth0  192.168.15.101


arpd[12763]: listening on eth0: arp and (dst 192.168.15.101) and not ether src 00:04:75:75:46:b1











18:44:42




#apring





bash: apring: command not found











18:44:48




#apt-get install arp-ping





Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package arp-ping











18:45:01




#apt-get install arping





Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package arpingping











18:45:07




#apt-get install arping


Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  libnet1
The following NEW packages will be installed:
  arping libnet1
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 71.1kB of archives.
After unpacking 217kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.ZLO.ZLO.ZLO etch/main libnet1 1.1.2.1-2 [50.5kB]
Get:2 http://debian.ZLO.ZLO.ZLO etch/main arping 2.05-2 [20.6kB]
Fetched 71.1kB in 0s (792kB/s)
Selecting previously deselected package libnet1.
(Reading database ... 25958 files and directories currently installed.)
Unpacking libnet1 (from .../libnet1_1.1.2.1-2_i386.deb) ...
Selecting previously deselected package arping.
Unpacking arping (from .../arping_2.05-2_i386.deb) ...
Setting up libnet1 (1.1.2.1-2) ...
Setting up arping (2.05-2) ...











18:45:18




#arping 192.168.15.102





ARPING 192.168.15.102
--- 192.168.15.102 statistics ---
1 packets transmitted, 0 packets received, 100% unanswered











/dev/pts/6
18:45:45




#arping 192.168.15.100


ARPING 192.168.15.100
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=0 time=332.117 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=1 time=283.214 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=2 time=344.038 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=3 time=4.374 msec
--- 192.168.15.100 statistics ---
2 packets transmitted, 4 packets received, -100% unanswered











18:45:54




#arping 192.168.15.101





ARPING 192.168.15.101
--- 192.168.15.101 statistics ---
2 packets transmitted, 0 packets received, 100% unanswered











18:46:17




#man honeyd.conf













/dev/tty3
18:46:37




#arping 192.168.15.100


ARPING 192.168.15.100
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=0 time=375.032 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=1 time=18.679 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=2 time=377.893 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=3 time=7.333 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=4 time=1.015 sec
--- 192.168.15.100 statistics ---
2 packets transmitted, 5 packets received, -150% unanswered











18:46:42




#arping 192.168.15.100


ARPING 192.168.15.100
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=0 time=314.951 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=1 time=808.229 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=2 time=303.030 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=3 time=1.262 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=4 time=344.992 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=5 time=5.067 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=6 time=308.990 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=7 time=5.084 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=8 time=339.031 usec
...
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=12 time=334.978 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=13 time=5.262 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=14 time=355.005 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=15 time=5.354 msec
q60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=16 time=333.071 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=17 time=5.415 msec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=18 time=342.846 usec
60 bytes from 00:0a:01:d4:d1:e3 (192.168.15.100): index=19 time=5.454 msec
--- 192.168.15.100 statistics ---
10 packets transmitted, 20 packets received, -100% unanswered











18:48:15




#strings 'which honeyd'





strings: 'which honeyd': No such file











18:51:38




#strings which honeyd





strings: 'which': No such file
strings: 'honeyd': No such file











18:51:46




#strings 'which honeyd'





strings: 'which honeyd': No such file











18:52:29




#strings ' which honeyd '





strings: ' which honeyd ': No such file











18:52:37




#strings `which honeyd` | grep etc


_IO_getc
ethernetcode_find_prefix
ethernetcode_init
ethernetcode_make_address
ethernetcode_clone
dhcp_getconf
ethernetcode_test
netcontinuum, inc.
netchip technology, inc.
inetcam, inc.
...
netcorp
jetcell, inc.
rocketchips, inc.
nrc - network resources corporation - multigate hub1+, hub2, etc
netcom sicherheitstechnik gmbh
netcs informationstechnik gmbh
agfa printers, phototypesetters etc.
ethernetcode_test
ethernetcode_index
dhcp_getconf











18:53:07




#strings `which honeyd` | grep /etc















18:53:17




#strings `which honeyd` | grep /etc















18:53:20




#strings `which honeyd` | grep etc


_IO_getc
ethernetcode_find_prefix
ethernetcode_init
ethernetcode_make_address
ethernetcode_clone
dhcp_getconf
ethernetcode_test
netcontinuum, inc.
netchip technology, inc.
inetcam, inc.
...
netcorp
jetcell, inc.
rocketchips, inc.
nrc - network resources corporation - multigate hub1+, hub2, etc
netcom sicherheitstechnik gmbh
netcs informationstechnik gmbh
agfa printers, phototypesetters etc.
ethernetcode_test
ethernetcode_index
dhcp_getconf











18:53:27




#strings `which honeyd` | grep etc | more










18:53:37




#cd /etc/ho





honeypot/    host.conf    hostname     hosts        hosts.allow  hosts.deny











18:53:37




#cd /etc/honeypot/ls





bash: cd: /etc/honeypot/ls: No such file or directory











18:54:01




#cd /etc/honeypot/












18:54:07




#ls


honeyd.conf  nmap.assoc  nmap.prints  pf.os  xprobe2.conf











18:54:09




#vi honeyd.conf


1,6c1,6
< route entry 10.0.0.1
< route 10.0.0.1 link 10.2.0.0/24
< route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps
< route 10.3.0.1 link 10.3.0.0/24
< route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5
< route 10.3.1.1 link 10.3.1.0/24
---
> #groute entry 10.0.0.1
> #route 10.0.0.1 link 10.2.0.0/24
> #route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps
> #route 10.3.0.1 link 10.3.0.0/24
> #route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5
> #route 10.3.1.1 link 10.3.1.0/24
9,12c9,12
< create template
< set template personality "Microsoft Windows XP Professional SP1"
< set template uptime 1728650
< set template maxfds 35
---
> #create template
> #set template personality "Microsoft Windows XP Professional SP1"
> #set template uptime 1728650
> #set template maxfds 35
14,18c14,18
< add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"
< add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"
< add template tcp port 23 proxy $ipsrc:23
< add template udp port 53 proxy 141.211.92.141:53
< set template default tcp action reset
---
> #add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"
> #add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"
> #add template tcp port 23 proxy $ipsrc:23
> #add template udp port 53 proxy 141.211.92.141:53
> #set template default tcp action reset
23,26c23,26
< create default
< set default default tcp action block
< set default default udp action block
< set default default icmp action block
---
> #create default
> #set default default tcp action block
> #set default default udp action block
> ##set default default icmp action block
28,32c28,32
< create router
< set router personality "Cisco 1601R router running IOS 12.1(5)"
< set router default tcp action reset
< add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"
< add router tcp port 23 "/usr/share/honyed/scripts/router-telnet.pl"
---
> #create router
> #set router personality "Cisco 1601R router running IOS 12.1(5)"
> #set router default tcp action reset
> #add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"
> #add router tcp port 23 "/usr/share/honyed/scripts/router-telnet.pl"
34,40c34,41
< bind 10.3.0.1 router
< bind 10.3.1.1 router
< bind 10.3.1.12 template
< bind 10.3.1.11 template
< bind 10.3.1.10 template
< set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"
< set 10.3.1.10 personality "IBM AIX 4.2"
---
> #bind 10.3.0.1 router
> #bind 10.3.1.1 router
> #bind 10.3.1.12 template
> #bind 10.3.1.11 template
> #bind 10.3.1.10 template
> #set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"
> #set 10.3.1.10 personality "IBM AIX 4.2"
> create window









/dev/pts/10
19:02:40




#vi /etc/ho













19:02:40




#vi /etc/honeypot/













19:02:40




#vi /etc/honeypot/honeyd.conf


41c41,47
< create window
---
> createte windows
> set windows personality "Microsoft Windows XP Professional SP1"
> add windows tcp port 80 "sh scripts/web.sh"
> add windows tcp port 22 "sh scripts/test.sh $ipsrc $dport"
> set windows default tcp action reset
> set windows default udp action reset
> bind 192.168.15.101









/dev/pts/6
19:02:53




#vi /etc/honeypot/honeyd.conf










19:05:52




#ping 192.168.15.100





PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
--- 192.168.15.100 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms











/dev/pts/10
19:06:37




#honeyd


Honeyd V1.5b Copyright (c) 2002-2004 Niels Provos
honeyd[13189]: started with
honeyd[13189]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:04:75:75:46:b1
Honeyd starting as background process











19:07:00




#ping 192.168.15.101





PING 192.168.15.101 (192.168.15.101) 56(84) bytes of data.
From 192.168.15.201 icmp_seq=1 Destination Host Unreachable
From 192.168.15.201 icmp_seq=2 Destination Host Unreachable
From 192.168.15.201 icmp_seq=3 Destination Host Unreachable
--- 192.168.15.101 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3003ms
, pipe 3











/dev/pts/6
19:07:05




#nc 192.168.15.100 80












19:07:12




#nc 192.168.15.100 22












19:07:16




#vi /etc/honeypot/honeyd.conf










/dev/pts/10
19:07:17




#vi /etc/honeypot/honeyd.conf










/dev/pts/6
19:07:57




#nc 192.168.15.100 22















/dev/pts/10
19:09:07




#nessus












/dev/pts/6
19:14:00




#ping 192.168.15.100


PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=1.06 ms
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=1.28 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.518 ms
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.692 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.530 ms
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.680 ms (DUP!)
--- 192.168.15.100 ping statistics ---
3 packets transmitted, 3 received, +3 duplicates, 0% packet loss, time 2024ms
rtt min/avg/max/mdev = 0.518/0.794/1.283/0.284 ms











19:14:05




#ping 192.168.15.100


PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=0.688 ms
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=1.02 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.374 ms
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.546 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.369 ms
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.543 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=4 ttl=128 time=0.387 ms
64 bytes from 192.168.15.100: icmp_seq=4 ttl=128 time=0.557 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=5 ttl=128 time=0.380 ms
64 bytes from 192.168.15.100: icmp_seq=5 ttl=128 time=0.542 ms (DUP!)
--- 192.168.15.100 ping statistics ---
5 packets transmitted, 5 received, +5 duplicates, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.369/0.540/1.023/0.192 ms











19:14:31




#man arping










19:14:55




#arping -a





ARPing 2.05, by Thomas Habets <thomas@habets.pp.se>
usage: arping [ -0aAbdFpqrRuv ] [ -w <us> ] [ -S <host/ip> ] [ -T <host/ip ]
              [ -s <MAC> ] [ -t <MAC> ] [ -c <count> ] [ -i <interface> ]
              <host/ip/MAC | -B>











19:14:58




#arping -a 192.168.15





ARPING 192.168.0.15
--- 192.168.0.15 statistics ---
4 packets transmitted, 0 packets received, 100% unanswered











19:15:07




#arping -a 192.168.15.0/24





arping: Can't resolve 192.168.15.0/24











19:15:10




#arping -a 192.168.15.0-255





arping: Can't resolve 192.168.15.0-255











19:15:17




#ping 192.168.15.100


PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=0.459 ms
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=0.913 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.372 ms
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.546 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.420 ms
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.594 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=4 ttl=128 time=0.405 ms
64 bytes from 192.168.15.100: icmp_seq=4 ttl=128 time=0.602 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=5 ttl=128 time=0.355 ms
...
64 bytes from 192.168.15.100: icmp_seq=9 ttl=128 time=0.840 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=10 ttl=128 time=0.377 ms
64 bytes from 192.168.15.100: icmp_seq=10 ttl=128 time=0.545 ms (DUP!)
64 bytes from 192.168.15.100: icmp_seq=11 ttl=128 time=0.341 ms
64 bytes from 192.168.15.100: icmp_seq=12 ttl=128 time=0.388 ms
64 bytes from 192.168.15.100: icmp_seq=13 ttl=128 time=0.355 ms
64 bytes from 192.168.15.100: icmp_seq=14 ttl=128 time=0.457 ms
--- 192.168.15.100 ping statistics ---
14 packets transmitted, 14 received, +10 duplicates, 0% packet loss, time 13000ms
rtt min/avg/max/mdev = 0.341/0.496/0.913/0.147 ms











19:15:39




#ping 192.168.15.100


PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=0.570 ms
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.384 ms
--- 192.168.15.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.384/0.477/0.570/0.093 ms











19:15:41




#arp -an


? (192.168.15.100) at 00:0A:01:D4:D1:E3 [ether] on eth0
? (192.168.15.254) at 00:0A:01:D4:D1:39 [ether] on eth0
? (192.168.15.101) at <incomplete> on eth0
? (192.168.15.200) at 00:0A:01:D4:D1:E3 [ether] on eth0











19:15:44




#ping 192.168.15.100


PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=0.716 ms
64 bytes from 192.168.15.100: icmp_seq=2 ttl=128 time=0.397 ms
64 bytes from 192.168.15.100: icmp_seq=3 ttl=128 time=0.422 ms
64 bytes from 192.168.15.100: icmp_seq=4 ttl=128 time=0.391 ms
64 bytes from 192.168.15.100: icmp_seq=5 ttl=128 time=0.401 ms
--- 192.168.15.100 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4014ms
rtt min/avg/max/mdev = 0.391/0.465/0.716/0.127 ms











19:16:17




#nc 192.168.15.100 80












19:16:31




#nc 192.168.15.100 22












19:16:32




#ping 192.168.15.100


PING 192.168.15.100 (192.168.15.100) 56(84) bytes of data.
64 bytes from 192.168.15.100: icmp_seq=1 ttl=128 time=1.08 ms
--- 192.168.15.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.081/1.081/1.081/0.000 ms











19:17:00




#nc 192.168.15.100 22












19:17:01




#nmap





bash: nmap: command not found











19:17:34




#apt-get install nmap


Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
  nmap
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 736kB of archives.
After unpacking 2515kB of additional disk space will be used.
Get:1 http://debian.org.ua etch/main nmap 4.11-1 [736kB]
Fetched 736kB in 0s (3055kB/s)
Selecting previously deselected package nmap.
(Reading database ... 25977 files and directories currently installed.)
Unpacking nmap (from .../archives/nmap_4.11-1_i386.deb) ...
Setting up nmap (4.11-1) ...











19:17:42




#nmap -sS 192.168.15.100


Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-22 12:18 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.264 seconds











19:18:18




#nmap -sS -P0


Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-22 12:18 EDT
Nmap finished: 1 IP address (0 hosts up) scanned in 0.254 seconds











/dev/pts/10
19:18:55




#ipt





iptables          iptables-restore  iptables-save     iptunnel











19:18:55




#iptables -l





iptables v1.3.6: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











19:21:14




#iptables -l





iptables v1.3.6: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











19:21:24




#iptables l





Bad argument `l'
Try `iptables -h' or 'iptables --help' for more information.











19:21:32




#iptables -l





iptables v1.3.6: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











19:21:37




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











19:21:42




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











19:22:14




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











19:22:18




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











19:22:24




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











19:22:34




#iptables -L


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination











19:23:35




#ping 192.168.15.101





PING 192.168.15.101 (192.168.15.101) 56(84) bytes of data.
From 192.168.15.201 icmp_seq=2 Destination Host Unreachable
From 192.168.15.201 icmp_seq=3 Destination Host Unreachable
From 192.168.15.201 icmp_seq=4 Destination Host Unreachable
From 192.168.15.201 icmp_seq=6 Destination Host Unreachable
From 192.168.15.201 icmp_seq=7 Destination Host Unreachable
From 192.168.15.201 icmp_seq=8 Destination Host Unreachable
--- 192.168.15.101 ping statistics ---
10 packets transmitted, 0 received, +6 errors, 100% packet loss, time 9000ms
, pipe 3











/dev/tty3
19:26:52




#ping 192.168.15.201





connect: Network is unreachable











19:27:11




#ping 192.168.15.201





connect: Network is unreachable









Файлы
  • i
  • in
  • inetd.conf
  • init
  • init.d/
  • init.d/nessusd
  • init.d/r
  • init.d/rc
  • rc
    • i
    

    >
    icedove/         init.d/          inputrc
iceweasel/       initramfs-tools/ issue
inetd.conf       inittab          issue.net

    in
    

    >
    inetd.conf       initramfs-tools/ inputrc
init.d/          inittab

    inetd.conf
    

    >
    # /etc/inetd.conf:  see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
#:INTERNAL: Internal services
#discard                stream  tcp     nowait  root    internal
#discard                dgram   udp     wait    root    internal
#daytime                stream  tcp     nowait  root    internal
#time           stream  tcp     nowait  root    internal
#:STANDARD: These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocols.
#:MAIL: Mail, news and uucp services.
#:INFO: Info services
#:BOOT: TFTP service is provided primarily for booting.  Most sites
#       run this only on machines acting as "boot servers."
#:RPC: RPC based services
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services

    init
    

    >
    init.d/          initramfs-tools/ inittab

    init.d/
    

    >
    acpid                  lvm                    reboot
apache                 makedev                rmnologin
arpwatch               module-init-tools      scanlogd
bootclean              mountall-bootclean.sh  sendsigs
bootlogd               mountall.sh            single
bootmisc.sh            mountdevsubfs.sh       skeleton
checkfs.sh             mountkernfs.sh         ssh
checkroot.sh           mountnfs-bootclean.sh  stop-bootlogd
console-screen.sh      mountnfs.sh            stop-bootlogd-single
cron                   mtab.sh                sudo
exim4                  mysql                  sysklogd
glibc.sh               mysql-ndb              syslog-ng
halt                   mysql-ndb-mgm          udev
hostname.sh            nessusd                udev-mtab
hwclock.sh             networking             umountfs
ifupdown               openbsd-inetd          umountnfs.sh
ifupdown-clean         procps.sh              umountroot
keymap.sh              rc                     urandom
killprocs              rc.local               x11-common
klogd                  rcS
libdevmapper1.02       README

    init.d/nessusd
    

    >
    # Debian GNU/Linux distribution
# daemon options (-D implied, not needed)
DAEMONOPTS="-q"
# time to wait for daemons death, in seconds
# don't set it too low or you might not let nessusd die gracefully
DODTIME=5
[ -r /etc/default/nessusd ] && . /etc/default/nessusd
DAEMON=/usr/sbin/nessusd
PIDFILE=/var/run/nessusd.pid
NAME=nessusd
LABEL="Nessus daemon"
test -x $DAEMON || exit 0
running()
{
    # No pidfile, probably no daemon present
    #
    [ ! -f "$PIDFILE" ] && return 1
    pid=`cat $PIDFILE`
    # No pid, probably no daemon present
    [ -z "$pid" ] && return 1
    [ ! -d /proc/$pid ] &&  return 1
    cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
    # No nessusd?
    [ "$cmd" != "$NAME" ] &&  return 1
    return 0
}
warn_cert_file() {
        echo -n "WARN: The (expected) certificate file $1 is not available." >&2
        echo -n "The Nessus server might not start up." >&2
}
check_certs() {
        if [ -z "`grep ^ca_file /etc/nessus/nessusd.conf`" ] ; then
                echo -n "WARN: The Nessusd configuration file does have a certificate. Have you run nessus-mkcert? (Nessusd might not start)" >&2
        fi
        CERTDIR=/var/lib/nessus/CA/
        PRIVCERTDIR=/var/lib/nessus/private/CA/
        for cert in cacert.pem servercert.pem; do
                [ ! -r "$CERTDIR/$cert" ] && warn_cert_file "$CERTDIR/$cert"
        done
        for cert in cakey.pem serverkey.pem; do
                [ ! -r "$PRIVCERTDIR/$cert" ] && warn_cert_file "$CERTDIR/$cert"
        done
}
nessus_start() {
        if [ ! -r /etc/nessus/nessusd.conf ] ; then
                echo -n "ERROR: Cannot read nessus configuration file, are you root?" >&2
                return 1
        fi
        check_certs
        start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS -D 2>&1 >/dev/null
        errcode=$?
# If we don't sleep then running() might not see the pidfile
        sleep $DODTIME
        return $errcode
}
force_stop() {
        [ ! -e "$PIDFILE" ] && return
        if running ; then
                kill -15 $pid
        # Is it really dead?
                sleep "$DODTIME"s
                if running ; then
                        kill -9 $pid
                        sleep "$DODTIME"s
                        if running ; then
                                echo "Cannot kill $LABEL (pid=$pid)!"
                                exit 1
                        fi
                fi
        fi
        rm -f $PIDFILE
}
case "$1" in
  start)
    echo -n "Starting $LABEL: "
    if nessus_start && running ;  then
            echo "nessusd."
    else
            echo "ERROR."
            exit 1
    fi
    ;;
  stop)
    echo -n "Stopping $LABEL: "
    if running ; then
        start-stop-daemon --stop --pidfile $PIDFILE --quiet --oknodo --exec $DAEMON
        sleep "$DODTIME"s
    fi
    if running; then
        force_stop
    fi
    echo "nessusd."
      ;;
  restart)
    echo -n "Restarting $LABEL: "
    if running; then
        start-stop-daemon --stop --pidfile $PIDFILE --quiet --oknodo --exec $DAEMON
        sleep "$DODTIME"s
    fi
    if running; then
        force_stop
    fi
    if nessus_start && running ;  then
            echo "nessusd."
    else
            echo "ERROR."
            exit 1
    fi
    ;;
  reload|force-reload)
    echo  -n "Reloading $LABEL configuration files: "
    start-stop-daemon --stop --pidfile $PIDFILE --signal 1 --exec $DAEMON
    sleep "$DODTIME"s
    if running ;  then
            echo "done."
    else
            echo "ERROR."
            exit 1
    fi
    ;;
  status)
    echo -n "$LABEL is "
    if running ;  then
            echo "running"
    else
            echo " not running."
            exit 1
    fi
    ;;
  *)
    echo "Usage: /etc/init.d/$NAME {start|stop|restart|reload|status}"
    exit 1
    ;;
esac
exit 0

    init.d/r
    

    >
    rc         rc.local   rcS        reboot     rmnologin

    init.d/rc
    

    >
                                    ;;
                        esac
                done
        }
        ;;
esac
# Is there an rc directory for this new runlevel?
if [ -d /etc/rc$runlevel.d ]
then
        # Find out where in the progress bar the initramfs got to.
        PROGRESS_STATE=0
        if [ -f /dev/.initramfs/progress_state ]; then
            . /dev/.initramfs/progress_state
        fi
        # Split the remaining portion of the progress bar into thirds
        progress_size=$(((100 - $PROGRESS_STATE) / 3))
        case "$runlevel" in
                0|6)
                        ACTION=stop
                        # Count down from 0 to -100 and use the entire bar
                        first_step=0
                        progress_size=100
                        step_change=-1
                        ;;
                S)
                        ACTION=start
                        # Begin where the initramfs left off and use 2/3
                        # of the remaining space
                        first_step=$PROGRESS_STATE
                        progress_size=$(($progress_size * 2))
                        step_change=1
                        ;;
                *)
                        ACTION=start
                        # Begin where rcS left off and use the final 1/3 of
                        # the space (by leaving progress_size unchanged)
                        first_step=$(($progress_size * 2 + $PROGRESS_STATE))
                        step_change=1
                        ;;
        esac
        if [ "$SPLASH" = true ] ; then
            # Count the number of scripts we need to run (for usplash
            # progress bar)
            num_steps=0
            for s in /etc/rc$runlevel.d/[SK]*; do
                case "${s##/etc/rc$runlevel.d/S??}" in
                 gdm|xdm|kdm|ltsp-client|reboot|halt)
                    break
                    ;;
                esac
                num_steps=$(($num_steps + 1))
            done
            step=0
        fi
        # First, run the KILL scripts.
        if [ "$previous" != N ]
        then
                # Run all scripts with the same level in parallel
                CURLEVEL=""
                for s in /etc/rc$runlevel.d/K*
                do
                        level=$(echo $s | sed 's/.*\/K\([0-9][0-9]\).*/\1/')
                        if [ "$level" = "$CURLEVEL" ]
                        then
                                continue
                        fi
                        CURLEVEL=$level
                        SCRIPTS=""
                        for i in /etc/rc$runlevel.d/K$level*
                        do
                                # Check if the script is there.
                                [ ! -f $i ] && continue
                                #
                                # Find stop script in previous runlevel but
                                # no start script there.
                                #
                                suffix=${i#/etc/rc$runlevel.d/K[0-9][0-9]}
                                previous_stop=/etc/rc$previous.d/K[0-9][0-9]$suffix
                                previous_start=/etc/rc$previous.d/S[0-9][0-9]$suffix
                                #
                                # If there is a stop script in the previous level
                                # and _no_ start script there, we don't
                                # have to re-stop the service.
                                #
                                [ -f $previous_stop ] && [ ! -f $previous_start ] && continue
                                # Stop the service.
                                SCRIPTS="$SCRIPTS $i"
                        done
                        startup stop $SCRIPTS
                done
        fi
        # Now run the START scripts for this runlevel.
        # Run all scripts with the same level in parallel
        CURLEVEL=""
        for s in /etc/rc$runlevel.d/S*
        do
                level=$(echo $s | sed 's/.*\/S\([0-9][0-9]\).*/\1/')
                if [ "$level" = "$CURLEVEL" ]
                then
                        continue
                fi
                CURLEVEL=$level
                SCRIPTS=""
                for i in /etc/rc$runlevel.d/S$level*
                do
                        [ ! -f $i ] && continue
                        if [ "$previous" != N ]
                        then
                                #
                                # Find start script in previous runlevel and
                                # stop script in this runlevel.
                                #
                                suffix=${i#/etc/rc$runlevel.d/S[0-9][0-9]}
                                stop=/etc/rc$runlevel.d/K[0-9][0-9]$suffix
                                previous_start=/etc/rc$previous.d/S[0-9][0-9]$suffix
                                #
                                # If there is a start script in the previous level
                                # and _no_ stop script in this level, we don't
                                # have to re-start the service.
                                #
                                [ -f $previous_start ] && [ ! -f $stop ] && continue
                        fi
                        SCRIPTS="$SCRIPTS $i"
                done
                startup $ACTION $SCRIPTS
        done
fi
if [ S = "$runlevel" ]
then
        #
        # For compatibility, run the files in /etc/rc.boot too.
        #
        [ -d /etc/rc.boot ] && run-parts /etc/rc.boot
fi
trap - EXIT # Disable emergency handler
exit 0

    rc
    

    >
    rc0.d/    rc2.d/    rc4.d/    rc6.d/    rcS.d/
rc1.d/    rc3.d/    rc5.d/    rc.local

    Статистика
    Время первой команды журнала18:04:22 2007- 6-22
    Время последней команды журнала19:27:11 2007- 6-22
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %33.66
    Процент синтаксически неверно набранных команд, % 2.97
    Суммарное время работы с терминалом *, час 1.38
    Количество командных строк в единицу времени, команда/мин 1.22
    Частота использования команд
    cat16|==============| 14.41%
    ping11|=========|  9.91%
    iptables10|=========|  9.01%
    arping9|========|  8.11%
    strings9|========|  8.11%
    vi7|======|  6.31%
    farpd6|=====|  5.41%
    nc6|=====|  5.41%
    apt-get6|=====|  5.41%
    grep6|=====|  5.41%
    ls5|====|  4.50%
    man4|===|  3.60%
    cd4|===|  3.60%
    more3|==|  2.70%
    nmap3|==|  2.70%
    ipt1||  0.90%
    nessus1||  0.90%
    honeyd1||  0.90%
    apring1||  0.90%
    arp1||  0.90%
    gerp1||  0.90%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$