Linux·þÎñÆ÷ÈÕÖ¾¹ÜÀíÏê½â
ÈÕÖ¾¶ÔÓÚ°²È«À´Ëµ£¬·Ç³£ÖØÒª£¬Ëû¼Ç¼ÁËϵͳÿÌì·¢ÉúµÄ¸÷ÖÖ¸÷ÑùµÄÊÂÇ飬Äã¿ÉÒÔͨ¹ýËûÀ´¼ì²é´íÎó·¢ÉúµÄÔÒò£¬»òÕßÊܵ½¹¥»÷ʱ¹¥»÷ÕßÁôϵĺۼ£¡£ÈÕÖ¾Ö÷ÒªµÄ¹¦ÄÜÓУºÉó¼ÆºÍ¼à²â¡£Ëû»¹¿ÉÒÔʵʱµÄ¼à²âϵͳ״̬£¬¼à²âºÍ×·×ÙÇÖÈëÕߵȵȡ£
¡¡¡¡ÔÚLinuxϵͳÖУ¬ÓÐÈý¸öÖ÷ÒªµÄÈÕÖ¾×Óϵͳ£º
¡¡¡¡Á¬½Óʱ¼äÈÕÖ¾--Óɶà¸ö³ÌÐòÖ´ÐУ¬°Ñ¼Í¼дÈëµ½/var/log/wtmpºÍ/var/run/utmp£¬loginµÈ³ÌÐò¸üÐÂwtmpºÍutmpÎļþ£¬Ê¹ÏµÍ³¹ÜÀíÔ±Äܹ»¸ú×ÙËÔÚºÎʱµÇ¼µ½ÏµÍ³¡£
¡¡¡¡½ø³Ìͳ¼Æ--ÓÉϵͳÄÚºËÖ´ÐС£µ±Ò»¸ö½ø³ÌÖÕֹʱ£¬ÎªÃ¿¸ö½ø³ÌÍù½ø³Ìͳ¼ÆÎļþ£¨pacct»òacct£©ÖÐдһ¸ö¼Í¼¡£½ø³Ìͳ¼ÆµÄÄ¿µÄÊÇΪϵͳÖеĻù±¾·þÎñÌṩÃüÁîʹÓÃͳ¼Æ¡£
¡¡¡¡´íÎóÈÕÖ¾--ÓÉsyslogd£¨8£©Ö´ÐС£¸÷ÖÖÏµÍ³ÊØ»¤½ø³Ì¡¢Óû§³ÌÐòºÍÄÚºËͨ¹ýsyslog£¨3£©ÏòÎļþ/var/log/messages±¨¸æÖµµÃ×¢ÒâµÄʼþ¡£ÁíÍâÓÐÐí¶àUNIX³ÌÐò´´½¨ÈÕÖ¾¡£ÏñHTTPºÍFTPÕâÑùÌá¹©ÍøÂç
·þÎñµÄ·þÎñÆ÷
Ò²±£³ÖÏêϸµÄÈÕÖ¾¡£
¡¡¡¡³£ÓõÄÈÕÖ¾ÎļþÈçÏ£º
¡¡¡¡¡¡¡¡access-log¡¡¡¡¡¡¼Í¼HTTP/webµÄ´«Êä
¡¡¡¡¡¡¡¡acct/pacct¡¡¡¡¡¡¼Í¼Óû§ÃüÁî
¡¡¡¡¡¡¡¡aculog¡¡¡¡¡¡¡¡¡¡¼Í¼MODEMµÄ»î¶¯
¡¡¡¡¡¡¡¡btmp¡¡¡¡¡¡¡¡¡¡¡¡¼Í¼ʧ°ÜµÄ¼Í¼
¡¡¡¡¡¡¡¡lastlog¡¡¡¡¡¡¡¡ ¼Í¼×î½ü¼¸´Î³É¹¦µÇ¼µÄʼþºÍ×îºóÒ»´Î²»³É¹¦µÄµÇ¼
¡¡¡¡¡¡¡¡messages¡¡¡¡¡¡¡¡´ÓsyslogÖмǼÐÅÏ¢
£¨ÓеÄÁ´½Óµ½syslogÎļþ£©
¡¡¡¡¡¡¡¡sudolog¡¡¡¡¡¡¡¡ ¼Í¼ʹÓÃsudo·¢³öµÄÃüÁî
¡¡¡¡¡¡¡¡sulog¡¡¡¡¡¡¡¡¡¡ ¼Í¼ʹÓÃsuÃüÁîµÄʹÓÃ
¡¡¡¡¡¡¡¡syslog¡¡¡¡¡¡¡¡¡¡´ÓsyslogÖмǼÐÅÏ¢£¨Í¨³£Á´½Óµ½messagesÎļþ£©
¡¡¡¡¡¡¡¡utmp¡¡¡¡¡¡¡¡¡¡¡¡¼Í¼µ±Ç°µÇ¼µÄÿ¸öÓû§
¡¡¡¡¡¡¡¡wtmp¡¡¡¡¡¡¡¡¡¡¡¡Ò»¸öÓû§Ã¿´ÎµÇ¼½øÈëºÍÍ˳öʱ¼äµÄÓÀ¾Ã¼Í¼
¡¡¡¡¡¡¡¡xferlog¡¡¡¡¡¡¡¡ ¼Í¼FTP»á»°
¡¡¡¡utmp¡¢wtmpºÍlastlogÈÕÖ¾ÎļþÊǶàÊýÖØÓÃUNIXÈÕÖ¾×ÓϵͳµÄ¹Ø¼ü--±£³ÖÓû§µÇ¼½øÈëºÍÍ˳öµÄ¼Í¼¡£Óйص±Ç°µÇ¼Óû§µÄÐÅÏ¢
¼Ç¼ÔÚÎļþutmpÖУ»µÇ¼½øÈëºÍÍ˳ö¼Í¼ÔÚÎļþwtmpÖУ»×îºóÒ»´ÎµÇ¼Îļþ¿ÉÒÔÓÃlastlogÃüÁî²ì¿´¡£Êý¾Ý½»»»¡¢¹Ø»úºÍÖØÆðÒ²¼Ç¼ÔÚwtmpÎļþ
ÖС£ËùÓеļͼ¶¼°üº¬Ê±¼ä´Á¡£ÕâЩÎļþ£¨lastlogͨ³£²»´ó£©ÔÚ¾ßÓдóÁ¿Óû§µÄϵͳÖÐÔö³¤Ê®·ÖѸËÙ¡£ÀýÈçwtmpÎļþ¿ÉÒÔÎÞÏÞÔö³¤£¬³ý·Ç¶¨ÆÚ½ØÈ¡¡£Ðí
¶àϵͳÒÔÒ»Ìì»òÕßÒ»ÖÜΪµ¥Î»°ÑwtmpÅäÖóÉÑ»·Ê¹Óá£Ëüͨ³£ÓÉcronÔËÐеĽű¾À´Ð޸ġ£ÕâЩ½Å±¾ÖØÐÂÃüÃû²¢Ñ»·Ê¹ÓÃwtmpÎļþ¡£Í¨³££¬wtmpÔÚµÚ
Ò»Ìì½áÊøºóÃüÃûΪwtmp.1£»µÚ¶þÌìºów
Ïà¹ØÎĵµ£º
/*
* linux/kernel/asm.s
*
* (C) 1991 Linus Torvalds
*/
/*
* asm.s contains the low-level code for most hardware faults.
* page_exception is handled by the mm, so that isn't here. This
* file also handles (hopefully) fpu-exceptions ......
Ê×ÏÈÐèÒªÏÂÔØLinux kernel£¬ÔÚwww.kernel.orgÀïÃæÏÂÔØ¡£È»ºóÐèÒª°²×°kernel-package£¬fakeroot¡£ÕâÑù×¼±¸¹¤×÷¾ÍÍê³ÉÁË¡£
ÏÂÃæ¿ªÊ¼Äں˵ÄÅäÖá£×îÖØÒªµÄÒ»µãÊÇÈ¥µôkenerl hackingÑ¡ÏÏÂÃæµÄ“±àÒëÄں˴øÓÐdebugÐÅÏ¢”Ñ¡Ï·ñÔò±àÒë³öÀ´µÄÄÚºËÎÞ±ÈÅÓ´ó
¡£È»ºó¸ù¾Ý¸öÈËÐèҪȥµôһЩÇý¶¯¡£²»¹ý±ØÐëÇå³þÖªµÀ×Ô¼ ......
sock_rawÔʼÌ×½Ó×Ö±à³Ì¿ÉÒÔ½ÓÊÕµ½±¾»úÍø¿¨ÉϵÄÊý¾ÝÖ¡»òÕßÊý¾Ý°ü,¶ÔÓë¼àÌýÍøÂçµÄÁ÷Á¿ºÍ·ÖÎöÊǺÜÓÐ×÷ÓõÄ.Ò»¹²¿ÉÒÔÓÐ3ÖÖ·½Ê½´´½¨ÕâÖÖsocket
1.socket(AF_INET, SOCK_RAW, IPPROTO_TCP|IPPROTO_UDP|IPPROTO_ICMP)·¢ËͽÓÊÕipÊý¾Ý°ü
2.socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP|ETH_P_ARP|ETH_P_ALL))·¢ËͽÓÊÕÒÔÌ« ......