/l3/users/katasonov/xg-ids/linux1.unix.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Понедельник (11/13/06)

/dev/pts/9
23:53:05
#ls -l /var/www/ 
ls: /var/www/: No such file or directory
23:55:32
#less /etc/ap
23:55:32
#less /etc/ap
23:55:32
#less /etc/apache/conf.d/php4.conf
23:55:32
#apt-get install apache2
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  apache2-common apache2-mpm-worker openssl ssl-cert
Suggested packages:
  apache2-doc lynx www-browser ca-certificates
The following NEW packages will be installed:
  apache2 apache2-common apache2-mpm-worker openssl ssl-cert
0 upgraded, 5 newly installed, 0 to remove and 6 not upgraded.
Need to get 1965kB of archives.
...
Selecting previously deselected package apache2.
Unpacking apache2 (from .../apache2_2.0.54-5sarge1_i386.deb) ...
Setting up openssl (0.9.7e-3sarge4) ...
Setting up ssl-cert (1.0-11) ...
Setting up apache2-common (2.0.54-5sarge1) ...
Setting Apache2 to Listen on port 80. If this is not desired, please edit /etc/apache2/ports.conf as desired. Note that the Port directive no longer works.
Module userdir installed; run /etc/init.d/apache2 force-reload to enable.
Setting up apache2-mpm-worker (2.0.54-5sarge1) ...
Starting web server: Apache2.
Setting up apache2 (2.0.54-5sarge1) ...
23:56:42
#ls /var/www/apache2-default/ 
apache_pb.gif             index.html.dk             index.html.hr.iso8859-2   index.html.po.iso8859-2   index.html.sv
apache_pb.png             index.html.ee             index.html.it             index.html.pt             index.html.var
apache_pb2.gif            index.html.el             index.html.ja.iso2022-jp  index.html.pt-br          index.html.zh-cn.gb2312
apache_pb2.png            index.html.en             index.html.ko.euc-kr      index.html.ru.cp-1251     index.html.zh-tw.big5
apache_pb2_ani.gif        index.html.es             index.html.lb.utf8        index.html.ru.cp866       robots.txt
index.html.ca             index.html.et             index.html.nl             index.html.ru.iso-ru
index.html.cz.iso8859-2   index.html.fr             index.html.nn             index.html.ru.koi8-r
index.html.de             index.html.he.iso8859-8   index.html.no             index.html.ru.utf8
23:56:42
#mv ~user/Desktop/ 
.directory              Trash                   phpsyslogng-2.6         phpsyslogng-2.6.tar.gz
23:56:42
#mv ~user/Desktop/phpsyslogng-2.6 /usr/local/share/phpsyslogng










23:59:43




#echo mv /usr/local/share/phpsyslog{ng,}


mv /usr/local/share/phpsyslogng /usr/local/share/phpsyslog









Вторник (11/14/06)


00:00:09




#ls /etc/rc2.d/


S10sysklogd   S11klogd  S18portmap  S20dirmngr  S20inetd  S20makedev  S20openbsd-inetd  S21fam         S89atd   S91apache2  S99rmnologin
S10syslog-ng  S14ppp    S20dbus-1   S20exim4    S20lpd    S20mysql    S20ssh            S21nfs-common  S89cron  S99gdm      S99stop-bootlogd











00:01:04




#vi /etc/apache













00:01:04




#vi /etc/apache2/













00:01:04




#vi /etc/apache2/













00:01:04




#vi /etc/apache2/













00:01:04




#vi /etc/apache2/apache2.conf










00:02:52




#/etc/init.d/apache2 restart


Forcing reload of web server: Apache2.











00:03:00




#apt-get install php4


Reading Package Lists... Done
Building Dependency Tree... Done
php4 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.











00:03:47




#apt-cache search php apache


apache - versatile, high-performance HTTP server
apache-perl - versatile, high-performance HTTP server with Perl support
apache-ssl - versatile, high-performance HTTP server with SSL support
apache2-prefork-dev - development headers for apache2
axyl-lucene - The Axyl Luceneserver
dacode - Powerful and full-featured news engine written in PHP
fibusql - Web based double-entry accounting
libapache-mod-gzip - HTTP compression module for Apache
libapache-mod-suphp - Apache module to run php scripts with the owner permissions
libapache2-mod-suphp - Apache2 module to run php scripts with the owner permissions
...
php3-mysql - Mysql module for PHP3 (use with php3)
php3-pgsql - PostgreSQL module for PHP3 (use with php3)
php3-snmp - SNMP module for PHP3 (use with php3)
php3-xml - XML module for PHP3 (use with php3)
suphp-common - Common files for mod suphp
websvn - interface for subversion repositories written in PHP
wwwconfig-common - Debian web auto configuration
libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)











00:03:56




#apt-cache search bash completion


bash - The GNU Bourne Again SHell
ddd - The Data Display Debugger, a graphical debugger frontend
emacs-goodies-el - Miscellaneous add-ons for Emacs
epic4-script-thirdeye - Third Eye EPIC script
gstreamer0.8-tools - Tools for use with GStreamer
kdesdk-scripts - a set of useful development scripts for KDE
mpc - A command-line tool to interface MPD
optcomplete-common - common scripts and documentation for python-optcomplete
python-optcomplete - provide bash-completion for Python programs (dummy package)
python2.3-optcomplete - provide bash-completion for Python programs
python2.4-optcomplete - provide bash-completion for Python programs
rlwrap - readline feature command line wrapper
viewglob - A graphical display of directories referenced at the shell prompt











00:04:32




#. /etc/bash_completion












00:04:44




#apt-get install libapache2-mod-php4


Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  apache2-mpm-prefork
Suggested packages:
  php4-pear
The following packages will be REMOVED:
  apache2-mpm-worker
The following NEW packages will be installed:
  apache2-mpm-prefork libapache2-mod-php4
...
Stopping web server: Apache2.
Selecting previously deselected package apache2-mpm-prefork.
(Reading database ... 88372 files and directories currently installed.)
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.0.54-5sarge1_i386.deb) ...
Selecting previously deselected package libapache2-mod-php4.
Unpacking libapache2-mod-php4 (from .../libapache2-mod-php4_4%3a4.3.10-18_i386.deb) ...
Setting up apache2-mpm-prefork (2.0.54-5sarge1) ...
Starting web server: Apache2.
Setting up libapache2-mod-php4 (4.3.10-18) ...
Forcing reload of web server: Apache2.











00:05:40




#vi /usr/local/share/













00:05:40




#vi /usr/local/share/phpsyslogng/config/config.php


42c42
< define('DBUSER', 'sysloguser');
---
> define('DBUSER', 'syslog');
45c45
< define('DBUSERPW', 'PW_HERE');
---
> define('DBUSERPW', 'pass');
51c51
< define('DBADMINPW', 'PW_HERE');
---
> define('DBADMINPW', 'pass');









00:08:24




#vi /usr/local/share/phpsyslogng/config/config.php










/dev/pts/12
00:12:02




#tail /var/log/apache2/error.log


[Mon Nov 13 16:56:42 2006] [notice] Apache/2.0.54 (Debian GNU/Linux) configured -- resuming normal operations
[Mon Nov 13 16:57:08 2006] [error] [client 127.0.0.1] File does not exist: /var/www/favicon.ico
[Mon Nov 13 17:02:59 2006] [notice] caught SIGTERM, shutting down
[Mon Nov 13 17:03:00 2006] [notice] Apache/2.0.54 (Debian GNU/Linux) configured -- resuming normal operations
[Mon Nov 13 17:05:34 2006] [notice] caught SIGTERM, shutting down
[Mon Nov 13 17:05:39 2006] [notice] Apache/2.0.54 (Debian GNU/Linux) configured -- resuming normal operations
[Mon Nov 13 17:05:40 2006] [notice] caught SIGTERM, shutting down
[Mon Nov 13 17:05:40 2006] [notice] Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-18 configured -- resuming normal operations











00:12:07




#ping ya.ru


Reading Package Lists... Done
Building Dependency Tree... 0%
PING ya.ru (213.180.204.8) 56(84) bytes of data.
64 bytes from ya.ru (213.180.204.8): icmp_seq=1 ttl=55 time=113 ms
64 bytes from ya.ru (213.180.204.8): icmp_seq=2 ttl=55 time=119 ms
64 bytes from ya.ru (213.180.204.8): icmp_seq=3 ttl=55 time=111 ms
--- ya.ru ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3460ms
rtt min/avg/max/mdev = 111.630/115.134/119.788/3.450 ms











/dev/pts/9
00:12:58




#apt-cache search php mysql


acidlab-mysql - Analysis Console for Intrusion Databases for MySQL
cacti - Frontend to rrdtool for monitoring systems and services
dacode - Powerful and full-featured news engine written in PHP
eskuel - A pretty PHP administration tool for MySQL databases
fibusql - Web based double-entry accounting
htcheck-php - Simple php interface to database generated by ht://Check
jffnms - web-based Network Management System (NMS) for IP networks
jsboard - A web-based news/discussion system
libphp-adodb - The 'adodb' database abstraction layer for php
mantis - web-based bug tracking system
...
php4-maxdb - PHP extension to access MaxDB databases
phpbb2 - A fully featured and skinneable flat (non-threaded) webforum
phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database
sqlrelay - Database connection pooling, proxying and load balancing
sqlrelay-dev - SQL Relay C and C++ APIs
sqlrelay-doc - SQL Relay Documentation
webcalendar - PHP-Based multi-user calendar
zoph - Web based digital image presentation and management system
php4-mysql - MySQL module for php4
phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW











00:13:06




#apt-get install php4-mysql





Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
  php4-mysql
0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded.
Need to get 21.2kB of archives.
After unpacking 115kB of additional disk space will be used.
Err http://security.debian.org stable/updates/main php4-mysql 4:4.3.10-18
  504 Proxy Timeout ( The connection timed out.  ) [IP: 128.101.240.212 80]
Failed to fetch http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_i386.deb  504 Proxy Timeout ( The connection timed out.  ) [IP: 128.101.240.212 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?











00:13:50




#apt-get install php4-mysql


Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
  php4-mysql
0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded.
Need to get 21.2kB of archives.
After unpacking 115kB of additional disk space will be used.
Get:1 http://security.debian.org stable/updates/main php4-mysql 4:4.3.10-18 [21.2kB]
Fetched 21.2kB in 0s (51.8kB/s)
Preconfiguring packages ...
Selecting previously deselected package php4-mysql.
(Reading database ... 88381 files and directories currently installed.)
Unpacking php4-mysql (from .../php4-mysql_4%3a4.3.10-18_i386.deb) ...
Setting up php4-mysql (4.3.10-18) ...











00:14:09




#cd /usr/local/share/





fonts        games        man          perl         phpsyslogng  sgml         xml











00:14:09




#cd /usr/local/share/phpsyslogng/












00:14:50




#ls


CHANGELOG  LICENSE  README  config  css  includes  index.php  scripts











00:14:51




#grep -r 'databaase connection' .















00:15:00




#grep -r 'database connection' .


./includes/help.php:    echo "<b>A database connection problem was encountered.<br />Please check config/config.php to make sure everything is correct and make sure the MySQL server is up and running.</b>";











00:15:03




#vi includes/help.php










00:15:24




#grep -r dbProblem .


./index.php:$dbProblem = FALSE;
./index.php:    $dbProblem = TRUE;
./includes/help.php:if($dbProblem) {











00:15:29




#vi index.php










00:16:06




#grep -r db_connect_syslog .


./index.php:if(!$dbLink = db_connect_syslog(DBUSER, DBUSERPW)) {
./includes/common_funcs.php:function db_connect_syslog($dbUser, $dbPassword, $connType = 'P') {
./includes/about.php:<li>Fixed issue with persistent MySQL connections. db_connect_syslog() now only uses mysql_pconnect() if it is available.</li>
./includes/configure.php:               $admLink = db_connect_syslog(DBADMIN, DBADMINPW, 'C');
./includes/configure.php:               $admLink = db_connect_syslog(DBADMIN, DBADMINPW, 'C');
./includes/configure.php:               $admLink = db_connect_syslog(DBADMIN, DBADMINPW, 'C');
./includes/configure.php:               $admLink = db_connect_syslog(DBADMIN, DBADMINPW, 'C');
./scripts/logrotate.php:$dbLink = db_connect_syslog(DBADMIN, DBADMINPW);
./scripts/reloadcache.php:$dbLink = db_connect_syslog(DBUSER, DBUSERPW);
./CHANGELOG:* Fixed issue with persistent MySQL connections. db_connect_syslog() now only uses mysql_pconnect() if it is available.











00:16:12




#vi includes/common_funcs.php


183a184
> 	print "db_conect_syslog started<br/>";
188a190
> 		print "$server_string $dbUser $dbPassword<br/>";
190a193,195
> 	else {
> 		print " V sad!<br/>";
> 	}
193a199
> 	print "db_conect_syslog connected<br/>";
369c375
< ?>
\ No newline at end of file
---
> ?>









00:18:55




#/etc/init.d/apache2 restart


Forcing reload of web server: Apache2.











00:19:01




#mysql -p -u syslogadmin


Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1063 to server version: 4.0.24_Debian-10sarge2-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
mysql>
mysql> use syslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+------------------+
| Tables_in_syslog |
+------------------+
| logs             |
+------------------+
1 row in set (0.00 sec)
mysql> Bye











00:21:35




#ls


CHANGELOG  LICENSE  README  config  css  includes  index.php  scripts











00:21:37




#less README










00:21:45




#cd config/












00:21:51




#ls


config.php











00:21:52




#cd ..












00:21:54




#ls





CHANGELOG  LICENSE  README  config  css  includes  index.php  scripts











00:21:54




#pwd


/usr/local/share/phpsyslogng











00:22:00




#vi config/config.php


70c70
< define('REQUIRE_AUTH', TRUE);
---
> define('REQUIRE_AUTH', FALSE);









00:22:24




#!my


| linux1 | daemon   | err      | err     | 1b   | 2006-11-13 15:09:58 | mysqld          | mysqld[21138]: InnoDB: Foreign key constraint system tables created                                                                                    |  47 |
| linux1 | daemon   | err      | err     | 1b   | 2006-11-13 15:09:58 | mysqld          | mysqld[21138]: 061113 15:09:58  InnoDB: Started                                                                                                        |  48 |
| linux1 | daemon   | err      | err     | 1b   | 2006-11-13 15:09:58 | mysqld          | mysqld[21138]: /usr/sbin/mysqld: ready for connections.                                                                                                |  49 |
| linux1 | daemon   | err      | err     | 1b   | 2006-11-13 15:09:58 | mysqld          | mysqld[21138]: Version: '4.0.24_Debian-10sarge2-log'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  Source distribution                           |  50 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 15:09:58 | /etc/mysql/debi | /etc/mysql/debian-start[21180]: Checking for crashed MySQL tables.                                                                                     |  51 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 20:14:56 | dhclient        | dhclient: DHCPREQUEST on eth0 to 192.168.15.254 port 67                                                                                                |  52 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 20:14:56 | dhclient        | dhclient: DHCPACK from 192.168.15.254                                                                                                                  |  53 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 20:14:56 | dhclient        | dhclient: bound to 192.168.15.202 -- renewal in 300 seconds.                                                                                           |  54 |
| linux1 | auth     | info     | info    | 26   | 2006-11-13 20:17:01 | CRON            | CRON[21224]: (pam_unix) session opened for user root by (uid=0)                                                                                        |  55 |
| linux1 | cron     | info     | info    | 4e   | 2006-11-13 20:17:01 | /USR/SBIN/CRON  | /USR/SBIN/CRON[21225]: (root) CMD (   run-parts --report /etc/cron.hourly)                                                                             |  56 |
...
| linux1 | auth     | notice   | notice  | 25   | 2006-11-13 17:11:46 | sudo            | sudo: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pts/12 ruser= rhost=  user=user                                                     | 186 |
| linux1 | authpriv | info     | info    | 56   | 2006-11-13 17:12:02 | su              | su[26628]: + pts/12 user:root                                                                                                                          | 187 |
| linux1 | auth     | info     | info    | 26   | 2006-11-13 17:12:02 | su              | su[26628]: (pam_unix) session opened for user root by (uid=1001)                                                                                       | 188 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 22:14:57 | dhclient        | dhclient: DHCPREQUEST on eth0 to 192.168.15.254 port 67                                                                                                | 189 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 22:14:57 | dhclient        | dhclient: DHCPACK from 192.168.15.254                                                                                                                  | 190 |
| linux1 | daemon   | info     | info    | 1e   | 2006-11-13 22:14:57 | dhclient        | dhclient: bound to 192.168.15.202 -- renewal in 300 seconds.                                                                                           | 191 |
| linux1 | auth     | info     | info    | 26   | 2006-11-13 22:17:01 | CRON            | CRON[26861]: (pam_unix) session opened for user root by (uid=0)                                                                                        | 192 |
| linux1 | cron     | info     | info    | 4e   | 2006-11-13 22:17:01 | /USR/SBIN/CRON  | /USR/SBIN/CRON[26862]: (root) CMD (   run-parts --report /etc/cron.hourly)                                                                             | 193 |
| linux1 | auth     | info     | info    | 26   | 2006-11-13 22:17:01 | CRON            | CRON[26861]: (pam_unix) session closed for user root                                                                                                   | 194 |
| linux1 | syslog   | notice   | notice  | 2d   | 2006-11-13 17:17:47 | syslog-ng       | syslog-ng[20821]: STATS: dropped 0                                                                                                                     | 195 |











/dev/pts/4
00:23:32




#kill %1


[1]+  Terminated              /usr/local/sbin/syslog_mysql.sh











00:23:34




#cat %1





cat: %1: No such file or directory











00:23:36




#cat /usr/local/sbin/syslog_mysql.sh


#!/bin/sh
if [ -e /var/log/mysql.pipe ]; then
        while [ -e /var/log/mysql.pipe ]
        do
                /usr/bin/mysql -u syslogadmin --password=pass syslog < /var/log/mysql.pipe
        done
else
        mkfifo /var/log/mysql.pipe
fi











00:23:38




#cat /var/log/mysql.





cat: /var/log/mysql.: No such file or directory











00:24:02




#cat /var/log/mysql.pipe















00:24:05




#logger ghghghghgh












00:24:08




#logger ghghghghghs












00:24:09




#cat /var/log/mysql.pipe





INSERT INTO logs
               (  host,    facility,    priority,    level,    tag,    datetime, program, msg)
    VALUES ( 'linux1', 'user', 'notice', 'notice', '0d', '2006-11-13 17:24:08',
           'logger', 'logger: ghghghghgh' );
INSERT INTO logs
               (  host,    facility,    priority,    level,    tag,    datetime, program, msg)
    VALUES ( 'linux1', 'user', 'notice', 'notice', '0d', '2006-11-13 17:24:09',
           'logger', 'logger: ghghghghghs' );











/dev/pts/9
00:27:14




#ls


CHANGELOG  LICENSE  README  config  css  includes  index.php  scripts











00:27:15




#find . -name dbsetup\*


./scripts/dbsetup.sql











00:27:24




#less `!!`










00:27:34




#vi `find . -name dbsetup\*`


5a6,7
> DROP DATABASE syslog;
> 
71c73
< INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('PW_HERE'));
---
> INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('pass'));
74c76
< INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('PW_HERE'));
---
> INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('pass'));
77c79
< INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('PW_HERE'));
---
> INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('pass'));









00:28:15




#pwd


/usr/local/share/phpsyslogng











00:28:22




#cat /usr/local/share/phpsyslogng/scripts/dbsetup.sql


# Make sure you edit the passwords of the three database users!
# Run it like this:
# shell> mysql -uroot -p < dbsetup.sql
#
DROP DATABASE syslog;
CREATE DATABASE syslog;
USE syslog;
# create table logs under database syslog
CREATE TABLE logs (
host varchar(32) default NULL,
...
REVOKE ALL PRIVILEGES ON syslog.* FROM syslogfeeder@localhost;
GRANT USAGE ON *.* TO syslogfeeder@localhost;
GRANT INSERT ON syslog.* TO syslogfeeder@localhost;
GRANT ALL ON syslog.search_cache TO sysloguser@localhost;
GRANT SELECT ON syslog.user_access TO sysloguser@localhost;
GRANT ALL ON syslog.user_access TO syslogadmin@localhost;
GRANT SELECT ON syslog.actions TO sysloguser@localhost;
GRANT ALL ON syslog.actions TO syslogadmin@localhost;
COMMIT;
FLUSH PRIVILEGES;











00:28:43




#mysql -p -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql





Enter password:
ERROR 1045: Access denied for user: 'root@localhost' (Using password: YES)











00:28:58




#mysql -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql





ERROR 1062 at line 79: Duplicate entry 'localhost-syslogadmin' for key 1











00:29:11




#vi /usr/local/share/phpsyslogng/scripts/dbsetup.sql


73,74c73,74
< INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('pass'));
< INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
---
> #INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('pass'));
> #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
76,77c76,77
< INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('pass'));
< INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogfeeder');
---
> #INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('pass'));
> #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogfeeder');
79,80c79,80
< INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('pass'));
< INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogadmin');
---
> #INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('pass'));
> #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogadmin');









00:29:45




#mysql -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql












00:29:46




#logger hello












00:29:54




#vi /usr/local/share/phpsyslogng/scripts/dbsetup.sql










00:30:45




#mysql -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql












00:30:50




#grep -r searchform .


./index.php:    $pageId = "searchform";
./index.php:if(strcasecmp($pageId, "searchform") == 0) {
./includes/html_header.php:     echo "<a class=\"vertmenu\" href=\"index.php?pageId=searchform\">Search</a>";
./includes/html_header.php:     echo "<a class=\"vertmenu\" href=\"index.php?pageId=searchform\">Search</a>";
./includes/regularresult.php:   echo "No results found.<br><a href=\"index.php?pageId=searchform\">BACK TO SEARCH</a>";
./includes/search.php:        <table class="searchform">
./includes/search.php:  echo "<table class=\"searchform\">";
./includes/search.php:        <table class="searchform">
./includes/search.php:          <input type="hidden" name="pageId" value="searchform">
./includes/search.php:          echo "<table class=\"searchform\">";
...
./includes/configure.php:       <table class="searchform">
./includes/configure.php:       <table class="searchform">
./includes/configure.php:       <table class="searchform">
./includes/configure.php:       <table class="searchform">
./includes/configure.php:       <table class="searchform">
./includes/configure.php:       <table class="searchform">
./includes/configure.php:       <table class="searchform">
./includes/login.php:   <table class="searchform">
./includes/login.php:   <table class="searchform">
./css/default.css:table.searchform {











00:32:26




#vi index.php










00:33:00




#vi includes/search.php


5a6
> 









00:33:41




#vi includes/html_header.php










00:34:57




#vi includes/search.php


116a117
> print "$sql<br/>";









00:39:14




#grep -r reload_cache .


./includes/common_funcs.php:function reload_cache($table, $link) {
./includes/search.php:                  reload_cache($useTable, $dbLink);
./includes/configure.php:       if($reloadCache && grant_access($username, 'reload_cache', $dbLink)) {
./includes/configure.php:                               reload_cache(MERGELOGTABLE, $dbLink);
./includes/configure.php:                               reload_cache($table, $dbLink);
./includes/configure.php:if(defined('USE_CACHE') && USE_CACHE && grant_access($username, 'reload_cache', $dbLink)) {
./scripts/dbsetup.sql:INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('reload_cache', 'Reload search cache', 'TRUE');
./scripts/reloadcache.php:      reload_cache(MERGELOGTABLE, $dbLink);
./scripts/reloadcache.php:              reload_cache($table, $dbLink);
./scripts/dbupgradefrom2.5.4.sql:INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('reload_cache', 'Reload search cache', 'TRUE');











00:39:20




#vi includes/common_funcs.php


164a165
> print "$insertHost<br/>";









00:42:45




#less /usr/local/share/phpsyslogng/scripts/










00:43:40




#vi /usr/local/share/phpsyslogng/scripts/dbsetup.sql


74c74
< #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
---
> INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
77c77
< #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogfeeder');
---
> INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogfeeder');
80c80
< #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogadmin');
---
> INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogadmin');









00:43:50




#mysql -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql





ERROR 1062 at line 74: Duplicate entry 'localhost-syslog-sysloguser' for key 1











00:43:56




#vi /usr/local/share/phpsyslogng/scripts/dbsetup.sql


74c74
< INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
---
> #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');









00:44:55




#mysql -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql





ERROR 1062 at line 77: Duplicate entry 'localhost-syslog-syslogfeeder' for key 1











00:44:57




#mysql -u root


Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1081 to server version: 4.0.24_Debian-10sarge2-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+----------+
| Database |
+----------+
| mysql    |
| syslog   |
| test     |
...
mysql> commit;
Query OK, 0 rows affected (0.00 sec)
mysql> flush priveleges;
ERROR 1064: You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'priveleges' at line 1
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql>
mysql>
mysql> exit
Bye











00:48:37




#vi /usr/local/share/phpsyslogng/scripts/dbsetup.sql


73,74c73,74
< #INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('pass'));
< #INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
---
> INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('pass'));
> INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
76c76
< #INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('pass'));
---
> INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('pass'));
79c79
< #INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('pass'));
---
> INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('pass'));









00:48:51




#mysql -u root  < /usr/local/share/phpsyslogng/scripts/dbsetup.sql












00:48:53




#mysql -u syslog -P pass





Unknown suffix 'p' used for variable 'port' (value 'pass')
mysql: Error while setting value 'pass' to 'port'











00:49:24




#mysql -u syslog -p





Enter password:
ERROR 1045: Access denied for user: 'syslog@localhost' (Using password: YES)











00:49:37




#vi /usr/local/share/phpsyslogng/scripts/dbsetup.sql










00:50:00




#vi /usr/local/share/phpsyslogng/config/config.php


42c42
< define('DBUSER', 'syslog');
---
> define('DBUSER', 'sysloguser');







прошло >15 часов




/dev/pts/5
16:43:39




#date


Tue Nov 14 09:43:41 EST 2006











16:43:41




#locale


LANG=POSIX
LC_CTYPE="POSIX"
LC_NUMERIC="POSIX"
LC_TIME="POSIX"
LC_COLLATE="POSIX"
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"
LC_ALL=











16:43:48




#w


 09:47:00 up 18 min,  1 user,  load average: 0.06, 0.08, 0.07
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
user     :0       -                09:32   ?xdm?  56.40s  0.10s /bin/sh /usr/bin/startkde











16:47:00




#arp


Address                  HWtype  HWaddress           Flags Mask            Iface
linux.nt                 ether   00:04:76:A1:F2:5A   C                     eth0
linux2.linux.nt          ether   00:04:76:A1:F2:5A   C                     eth0











16:55:51




#telnet 192.168.15.252 110





Trying 192.168.15.252...











16:56:31




#telnet 192.168.15.254 110


Trying 192.168.15.254...
Connected to 192.168.15.254.
Escape character is '^]'.
+OK
user user
+OK
pass password
+OK
list
+OK
.
^]
telnet> q
Connection closed.











16:56:49




#arp


Address                  HWtype  HWaddress           Flags Mask            Iface
linux.nt                 ether   00:0A:01:D4:D1:39   C                     eth0
192.168.15.252                   (incomplete)                              eth0
linux2.linux.nt          ether   00:04:76:A1:F2:5A   C                     eth0









прошло 12 минут




17:09:05




#arp


Address                  HWtype  HWaddress           Flags Mask            Iface
linux2.linux.nt          ether   00:04:76:A1:F2:5A   C                     eth0
linux2.linux.nt          ether   00:04:76:A1:F2:5A   C                     eth0











17:10:24




#apt-get install ettercap


Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  ettercap-common libltdl3 libnet1 libpcap0.8
The following NEW packages will be installed:
  ettercap ettercap-common libltdl3 libnet1 libpcap0.8
0 upgraded, 5 newly installed, 0 to remove and 6 not upgraded.
Need to get 744kB of archives.
After unpacking 2040kB of additional disk space will be used.
Do you want to continue? [Y/n]
...
Unpacking libpcap0.8 (from .../libpcap0.8_0.8.3-5_i386.deb) ...
Selecting previously deselected package ettercap-common.
Unpacking ettercap-common (from .../ettercap-common_1%3a0.7.1-1sarge1_i386.deb) ...
Selecting previously deselected package ettercap.
Unpacking ettercap (from .../ettercap_1%3a0.7.1-1sarge1_i386.deb) ...
Setting up libltdl3 (1.5.6-6) ...
Setting up libnet1 (1.1.2.1-2) ...
Setting up libpcap0.8 (0.8.3-5) ...
Setting up ettercap-common (0.7.1-1sarge1) ...
Setting up ettercap (0.7.1-1sarge1) ...











17:11:54




#ettercap -T -M arp /192.168.15.2/ /192.168.15.254/ -L log


TCP  192.168.15.254:60251 --> 192.168.15.2:22 | A
Tue Nov 14 10:12:31 2006
TCP  192.168.15.254:60251 --> 192.168.15.2:22 | AP
.y.@B......,.?M@...1..uc.~2..c..
Tue Nov 14 10:12:31 2006
TCP  192.168.15.2:32819 --> 192.168.15.254:23 | AP
t
Tue Nov 14 10:12:31 2006
TCP  192.168.15.254:23 --> 192.168.15.2:32819 | AP
t
...
TCP  192.168.15.254:60251 --> 192.168.15.2:22 | A
Tue Nov 14 10:12:32 2006
TCP  192.168.15.2:22 --> 192.168.15.254:60251 | AP
.....y{.mEhT..2..E...39.Jk#...xP.........TQ.....
Tue Nov 14 10:12:32 2006
TCP  192.168.15.254:60251 --> 192.168.15.2:22 | A
Closing text interface...
ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.











17:12:38




#ettercap -T -M arp /192.168.15.2/ /192.168.15.254/ -L log


Tue Nov 14 10:12:48 2006
TCP  192.168.15.254:60251 --> 192.168.15.2:22 | A
Tue Nov 14 10:12:48 2006
TCP  192.168.15.254:60251 --> 192.168.15.2:22 | AP
/.....u%.R.KO.T..       .h?...D.h...On
Tue Nov 14 10:12:48 2006
TCP  192.168.15.2:22 --> 192.168.15.254:60251 | AP
..3.."..Z..h.k..c.r.KO.Hw.Iqz..E
Tue Nov 14 10:12:48 2006
TCP  192.168.15.254:60251 --> 192.168.15.2:22 | A
...
Invalid TCP packet from 192.168.15.1:22 : csum [0xa0a6] should be (0x629e)
Invalid UDP packet from 192.168.15.1:32793 : csum [0xa081] should be (0x642d)
Invalid TCP packet from 192.168.15.1:32807 : csum [0x4e6d] should be (0x3e0b)
Invalid TCP packet from 192.168.15.1:32807 : csum [0x4a26] should be (0x2c0a)
Invalid TCP packet from 192.168.15.1:22 : csum [0xa0a6] should be (0xcda5)
Invalid TCP packet from 192.168.15.1:22 : csum [0xa0e6] should be (0x24ce)
Closing text interface...
ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.









Файлы
  • /usr/local/sbin/syslog_mysql.sh
  • /usr/local/share/phpsyslogng/scripts/dbsetup.sql
    • /usr/local/sbin/syslog_mysql.sh
    

    >
    #!/bin/sh
if [ -e /var/log/mysql.pipe ]; then
        while [ -e /var/log/mysql.pipe ]
        do
                /usr/bin/mysql -u syslogadmin --password=pass syslog < /var/log/mysql.pipe
        done
else
        mkfifo /var/log/mysql.pipe
fi

    /usr/local/share/phpsyslogng/scripts/dbsetup.sql
    

    >
    # Make sure you edit the passwords of the three database users!
# Run it like this:
# shell> mysql -uroot -p < dbsetup.sql
#
DROP DATABASE syslog;
CREATE DATABASE syslog;
USE syslog;
# create table logs under database syslog
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
datetime datetime default NULL,
program varchar(15) default NULL,
msg text,
seq bigint(20) unsigned NOT NULL auto_increment,
PRIMARY KEY (seq), KEY host (host),
KEY program (program), KEY datetime (datetime),
KEY priority (priority), KEY facility (facility)
) TYPE=MyISAM;
# create table users under database syslog
CREATE TABLE users (
username varchar(32) default NULL,
pwhash char(40) default NULL,
sessionid char(32) default NULL,
exptime datetime default NULL,
PRIMARY KEY (username)
) TYPE=MyISAM;
# Create the table for the cache function
CREATE TABLE search_cache (
tablename varchar(32) DEFAULT NULL,
type ENUM('HOST','FACILITY'),
value varchar(32) DEFAULT NULL,
updatetime datetime DEFAULT NULL,
INDEX type_name (type, tablename)
) TYPE=MyISAM;
# Create the two tables used by the access control function
CREATE TABLE user_access (
username varchar(32) DEFAULT NULL,
actionname varchar(32) DEFAULT NULL,
access ENUM('TRUE','FALSE'),
INDEX user_action (username, actionname)
) TYPE=MyISAM;
CREATE TABLE actions (
actionname varchar(32) NOT NULL,
actiondescr varchar(64) DEFAULT NULL,
defaultaccess ENUM('TRUE','FALSE'),
PRIMARY KEY (actionname)
) TYPE=MyISAM;
# Add the available actions to the access control table
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('add_user', 'Add users', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('edit_user', 'Edit users (delete and change password)', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('reload_cache', 'Reload search cache', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('edit_acl', 'Edit access control settings', 'TRUE');
# Create user with admin/admin login
INSERT INTO users (username, pwhash) VALUES('admin', 'd033e22ae348aeb5660fc2140aec35850c4da997');
USE mysql;
# create users
INSERT INTO user (Host, User, Password) VALUES ('localhost','sysloguser', password('pass'));
INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','sysloguser');
INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogfeeder', password('pass'));
INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogfeeder');
INSERT INTO user (Host, User, Password) VALUES ('localhost','syslogadmin',password('pass'));
INSERT INTO db (Host, Db, User) VALUES ('localhost','syslog','syslogadmin');
COMMIT;
FLUSH PRIVILEGES;
# grant rights to user syslogadmin for backup purpose
GRANT USAGE ON *.* TO syslogadmin@localhost;
GRANT ALL ON syslog.* TO syslogadmin@localhost;
GRANT RELOAD ON *.* TO syslogadmin@localhost;
REVOKE ALL PRIVILEGES ON syslog.* FROM sysloguser@localhost;
GRANT USAGE ON *.* TO sysloguser@localhost;
GRANT SELECT ON syslog.* TO sysloguser@localhost;
GRANT UPDATE ON syslog.users TO sysloguser@localhost;
REVOKE ALL PRIVILEGES ON syslog.* FROM syslogfeeder@localhost;
GRANT USAGE ON *.* TO syslogfeeder@localhost;
GRANT INSERT ON syslog.* TO syslogfeeder@localhost;
GRANT ALL ON syslog.search_cache TO sysloguser@localhost;
GRANT SELECT ON syslog.user_access TO sysloguser@localhost;
GRANT ALL ON syslog.user_access TO syslogadmin@localhost;
GRANT SELECT ON syslog.actions TO sysloguser@localhost;
GRANT ALL ON syslog.actions TO syslogadmin@localhost;
COMMIT;
FLUSH PRIVILEGES;

    Статистика
    Время первой команды журнала23:53:05 2006-11-13
    Время последней команды журнала17:12:38 2006-11-14
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %13.86
    Процент синтаксически неверно набранных команд, % 0.00
    Суммарное время работы с терминалом *, час 1.43
    Количество командных строк в единицу времени, команда/мин 1.18
    Частота использования команд
    vi25|=======================| 23.15%
    mysql11|==========| 10.19%
    ls8|=======|  7.41%
    dbsetup.sql7|======|  6.48%
    less6|=====|  5.56%
    cat6|=====|  5.56%
    apt-get6|=====|  5.56%
    grep6|=====|  5.56%
    cd4|===|  3.70%
    logger3|==|  2.78%
    arp3|==|  2.78%
    apt-cache3|==|  2.78%
    ettercap2|=|  1.85%
    /etc/init.d/apache22|=|  1.85%
    telnet2|=|  1.85%
    pwd2|=|  1.85%
    mv2|=|  1.85%
    !my1||  0.93%
    ping1||  0.93%
    echo1||  0.93%
    tail1||  0.93%
    .1||  0.93%
    find1||  0.93%
    kill1||  0.93%
    locale1||  0.93%
    date1||  0.93%
    w1||  0.93%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$