tag:blogger.com,1999:blog-360731182024-03-21T22:45:29.017+01:00s0cketky skromny blogOptimalizovano pro Firefox (>= 2.x)Unknownnoreply@blogger.comBlogger93125tag:blogger.com,1999:blog-36073118.post-24662170782787286082010-03-03T16:52:00.001+01:002011-08-09T17:12:50.175+02:00StatnicePo dlouhe dobe novy vytvor :) Na statnice jsem se ucila tak, ze jsem si delala vypisky - psanim se toho vzdycky nejvic naucim. Vcera a predevcirem jsem to celkem 16h skenovala a upravovala (skener mam od stolu pres dve chodby daleko a chodte si otacet kazdou stranku...). A tady to je:<br />
<br />
<a href="http://www.edisk.cz/stahni/76957/PRAKTICKE.PDF_89.53MB.html">PRAKTICKE.PDF</a><br />
<a href="http://www.edisk.cz/stahni/09259/TEORIE.PDF_105.55MB.html">TEORIE.PDF</a><br />
<br />
Jsou to otazky z okruhu Softwarove systemy - architektura a principy systemoveho prostredi. Obsahuje to samozrejme chyby, o nekterych nevim, nektere jsou opravene a o hodne vim, ale uz nebyla nalada ani cas je opravovat - vetsina z nich je ale po zamysleni nad problemem snadno odhalitelna :)<br />
<br />
Nez jsem sla ke statnicim, umela jsem kazde pismenko z tehlech dvou sesitu plus samozrejme dalsi veci, ktere tam nejsou. Ale to, co je v tech sesitech, je imho takovy dobry zaklad. Tak preju hodne stesti :)Unknownnoreply@blogger.com5tag:blogger.com,1999:blog-36073118.post-90696799313636000562008-09-20T15:31:00.004+02:002008-09-20T16:43:32.509+02:00Vydeleni bezeckeho blogu / Detaching of the running blog<div><div style="display: block;"><div class="czech"><a href="http://s0cket.blogspot.com/">Bezecky blog</a> vydelen zvlast :)</div><div class="english"><a href="http://s0cket.blogspot.com/">Running blog</a> detached :)</div></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-44400323506338596712008-06-24T08:57:00.002+02:002008-06-24T09:10:43.592+02:00<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/zlfKdbWwruY&hl=en"></param><embed src="http://www.youtube.com/v/zlfKdbWwruY&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-48754095714946094622008-05-23T21:03:00.000+02:002008-05-23T20:58:36.398+02:00Pro vase pohodli :) / For your comfort :)<div><div style="display: block;"><div class="czech">Z ankety prozatim plyne, ze spis nez nadseni z presunu webu do blogu jste trochu zklamani a ze statistik plyne pravdepodobny duvod - ono se v tom blogu spatne hleda. A tak jsem pripravila specialni prispevek, ktery bude vzdycky jako prvni v kategorii skola a usnadni vam orientaci.</div></div></div><div><div style="display: block;"><div class="english">From the poll I can see that you are more disappointed then excited from moving my web to the blog. And there is reason visible from my stats - it's hard to find what you want. So I've prepared the special entry at the school section that will be always displayed as the first entry and contains the content of the school section. Hope it will help you.</div></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-36985850737138877582008-05-23T20:28:00.007+02:002008-05-23T21:01:30.350+02:00Sekce skola - obsah / School Section - the Content<div><div style="display: block;"><div class="czech-inline"><span style="font-weight: bold;">Seminar z TCP/IP</span> - vypisky ze seminare z TCP/IP<br /><a href="http://s0cketka.blogspot.com/2008/03/seminar-z-tcpip_06.html">http://s0cketka.blogspot.com/2008/03/seminar-z-tcpip_06.html</a><br /><br /><span style="font-weight: bold;">Zapisky z metod matematicke statistiky</span> - zapisky s prednasek<br /><a href="http://s0cketka.blogspot.com/2008/03/zapisky-z-metod-matematicke-statistiky.html">http://s0cketka.blogspot.com/2008/03/zapisky-z-metod-matematicke-statistiky.html</a><br /><br /><span style="font-weight: bold;">Vypisky z TCP/IP</span> - souhrn z predmetu Rodina protokolu TCP/IP<br /><a href="http://s0cketka.blogspot.com/2007/06/vypisky-z-tcpip.html">http://s0cketka.blogspot.com/2007/06/vypisky-z-tcpip.html</a><br /><br /><span style="font-weight: bold;">Ulohy z C++ </span>- prakticke ulohy<br /><a href="http://s0cketka.blogspot.com/2007/02/ulohy-z-c.html">http://s0cketka.blogspot.com/2007/02/ulohy-z-c.html</a><br /><br /><span style="font-weight: bold;">Vypisky pro pripravu na zkousku z programovani ve Windows II </span>- castecne vypisky<br /><a href="http://s0cketka.blogspot.com/2006/10/vypisky-pro-pripravu-na-zkousku-z.html">http://s0cketka.blogspot.com/2006/10/vypisky-pro-pripravu-na-zkousku-z.html</a><br /><br /><span style="font-weight: bold;">Souhrn z logiky</span> - "tahakovy" format souhrnu z logiky<br /><a href="http://s0cketka.blogspot.com/2006/05/souhrn-z-logiky.html">http://s0cketka.blogspot.com/2006/05/souhrn-z-logiky.html</a><br /><br /><span style="font-weight: bold;">Zaklady zakladu operacnich systemu</span> - hodi se k uceni na zkousku<br /><a href="http://s0cketka.blogspot.com/2006/05/zaklady-zakladu-operacnich-systemu.html">http://s0cketka.blogspot.com/2006/05/zaklady-zakladu-operacnich-systemu.html</a><br /><br /><span style="font-weight: bold;">Prolog - male ulozky</span> - ulozky, co se hodi mit vyresene pred zkouskou<br /><a href="http://s0cketka.blogspot.com/2006/03/prolog-male-ulozky.html">http://s0cketka.blogspot.com/2006/03/prolog-male-ulozky.html</a><br /><br /><span style="font-weight: bold;">Webove stranky na zapocet z Internetu</span> - mozne reseni jedne z domacich uloh<br /><a href="http://s0cketka.blogspot.com/2006/02/webove-stranky-na-zapocet-z-internetu.html">http://s0cketka.blogspot.com/2006/02/webove-stranky-na-zapocet-z-internetu.html</a><br /><br /><span style="font-weight: bold;">Reseni Rubikovy kostky</span> - v Prologu<br /><a href="http://s0cketka.blogspot.com/2006/02/reseni-rubikovy-kostky-v-prologu.html">http://s0cketka.blogspot.com/2006/02/reseni-rubikovy-kostky-v-prologu.html</a><br /><br /><span style="font-weight: bold;">Prirucka studenta pred zkouskou z OOP</span><br /><a href="http://s0cketka.blogspot.com/2008/03/prirucka-studenta-pred-zkouskou-z-oop.html">http://s0cketka.blogspot.com/2008/03/prirucka-studenta-pred-zkouskou-z-oop.html</a><br /><br /><span style="font-weight: bold;">Haskell - male ulozky</span> - vhodne pro uceni na zkousku s Neproceduralniho programovani<br /><a href="http://s0cketka.blogspot.com/2006/01/haskell-male-ulozky.html">http://s0cketka.blogspot.com/2006/01/haskell-male-ulozky.html</a><br /><br /><span style="font-weight: bold;">Cast zapisku z Programovani II</span><br /><a href="http://s0cketka.blogspot.com/2005/04/cast-zapisku-z-programovani-ii.html">http://s0cketka.blogspot.com/2005/04/cast-zapisku-z-programovani-ii.html</a><br /><br /><span style="font-weight: bold;">Symbolicka integrace</span> - v Prologu<br /><a href="http://s0cketka.blogspot.com/2008/02/symbolicka-integrace-symbolic.html">http://s0cketka.blogspot.com/2008/02/symbolicka-integrace-symbolic.html</a><br /></div></div></div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-36073118.post-28125337968699015012008-05-19T21:50:00.008+02:002008-05-22T20:22:42.009+02:00Golf v desti - Podebrady / Golf in the Rain - Podebrady<div class="czech-inline">Neexistuje spatne pocasi pro golf, jen spatne obleceny golfista. Takze jsme se v dnesnim krasnem pocasi pro golf vydali do Podebrad na hriste (pocasi bylo tak krasne, ze jsme byli jedini hraci). Nakonec se nam vylet docela vydaril, tady se s vami podelim alespon o ten kousek prirody, co se mi povedlo zachytit (bazanti mi bohuzel utekli).</div><br /><br /><div class="english-inilne">There is no improper weather for golf. There is just inappropriately dressed golf player. So we took the road to the Podebrady golf course today morning (the weather was such proper weather for the golf that we were the only players at the course). Finally it was quite nice golf trip. There are some pictures of nature that turned out well (pheasants unfortunately escaped from the reach of my camera).</div><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020508.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020508.jpg" alt="" border="0" /></a><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020451.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020451.jpg" alt="" border="0" /></a><div class="czech-inline">Potkali jsme hodne sneku</div><div class="english-inline">We've met many snails</div><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020479.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020479.jpg" alt="" border="0" /></a><div class="czech-inline">A zizal :)</div><div class="english-inline">And rain-worms :)</div><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020489.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020489.jpg" alt="" border="0" /></a><div class="czech-inline">Asi kroupy...</div><div class="english-inline">Maybe hail-stones...</div><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020496.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020496.jpg" alt="" border="0" /></a><div class="czech-inline">Tohle si dam na pozadi</div><div class="english-inline">This is gonna to be my new wallpaper</div><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020505.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020505.jpg" alt="" border="0" /></a><div class="czech-inline">Broky bychom na golfovem hristi necekali</div><div class="english-inline">We wasn't expecting grains of shot at the golf course</div><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020497.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020497.jpg" alt="" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020504.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2008-05-18_golf_podebrady/p1020504.jpg" alt="" border="0" /></a><br /></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-36073118.post-71261727652903676622008-03-26T07:45:00.009+01:002008-03-26T08:30:10.819+01:00The Big Bang Theory<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://img.csfd.cz/photos/filmy/23/234260_7.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://img.csfd.cz/photos/filmy/23/234260_7.jpg" alt="" border="0" /></a><br /><br /><div><div style="display: block;"><div class="czech">Rec je o novem americkem serialu, ktery se prave vysila vsude mozne, jen ne v Cechach. Co me zaujalo? Zname prostredi! :)<br />Hlavnimi postavami jsou dva intelektualove a jejich dva pratele (vsichni genialni mladi fyzici), kteri maji, jak uz to tak byva, drobny problem v komunikaci se zbytkem sveta. Ze si ziji v jinem svete nebylo tolik znat, dokud se v byte naproti pres chodbu neobjevila nova sympaticka najemnice, ktera ovsem intelektem tolik neoplyva...<br />Jestli mate s intelektualy zkusenosti, budete se smat od zacatku do konce .)<br /><br /></div><div class="english">I'm talking about a new Ameriacan situation comedy that is broadcast at many countries except Czech coutnry. What holds my interest? The well known environment!<br />The main characters are two intellectuals and their two friends (all of them are young genius physicists) and how it usually is they have a little problem with communication with the rest of the world. However there is a new beautiful and lovely girl-neighbour living across the hall (that is not such smart as nice).<br />If you are experienced in living in a world of intellect you will really like it .)<br /></div></div></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-36073118.post-60529308368566362922008-03-20T16:46:00.004+01:002008-03-20T18:40:36.905+01:00Velky pes / Big Dog<div><div style="display: block;"><div class="czech">Na tohle se rozhodne podivejte!<br /><a href="http://www.youtube.com/watch?v=W1czBcnX1Ww">http://www.youtube.com/watch?v=W1czBcnX1Ww</a><br /></div><div class="english">Must see this!<span style="text-decoration: underline;"><br /></span><a href="http://www.youtube.com/watch?v=W1czBcnX1Ww">http://www.youtube.com/watch?v=W1czBcnX1Ww</a><br /></div></div></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-36073118.post-79097575507795984742008-03-06T16:15:00.015+01:002008-05-22T20:22:03.134+02:00Seminar z TCP/IPSem budu pridavat poznamky z tohoto seminare. Ta podivna cisla na zacatcich radku jsou jmena slidy, ke kterym poznamky patri .)<br /><br /><a href="http://bug.ms.mff.cuni.cz/tcpip/slides/">Slidy</a> jsou vystizne, da se to vsechno udelat jen zpodle nich. Moje poznamky jsou urceny spis<br />pro ty, co si to budou chtit cist treba v metru a nebudou zrovna mit moznost si to zkouset.<br />Slidy jsou dulezity! (a nebojte se jich, jsou hezky napsany)<br /><br /><h3>Thu Feb 21 17:21:28 CET 2008</h3><br /><br /><h2> Uvod </h2><br /><br />Ucast nepovinna, zapocet za bojovku - sada ukolu, ktere dostane na poslednim<br />terminu, nebo v nahradnim terminu (dostaneme ukol, po vyreseni dalsi, vitezi<br />se tim, ze se dostaneme do cile)<br /><br />http://bug.ms.mff.cuni.cz/tcpip/slides<br /><br />Hrajeme si na serveru, na kterym je ten web. prihlasuje se pres ssh, kazdy<br />ma sve heslo a login (tam mame virtualni servrik, kde budeme rooti). Nedelat<br />tam bordel, aby nam server nevzali! :)<br /><br />ssh vmXX@bug.ms.mff.cuni.cz, pak root;<br />(na papirku se dostane cislo a heslo)<br /><br />Ja mam cislo 15, takze vsude, kde je 15, tak tam neni nahodou :) A pripadne<br />si tam dosadte svoje cislo.<br /><br />Server je pristupny odkudkoliv, i z venci.<br /><br />Odpojeni:<br />zabit ssh "~.enter" nebo ctrl+"]" (bacha, u toho si pamatuje shell,<br />co jsme tam meli napsany, ale neni to videt)<br /><br />Kdybychom si pokazili to cely, staci rict a to cele nam to obnovi.<br /><br />Obcas ten server nemusi fungovat, hlavne treba pred seminarem.<br /><br />Rozvrzeni site na slidu 6<br /><br />slide 8:<br /><div class="kod"><pre><br />ifconfig<br />ifconfig -a<br /></pre></div><br /><br />IP adresy si nastavujme tak, aby obsahovali nase prihlasovaci cislo, abychom se<br />o ne nepoprali :)<br /><br />slide 10: nastaveni adresy<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 10.0.0.15/24 # mam cislo 15<br />SIOCSIFNETMASK: Cannot assign requested address<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 up<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth1 10.0.1.15/24<br />SIOCSIFNETMASK: Cannot assign requested address<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth1 up<br /></pre></div><br /><br />slide 11: vyzkousime si, ze nam to funguje: ping (je rekurzivne spocetny :)<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 10.0.0.22<br />.<br />.<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 10.0.0.22 -s 65536<br />Error: packet size 65536 is too large. Maximum is 65507<br /></pre></div><br /><br />slide 12:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tcpdump -v -i eth0 -n<br /># -n ... neprekladat ip adresy na jmena<br /></pre></div><br /><br />slide 14:<br />zmena mac adresy (interface nesmi byt aktivni)<br />prehled arp tabulky:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> arp<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> arping 10.0.0.22<br />ARPING 10.0.0.22<br />42 bytes from 00:16:3e:00:00:22 (10.0.0.22): index=0 time=3.280 msec<br />.<br />.<br /></pre></div><br /><br />slide 15:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route -n<br />Kernel IP routing table<br />Destination Gateway Genmask Flags Metric Ref Use Iface<br />10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0<br />10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 195.113.31.123<br />connect: Network is unreachable<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route add default gw 10.0.0.100<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route -n<br />Kernel IP routing table<br />Destination Gateway Genmask Flags Metric Ref Use Iface<br />10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0<br />10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1<br />0.0.0.0 10.0.0.100 0.0.0.0 UG 0 0 0 eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route<br />Kernel IP routing table<br />Destination Gateway Genmask Flags Metric Ref Use Iface<br />10.0.0.0 * 255.255.255.0 U 0 0 0 eth0<br />10.0.1.0 * 255.255.255.0 U 0 0 0 eth1<br />default 10.0.0.100 0.0.0.0 UG 0 0 0 eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 195.113.31.123<br />PING 195.113.31.123 (195.113.31.123) 56(84) bytes of data.<br />64 bytes from 195.113.31.123: icmp_seq=1 ttl=58 time=3.12 ms<br />.<br />.<br /></pre></div><br /><br />slide 16:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tcpdump -v -i eth0 > /tmp/log001 2>&1 &<br />[1] 1354<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> device eth0 entered promiscuous mode<br />audit(1203615867.513:8): dev=eth0 prom=256 old_prom=0 auid=4294967295<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> traceroute 195.113.31.123<br />traceroute to 195.113.31.123 (195.113.31.123), 30 hops max, 40 byte packets<br /> 1 10.0.0.100 (10.0.0.100) 1.965 ms 0.434 ms 0.244 ms<br /> 2 fw-ms.ms.mff.cuni.cz (195.113.19.222) 1.826 ms 1.588 ms 1.793 ms<br /> 3 gems-mffmsfw.pasnet.cz (195.113.69.5) 3.343 ms 2.459 ms 3.677 ms<br /> 4 geruk-gems.pasnet.cz (195.113.68.201) 1.459 ms 1.467 ms 2.291 ms<br /> 5 karlingw-c.karlin.mff.cuni.cz (195.113.31.130) 1.243 ms 1.160 ms 3.587 ms<br /> 6 k5gw.karlin.mff.cuni.cz (195.113.31.137) 2.014 ms 2.466 ms 1.009 ms<br /> 7 atrey.karlin.mff.cuni.cz (195.113.31.123) 2.233 ms 2.173 ms 1.060 ms<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> fg<br />tcpdump -v -i eth0 >/tmp/log001 2>&1<br />device eth0 left promiscuous mode<br />audit(1203615888.574:9): dev=eth0 prom=0 old_prom=256 auid=4294967295<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> less /tmp/log001 <br /></pre></div><br /><br />slide 19:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 down<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 hw ether 00:11:22:33:44:15<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 up<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/network/interfaces <br /># Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or<br /># /usr/share/doc/ifupdown/examples for more information.<br /><br />auto lo<br />iface lo inet loopback<br />auto eth0<br />iface eth0 inet dhcp<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/networking restart<br />Reconfiguring network interfaces...Internet Systems Consortium DHCP Client V3.0.4<br />Copyright 2004-2006 Internet Systems Consortium.<br />All rights reserved.<br />For info, please visit http://www.isc.org/sw/dhcp/<br /><br />Listening on LPF/eth0/00:11:22:33:44:15<br />Sending on LPF/eth0/00:11:22:33:44:15<br />Sending on Socket/fallback<br />DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7<br />DHCPOFFER from 10.0.0.100<br />DHCPREQUEST on eth0 to 255.255.255.255 port 67<br />DHCPACK from 10.0.0.100<br />bound to 10.0.0.115 -- renewal in 227 seconds.<br />postconf: fatal: open /etc/postfix/main.cf: No such file or directory<br />done.<br /></pre></div><br /><br /><br /><br /><h3>Thu Feb 28 17:19:23 CET 2008</h3><br /><br /><br />20:<br />Chceme pomoci arp ziskat identitu nekoho jinyho. jak na to?<br />(napriklad kdyz chceme ospolechnout nejake heslo atd...)<br /><br />21: odpoved je na tomdle slidu :)<br /><br /><div class="kod"><pre><br /> C<br /> |<br /> |<br /> A --------+--------B<br /></pre></div><br /><br />Jsme C a chceme odposlouchavat komunikaci A a B, + je switch, takze za<br />normalnich okolnosti to skrz nas nejde. Pro A se budeme tvarit jako B a pro B<br />jako A.<br /><br />Staci posilat falesne ARP odpovedi, kde bude vyplnena mac adresa obeti a moje<br />IP adresa. musim se ale chovat jako smerovac.<br /><br />Lze to delat ruzne, bud pravidelne posilam odpovedi i bez vyzadani, nebo<br />posilam dotaz... zalezi na OS, jak bude reagovat - jak ktery...<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 10.0.0.100<br />PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.<br />64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=1.01 ms<br />64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.693 ms<br /><br />--- 10.0.0.100 ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 1001ms<br />rtt min/avg/max/mdev = 0.693/0.853/1.014/0.163 ms<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> arp -n<br />Address HWtype HWaddress Flags Mask Iface<br />10.0.0.100 ether FE:FF:FF:FF:FF:FF C eth0<br />RPING 10.0.0.100<br />42 bytes from fe:ff:ff:ff:ff:ff (10.0.0.100): index=0 time=1.327 msec<br />42 bytes from fe:ff:ff:ff:ff:ff (10.0.0.100): index=1 time=1.713 msec<br />42 bytes from fe:ff:ff:ff:ff:ff (10.0.0.100): index=2 time=4.258 msec<br /><br />--- 10.0.0.100 statistics ---<br />3 packets transmitted, 3 packets received, 0% unanswered<br /></pre></div><br />-> vsechno hezky funguje<br /><br />V tudle chvili vyucujici pusti skript na dalsim pocitaci, ktery se bud chovat<br />jako smerovac a bude rozesilat pravidelne falesne ARP packety (napadneme ten <br />pocitac 10.0.0.100) :)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 10.0.0.100<br />PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.<br />64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=8.43 ms<br />64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.715 ms<br /><br />--- 10.0.0.100 ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 999ms<br />rtt min/avg/max/mdev = 0.715/4.574/8.434/3.860 ms<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> arp -n<br />Address HWtype HWaddress Flags Mask Iface<br />10.0.0.100 ether 00:16:3E:00:00:99 C eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> arping 10.0.0.100<br />ARPING 10.0.0.100<br />42 bytes from fe:ff:ff:ff:ff:ff (10.0.0.100): index=0 time=1.452 msec<br />42 bytes from 00:16:3e:00:00:99 (10.0.0.100): index=1 time=121.695 msec<br />42 bytes from fe:ff:ff:ff:ff:ff (10.0.0.100): index=2 time=2.145 msec<br />42 bytes from 00:16:3e:00:00:99 (10.0.0.100): index=3 time=1.000 sec<br /><br />--- 10.0.0.100 statistics ---<br />2 packets transmitted, 4 packets received, -100% unanswered<br /></pre></div><br />-> a hle, secko funguje, jen se podivejme, ze ma najednou jinou arp adresu...<br /><br />Skript: arpspoof-all, udajne googlitelny<br /><br /><h2>DNS</h2><br /><br />4:<br /><br />TTL bychom meli snizit treba na minuty v pripade, ze se chystame menit IP<br />adresy, jinak je vhodne v radu hodin...<br /><br />Zona: podstromy struktury, mohou mit casti vykousnute (treba *.cuni.cz bez mff <br />je zona -> mff ma vlastni zonu)<br /><br />5:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nslookup idnes.cz<br />Server: 195.113.19.71<br />Address: 195.113.19.71#53<br /><br />Non-authoritative answer:<br />Name: idnes.cz<br />Address: 194.79.52.192<br /></pre></div><br /><br />6:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dig cuni.cz ns<br /><br />; ---- DiG 9.3.4 ---- cuni.cz ns<br />;; global options: printcmd<br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 10358<br />;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3<br /><br />;; QUESTION SECTION:<br />;cuni.cz. IN NS<br /><br />;; ANSWER SECTION:<br />cuni.cz. 17709 IN NS golias.ruk.cuni.cz.<br />cuni.cz. 17709 IN NS ns.ces.net.<br /><br />;; ADDITIONAL SECTION:<br />ns.ces.net. 168668 IN A 195.113.144.233<br />ns.ces.net. 82268 IN AAAA 2001:718:1:101::3<br />golias.ruk.cuni.cz. 82268 IN A 195.113.0.2<br /><br />;; Query time: 2 msec<br />;; SERVER: 195.113.19.71#53(195.113.19.71)<br />;; WHEN: Thu Feb 28 18:06:20 2008<br />;; MSG SIZE rcvd: 134<br /></pre></div><br /><br />7:<br /><br />Jak vypadaji delegace z domen vyssich radu (iterativni dotaz, pod tim je to<br />okomentovane):<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dig +trace +all +qr www.karlin.mff.cuni.cz <br /><br />; ---- DiG 9.3.4 ---- +trace +all +qr www.karlin.mff.cuni.cz<br />;; global options: printcmd<br />;; Sending:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 33276<br />;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;. IN NS<br /><br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 33276<br />;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 12<br /><br />;; QUESTION SECTION:<br />;. IN NS<br /><br />;; ANSWER SECTION:<br />. 513994 IN NS F.ROOT-SERVERS.NET.<br />. 513994 IN NS G.ROOT-SERVERS.NET.<br />. 513994 IN NS H.ROOT-SERVERS.NET.<br />. 513994 IN NS I.ROOT-SERVERS.NET.<br />. 513994 IN NS J.ROOT-SERVERS.NET.<br />. 513994 IN NS K.ROOT-SERVERS.NET.<br />. 513994 IN NS L.ROOT-SERVERS.NET.<br />. 513994 IN NS M.ROOT-SERVERS.NET.<br />. 513994 IN NS A.ROOT-SERVERS.NET.<br />. 513994 IN NS B.ROOT-SERVERS.NET.<br />. 513994 IN NS C.ROOT-SERVERS.NET.<br />. 513994 IN NS D.ROOT-SERVERS.NET.<br />. 513994 IN NS E.ROOT-SERVERS.NET.<br /><br />;; ADDITIONAL SECTION:<br />A.ROOT-SERVERS.NET. 604707 IN A 198.41.0.4<br />A.ROOT-SERVERS.NET. 604707 IN AAAA 2001:503:ba3e::2:30<br />C.ROOT-SERVERS.NET. 604740 IN A 192.33.4.12<br />D.ROOT-SERVERS.NET. 604699 IN A 128.8.10.90<br />E.ROOT-SERVERS.NET. 604739 IN A 192.203.230.10<br />G.ROOT-SERVERS.NET. 604572 IN A 192.112.36.4<br />H.ROOT-SERVERS.NET. 604735 IN A 128.63.2.53<br />H.ROOT-SERVERS.NET. 604735 IN AAAA 2001:500:1::803f:235<br />J.ROOT-SERVERS.NET. 604762 IN A 192.58.128.30<br />J.ROOT-SERVERS.NET. 604762 IN AAAA 2001:503:c27::2:30<br />K.ROOT-SERVERS.NET. 604728 IN A 193.0.14.129<br />K.ROOT-SERVERS.NET. 604728 IN AAAA 2001:7fd::1<br /><br />;; Query time: 4 msec<br />;; SERVER: 195.113.19.71#53(195.113.19.71)<br />;; WHEN: Thu Feb 28 18:10:54 2008<br />;; MSG SIZE rcvd: 468<br /><br />;; Sending:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 42811<br />;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;www.karlin.mff.cuni.cz. IN A<br /><br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 42811<br />;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 11<br /><br />;; QUESTION SECTION:<br />;www.karlin.mff.cuni.cz. IN A<br /><br />;; AUTHORITY SECTION:<br />cz. 172800 IN NS F.NS.NIC.cz.<br />cz. 172800 IN NS A.NS.NIC.cz.<br />cz. 172800 IN NS B.NS.NIC.cz.<br />cz. 172800 IN NS C.NS.NIC.cz.<br />cz. 172800 IN NS D.NS.NIC.cz.<br />cz. 172800 IN NS E.NS.NIC.cz.<br /><br />;; ADDITIONAL SECTION:<br />A.NS.NIC.cz. 172800 IN A 217.31.205.180<br />B.NS.NIC.cz. 172800 IN A 217.31.205.188<br />C.NS.NIC.cz. 172800 IN A 195.66.241.202<br />D.NS.NIC.cz. 172800 IN A 193.29.206.1<br />E.NS.NIC.cz. 172800 IN A 194.146.105.38<br />F.NS.NIC.cz. 172800 IN A 193.171.255.48<br />A.NS.NIC.cz. 172800 IN AAAA 2001:1488:dada:176::180<br />B.NS.NIC.cz. 172800 IN AAAA 2001:1488:dada:184::188<br />C.NS.NIC.cz. 172800 IN AAAA 2a01:40:1000::2<br />D.NS.NIC.cz. 172800 IN AAAA 2001:678:1::1<br />F.NS.NIC.cz. 172800 IN AAAA 2001:628:453:420::48<br /><br />;; Query time: 8 msec<br />;; SERVER: 192.5.5.241#53(F.ROOT-SERVERS.NET)<br />;; WHEN: Thu Feb 28 18:10:54 2008<br />;; MSG SIZE rcvd: 379<br /><br />;; Sending:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 32710<br />;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;www.karlin.mff.cuni.cz. IN A<br /><br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 32710<br />;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1<br /><br />;; QUESTION SECTION:<br />;www.karlin.mff.cuni.cz. IN A<br /><br />;; AUTHORITY SECTION:<br />cuni.cz. 18000 IN NS golias.ruk.cuni.cz.<br />cuni.cz. 18000 IN NS ns.ces.net.<br /><br />;; ADDITIONAL SECTION:<br />golias.ruk.cuni.cz. 18000 IN A 195.113.0.2<br /><br />;; Query time: 8 msec<br />;; SERVER: 193.171.255.48#53(F.NS.NIC.cz)<br />;; WHEN: Thu Feb 28 18:10:54 2008<br />;; MSG SIZE rcvd: 105<br /><br />;; Sending:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 24025<br />;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;www.karlin.mff.cuni.cz. IN A<br /><br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 24025<br />;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3<br /><br />;; QUESTION SECTION:<br />;www.karlin.mff.cuni.cz. IN A<br /><br />;; ANSWER SECTION:<br />www.karlin.mff.cuni.cz. 86400 IN CNAME wendy.karlin.mff.cuni.cz.<br />wendy.karlin.mff.cuni.cz. 86400 IN A 195.113.30.214<br /><br />;; AUTHORITY SECTION:<br />karlin.mff.cuni.cz. 86400 IN NS krb.karlin.mff.cuni.cz.<br />karlin.mff.cuni.cz. 86400 IN NS krbik.karlin.mff.cuni.cz.<br />karlin.mff.cuni.cz. 86400 IN NS golias.ruk.cuni.cz.<br /><br />;; ADDITIONAL SECTION:<br />krb.karlin.mff.cuni.cz. 86400 IN A 195.113.30.215<br />krbik.karlin.mff.cuni.cz. 86400 IN A 195.113.30.216<br />golias.ruk.cuni.cz. 86400 IN A 195.113.0.2<br /><br />;; Query time: 2 msec<br />;; SERVER: 195.113.0.2#53(golias.ruk.cuni.cz)<br />;; WHEN: Thu Feb 28 18:10:54 2008<br />;; MSG SIZE rcvd: 187<br /></pre></div><br /><br />Predstavme si, ze pro www.seznam.cz je nameserver ns.seznam.cz. Nj, ale to<br />dostanu od .cz informaci, ze IP adresu ma u sebe ns.seznam.cz, ale jakou ma <br />on IP adresu? :-o<br /><br />To se resi pomoci glue records: od toho serveru pro .cz se dozvime nejen<br />informace typu NS, ale take typu A o tom ns.seznam.cz. ty jsou v aditional<br />section (je videt i v nasem dotazu, napr. hned na zacatku ty root servery jsou<br />tam vyjmenovane a pod tim jsou i jejich IP adresy)<br /><br />8:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/resolv.conf <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/resolv.conf <br />search seminar<br />nameserver 10.0.0.100<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping seznam.cz<br />PING seznam.cz (77.75.76.3) 56(84) bytes of data.<br />64 bytes from www.seznam.cz (77.75.76.3): icmp_seq=1 ttl=56 time=3.40 ms<br />64 bytes from www.seznam.cz (77.75.76.3): icmp_seq=2 ttl=56 time=4.70 ms<br /><br />--- seznam.cz ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 999ms<br />rtt min/avg/max/mdev = 3.402/4.055/4.708/0.653 ms<br /></pre></div><br /><br />Top-level domena je pro nase ucely nazvana "seminar" (na stejne urovni jako<br />.cz atd.)<br /><br />I kdyz si ten /etc/resolv.conf prepiseme, tak on se casem prepise zpet, takze<br />musime zrusit dhcp klienta:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> pkill dhclient<br /></pre></div><br /><br />Otestujeme, jestli nam to funguje hezky:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dig ns.seminar<br /><br />; ---- DiG 9.3.4 ---- ns.seminar<br />;; global options: printcmd<br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 53501<br />;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;ns.seminar. IN A<br /><br />;; ANSWER SECTION:<br />ns.seminar. 604800 IN A 10.0.0.100<br /><br />;; AUTHORITY SECTION:<br />seminar. 604800 IN NS ns.seminar.<br /><br />;; Query time: 6 msec<br />;; SERVER: 10.0.0.100#53(10.0.0.100)<br />;; WHEN: Thu Feb 28 18:32:47 2008<br />;; MSG SIZE rcvd: 58<br /></pre></div><br /><br />Takze ok, ale ne uplne, pac treba "dig ns" by mel udelat totez, ale nedela, to<br />hleda na netu z neznamych pricin, ale neresili jsme to, proc to dela takle<br />spatne.<br /><br />9:<br /><br />Nastavime si vlastni server :)<br />uz by mel bezet, kdyby ne, tak <br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/bind9 start<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dig @localhost idnes.cz<br /><br />; ---- DiG 9.3.4 ---- @localhost idnes.cz<br />; (1 server found)<br />;; global options: printcmd<br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NOERROR, id: 37487<br />;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;idnes.cz. IN A<br /><br />;; ANSWER SECTION:<br />idnes.cz. 1800 IN A 194.79.52.192<br /><br />;; AUTHORITY SECTION:<br />idnes.cz. 1800 IN NS ns.mafra.cz.<br />idnes.cz. 1800 IN NS ns2.mafra.cz.<br /><br />;; Query time: 227 msec<br />;; SERVER: 127.0.0.1#53(127.0.0.1)<br />;; WHEN: Thu Feb 28 18:38:53 2008<br />;; MSG SIZE rcvd: 83<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dig @localhost ns.seminar<br /><br />; ---- DiG 9.3.4 ---- @localhost ns.seminar<br />; (1 server found)<br />;; global options: printcmd<br />;; Got answer:<br />;; ---HEADER--- opcode: QUERY, status: NXDOMAIN, id: 16326<br />;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<br /><br />;; QUESTION SECTION:<br />;ns.seminar. IN A<br /><br />;; AUTHORITY SECTION:<br />. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISI<br />GN-GRS.COM. 2008022701 1800 900 604800 86400<br /><br />;; Query time: 24 msec<br />;; SERVER: 127.0.0.1#53(127.0.0.1)<br />;; WHEN: Thu Feb 28 18:39:33 2008<br />;; MSG SIZE rcvd: 103<br /></pre></div><br />Ha, ns.seminar nezna. Stejne si ho v resolv.conf nastavime jako defaultni (asi<br />si to budeme nastavovat pozdeji)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/resolv.conf <br />search seminar<br />nameserver 127.0.0.1<br /></pre></div><br /><br /><h3>Thu Mar 6 17:15:37 CET 2008</h3><br /><br />11:<br /><br />Nastavime si dns server (vlastni)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cp /etc/bind/db.local /etc/bind/db.vm15<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/bind/db.vm15 <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/bind/db.vm15 <br />;<br />; BIND data file for local loopback interface<br />;<br />$TTL 3D<br />@ IN SOA ns.vm15.seminar. root.seminar. (<br /> 2008030601 ; Serial<br /> 8H ; Refresh<br /> 2D ; Retry<br /> 4W ; Expire<br /> 1D ) ; Negative Cache TTL<br /> NS ns<br /> MX 20 mail<br />ns A 10.0.0.115<br />mail A 10.0.0.115<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/bind/named.conf.local<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/bind/named.conf.local <br />//<br />// Do any local configuration here<br />//<br /><br />// Consider adding the 1918 zones here, if they are not used in your<br />// organization<br />//include "/etc/bind/zones.rfc1918";<br /><br />zone "vm15.seminar" {<br /> type master;<br /> file "/etc/bind/db.vm15";<br />};<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> pkill dhclient<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/resolv.conf <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/resolv.conf <br />search seminar<br />nameserver 10.0.0.115<br />nameserver 10.0.0.100<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/bind9 restart<br />Stopping domain name service...: bind.<br />Starting domain name service...: bind.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tail /var/log/syslog<br />Mar 6 17:45:53 vm15 named[1475]: listening on IPv4 interface lo, 127.0.0.1#53<br />Mar 6 17:45:53 vm15 named[1475]: listening on IPv4 interface eth0, 10.0.0.115#53<br />Mar 6 17:45:53 vm15 named[1475]: command channel listening on 127.0.0.1#953<br />Mar 6 17:45:53 vm15 named[1475]: command channel listening on ::1#953<br />Mar 6 17:45:53 vm15 named[1475]: zone 0.in-addr.arpa/IN: loaded serial 1<br />Mar 6 17:45:53 vm15 named[1475]: zone 127.in-addr.arpa/IN: loaded serial 1<br />Mar 6 17:45:53 vm15 named[1475]: zone 255.in-addr.arpa/IN: loaded serial 1<br />Mar 6 17:45:53 vm15 named[1475]: zone localhost/IN: loaded serial 1<br />Mar 6 17:45:53 vm15 named[1475]: zone vm15.seminar/IN: loaded serial 2008030601<br />Mar 6 17:45:53 vm15 named[1475]: running<br /></pre></div><br /><br /><br />to vypada dobre....<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nslookup ns.vm15.seminar<br />Server: 10.0.0.115<br />Address: 10.0.0.115#53<br /><br />Name: ns.vm15.seminar<br />Address: 10.0.0.115<br /></pre></div><br /><br />Takze to i funguje :) (to, ze to skutecne funguje je jasne z toho, ze jako<br />server je uvedeny ten 10.0.0.115, coz je nas pocitac a ten to tedy spravne<br />zodpovedel)<br /><br /><br /><br />Udelam ze sebe sekundar pro spoluzakuv pocitac:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/bind/named.conf.local <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/bind/named.conf.local <br />zone "vm15.seminar" {<br /> type master;<br /> file "/etc/bind/db.vm15";<br />};<br /><br />zone "vm28.seminar" {<br /> type slave;<br /> file "db.vm28";<br /> masters { 10.0.0.128; };<br />};<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> chmod g+w /etc/bind<br /># aby si mohl zase on stahnout nas domenovy soubor<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/bind9 restart<br />Stopping domain name service...: bind.<br />Starting domain name service...: bind.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nslookup ns.vm28.seminar<br />Server: 10.0.0.115<br />Address: 10.0.0.115#53<br /><br />Name: ns.vm28.seminar<br />Address: 10.0.0.128<br /></pre></div><br /><br />funugje :)<br /><br /><h2> Smerovani </h2><br /><br />Vsechny pocitace se restartovali, abychom zmenili stukturu site podle slidu 3<br />a 4. V teto chvili bychom nemeli nic dostat z dhcp serveru.<br /><br />6:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 10.1.0.15 netmask 255.255.255.0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 up<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth1 10.3.0.15 netmask 255.255.255.0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth1 up<br />eth0 Link encap:Ethernet HWaddr 00:16:3E:00:01:15 <br /> inet addr:10.1.0.15 Bcast:10.1.0.255 Mask:255.255.255.0<br /> inet6 addr: fe80::216:3eff:fe00:115/64 Scope:Link<br /> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br /> RX packets:189 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:14 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:1000 <br /> RX bytes:20378 (19.9 KiB) TX bytes:2604 (2.5 KiB)<br /><br />eth1 Link encap:Ethernet HWaddr 00:16:3E:00:03:15 <br /> inet addr:10.3.0.15 Bcast:10.3.0.255 Mask:255.255.255.0<br /> inet6 addr: fe80::216:3eff:fe00:315/64 Scope:Link<br /> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br /> RX packets:46 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:1000 <br /> RX bytes:2908 (2.8 KiB) TX bytes:510 (510.0 b)<br /><br />lo Link encap:Local Loopback <br /> inet addr:127.0.0.1 Mask:255.0.0.0<br /> inet6 addr: ::1/128 Scope:Host<br /> UP LOOPBACK RUNNING MTU:16436 Metric:1<br /> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:0 <br /> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<br /></pre></div><br /><br />7:<br /><br />zapneme smerovani<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> echo 1 > /proc/sys/net/ipv4/ip_forward <br /></pre></div><br /><br />a routovani<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route add -net 10.2.0.0/24 gw 10.1.0.100 eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route add -net 10.4.0.0/24 gw 10.1.0.100 eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route<br />Kernel IP routing table<br />Destination Gateway Genmask Flags Metric Ref Use Iface<br />10.2.0.0 10.1.0.100 255.255.255.0 UG 0 0 0 eth0<br />10.4.0.0 10.1.0.100 255.255.255.0 UG 0 0 0 eth0<br />10.3.0.0 * 255.255.255.0 U 0 0 0 eth1<br />10.1.0.0 * 255.255.255.0 U 0 0 0 eth0<br /></pre></div><br /><br /><h3>Thu Mar 13 17:23:06 CET 2008</h3><br /><br />13, 14:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/quagga/daemons <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/quagga/daemons <br />...<br />zebra=yes<br />bgpd=no<br />ospfd=no<br />ospf6d=no<br />ripd=yes<br />ripngd=no<br />isisd=no<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/quagga/zebra.conf<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/quagga/zebra.conf<br />hostname router<br />password zebra<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/quagga/ripd.conf<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/quagga/ripd.conf <br />hostname ripd<br />password zebra<br />router rip<br /> network eth0<br /> network eth1<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route<br />Kernel IP routing table<br />Destination Gateway Genmask Flags Metric Ref Use Iface<br />10.2.0.0 10.1.0.100 255.255.255.0 UG 0 0 0 eth0<br />10.4.0.0 10.1.0.100 255.255.255.0 UG 0 0 0 eth0<br />10.3.0.0 * 255.255.255.0 U 0 0 0 eth1<br />10.1.0.0 * 255.255.255.0 U 0 0 0 eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route del -net 10.2.0.0/24<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route del -net 10.4.0.0/24<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/quagga start<br />Loading capability module if not yet done.<br />Starting Quagga daemons (prio:10): zebra/usr/lib/quagga/zebra already running.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> telnet localhost ripd<br />Trying 127.0.0.1...<br />Connected to localhost.<br />Escape character is '^]'.<br /><br />Hello, this is Quagga (version 0.99.5).<br />Copyright 1996-2005 Kunihiro Ishiguro, et al.<br /><br /><br />User Access Verification<br /><br />Password: <br />ripd> show ip rip<br />Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP<br />Sub-codes:<br /> (n) - normal, (s) - static, (d) - default, (r) - redistribute,<br /> (i) - interface<br /><br /> Network Next Hop Metric From Tag Time<br />R(n) 0.0.0.0/0 10.1.0.100 2 10.1.0.100 0 10:20<br />C(i) 10.1.0.0/24 0.0.0.0 1 self 0<br />R(n) 10.2.0.0/24 10.1.0.100 2 10.1.0.100 0 10:20<br />C(i) 10.3.0.0/24 0.0.0.0 1 self 0<br />R(n) 10.4.0.0/24 10.1.0.100 3 10.1.0.100 0 10:20<br />ripd> show ip rip status <br />Routing Protocol is "rip"<br />Sending updates every 30 seconds with +/-50%, next due in -1205427131 seconds<br /> Timeout after 180 seconds, garbage collect after 120 seconds<br /> Outgoing update filter list for all interface is not set<br /> Incoming update filter list for all interface is not set<br /> Default redistribution metric is 1<br /> Redistributing:<br /> Default version control: send version 2, receive any version <br /> Interface Send Recv Key-chain<br /> eth0 2 1 2 <br /> eth1 2 1 2 <br /> Routing for Networks:<br /> eth0<br /> eth1<br /> Routing Information Sources:<br /> Gateway BadPackets BadRoutes Distance Last Update<br /> 10.1.0.100 0 0 120 00:00:19<br /> 10.1.0.11 0 0 120 00:00:08<br /> 10.1.0.9 0 0 120 00:00:19<br /> 10.3.0.9 0 0 120 00:00:19<br /> 10.1.0.99 0 0 120 00:00:16<br /> 10.1.0.3 0 0 120 00:00:35<br /> 10.3.0.3 0 0 120 00:00:35<br /> 10.1.0.25 0 0 120 00:00:16<br /> 10.3.0.25 0 0 120 00:00:16<br /> 10.1.0.7 0 0 120 00:00:23<br /> 10.3.0.7 0 0 120 00:00:23<br /> 10.1.0.5 0 0 120 00:00:26<br /> 10.3.0.5 0 0 120 00:00:26<br /> 10.3.0.11 0 0 120 00:00:08<br /> Distance: (default is 120)<br /></pre></div><br /><br />15:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth1 down<br /># ze zahadnych pricin je obcas nutne todle udelat<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth1 up <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 down<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ifconfig eth0 up <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route -n<br />Kernel IP routing table<br />Destination Gateway Genmask Flags Metric Ref Use Iface<br />10.4.0.14 10.1.0.100 255.255.255.255 UGH 3 0 0 eth0<br />10.2.0.14 10.1.0.100 255.255.255.255 UGH 3 0 0 eth0<br />10.2.0.0 10.1.0.100 255.255.255.0 UG 2 0 0 eth0<br />10.0.0.0 10.1.0.100 255.255.255.0 UG 5 0 0 eth0<br />10.0.1.0 10.1.0.100 255.255.255.0 UG 5 0 0 eth0<br />10.3.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1<br />10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0<br />0.0.0.0 10.1.0.100 0.0.0.0 UG 2 0 0 eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 195.113.18.123<br />PING 195.113.18.123 (195.113.18.123) 56(84) bytes of data.<br />64 bytes from 195.113.18.123: icmp_seq=1 ttl=63 time=1.74 ms<br />64 bytes from 195.113.18.123: icmp_seq=2 ttl=63 time=1.15 ms<br />...<br /></pre></div><br /><br />ted schodime servrik na 10.1.0.100 a nekomu (kdo pres to mel cestu, treba ja)<br />prestane chodit pign do netu, ale casem se to opravi :)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 195.113.18.123<br />PING 195.113.18.123 (195.113.18.123) 56(84) bytes of data.<br /><br />--- 195.113.18.123 ping statistics ---<br />4 packets transmitted, 0 received, 100% packet loss, time 3005ms<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> telnet localhost ripd<br />Trying 127.0.0.1...<br />Connected to localhost.<br />Escape character is '^]'.<br /><br />Hello, this is Quagga (version 0.99.5).<br />Copyright 1996-2005 Kunihiro Ishiguro, et al.<br /><br /><br />User Access Verification<br /><br />Password: <br />ripd> show ip rip status<br />Routing Protocol is "rip"<br />Sending updates every 30 seconds with +/-50%, next due in -1205427137 seconds<br /> Timeout after 180 seconds, garbage collect after 120 seconds<br /> Outgoing update filter list for all interface is not set<br /> Incoming update filter list for all interface is not set<br /> Default redistribution metric is 1<br /> Redistributing:<br /> Default version control: send version 2, receive any version <br /> Interface Send Recv Key-chain<br /> eth0 2 1 2 <br /> eth1 2 1 2 <br /> Routing for Networks:<br /> eth0<br /> eth1<br /> Routing Information Sources:<br /> Gateway BadPackets BadRoutes Distance Last Update<br /> 10.1.0.100 0 0 120 00:01:20<br /> 10.1.0.11 0 0 120 00:00:19<br /> 10.1.0.9 0 0 120 00:00:06<br /> 10.3.0.9 0 0 120 00:00:06<br /> 10.1.0.99 0 0 120 00:00:28<br /> 10.1.0.3 0 0 120 00:00:32<br /> 10.3.0.3 0 0 120 00:00:32<br /> 10.1.0.25 0 0 120 00:00:10<br /> 10.3.0.25 1 0 120 00:00:10<br /> 10.1.0.7 0 0 120 00:00:25<br /> 10.3.0.7 0 0 120 00:00:25<br /> 10.1.0.5 0 0 120 00:00:11<br /> 10.3.0.5 1 0 120 00:00:11<br /> 10.3.0.11 0 0 120 00:00:19<br /> 10.1.0.19 0 0 120 00:00:05<br /> 10.3.0.19 0 0 120 00:00:05<br /> 10.1.0.17 0 0 120 00:00:28<br /> 10.3.0.17 0 0 120 00:00:28<br /> Distance: (default is 120)<br /></pre></div><br /><br />vidime, ze ze 10.1.0.100 byl Last Update uz pred dost dlouhou dobou. Za chvili<br />uplne zmizel z ty tabulky. A nasla se jina cesta:<br /><br /><div class="kod"><pre><br />ripd> show ip rip <br />Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP<br />Sub-codes:<br /> (n) - normal, (s) - static, (d) - default, (r) - redistribute,<br /> (i) - interface<br /><br /> Network Next Hop Metric From Tag Time<br />R(n) 0.0.0.0/0 10.1.0.99 3 10.1.0.99 0 10:32<br />R(n) 10.0.0.0/24 10.1.0.99 5 10.1.0.99 0 10:32<br />R(n) 10.0.1.0/24 10.1.0.99 5 10.1.0.99 0 10:32<br />C(i) 10.1.0.0/24 0.0.0.0 1 self 0<br />R(n) 10.2.0.0/24 10.1.0.99 2 10.1.0.99 0 10:32<br />R(n) 10.2.0.14/32 10.1.0.99 3 10.1.0.99 0 10:32<br />C(i) 10.3.0.0/24 0.0.0.0 1 self 0<br />R(n) 10.4.0.0/24 10.1.0.99 3 10.1.0.99 0 10:32<br />R(n) 10.4.0.14/32 10.1.0.99 3 10.1.0.99 0 10:32<br />ripd> Connection closed by foreign host.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 195.113.18.123<br />PING 195.113.18.123 (195.113.18.123) 56(84) bytes of data.<br />64 bytes from 195.113.18.123: icmp_seq=1 ttl=62 time=3.81 ms<br />64 bytes from 195.113.18.123: icmp_seq=2 ttl=62 time=1.49 ms<br /><br />--- 195.113.18.123 ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 999ms<br />rtt min/avg/max/mdev = 1.496/2.656/3.817/1.161 ms<br /></pre></div><br /><br />a kdyz ten interface zase nahodime, tak se tam casem dostane zase ta puvodni<br />cesta, protoze je kratsi :)<br /><br /><br />16:<br /><br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/quagga/daemons <br />...<br />zebra=yes<br />bgpd=no<br />ospfd=yes<br />ospf6d=no<br />ripd=no<br />ripngd=no<br />isisd=no<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/quagga/ospfd.conf<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/quagga/ospfd.conf<br />hostname ospfd<br />password zebra<br />router ospf<br /> network 10.1.0.0/24 area 0<br /> network 10.3.0.0/24 area 0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/quagga restart<br />Stopping Quagga daemons (prio:0): (ospfd) zebra (bgpd) (waiting) .. ripd (ripng<br />d) (ospf6d) (isisd).<br />Removing all routes made by zebra.<br />Nothing to flush.<br />Loading capability module if not yet done.<br />Starting Quagga daemons (prio:10): zebra ospfd.<br /></pre></div><br /><br />zkusime si dalsi vypadek :)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 195.113.18.123<br />PING 195.113.18.123 (195.113.18.123) 56(84) bytes of data.<br />64 bytes from 195.113.18.123: icmp_seq=1 ttl=63 time=1.25 ms<br />64 bytes from 195.113.18.123: icmp_seq=2 ttl=63 time=0.957 ms<br /><br />--- 195.113.18.123 ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 999ms<br />rtt min/avg/max/mdev = 0.957/1.103/1.250/0.150 ms<br /></pre></div><br /><br />funguje to mnohem rychleji, nez ten predchozi :) na chvilicku se zastavil a pak<br />hned bezel dal (cca 3s)<br /><br /><h2> IPv6 </h2><br /><br /><h3>Thu Mar 20 17:21:33 CET 2008</h3><br /><br />5, 6, 7, 8, 9:<br /><br />V nasem pripade musime tunelovat, proto jsme obklopeni IPv4. Staticke nastaveni:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip link set dev eth0 up<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip addr add 2001:5c0:94c1:1::04/64 dev eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip route add 2001:5c0:94c1:1::/64 dev eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip route add 2000::/3 via 2001:5c0:94c1:1::100<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> echo nameserver 2001:5c0:94c1::1 >/etc/resolv.conf<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip route # vypise smerovaci tabulku (route -6)<br />10.0.0.0/24 via 10.1.0.100 dev eth0 proto zebra metric 20 <br />10.2.0.0/24 proto zebra metric 20 <br /> nexthop via 10.1.0.100 dev eth0 weight 1<br /> nexthop via 10.1.0.99 dev eth0 weight 1<br />10.4.0.0/24 proto zebra metric 30 <br /> nexthop via 10.1.0.100 dev eth0 weight 1<br /> nexthop via 10.1.0.99 dev eth0 weight 1<br />10.3.0.0/24 dev eth1 proto kernel scope link src 10.3.0.15 <br />10.1.0.0/24 dev eth0 proto kernel scope link src 10.1.0.15 <br />default via 10.1.0.100 dev eth0 proto zebra metric 10 <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> route -6<br />Kernel IPv6 routing table<br />Destination Next Hop Flags Metric Ref Use Iface<br />::1/128 :: U 0 12 1 lo <br />2001:5c0:94c1:1::4/128 :: U 0 39 1 lo <br />2001:5c0:94c1:1::/64 :: U 256 1 0 eth0 <br />2001:5c0:94c1:1::/64 :: U 1024 0 0 eth0 <br />2000::/3 2001:5c0:94c1:1::100 UG 1024 18 0 eth0 <br />fe80::216:3eff:fe00:115/128 :: U 0 2 1 lo <br />fe80::216:3eff:fe00:315/128 :: U 0 0 1 lo <br />fe80::/64 :: U 256 0 0 eth0 <br />fe80::/64 :: U 256 0 0 eth1 <br />ff02::2/128 ff02::2 UC 0 3 3 eth0 <br />ff00::/8 :: U 256 0 0 eth0 <br />ff00::/8 :: U 256 0 0 eth1 <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping6 www.kame.net<br />PING www.kame.net(orange.kame.net) 56 data bytes<br />64 bytes from orange.kame.net: icmp_seq=1 ttl=46 time=313 ms<br />64 bytes from orange.kame.net: icmp_seq=2 ttl=46 time=317 ms<br />64 bytes from orange.kame.net: icmp_seq=3 ttl=46 time=305 ms<br />64 bytes from orange.kame.net: icmp_seq=4 ttl=46 time=324 ms<br /><br />--- www.kame.net ping statistics ---<br />4 packets transmitted, 4 received, 0% packet loss, time 2997ms<br />rtt min/avg/max/mdev = 305.049/315.113/324.288/6.912 ms<br /></pre></div><br /><br />Zrusime statickou konfiguraci a presto ale pingneme, proc? protoze si to<br />routovani pamatuje.<br /><br /><div class="kod"><pre><br />TNETLINK answers: No such process<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip route del 2001:5c0:94c1:1::/64<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip addr del 2001:5c0:94c1:1::04/64 dev eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping6 www.kame.net<br />PING www.kame.net(orange.kame.net) 56 data bytes<br />64 bytes from orange.kame.net: icmp_seq=1 ttl=45 time=326 ms<br />64 bytes from orange.kame.net: icmp_seq=2 ttl=45 time=328 ms<br /><br />--- www.kame.net ping statistics ---<br />3 packets transmitted, 2 received, 33% packet loss, time 2014ms<br />rtt min/avg/max/mdev = 326.537/327.750/328.963/1.213 ms<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ip addr show<br />1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue <br /> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br /> inet 127.0.0.1/8 scope host lo<br /> inet6 ::1/128 scope host <br /> valid_lft forever preferred_lft forever<br />2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000<br /> link/ether 00:16:3e:00:01:15 brd ff:ff:ff:ff:ff:ff<br /> inet 10.1.0.15/24 brd 10.1.0.255 scope global eth0<br /> inet6 2001:5c0:94c1:1:216:3eff:fe00:115/64 scope global dynamic <br /> valid_lft 2591996sec preferred_lft 604796sec<br /> inet6 fe80::216:3eff:fe00:115/64 scope link <br /> valid_lft forever preferred_lft forever<br />3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000<br /> link/ether 00:16:3e:00:03:15 brd ff:ff:ff:ff:ff:ff<br /> inet 10.3.0.15/24 brd 10.3.0.255 scope global eth1<br /> inet6 fe80::216:3eff:fe00:315/64 scope link <br /> valid_lft forever preferred_lft forever<br />4: sit0: <NOARP> mtu 1480 qdisc noop <br /> link/sit 0.0.0.0 brd 0.0.0.0<br /></pre></div><br /><br />Odposlechneme si packet:<br /><br /><div class="kod"><pre><br />dns: /etc/resolv.conf:1: invalid nameserver address `2001:5c0:94c1::1'<br />device eth0 entered promiscuous mode<br />audit(1206032751.183:4): dev=eth0 prom=256 old_prom=0 auid=4294967295<br />Capturing on eth0<br />Frame 1 (110 bytes on wire, 110 bytes captured)<br /> Arrival Time: Mar 20, 2008 18:05:51.693765000<br /> [Time delta from previous packet: 0.000000000 seconds]<br /> [Time since reference or first frame: 0.000000000 seconds]<br /> Frame Number: 1<br /> Packet Length: 110 bytes<br /> Capture Length: 110 bytes<br /> [Frame is marked: False]<br /> [Protocols in frame: eth:ipv6:icmpv6]<br />Ethernet II, Src: Xensourc_00:01:99 (00:16:3e:00:01:99), Dst: IPv6-Neighbor-Disc<br />overy_00:00:00:01 (33:33:00:00:00:01)<br /> Destination: IPv6-Neighbor-Discovery_00:00:00:01 (33:33:00:00:00:01)<br /> Address: IPv6-Neighbor-Discovery_00:00:00:01 (33:33:00:00:00:01)<br /> .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadca<br /> st)<br /> .... ..1. .... .... .... .... = LG bit: Locally administered address (th<br /> is is NOT the factory default)<br /> Source: Xensourc_00:01:99 (00:16:3e:00:01:99)<br /> Address: Xensourc_00:01:99 (00:16:3e:00:01:99)<br /> .... ...0 .... .... .... .... = IG bit: Individual address (unicast)<br /> .... ..0. .... .... .... .... = LG bit: Globally unique address (factory<br /> default)<br /> Type: IPv6 (0x86dd)<br />Internet Protocol Version 6<br /> Version: 6<br /> Traffic class: 0x00<br /> Flowlabel: 0x00000<br /> Payload length: 56<br /> Next header: ICMPv6 (0x3a)<br /> Hop limit: 255<br /> Source address: fe80::216:3eff:fe00:199 (fe80::216:3eff:fe00:199)<br /> Destination address: ff02::1 (ff02::1)<br />Internet Control Message Protocol v6<br /> Type: 134 (Router advertisement)<br /> Code: 0<br /> Checksum: 0xf491 [correct]<br /> Cur hop limit: 64<br /> Flags: 0x00<br /> 0... .... = Not managed<br /> .0.. .... = Not other<br /> ..0. .... = Not Home Agent<br /> ...0 0... = Router preference: Medium<br /> Router lifetime: 30<br /> Reachable time: 0<br /> Retrans time: 0<br /> ICMPv6 options<br /> Type: 3 (Prefix information)<br /> Length: 32 bytes (4)<br /> Prefix length: 64<br /> Flags: 0xc0<br /> 1... .... = Onlink<br /> .1.. .... = Auto<br /> ..0. .... = Not router address<br /> ...0 .... = Not site prefix<br /> Valid lifetime: 0x00278d00<br /> Preferred lifetime: 0x00093a80<br /> Prefix: 2001:5c0:94c1:1::<br /> ICMPv6 options<br /> Type: 1 (Source link-layer address)<br /> Length: 8 bytes (1)<br /> Link-layer address: 00:16:3e:00:01:99<br /><br />device eth0 left promiscuous mode<br />audit(1206032756.767:5): dev=eth0 prom=0 old_prom=256 auid=4294967295<br />1 packets captured<br /></pre></div><br /><br />10, 11:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> host www.pasnet.cz<br />www.pasnet.cz has address 195.113.67.149<br />www.pasnet.cz has IPv6 address 2001:718:1e00::149<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> host 2001:718:1e03:4::3<br />3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.3.0.e.1.8.1.7.0.1.0.0.2.ip6.arpa domain <br />name pointer nms.ipv6.pasnet.cz.<br /></pre></div><br /><br />{to dns jsem moc nestihla}<br /><br /><h2> UDP, TCP, Firewall </h2><br /><br />1-5:<br /><br />pro ukonceni telnetu se standardne pouziva ctrl+], ale to se nam nehodi, pac to<br />nas vyhodi z konsole :) nastavime pomoci parametru -e. ale netcat je leps, takze<br />budu pouzivat netcat.<br /><br />pripojime se na daytime, sluzbu, co nam vraci aktualni cas:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> netcat -u localhost 13<br />1<br />20 MAR 2008 18:32:01 CET<br />2<br />20 MAR 2008 18:32:04 CET<br /></pre></div><br /><br />a pres tcp:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> netcat localhost 13<br />20 MAR 2008 18:33:04 CET<br /></pre></div><br /><br />6,7,8:<br /><br />Podivame se, jak probehne spojeni:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tshark >/tmp/dump &<br />[1] 14660<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> adns: /etc/resolv.conf:1: invalid nameserver address `2001:5c0:94c1::1'<br />device eth0 entered promiscuous mode<br />audit(1206035041.437:6): dev=eth0 prom=256 old_prom=0 auid=4294967295<br />Capturing on eth0<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> wget http://10.0.0.100/tcpip/firewall.png<br />--18:44:06-- http://10.0.0.100/tcpip/firewall.png<br /> => `firewall.png.1'<br />Connecting to 10.0.0.100:80... connected.<br />HTTP request sent, awaiting response... 200 OK<br />Length: 21,058 (21K) [image/png]<br /><br />100%[====================================>] 21,058 --.--K/s <br /><br />18:44:06 (5.80 MB/s) - `firewall.png.1' saved [21058/21058]<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> pkill tshark<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> device eth0 left promiscuous mode<br />audit(1206035055.462:7): dev=eth0 prom=0 old_prom=256 auid=4294967295<br />53 packets captured<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /tmp/dump <br /> 0.000000 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x2581fd52<br /> 1.852137 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [SYN] Seq=0 Len=0 MSS=1460 TSV=302385660 TSER=0 WS=3<br /> 1.854351 10.0.0.100 -> 10.1.0.15 TCP www > 4150 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=632812404 TSER=302385660 WS=4<br /> 1.854448 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=302385662 TSER=632812404<br /> 1.855179 10.1.0.15 -> 10.0.0.100 HTTP GET /tcpip/firewall.png HTTP/1.0<br /> 1.856249 10.0.0.100 -> 10.1.0.15 TCP www > 4150 [ACK] Seq=1 Ack=117 Win=5792 Len=0 TSV=632812404 TSER=302385663<br /> 1.857332 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.857414 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=1449 Win=8736 Len=0 TSV=302385663 TSER=632812405<br /> 1.857432 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.857451 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=2897 Win=11632 Len=0 TSV=302385663 TSER=632812405<br /> 1.857484 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.857502 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=4345 Win=14528 Len=0 TSV=302385663 TSER=632812405<br /> 1.858795 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.858859 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=5793 Win=17424 Len=0 TSV=302385663 TSER=632812405<br /> 1.858878 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.858900 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=7241 Win=20320 Len=0 TSV=302385663 TSER=632812405<br /> 1.858908 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.858924 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=8689 Win=23216 Len=0 TSV=302385663 TSER=632812405<br /> 1.858930 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.858943 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=10137 Win=26112 Len=0 TSV=302385663 TSER=632812405<br /> 1.858949 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.858975 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=11585 Win=29008 Len=0 TSV=302385663 TSER=632812405<br /> 1.858981 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.858995 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=13033 Win=31904 Len=0 TSV=302385663 TSER=632812405<br /> 1.861236 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.861310 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=14481 Win=34800 Len=0 TSV=302385663 TSER=632812406<br /> 1.861334 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.861349 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=15929 Win=37696 Len=0 TSV=302385663 TSER=632812406<br /> 1.861357 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.861372 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=17377 Win=40592 Len=0 TSV=302385663 TSER=632812406<br /> 1.861377 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.861390 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=18825 Win=43488 Len=0 TSV=302385663 TSER=632812406<br /> 1.861396 10.0.0.100 -> 10.1.0.15 TCP [TCP segment of a reassembled PDU]<br /> 1.861410 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=20273 Win=46384 Len=0 TSV=302385663 TSER=632812406<br /> 1.861415 10.0.0.100 -> 10.1.0.15 HTTP HTTP/1.1 200 OK (PNG)<br /> 1.861428 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [ACK] Seq=117 Ack=21311 Win=49280 Len=0 TSV=302385663 TSER=632812406<br /> 1.861434 10.0.0.100 -> 10.1.0.15 TCP www > 4150 [FIN, ACK] Seq=21311 Ack=117 Win=5792 Len=0 TSV=632812406 TSER=302385663<br /> 1.864679 10.1.0.15 -> 10.0.0.100 TCP 4150 > www [FIN, ACK] Seq=117 Ack=21312 Win=49280 Len=0 TSV=302385665 TSER=632812406<br /> 1.867147 10.0.0.100 -> 10.1.0.15 TCP www > 4150 [ACK] Seq=21312 Ack=118 Win=5792 Len=0 TSV=632812407 TSER=302385665<br /> 4.432056 fe80::216:3eff:fe00:199 -> ff02::1 ICMPv6 Router advertisement<br /> 4.987530 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x2581fd52<br /> 5.559465 10.1.0.11 -> 224.0.0.5 OSPF Hello Packet<br /> 5.562169 10.1.0.19 -> 224.0.0.5 OSPF Hello Packet<br /> 5.575656 10.1.0.9 -> 224.0.0.5 OSPF Hello Packet<br /> 5.578740 10.1.0.1 -> 224.0.0.5 OSPF Hello Packet<br /> 5.596916 10.1.0.3 -> 224.0.0.5 OSPF Hello Packet<br /> 5.596970 10.1.0.100 -> 224.0.0.5 OSPF Hello Packet<br /> 5.604864 10.1.0.25 -> 224.0.0.5 OSPF Hello Packet<br /> 5.610941 10.1.0.15 -> 224.0.0.5 OSPF Hello Packet<br /> 5.619775 10.1.0.99 -> 224.0.0.5 OSPF Hello Packet<br /> 5.625787 10.1.0.17 -> 224.0.0.5 OSPF Hello Packet<br /> 5.630497 10.1.0.7 -> 224.0.0.5 OSPF Hello Packet<br /> 5.642481 10.1.0.5 -> 224.0.0.5 OSPF Hello Packet<br /></pre></div><br /><br />9: oskenujeme router na verzi OS:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nmap -O 10.0.0.100<br /><br />Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-03-20 18:52 CET<br />mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled.<br /> Try using --system-dns or specify valid servers with --dns_servers<br />Interesting ports on 10.0.0.100:<br />Not shown: 1676 closed ports<br />PORT STATE SERVICE<br />22/tcp open ssh<br />53/tcp open domain<br />80/tcp open http<br />443/tcp open https<br />Device type: general purpose<br />Running: Linux 2.4.X|2.5.X|2.6.X<br />OS details: Linux 2.4.0 - 2.5.20, Linux 2.4.7 - 2.6.11<br /><br />Nmap finished: 1 IP address (1 host up) scanned in 2.748 seconds<br /></pre></div><br /><br /><br /><h3>Thu Mar 27 17:20:27 CET 2008</h3><br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> netstat -l<br />Active Internet connections (only servers)<br />Proto Recv-Q Send-Q Local Address Foreign Address State <br />tcp 0 0 *:echo *:* LISTEN <br />tcp 0 0 *:discard *:* LISTEN <br />tcp 0 0 localhost:zebra *:* LISTEN <br />tcp 0 0 localhost:ospfd *:* LISTEN <br />tcp 0 0 *:daytime *:* LISTEN <br />tcp 0 0 vm15.seminar:domain *:* LISTEN <br />tcp 0 0 localhost:domain *:* LISTEN <br />tcp 0 0 localhost:953 *:* LISTEN <br />tcp6 0 0 *:www *:* LISTEN <br />tcp6 0 0 *:domain *:* LISTEN <br />tcp6 0 0 ip6-localhost:953 *:* LISTEN <br />udp 0 0 *:1024 *:* <br />udp 0 0 *:echo *:* <br />udp 0 0 *:discard *:* <br />udp 0 0 *:daytime *:* <br />udp 0 0 vm15.seminar:domain *:* <br />udp 0 0 localhost:domain *:* <br />udp 0 0 *:bootpc *:* <br />udp6 0 0 *:1025 *:* <br />udp6 0 0 *:domain *:* <br />raw 0 0 *:ospf *:* 7 <br />raw6 15344 0 *:ipv6-icmp *:* 7 <br />Active UNIX domain sockets (only servers)<br />Proto RefCnt Flags Type State I-Node Path<br />unix 2 [ ACC ] STREAM LISTENING 2933 /var/run/quagga/zserv.api<br />unix 2 [ ACC ] STREAM LISTENING 2940 /var/run/quagga/zebra.vty<br />unix 2 [ ACC ] STREAM LISTENING 2952 /var/run/quagga/ospfd.vty<br /></pre></div><br /><br />14:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -L<br />Chain INPUT (policy ACCEPT)<br />target prot opt source destination <br /><br />Chain FORWARD (policy ACCEPT)<br />target prot opt source destination <br /><br />Chain OUTPUT (policy ACCEPT)<br />target prot opt source destination <br /></pre></div><br /><br />16:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -A INPUT -p tcp --dport daytime -j DROP<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -L<br />Chain INPUT (policy ACCEPT)<br />target prot opt source destination <br />DROP tcp -- anywhere anywhere tcp dpt:daytime <br /><br />Chain FORWARD (policy ACCEPT)<br />target prot opt source destination <br /><br />Chain OUTPUT (policy ACCEPT)<br />target prot opt source destination <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nc localhost daytime<br /><br /><br /></pre></div><br />...to nc samozrejme nic nedelalo<br /><br />smazeme a nahradime reject:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -D INPUT -p tcp --dport daytime -j DROP<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -A INPUT -p tcp --dport daytime -j REJECT<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -L<br />Chain INPUT (policy ACCEPT)<br />target prot opt source destination <br />REJECT tcp -- anywhere anywhere tcp dpt:daytime reject-with icmp-po<br />rt-unreachable <br /><br />Chain FORWARD (policy ACCEPT)<br />target prot opt source destination <br /><br />Chain OUTPUT (policy ACCEPT)<br />target prot opt source destination <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nc localhost daytime<br /><br />localhost [127.0.0.1] 13 (daytime) : Connection refused<br /></pre></div><br /><br />kdyz bychom si chtela zakazat secko, akorat vynechame tu informaci o portu.<br />potom nam ale nebude chodit ani treba ssh, protoze to je sice "odchozi", ale<br />take potrebuje samozrejme prichozi komunikaci... - dobre vyzkouset pomoci<br />tcpdump treba :)<br /><br />18:<br /><br />ted si zakazeme prichozi, krome uz spojenych, takze nam to ssh zacne fungovat,<br />ale ostatni ciste z venci ne:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -A INPUT -p tcp -m <br />state --state ESTABLISHED,RELATED -j ACCEP<br />Netfilter messages via NETLINK v0.30.<br />ip_conntrack version 2.4 (1088 buckets, 8704 max) - 224 bytes per conntrack<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -A INPUT -p tcp -j DROP <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> iptables -L<br />Chain INPUT (policy ACCEPT)<br />target prot opt source destination <br />DROP tcp -- anywhere anywhere tcp dpt:daytime <br />ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED <br />DROP tcp -- anywhere anywhere <br /><br />Chain FORWARD (policy ACCEPT)<br />target prot opt source destination <br /><br />Chain OUTPUT (policy ACCEPT)<br />target prot opt source destination <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ssh urtax.ms.mff.cuni.cz<br />The authenticity of host 'urtax.ms.mff.cuni.cz (195.113.20.119)' can't be establ<br />ished.<br />RSA key fingerprint is 88:c0:0b:d3:9f:8e:d6:5a:5a:9b:90:35:60:f0:32:a5.<br />Are you sure you want to continue connecting (yes/no)?<br />...<br /></pre></div><br /><br /><h2> HTTP </h2><br /><br />5:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nc www.google.com 80<br />GET / HTTP/1.0<br /><br />HTTP/1.0 302 Found<br />Location: http://www.google.cz/<br />Cache-Control: private<br />Set-Cookie: PREF=ID=896ed3e96761f7c1:TM=1206639248:LM=1206639248:S=-Vvh42c1MoDaH<br />fat; expires=Sat, 27-Mar-2010 17:34:08 GMT; path=/; domain=.google.com<br />Content-Type: text/html<br />Server: gws<br />Content-Length: 218<br />Date: Thu, 27 Mar 2008 17:34:08 GMT<br />Connection: Close<br /><br /><HTML><HEAD><meta http-equiv="content-type" content="text/html;chars<br />et=utf-8"><br /><TITLE>302 Moved</TITLE></HEAD>lt;BODY><br /><h1>302 Moved</H1><br />The document has moved<br /><A HREF="http://www.google.cz/">here</A>.<br /></BODY></HTML><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> wget -S http://www.google.com<br />--18:41:39-- http://www.google.com/<br /> => `index.html.1'<br />Resolving www.google.com... 66.249.91.147, 66.249.91.99, 66.249.91.103, ...<br />Connecting to www.google.com|66.249.91.147|:80... connected.<br />HTTP request sent, awaiting response... <br /> HTTP/1.0 302 Found<br /> Location: http://www.google.cz/<br /> Cache-Control: private<br /> Set-Cookie: PREF=ID=4b80fcef6e783fd3:TM=1206639699:LM=1206639699:S=m6-DJhcgsJe<br /> s4CcX; expires=Sat, 27-Mar-2010 17:41:39 GMT; path=/; domain=.google.com<br /> Content-Type: text/html<br /> Server: gws<br /> Content-Length: 218<br /> Date: Thu, 27 Mar 2008 17:41:39 GMT<br /> Connection: Keep-Alive<br />Location: http://www.google.cz/ [following]<br />--18:41:39-- http://www.google.cz/<br /> => `index.html.1'<br />Resolving www.google.cz... 66.249.91.104, 66.249.91.147, 66.249.91.99, ...<br />Reusing existing connection to www.google.com:80.<br />HTTP request sent, awaiting response... <br /> HTTP/1.0 200 OK<br /> Cache-Control: private<br /> Content-Type: text/html; charset=ISO-8859-2<br /> Set-Cookie: PREF=ID=ec80351da085837a:TM=1206639699:LM=1206639699:S=-cL0R5F9l4x<br /> GLV3x; expires=Sat, 27-Mar-2010 17:41:39 GMT; path=/; domain=.google.cz<br /> Server: gws<br /> Date: Thu, 27 Mar 2008 17:41:39 GMT<br /> Connection: Close<br />Length: unspecified [text/html]<br /><br /> [ <=> ] 5,757 --.--K/s <br /><br />18:41:39 (283.31 KB/s) - `index.html.1' saved [5757]<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat ./index.html<br /><html><head>...<br /></pre></div><br /><br /><h3>Thu Apr 3 17:19:18 CEST 2008</h3><br /><br />9:<br />pustime apache a vyzkousime, ze funguje:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/apache2 start<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> echo ":)" > /var/www/index.html <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> wget http://localhost<br />--17:27:29-- http://localhost/<br /> => `index.html.2'<br />Resolving localhost... 127.0.0.1<br />Connecting to localhost|127.0.0.1|:80... connected.<br />HTTP request sent, awaiting response... 200 OK<br />Length: 3 [text/html]<br /><br />100%[====================================>] 3 --.--K/s <br /><br />17:27:29 (97.66 KB/s) - `index.html.2' saved [3/3]<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat index.html<br />:)<br /></pre></div><br /><br />nastavime dns, abysme se mohli ptat i skrz jmeno, ne jen cislo:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/bind/db.vm15 <br />;<br />; BIND data file for local loopback interface<br />;<br />$TTL 3D<br />@ IN SOA vm15.seminar. root.seminar. (<br /> 2008030602 ; Serial<br /> 8H ; Refresh<br /> 2D ; Retry<br /> 4W ; Expire<br /> 1D ) ; Negative Cache TTL<br />NS ns<br />MX 20 mail<br />ns A 10.0.0.115<br />www A 10.0.0.115<br />mail A 10.0.0.115<br />ns AAAA 2001:5c0:94c1:1::15<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/bind9 restart<br />Stopping domain name service...: bind.<br />Starting domain name service...: bind.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> wget http://www.vm15.seminar.<br />--17:36:09-- http://www.vm15.seminar./<br /> => `index.html.1'<br />Resolving www.vm15.seminar.... 10.0.0.115<br />Connecting to www.vm15.seminar.|10.0.0.115|:80... connected.<br />HTTP request sent, awaiting response... 200 OK<br />Length: 3 [text/html]<br /><br />100%[====================================>] 3 --.--K/s <br /><br />17:36:09 (146.48 KB/s) - `index.html.1' saved [3/3]<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat index.html.1 <br />:)<br /></pre></div><br /><br />10, 11:<br /><br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> mkdir auth<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> #adresar, ktery budeme chranit jmenem a heslem<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> cd ./auth/ <br /><span style="color: rgb(204, 0, 0);">vm15:/var/www/auth#</span> echo "tajne" > secret.html<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www/auth#</span> htpasswd -c ./overovani uzivatel<br />New password: <br />Re-type new password: <br />Adding password for user uzivatel<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www/auth#</span> vim ./.htaccess <br /><span style="color: rgb(204, 0, 0);">vm15:/var/www/auth#</span> cat ./.htaccess <br />AuthType Basic<br />AuthName "uzivatel (realm)"<br />AuthUserFile /var/www/auth/secret.html<br />Require validuser<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www/auth#</span> wget http://localhost/auth/secret.html<br />--17:55:33-- http://localhost/auth/secret.html<br /> => `secret.html.1'<br />Resolving localhost... 127.0.0.1<br />Connecting to localhost|127.0.0.1|:80... connected.<br />HTTP request sent, awaiting response... 401 Authorization Required<br />Authorization failed.<br /></pre></div><br /><br />mno a po tom, co jsme zadali <br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/var/www/auth#</span> wget -d --http-user uzivatel --http-password heslo http://localhost/auth/secret.html<br /></pre></div><br /><br />se nam to teoreticky melo povest, ale me jedine se to nepovedlo, kdo vi proc,<br />kazdopadne nebyl moc cas to zkoumat :)<br /><br />12:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> vim /etc/bind/db.vm15 <br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> cat /etc/bind/db.vm15 <br />;<br />; BIND data file for local loopback interface<br />;<br />$TTL 3D<br />@ IN SOA vm15.seminar. root.seminar. (<br /> 2008030603 ; Serial<br /> 8H ; Refresh<br /> 2D ; Retry<br /> 4W ; Expire<br /> 1D ) ; Negative Cache TTL<br />NS ns<br />MX 20 mail<br />ns A 10.0.0.115<br />www A 10.0.0.115<br />mail A 10.0.0.115<br />ns AAAA 2001:5c0:94c1:1::15<br /><br />www2 IN CNAME www<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> vim /etc/apache2/sites-enabled/test-config<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> cat /etc/apache2/sites-enabled/test-config<br />NameVirtualHost 10.0.0.115:80<br /><VirtualHost 10.0.0.115:80><br />ServerName www.vm15.seminar<br />DocumentRoot /var/www/www<br /></VirtualHost><br /><br /><VirtualHost 10.0.0.115:80><br />ServerName www2.vm15.seminar<br />DocumentRoot /var/www/www2<br /></VirtualHost><br /><br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> mkdir www<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> mkdir www2<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> echo "1" > www/index.html <br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> echo "2" > www2/index.html<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> a2dissite default<br />Site default disabled; run /etc/init.d/apache2 reload to fully disable.<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> /etc/init.d/bind9 restart<br />Stopping domain name service...: bind.<br />Starting domain name service...: bind.<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> /etc/init.d/apache2 restart<br />Forcing reload of web server (apache2)...apache2: apr_sockaddr_info_get() failed<br />for vm15<br />apache2: Could not reliably determine the server's fully qualified domain name, <br />using 127.0.0.1 for ServerName<br />apache2: apr_sockaddr_info_get() failed for vm15<br />apache2: Could not reliably determine the server's fully qualified domain name, <br />using 127.0.0.1 for ServerName<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> wget http://www2.vm15.seminar/ <br />--18:22:05-- http://www2.vm15.seminar/<br /> => `index.html.1'<br />Resolving www2.vm15.seminar... 10.0.0.115<br />Connecting to www2.vm15.seminar|10.0.0.115|:80... connected.<br />HTTP request sent, awaiting response... 200 OK<br />Length: 2 [text/html]<br /><br />100%[====================================>] 2 --.--K/s <br /><br />18:22:05 (75.12 KB/s) - `index.html.1' saved [2/2]<br /><br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> cat index.html.1 <br />2<br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> wget http://www.vm15.seminar/<br />--18:22:27-- http://www.vm15.seminar/<br /> => `index.html.2'<br />Resolving www.vm15.seminar... 10.0.0.115<br />Connecting to www.vm15.seminar|10.0.0.115|:80... connected.<br />HTTP request sent, awaiting response... 200 OK<br />Length: 2 [text/html]<br /><br />100%[====================================>] 2 --.--K/s <br /><br />18:22:27 (88.78 KB/s) - `index.html.2' saved [2/2]<br /><br /><span style="color: rgb(204, 0, 0);">vm15:/var/www#</span> cat index.html.2 <br />1<br /></pre></div><br /><br />funguje :)<br /><br /><h2> SSL, IPSec </h2><br /><br />9:<br /><br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl req -new -nodes -out cert.csr -keyout cert.key<br />Generating a 1024 bit RSA private key<br />................++++++<br />.....++++++<br />writing new private key to 'cert.key'<br />-----<br />You are about to be asked to enter information that will be incorporated<br />into your certificate request.<br />What you are about to enter is what is called a Distinguished Name or a DN.<br />There are quite a few fields but you can leave some blank<br />For some fields there will be a default value,<br />If you enter '.', the field will be left blank.<br />-----<br />Country Name (2 letter code) [AU]:cz<br />State or Province Name (full name) [Some-State]:Czech Republic<br />Locality Name (eg, city) []:Prague<br />Organization Name (eg, company) [Internet Widgits Pty Ltd]:s0cketky spolecnost<br />Organizational Unit Name (eg, section) []:<br />Common Name (eg, YOUR name) []:www.vm15.seminar<br />Email Address []:<br /><br />Please enter the following 'extra' attributes<br />to be sent with your certificate request<br />A challenge password []:<br />An optional company name []:<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ls<br />cert.csr cert.key<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> less cert.key <br />-----BEGIN RSA PRIVATE KEY-----<br />MIICXAIBAAKBgQCoKhQUa1offD6kD/9bP4I/fAF9rqWTcRqOc9m2x3YlCQRQPkMc<br />nPwAGU6rdi9acYojYMarw6O0LT/ndsFo7DzWMx3KvzEA51StIVe+PuzTvM3INuOA<br />H8WmsjyEEBVr/bLpkpCwGyX8kAnggX0xb5X1J1EgwSGaT88THdaIVdh3owIDAQAB<br />AoGAElVsFQHTNIWOKsLXuzIEWDmDzBkDUjzNgWReAxBh8A24m6r+FBuFWdloe0cK<br />SJkCT3MYlddhfJ5GTkzjLzY6N47KO+GX6uH813xMnXRDNNTSUIoOhZDzyFM4VC10<br />KOaBuoQAVzbUC62QGCWBCivTaBenYKgW1Uvbn86s+TvZuEkCQQDdke6AQOIDbmLx<br />U8lJM4+TZyXg/mNvU6ENNTa57ThlxRvNMlXTc9Rf4Qt9RBr81ih7whO3BANLT0hg<br />/4rCXwXfAkEAwkuqhWKvgB/+Z1UMHCUSt2MS+CnYmL/w0+fUa62nHnH6IyOMlAnr<br />ppVVXwshYYfNIj6ID3jw0RZJa0zfPCj/vQJBALbtU4Ypiy+gBCoPraA05HWi9D/0<br />Zm20EsQPyfXopuZGvLRFuVwRRiY+azjpcIqL2PKMAbDYrEuR0kTa1VmyD+sCQEJh<br />xb3SzLFSvQGi7gNDq1RaliWRbn4pvec4YrvzVZCyUkrlH2eIyClfBg71547B7hUQ<br />Fj5rDKPzIFx3pCGSxGUCQA4GCJGHDENqCZ5gFBGdee0wT2ad6XNQAoW23KrTkjlr<br />0OX15mPW16SSul0X4ck354wmVmEhoSiHgJZ0nxD1uTw=<br />-----END RSA PRIVATE KEY-----<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> less cert.csr <br />-----BEGIN CERTIFICATE REQUEST-----<br />MIIBsDCCARkCAQAwcDELMAkGA1UEBhMCY3oxFzAVBgNVBAgTDkN6ZWNoIFJlcHVi<br />bGljMQ8wDQYDVQQHEwZQcmFndWUxHDAaBgNVBAoTE3MwY2tldGt5IHNwb2xlY25v<br />c3QxGTAXBgNVBAMTEHd3dy52bTE1LnNlbWluYXIwgZ8wDQYJKoZIhvcNAQEBBQAD<br />gY0AMIGJAoGBAKgqFBRrWh98PqQP/1s/gj98AX2upZNxGo5z2bbHdiUJBFA+Qxyc<br />/AAZTqt2L1pxiiNgxqvDo7QtP+d2wWjsPNYzHcq/MQDnVK0hV74+7NO8zcg244Af<br />xaayPIQQFWv9sumSkLAbJfyQCeCBfTFvlfUnUSDBIZpPzxMd1ohV2HajAgMBAAGg<br />ADANBgkqhkiG9w0BAQUFAAOBgQA4Y0Ng+ChnVHgc0sZSo6EFszuilO/jb/zd6FiH<br />FSJdHFWaJXYLd+ePWMaMoZ8icKQ/98Vfkq2CxqJC7y2K0PeseIhsqFVSdhw/XrYZ<br />dChpCFUOFFNFrdRZIQF73/cz5xjMbtpcOYzZvwMzqF51bp6q9hEEhexI5KxLY+xf<br />MZen2g==<br />-----END CERTIFICATE REQUEST-----<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl rsa -text -in cert.key <br />Private-Key: (1024 bit)<br />modulus:<br /> 00:a8:2a:14:14:6b:5a:1f:7c:3e:a4:0f:ff:5b:3f:<br />...<br />publicExponent: 65537 (0x10001)<br />privateExponent:<br /> 12:55:6c:15:01:d3:34:85:8e:2a:c2:d7:bb:32:04:<br />...<br />...<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl req -text -in cert.csr <br />Certificate Request:<br /> Data:<br /> Version: 0 (0x0)<br /> Subject: C=cz, ST=Czech Republic, L=Prague, O=s0cketky spolecnost, CN=www.<br /> vm15.seminar<br /> Subject Public Key Info:<br /> Public Key Algorithm: rsaEncryption<br /> RSA Public Key: (1024 bit)<br /> Modulus (1024 bit):<br /> 00:a8:2a:14:14:6b:5a:1f:7c:3e:a4:0f:ff:5b:3f:<br />...<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl x509 -req -in cert.c<br />sr -signkey cert.key -out cert.crt<br />Signature ok<br />subject=/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.semin<br />ar<br />Getting Private key<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl x509 -text -in cert.crt <br />Certificate:<br /> Data:<br /> Version: 1 (0x0)<br /> Serial Number:<br /> 95:26:08:dd:dc:db:d2:94<br /> Signature Algorithm: sha1WithRSAEncryption<br /> Issuer: C=cz, ST=Czech Republic, L=Prague, O=s0cketky spolecnost, CN=www.vm1<br /> 5.seminar<br />...<br /></pre></div><br /><br />13 a 14 z predchozi kapitoly:<br /><br />zkusime rozchodit ssl pro web:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/apache2/sites-enabled/test-config <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/apache2/sites-enabled/test-config <br />NameVirtualHost 10.0.0.115:443<br />Listen 10.0.0.115:443<br /><br /><VirtualHost 10.0.0.115:80><br />ServerName www.vm15.seminar<br />DocumentRoot /var/www/www<br />SSLEngine On<br />SSLCertificateFile /etc/apache2/ssl/apache.pem<br /></VirtualHost><br /></pre></div><br /><br /><h3>Thu Apr 10 17:17:11 CEST 2008</h3><br /><br />HTTPS, slide 13 a 14 (net6.pdf):<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/apache2/sites-enabled/test-config <br />NameVirtualHost 10.0.0.115:443<br />Listen 10.0.0.115:443<br /><br /><VirtualHost 10.0.0.115:443><br />ServerName www.vm15.seminar<br />DocumentRoot /var/www/www<br />SSLEngine On<br />SSLCertificateFile /etc/apache2/ssl/apache.pem<br /></VirtualHost><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mkdir /etc/apache2/ssl<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat cert.crt cert.key > /etc/apache2/ssl/apache.pem<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> a2enmod ssl<br />Module ssl installed; run /etc/init.d/apache2 force-reload to enable.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/apache2 restart<br />Forcing reload of web server (apache2)...apache2: apr_sockaddr_info_get() failed<br /> for vm15<br />apache2: Could not reliably determine the server's fully qualified domain name, <br />using 127.0.0.1 for ServerName<br /> waiting apache2: apr_sockaddr_info_get() failed for vm15<br />apache2: Could not reliably determine the server's fully qualified domain name, <br />using 127.0.0.1 for ServerName<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl s_client -connect 10.0.0.115:443 | less<br />CONNECTED(00000003)<br />---<br />Certificate chain<br /> 0 s:/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.seminar<br /> i:/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.seminar<br />---<br />Server certificate<br />-----BEGIN CERTIFICATE-----<br />MIICVzCCAcACCQCVJgjd3NvSlDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJj<br />ejEXMBUGA1UECBMOQ3plY2ggUmVwdWJsaWMxDzANBgNVBAcTBlByYWd1ZTEcMBoG<br />A1UEChMTczBja2V0a3kgc3BvbGVjbm9zdDEZMBcGA1UEAxMQd3d3LnZtMTUuc2Vt<br />aW5hcjAeFw0wODA0MDMxNjQzMTZaFw0wODA1MDMxNjQzMTZaMHAxCzAJBgNVBAYT<br />AmN6MRcwFQYDVQQIEw5DemVjaCBSZXB1YmxpYzEPMA0GA1UEBxMGUHJhZ3VlMRww<br />GgYDVQQKExNzMGNrZXRreSBzcG9sZWNub3N0MRkwFwYDVQQDExB3d3cudm0xNS5z<br />ZW1pbmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoKhQUa1offD6kD/9b<br />P4I/fAF9rqWTcRqOc9m2x3YlCQRQPkMcnPwAGU6rdi9acYojYMarw6O0LT/ndsFo<br />7DzWMx3KvzEA51StIVe+PuzTvM3INuOAH8WmsjyEEBVr/bLpkpCwGyX8kAnggX0x<br />b5X1J1EgwSGaT88THdaIVdh3owIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJYLZxCM<br />QkYDde6IfnSTsd0Gygun75ezWzXMeXBkOy+U46PGGcsKDevejKSbCtlY60/giCLG<br />tdNFoThGu1t6EhhjYf72zGUcNk0xCaaSh9btZfXmVL1skeyyXgF69nYEijY5Bly1<br />PpJJSyJ7aNdcshFo19RsfR3W0Ib75NUqWnEW<br />-----END CERTIFICATE-----<br />subject=/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.semin<br />ar<br />issuer=/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.semina<br />r<br />---<br />No client certificate CA names sent<br />---<br />SSL handshake has read 1167 bytes and written 316 bytes<br />---<br />New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA<br />Server public key is 1024 bit<br />Compression: NONE<br />Expansion: NONE<br />SSL-Session:<br /> Protocol : TLSv1<br /> Cipher : DHE-RSA-AES256-SHA<br /> Session-ID: 7F7A32BABB154BD32C22AFA9A1BD03B66E5E9F2CF495041DF6C87E6E99B623DC<br /> Session-ID-ctx: <br /> Master-Key: D2C36EEA73722EF77650E1E39BBD7E0B3199C5324BBFE32754D443016D5584CE<br />0DAAB545CE93E4A48EE4C3C5829E85DF<br /> Key-Arg : None<br /> Start Time: 1207841259<br /> Timeout : 300 (sec)<br /> Verify return code: 18 (self signed certificate)<br />---<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl s_client -connect is.mff.cuni.cz:443 | less<br />CONNECTED(00000003)<br />---<br />Certificate chain<br /> 0 s:/C=CZ/O=Charles University in Prague/CN=is.mff.cuni.cz<br /> i:/C=BE/O=Cybertrust/OU=Educational CA/CN=Cybertrust Educational CA<br /> 1 s:/C=CZ/ST=Czech Republic/L=Prague/O=Charles University in Prague/OU=PSiK MFF<br /> UK/CN=is.mff.cuni.cz/emailAddress=www@mff.cuni.cz<br /> i:/C=CZ/ST=Czech Republic/L=Prague/O=Charles University in Prague/OU=PSiK MFF<br /> UK/CN=is.mff.cuni.cz/emailAddress=www@mff.cuni.cz<br /> 2 s:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust<br /> Global Root<br /> i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust<br /> Global Root<br /> 3 s:/C=BE/O=Cybertrust/OU=Educational CA/CN=Cybertrust Educational CA<br /> i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust<br /> Global Root<br />---<br />Server certificate<br />-----BEGIN CERTIFICATE-----<br />MIIEaDCCA1CgAwIBAgILAQAAAAABDs4u6+kwDQYJKoZIhvcNAQEFBQAwXzELMAkG<br />A1UEBhMCQkUxEzARBgNVBAoTCkN5YmVydHJ1c3QxFzAVBgNVBAsTDkVkdWNhdGlv<br />bmFsIENBMSIwIAYDVQQDExlDeWJlcnRydXN0IEVkdWNhdGlvbmFsIENBMB4XDTA2<br />MTEwOTE5MjU1MVoXDTA5MTEwOTE5MjU1MVowTTELMAkGA1UEBhMCQ1oxJTAjBgNV<br />BAoTHENoYXJsZXMgVW5pdmVyc2l0eSBpbiBQcmFndWUxFzAVBgNVBAMTDmlzLm1m<br />Zi5jdW5pLmN6MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSjseWbu/ToGaU<br />vJKUQfgvfAwbwmuH1teTdLjKGmSCN+GNmOXQw78towcE6M1xIL4Dhwim/2BSU39r<br />5brKcV7df2M0dkpud+lMgANcrxjomRk46WZrup9BEXv1IGH7BI0Bzjnw3XAx2Tmi<br />4Om2Q7GDUZDxdVK5fKLFaohauygjVwIDAQABo4IBuTCCAbUwUAYDVR0gBEkwRzBF<br />BgcqhkixPgEAMDowOAYIKwYBBQUHAgEWLGh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5u<br />ZXQvcmVwb3NpdG9yeS9jcHMuY2ZtMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAW<br />gBRlZaM91zsRowoHJTfJQkpbdndQ4TAdBgNVHQ4EFgQU4M2Y1zG24OrMIa2kH0D6<br />kPXtbV0wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nbG9iYWxzaWduLm5l<br />dC9lZHVjYXRpb25hbC5jcmwwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzAChjNo<br />dHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24ubmV0L2NhY2VydC9lZHVjYXRpb25hbC5j<br />cnQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdEQReMFyCDmlz<br />Lm1mZi5jdW5pLmN6gg93d3cubWZmLmN1bmkuY3qCE3BoeXNpY3MubWZmLmN1bmku<br />Y3qCEHBzaWsubWZmLmN1bmkuY3qCEnNlYXJjaC5tZmYuY3VuaS5jejANBgkqhkiG<br />9w0BAQUFAAOCAQEAL4g48bLS/yrmmKMqvJUeRSJr9WmMFtTohGfStKtTaXvUc1Q7<br />szG6fHEpP8IxFnT4+qwDnaQm/c7Ln5BgMALAgsNxGbuFt3GUgG0r0oMZ02de3k+i<br />3tXoVCO5nWh5zBMBSIB9mIfChkIPCQVor6DBVA7AxZGfViK+omahlqxKtGM6mOvp<br />7IflU4MiUyXB8gXkAYHIPuEAWUpvysNZUGu3WlQYmXb1e0i0iOONwOwKgUnNeeLD<br />C684rnHNPECpYuBPbbx/BhkkppI2+0xP/4s5zGMSz187PYq/tMj8z/GY+ICIQA8/<br />bqHVprZW7GAZEN/U+LCkzDRXmyr5j4heJAdN6Q==<br />-----END CERTIFICATE-----<br />subject=/C=CZ/O=Charles University in Prague/CN=is.mff.cuni.cz<br />issuer=/C=BE/O=Cybertrust/OU=Educational CA/CN=Cybertrust Educational CA<br />---<br />No client certificate CA names sent<br />---<br />SSL handshake has read 4253 bytes and written 316 bytes<br />---<br />New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA<br />Server public key is 1024 bit<br />Compression: NONE<br />Expansion: NONE<br />SSL-Session:<br /> Protocol : TLSv1<br /> Cipher : DHE-RSA-AES256-SHA<br /> Session-ID: 4B4E3C820E1D28032B1B490BE02538B145D13ADD31FD40AA9D34DAEFA20EC93E<br /> Session-ID-ctx: <br /> Master-Key: B0B5F38EED2B7CBBB4F47C3751CB76BF5412DDE565580A88F78ECF3C29F58492<br />FEABAF3E640E0C5014147D13B9D933C2<br /> Key-Arg : None<br /> Start Time: 1207841631<br /> Timeout : 300 (sec)<br /> Verify return code: 19 (self signed certificate in certificate chain)<br />---<br /><br /></pre></div><br /><br />14:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tcpdump >/tmp/dump 2>&1 &<br />[1] 9643<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> device eth0 entered promiscuous mode<br />audit(1207841888.039:2): dev=eth0 prom=256 old_prom=0 auid=4294967295<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> openssl s_client -connect is.mff.cuni.cz:443<br />...<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> fg<br />tcpdump >/tmp/dump 2>&1<br />device eth0 left promiscuous mode<br />audit(1207841932.189:3): dev=eth0 prom=0 old_prom=256 auid=4294967295<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> less /tmp/dump <br /></pre></div><br />aha, on tam neni videt ten obsah tech paketu, to by se musel podrobneji udelat,<br />tak nic :)<br /><br />10 (net7.pdf):<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cd /usr/lib/ssl/<br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> misc/CA.sh -newca<br />CA certificate filename (or enter to create)<br /><br />Making CA certificate ...<br />Generating a 1024 bit RSA private key<br />.................++++++<br />...++++++<br />writing new private key to './demoCA/private/./cakey.pem'<br />Enter PEM pass phrase:<br />Verifying - Enter PEM pass phrase:<br />-----<br />You are about to be asked to enter information that will be incorporated<br />into your certificate request.<br />What you are about to enter is what is called a Distinguished Name or a DN.<br />There are quite a few fields but you can leave some blank<br />For some fields there will be a default value,<br />If you enter '.', the field will be left blank.<br />-----<br />Country Name (2 letter code) [AU]:<br />State or Province Name (full name) [Some-State]:czech republic<br />Locality Name (eg, city) []:prague<br />Organization Name (eg, company) [Internet Widgits Pty Ltd]:s0cketky company<br />Organizational Unit Name (eg, section) []:<br />Common Name (eg, YOUR name) []:s0cketka<br />Email Address []:<br /><br />Please enter the following 'extra' attributes<br />to be sent with your certificate request<br />A challenge password []:<br />An optional company name []:<br />Using configuration from /usr/lib/ssl/openssl.cnf<br />Enter pass phrase for ./demoCA/private/./cakey.pem:<br />9682:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:849:You must<br /> type in 4 to 8191 characters<br />Enter pass phrase for ./demoCA/private/./cakey.pem:<br />Check that the request matches the signature<br />Signature ok<br />Certificate Details:<br /> Serial Number: 0 (0x0)<br /> Validity<br /> Not Before: Apr 10 15:53:11 2008 GMT<br /> Not After : Apr 10 15:53:11 2011 GMT<br /> Subject:<br /> countryName = cz<br /> stateOrProvinceName = czech republic<br /> organizationName = s0cketky company<br /> commonName = s0cketka<br /> X509v3 extensions:<br /> X509v3 Basic Constraints: <br /> CA:FALSE<br /> Netscape Comment: <br /> OpenSSL Generated Certificate<br /> X509v3 Subject Key Identifier: <br /> 9F:95:26:55:AE:43:FB:71:F3:3D:D2:CE:D8:A4:25:38:F7:E3:00:FA<br /> X509v3 Authority Key Identifier: <br /> keyid:9F:95:26:55:AE:43:FB:71:F3:3D:D2:CE:D8:A4:25:38:F7:E3:00:FA<br /><br />Certificate is to be certified until Apr 10 15:53:11 2011 GMT (1095 days)<br /><br />Write out database with 1 new entries<br />Data Base Updated<br /><br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> cp /root/cert.csr newreq.pem<br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> misc/CA.sh -sign<br />Using configuration from /usr/lib/ssl/openssl.cnf<br />Enter pass phrase for ./demoCA/private/cakey.pem:<br />Check that the request matches the signature<br />Signature ok<br />Certificate Details:<br /> Serial Number: 1 (0x1)<br /> Validity<br /> Not Before: Apr 10 15:57:56 2008 GMT<br /> Not After : Apr 10 15:57:56 2009 GMT<br /> Subject:<br /> countryName = cz<br /> stateOrProvinceName = Czech Republic<br /> localityName = Prague<br /> organizationName = s0cketky spolecnost<br /> commonName = www.vm15.seminar<br /> X509v3 extensions:<br /> X509v3 Basic Constraints: <br /> CA:FALSE<br /> Netscape Comment: <br /> OpenSSL Generated Certificate<br /> X509v3 Subject Key Identifier: <br /> 55:CF:C1:A5:00:5D:7A:06:1F:F5:20:05:BA:73:52:1D:C2:D2:F2:99<br /> X509v3 Authority Key Identifier: <br /> keyid:9F:95:26:55:AE:43:FB:71:F3:3D:D2:CE:D8:A4:25:38:F7:E3:00:FA<br /><br />Certificate is to be certified until Apr 10 15:57:56 2009 GMT (365 days)<br />Sign the certificate? [y/n]:y<br /><br /><br />1 out of 1 certificate requests certified, commit? [y/n]y<br />Write out database with 1 new entries<br />Data Base Updated<br />Certificate:<br /> Data:<br /> Version: 3 (0x2)<br /> Serial Number: 1 (0x1)<br /> Signature Algorithm: sha1WithRSAEncryption<br /> Issuer: C=cz, ST=czech republic, O=s0cketky company, CN=s0cketka<br /> Validity<br /> Not Before: Apr 10 15:57:56 2008 GMT<br /> Not After : Apr 10 15:57:56 2009 GMT<br /> Subject: C=cz, ST=Czech Republic, L=Prague, O=s0cketky spolecnost, CN=ww<br /> w.vm15.seminar<br /> Subject Public Key Info:<br /> Public Key Algorithm: rsaEncryption<br /> RSA Public Key: (1024 bit)<br /> Modulus (1024 bit):<br /> 00:a8:2a:14:14:6b:5a:1f:7c:3e:a4:0f:ff:5b:3f:<br /> 82:3f:7c:01:7d:ae:a5:93:71:1a:8e:73:d9:b6:c7:<br /> 76:25:09:04:50:3e:43:1c:9c:fc:00:19:4e:ab:76:<br /> 2f:5a:71:8a:23:60:c6:ab:c3:a3:b4:2d:3f:e7:76:<br /> c1:68:ec:3c:d6:33:1d:ca:bf:31:00:e7:54:ad:21:<br /> 57:be:3e:ec:d3:bc:cd:c8:36:e3:80:1f:c5:a6:b2:<br /> 3c:84:10:15:6b:fd:b2:e9:92:90:b0:1b:25:fc:90:<br /> 09:e0:81:7d:31:6f:95:f5:27:51:20:c1:21:9a:4f:<br /> cf:13:1d:d6:88:55:d8:76:a3<br /> Exponent: 65537 (0x10001)<br /> X509v3 extensions:<br /> X509v3 Basic Constraints: <br /> CA:FALSE<br /> Netscape Comment: <br /> OpenSSL Generated Certificate<br /> X509v3 Subject Key Identifier: <br /> 55:CF:C1:A5:00:5D:7A:06:1F:F5:20:05:BA:73:52:1D:C2:D2:F2:99<br /> X509v3 Authority Key Identifier: <br /> keyid:9F:95:26:55:AE:43:FB:71:F3:3D:D2:CE:D8:A4:25:38:F7:E3:00:FA<br /><br /> Signature Algorithm: sha1WithRSAEncryption<br /> a8:c5:85:53:37:86:6d:38:93:16:45:53:c7:d6:ab:e8:be:87:<br /> 95:34:cc:6f:e6:a7:73:30:af:50:3b:bd:0b:3b:b2:99:ef:80:<br /> 3b:f9:c5:bb:4b:1d:c1:12:83:f1:38:4f:67:b3:75:6e:ef:4b:<br /> 3a:d2:d6:73:ea:15:22:08:56:14:3d:ee:73:e4:19:d3:d5:ba:<br /> 5c:3e:9a:04:bb:0a:7e:c4:af:c3:71:ae:48:1d:a2:96:9f:5b:<br /> 51:07:7a:1e:9f:aa:4f:0b:9a:8e:21:f8:87:0e:57:93:30:af:<br /> b3:99:da:6e:21:b0:05:02:f4:dc:d0:24:e4:06:8e:cf:12:64:<br /> 8a:df<br />-----BEGIN CERTIFICATE-----<br />MIICtTCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJjejEX<br />MBUGA1UECBMOY3plY2ggcmVwdWJsaWMxGTAXBgNVBAoTEHMwY2tldGt5IGNvbXBh<br />bnkxETAPBgNVBAMTCHMwY2tldGthMB4XDTA4MDQxMDE1NTc1NloXDTA5MDQxMDE1<br />NTc1NlowcDELMAkGA1UEBhMCY3oxFzAVBgNVBAgTDkN6ZWNoIFJlcHVibGljMQ8w<br />DQYDVQQHEwZQcmFndWUxHDAaBgNVBAoTE3MwY2tldGt5IHNwb2xlY25vc3QxGTAX<br />BgNVBAMTEHd3dy52bTE1LnNlbWluYXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ<br />AoGBAKgqFBRrWh98PqQP/1s/gj98AX2upZNxGo5z2bbHdiUJBFA+Qxyc/AAZTqt2<br />L1pxiiNgxqvDo7QtP+d2wWjsPNYzHcq/MQDnVK0hV74+7NO8zcg244AfxaayPIQQ<br />FWv9sumSkLAbJfyQCeCBfTFvlfUnUSDBIZpPzxMd1ohV2HajAgMBAAGjezB5MAkG<br />A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp<br />ZmljYXRlMB0GA1UdDgQWBBRVz8GlAF16Bh/1IAW6c1IdwtLymTAfBgNVHSMEGDAW<br />gBSflSZVrkP7cfM90s7YpCU49+MA+jANBgkqhkiG9w0BAQUFAAOBgQCoxYVTN4Zt<br />OJMWRVPH1qvovoeVNMxv5qdzMK9QO70LO7KZ74A7+cW7Sx3BEoPxOE9ns3Vu70s6<br />0tZz6hUiCFYUPe5z5BnT1bpcPpoEuwp+xK/Dca5IHaKWn1tRB3oen6pPC5qOIfiH<br />DleTMK+zmdpuIbAFAvTc0CTkBo7PEmSK3w==<br />-----END CERTIFICATE-----<br />Signed certificate is in newcert.pem<br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> less newcert.pem <br />Certificate:<br /> Data:<br /> Version: 3 (0x2)<br /> Serial Number: 1 (0x1)<br /> Signature Algorithm: sha1WithRSAEncryption<br /> Issuer: C=cz, ST=czech republic, O=s0cketky company, CN=s0cketka<br /> Validity<br /> Not Before: Apr 10 15:57:56 2008 GMT<br /> Not After : Apr 10 15:57:56 2009 GMT<br /> Subject: C=cz, ST=Czech Republic, L=Prague, O=s0cketky spolecnost, CN=ww<br />w.vm15.seminar<br /> Subject Public Key Info:<br /> Public Key Algorithm: rsaEncryption<br /> RSA Public Key: (1024 bit)<br /> Modulus (1024 bit):<br /> 00:a8:2a:14:14:6b:5a:1f:7c:3e:a4:0f:ff:5b:3f:<br /> 82:3f:7c:01:7d:ae:a5:93:71:1a:8e:73:d9:b6:c7:<br /> 76:25:09:04:50:3e:43:1c:9c:fc:00:19:4e:ab:76:<br /> 2f:5a:71:8a:23:60:c6:ab:c3:a3:b4:2d:3f:e7:76:<br /> c1:68:ec:3c:d6:33:1d:ca:bf:31:00:e7:54:ad:21:<br /> 57:be:3e:ec:d3:bc:cd:c8:36:e3:80:1f:c5:a6:b2:<br /> 3c:84:10:15:6b:fd:b2:e9:92:90:b0:1b:25:fc:90:<br /> 09:e0:81:7d:31:6f:95:f5:27:51:20:c1:21:9a:4f:<br /> cf:13:1d:d6:88:55:d8:76:a3<br /> Exponent: 65537 (0x10001)<br /> X509v3 extensions:<br /> X509v3 Basic Constraints: <br /> CA:FALSE<br /> Netscape Comment: <br /> OpenSSL Generated Certificate<br /> X509v3 Subject Key Identifier: <br /> 55:CF:C1:A5:00:5D:7A:06:1F:F5:20:05:BA:73:52:1D:C2:D2:F2:99<br /> X509v3 Authority Key Identifier: <br /> keyid:9F:95:26:55:AE:43:FB:71:F3:3D:D2:CE:D8:A4:25:38:F7:E3:00:F<br />A<br /><br /> Signature Algorithm: sha1WithRSAEncryption<br /> a8:c5:85:53:37:86:6d:38:93:16:45:53:c7:d6:ab:e8:be:87:<br /> 95:34:cc:6f:e6:a7:73:30:af:50:3b:bd:0b:3b:b2:99:ef:80:<br /> 3b:f9:c5:bb:4b:1d:c1:12:83:f1:38:4f:67:b3:75:6e:ef:4b:<br /> 3a:d2:d6:73:ea:15:22:08:56:14:3d:ee:73:e4:19:d3:d5:ba:<br /> 5c:3e:9a:04:bb:0a:7e:c4:af:c3:71:ae:48:1d:a2:96:9f:5b:<br /> 51:07:7a:1e:9f:aa:4f:0b:9a:8e:21:f8:87:0e:57:93:30:af:<br /> b3:99:da:6e:21:b0:05:02:f4:dc:d0:24:e4:06:8e:cf:12:64:<br /> 8a:df<br />-----BEGIN CERTIFICATE-----<br />MIICtTCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJjejEX<br />MBUGA1UECBMOY3plY2ggcmVwdWJsaWMxGTAXBgNVBAoTEHMwY2tldGt5IGNvbXBh<br />bnkxETAPBgNVBAMTCHMwY2tldGthMB4XDTA4MDQxMDE1NTc1NloXDTA5MDQxMDE1<br />NTc1NlowcDELMAkGA1UEBhMCY3oxFzAVBgNVBAgTDkN6ZWNoIFJlcHVibGljMQ8w<br />DQYDVQQHEwZQcmFndWUxHDAaBgNVBAoTE3MwY2tldGt5IHNwb2xlY25vc3QxGTAX<br />BgNVBAMTEHd3dy52bTE1LnNlbWluYXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ<br />AoGBAKgqFBRrWh98PqQP/1s/gj98AX2upZNxGo5z2bbHdiUJBFA+Qxyc/AAZTqt2<br />L1pxiiNgxqvDo7QtP+d2wWjsPNYzHcq/MQDnVK0hV74+7NO8zcg244AfxaayPIQQ<br />FWv9sumSkLAbJfyQCeCBfTFvlfUnUSDBIZpPzxMd1ohV2HajAgMBAAGjezB5MAkG<br />A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp<br />ZmljYXRlMB0GA1UdDgQWBBRVz8GlAF16Bh/1IAW6c1IdwtLymTAfBgNVHSMEGDAW<br />gBSflSZVrkP7cfM90s7YpCU49+MA+jANBgkqhkiG9w0BAQUFAAOBgQCoxYVTN4Zt<br />OJMWRVPH1qvovoeVNMxv5qdzMK9QO70LO7KZ74A7+cW7Sx3BEoPxOE9ns3Vu70s6<br />0tZz6hUiCFYUPe5z5BnT1bpcPpoEuwp+xK/Dca5IHaKWn1tRB3oen6pPC5qOIfiH<br />DleTMK+zmdpuIbAFAvTc0CTkBo7PEmSK3w==<br />-----END CERTIFICATE-----<br /></pre></div><br /><br />ted strcime podepsany certifikat k apachovi<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> cat /root/cert.key newcert.pem > /etc/apache2/ssl/apache.pem <br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> /etc/init.d/apache2 restart<br />Forcing reload of web server (apache2)...apache2: apr_sockaddr_info_get() failed for vm15<br />apache2: Could not reliably determine the server's fully qualified domain name, <br />using 127.0.0.1 for ServerName<br />httpd (no pid file) not running<br />apache2: apr_sockaddr_info_get() failed for vm15<br />apache2: Could not reliably determine the server's fully qualified domain name, <br />using 127.0.0.1 for ServerName<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:/usr/lib/ssl#</span> openssl s_client -connect 10.0.0.115:443<br />CONNECTED(00000003)<br />---<br />Certificate chain<br /> 0 s:/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.seminar<br /> i:/C=cz/ST=czech republic/O=s0cketky company/CN=s0cketka<br />---<br />Server certificate<br />-----BEGIN CERTIFICATE-----<br />MIICtTCCAh6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJjejEX<br />MBUGA1UECBMOY3plY2ggcmVwdWJsaWMxGTAXBgNVBAoTEHMwY2tldGt5IGNvbXBh<br />bnkxETAPBgNVBAMTCHMwY2tldGthMB4XDTA4MDQxMDE1NTc1NloXDTA5MDQxMDE1<br />NTc1NlowcDELMAkGA1UEBhMCY3oxFzAVBgNVBAgTDkN6ZWNoIFJlcHVibGljMQ8w<br />DQYDVQQHEwZQcmFndWUxHDAaBgNVBAoTE3MwY2tldGt5IHNwb2xlY25vc3QxGTAX<br />BgNVBAMTEHd3dy52bTE1LnNlbWluYXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ<br />AoGBAKgqFBRrWh98PqQP/1s/gj98AX2upZNxGo5z2bbHdiUJBFA+Qxyc/AAZTqt2<br />L1pxiiNgxqvDo7QtP+d2wWjsPNYzHcq/MQDnVK0hV74+7NO8zcg244AfxaayPIQQ<br />FWv9sumSkLAbJfyQCeCBfTFvlfUnUSDBIZpPzxMd1ohV2HajAgMBAAGjezB5MAkG<br />A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp<br />ZmljYXRlMB0GA1UdDgQWBBRVz8GlAF16Bh/1IAW6c1IdwtLymTAfBgNVHSMEGDAW<br />gBSflSZVrkP7cfM90s7YpCU49+MA+jANBgkqhkiG9w0BAQUFAAOBgQCoxYVTN4Zt<br />OJMWRVPH1qvovoeVNMxv5qdzMK9QO70LO7KZ74A7+cW7Sx3BEoPxOE9ns3Vu70s6<br />0tZz6hUiCFYUPe5z5BnT1bpcPpoEuwp+xK/Dca5IHaKWn1tRB3oen6pPC5qOIfiH<br />DleTMK+zmdpuIbAFAvTc0CTkBo7PEmSK3w==<br />-----END CERTIFICATE-----<br />subject=/C=cz/ST=Czech Republic/L=Prague/O=s0cketky spolecnost/CN=www.vm15.semin<br />ar<br />issuer=/C=cz/ST=czech republic/O=s0cketky company/CN=s0cketka<br />---<br />No client certificate CA names sent<br />---<br />SSL handshake has read 1261 bytes and written 316 bytes<br />---<br />New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA<br />Server public key is 1024 bit<br />Compression: NONE<br />Expansion: NONE<br />SSL-Session:<br /> Protocol : TLSv1<br /> Cipher : DHE-RSA-AES256-SHA<br /> Session-ID: 1834BFC9ABD548D163449C31FD640E63BA12AD452DF5C400C16E51FC599C0371<br /> Session-ID-ctx: <br /> Master-Key: 2A328C42BD7D5F99A780547D32F5390C979FFD044EA86072A5637D550AA07B8B<br />35DD14B3F6B7FB715B26CBB11473B17F<br /> Key-Arg : None<br /> Start Time: 1207843694<br /> Timeout : 300 (sec)<br /> Verify return code: 21 (unable to verify the first certificate)<br />---<br /></pre></div><br /><br />jenze my nejsme duveryhodna certifikacni autorita, takze nam to stejne moc<br />nepomuze :)<br /><br />14,15 (net7.pdf):<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> setkey -DP<br />No SPD entries.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 10.0.0.100<br />... ok<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/ipsec-tools.conf <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/ipsec-tools.conf <br />#!/usr/sbin/setkey -f<br /><br />## Flush the SAD and SPD<br />#<br />flush;<br />spdflush;<br /><br />add 10.0.0.100 10.0.0.115 esp 0x115 -E 3des-cbc "100000000000000000000001" -A h<br />mac-md5 "1000000000000001";<br />add 10.0.0.115 10.0.0.100 esp 0x215 -E 3des-cbc "100000000000000000000001" -A h<br />mac-md5 "1000000000000001";<br />spdadd 10.0.0.100 10.0.0.115 any -P in ipsec esp/transport//require;<br />spdadd 10.0.0.115 10.0.0.100 any -P out ipsec esp/transport//require;<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/ipsec-tools.conf <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> setkey -DP<br />10.0.0.100[any] 10.0.0.115[any] any<br /> in ipsec<br /> esp/transport//require<br /> created: Apr 10 18:29:25 2008 lastused: <br /> lifetime: 0(s) validtime: 0(s)<br /> spid=8 seq=2 pid=9897<br /> refcnt=1<br />10.0.0.115[any] 10.0.0.100[any] any<br /> out ipsec<br /> esp/transport//require<br /> created: Apr 10 18:29:25 2008 lastused: Apr 10 18:29:58 2008<br /> lifetime: 0(s) validtime: 0(s)<br /> spid=17 seq=1 pid=9897<br /> refcnt=2<br />10.0.0.100[any] 10.0.0.115[any] any<br /> fwd ipsec<br /> esp/transport//require<br /> created: Apr 10 18:29:25 2008 lastused: <br /> lifetime: 0(s) validtime: 0(s)<br /> spid=10 seq=0 pid=9897<br /> refcnt=1<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ping 10.0.0.100<br />PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.<br />64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=1.36 ms<br />64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.696 ms<br /><br />--- 10.0.0.100 ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 999ms<br />rtt min/avg/max/mdev = 0.696/1.030/1.364/0.334 ms<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> setkey -DP<br />10.0.0.100[any] 10.0.0.115[any] any<br /> in ipsec<br /> esp/transport//require<br /> created: Apr 10 18:29:25 2008 lastused: Apr 10 18:31:04 2008<br /> lifetime: 0(s) validtime: 0(s)<br /> spid=8 seq=2 pid=9899<br /> refcnt=3<br />10.0.0.115[any] 10.0.0.100[any] any<br /> out ipsec<br /> esp/transport//require<br /> created: Apr 10 18:29:25 2008 lastused: Apr 10 18:31:03 2008<br /> lifetime: 0(s) validtime: 0(s)<br /> spid=17 seq=1 pid=9899<br /> refcnt=3<br />10.0.0.100[any] 10.0.0.115[any] any<br /> fwd ipsec<br /> esp/transport//require<br /> created: Apr 10 18:29:25 2008 lastused: <br /> lifetime: 0(s) validtime: 0(s)<br /> spid=10 seq=0 pid=9899<br /> refcnt=1<br /></pre></div><br /><br />po tom pingu vidime last used, ze se zmenilo a na projektoru nam bezi tcpdump<br />z toho serveru :) je tam videt napr. to ESP, ze se tam pouziva...<br /><br /><h3>Thu Apr 17 17:23:13 CEST 2008</h3><br /><br />slidy: net8.pdf<br /><br />8:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span>lftp ftp://10.0.0.100<br />lftp 10.0.0.100:~> ls<br />drwxr-xr-x 2 0 0 4096 Apr 17 15:11 pub<br />lftp 10.0.0.100:/> cd pub<br />lftp 10.0.0.100:/pub> ls<br />-rw-r--r-- 1 0 0 1429 Apr 17 15:03 jama.txt<br />lftp 10.0.0.100:/pub> get jama.txt <br />1429 bytes transferred<br />lftp 10.0.0.100:/pub> quit<br /></pre></div><br /><br />na prvni konzoli:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">u2-6:~$</span> nc ftp.linux.cz 21<br />220 ProFTPD 1.3.0a Server (Faculty of Informatics) [::ffff:147.251.48.205]<br />USER anonymous<br />331 Anonymous login ok, send your complete email address as your password.<br />PASS email@server.cz<br />230-Hello, UNKNOWN at u2-6.ms.mff.cuni.cz!<br /> <br /> Vitejte na FTP serveru Welcome to the FTP server of<br /> Fakulty informatiky Faculty of Informatics<br /> Masarykovy univerzity v Brne Masaryk University, Brno<br /> <br /> This FTP site is in Brno, Czech Republic, Europe. The local time is<br /> Thu Apr 17 17:51:19 2008. You are user number 130 out of maximium 800<br /> in class default. There are 130 users in all classes (the maximum is 800). All<br /> transfers to and from archive are logged. If you do not like this policy,<br /> disconnect now!<br /> <br /> We serve as the ftp.fi.muni.cz, ftp.linux.cz, and ftp.cstug.cz archive,<br /> and we have lot of Linux-, UNIX-, and TeX-related stuff here. Look<br /> at the /pub/ROADMAP (or /pub/ROADMAP.html) for details. The file<br /> /pub/README.uploads states the rules for uploading data to this server.<br /> The server is avaliable via rsync and HTTP protocols. Use the following URLs:<br /> rsync://ftp.fi.muni.cz/pub and http://ftp.fi.muni.cz/pub/.<br /> The server is available via FTP over IPv6 at ftp://ftp6.linux.cz/ as well.<br /> Look at http://www.linux.cz/stats/ for the hardware configuration and<br /> statistics of this server.<br /> <br /> -System Administrator <ftp-admin@informatics.muni.cz><br />230 Anonymous access granted, restrictions apply.<br />PASV<br />227 Entering Passive Mode (147,251,48,205,167,93).<br /></pre></div><br /><br />na druhe konzoli napiseme:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">u2-6:~$</span> nc 147.251.48.205 42845<br /></pre></div><br /><br />na prvni doplnime:<br /><div class="kod"><pre><br />LIST<br /></pre></div><br /><br />a vidime:<br /><div class="kod"><pre><br />150 Opening ASCII mode data connection for file list<br />226 Transfer complete.<br /></pre></div><br /><br />a na druhe se objevi<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">u2-6:~$</span> nc 147.251.48.205 42845<br />drwxr-xr-x 3 ftpadm ftpadm 56 Feb 12 2007 etc<br />drwxr-xr-x 4 ftpadm ftpadm 4096 May 30 2007 http<br />drwxr-xr-x 2 ftpadm ftpadm 0 Apr 17 15:52 mount<br />drwxr-xr-x 23 ftpadm ftpadm 8192 Apr 17 05:59 pub<br /></pre></div><br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> lftp --debug ftp.linux.cz<br />lftp ftp.linux.cz:~> ls<br />---- Connecting to ftp.linux.cz (147.251.48.205) port 21<br /><--- 220 ProFTPD 1.3.0a Server (Faculty of Informatics) [::ffff:147.251.48.205]<br />---> FEAT<br /><--- 211-Features:<br /><--- MDTM<br /><--- REST STREAM<br /><--- SIZE<br /><--- 211 End<br />---> USER anonymous<br /><--- 331 Anonymous login ok, send your complete email address as your password.<br />---> PASS lftp@<br /><--- 230-Hello, UNKNOWN at bug.ms.mff.cuni.cz!<br /><--- <br /><--- Vitejte na FTP serveru Welcome to the FTP server of<br /><--- Fakulty informatiky Faculty of Informatics<br /><--- Masarykovy univerzity v Brne Masaryk University, Brno<br /><--- <br /><--- This FTP site is in Brno, Czech Republic, Europe. The local time is<br /><--- Thu Apr 17 18:03:19 2008. You are user number 124 out of maximium 800<br /><--- in class default. There are 124 users in all classes (the maximum is 800). All<br /><--- transfers to and from archive are logged. If you do not like this policy,<br /><--- disconnect now!<br /><--- <br /><--- We serve as the ftp.fi.muni.cz, ftp.linux.cz, and ftp.cstug.cz archive,<br /><--- and we have lot of Linux-, UNIX-, and TeX-related stuff here. Look<br /><--- at the /pub/ROADMAP (or /pub/ROADMAP.html) for details. The file<br /><--- /pub/README.uploads states the rules for uploading data to this server.<br /><--- The server is avaliable via rsync and HTTP protocols. Use the following URLs:<br /><--- rsync://ftp.fi.muni.cz/pub and http://ftp.fi.muni.cz/pub/.<br /><--- The server is available via FTP over IPv6 at ftp://ftp6.linux.cz/ as well.<br /><--- Look at http://www.linux.cz/stats/ for the hardware configuration and<br /><--- statistics of this server.<br /><--- <br /><--- -System Administrator <ftp-admin@informatics.muni.cz><br /><--- 230 Anonymous access granted, restrictions apply.<br />---> PWD<br /><--- 257 "/" is current directory.<br />---> PASV<br /><--- 227 Entering Passive Mode (147,251,48,205,163,118).<br />---- Connecting data socket to (147.251.48.205) port 41846<br />---- Data connection established<br />---> LIST<br /><--- 150 Opening ASCII mode data connection for file list<br />---- Got EOF on data connection<br />---- Closing data socket<br /><--- 226 Transfer complete.<br />drwxr-xr-x 3 ftpadm ftpadm 56 Feb 12 2007 etc<br />drwxr-xr-x 4 ftpadm ftpadm 4096 May 30 2007 http<br />drwxr-xr-x 3 ftpadm ftpadm 0 Apr 17 16:03 mount<br />drwxr-xr-x 23 ftpadm ftpadm 8192 Apr 17 05:59 pub<br />lftp ftp.linux.cz:/> quit<br />---> QUIT<br />---- Closing control socket<br /></pre></div><br /><br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> lftp --debug 10.0.0.100<br />lftp 10.0.0.100:~> set ftp:ssl-allow-anonymous yes<br />lftp 10.0.0.100:~> ls<br />---- Connecting to 10.0.0.100 (10.0.0.100) port 21<br /><--- 220 (vsFTPd 2.0.5)<br />---> FEAT<br /><--- 211-Features:<br /><--- AUTH SSL<br /><--- AUTH TLS <br /><--- EPRT<br /><--- EPSV<br /><--- MDTM<br /><--- PASV<br /><--- PBSZ<br /><--- PROT<br /><--- REST STREAM<br /><--- SIZE<br /><--- TVFS<br /><--- 211 End<br />---> AUTH TLS<br /><--- 234 Proceed with negotiation.<br />---> USER anonymous<br />Certificate: C=--,ST=SomeState,L=SomeCity,O=SomeOrganization,OU=SomeOrganizatio<br />nalUnit,CN=localhost.localdomain,EMAIL=root@localhost.localdomain<br /> Issued by: C=--,ST=SomeState,L=SomeCity,O=SomeOrganization,OU=SomeOrganization<br /> alUnit,CN=localhost.localdomain,EMAIL=root@localhost.localdomain<br />WARNING: Certificate verification: Not trusted<br />WARNING: Certificate verification: The certificate's owner does not match hostn<br />ame '10.0.0.100'<br /><br /><--- 331 Please specify the password.<br />---> PASS lftp@<br /><--- 230 Login successful.<br />---> PWD<br /><--- 257 "/"<br />---> PBSZ 0<br /><--- 200 PBSZ set to 0.<br />---> PROT P<br /><--- 200 PROT now Private.<br />---> PASV<br /><--- 227 Entering Passive Mode (10,0,0,100,31,108)<br />---- Connecting data socket to (10.0.0.100) port 8044<br />---- Data connection established<br />---> LIST<br /><--- 150 Here comes the directory listing.<br />Certificate: C=--,ST=SomeState,L=SomeCity,O=SomeOrganization,OU=SomeOrganizatio<br />nalUnit,CN=localhost.localdomain,EMAIL=root@localhost.localdomain<br /> Issued by: C=--,ST=SomeState,L=SomeCity,O=SomeOrganization,OU=SomeOrganization<br /> alUnit,CN=localhost.localdomain,EMAIL=root@localhost.localdomain<br />WARNING: Certificate verification: Not trusted<br />WARNING: Certificate verification: The certificate's owner does not match hostn<br />ame '10.0.0.100'<br /><br />gnutls_record_recv: A TLS packet with unexpected length was received.; assuming<br />EOF<br />---- Got EOF on data connection<br />---- Closing data socket<br />drwxr-xr-x 2 0 0 4096 Apr 17 15:11 pub<br /><--- 226 Directory send OK.<br />lftp 10.0.0.100:/> quit<br />---> QUIT<br />---- Closing control socket<br /></pre></div><br /><br />11:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tftp 10.0.0.100<br />tftp> trace<br />Packet tracing on.<br />tftp> get recept<br />sent RRQ <file=recept, mode=netascii><br />received DATA <block=1, 512 bytes><br />sent ACK <block=1><br />received DATA <block=2, 512 bytes><br />sent ACK <block=2><br />received DATA <block=3, 467 bytes><br />Received 1491 bytes in 0.0 seconds<br />tftp> <span style="color: rgb(204, 0, 0);">vm15:~# </span><br /></pre></div><br /><br />14:<br /><br />vygenerujeme si klic a nakopirujem si ho do homu. pak kdyz se tam hlasime<br />a mame ve svym homu na lokalni masince ten odpovidajici klic, tak nas tam<br />pusti bez hesla :)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> useradd s0c --password heslo --home-dir /home/s0c<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dpkg -l |grep ssh<br />ii openssh-client 4.3p2-9 Secure shell client, an rlogin/rsh/rcp repla<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> apt-get install openssh-server<br />Reading package lists... Done<br />Building dependency tree... Done<br />Suggested packages:<br /> ssh-askpass xbase-clients rssh molly-guard<br />The following NEW packages will be installed:<br /> openssh-server<br />0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />Need to get 222kB of archives.<br />After unpacking 569kB of additional disk space will be used.<br />Get:1 http://ftp.sh.cvut.cz etch/main openssh-server 1:4.3p2-9 [222kB]<br />Fetched 222kB in 0s (701kB/s) <br />Preconfiguring packages ...<br />Selecting previously deselected package openssh-server.<br />(Reading database ... 14457 files and directories currently installed.)<br />Unpacking openssh-server (from .../openssh-server_1%3a4.3p2-9_i386.deb) ...<br />Setting up openssh-server (4.3p2-9) ...<br />Creating SSH2 RSA key; this may take some time ...<br />Creating SSH2 DSA key; this may take some time ...<br />Restarting OpenBSD Secure Shell server: sshd.<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ssh s0c@localhost<br />The authenticity of host 'localhost (127.0.0.1)' can't be established.<br />RSA key fingerprint is b3:47:b8:0b:61:7e:3c:f9:99:3c:47:0e:36:48:2e:d7.<br />Are you sure you want to continue connecting (yes/no)? yes<br />Warning: Permanently added 'localhost' (RSA) to the list of known hosts.<br />s0c@localhost's password: <br />Linux vm15 2.6.18-4-xen-vserver-686 #1 SMP Thu May 10 04:02:17 UTC 2007 i686<br /><br />The programs included with the Debian GNU/Linux system are free software;<br />the exact distribution terms for each program are described in the<br />individual files in /usr/share/doc/*/copyright.<br /><br />Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent<br />permitted by applicable law.<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~$</span> ssh-keygen <br />Generating public/private rsa key pair.<br />Enter file in which to save the key (/home/s0c/.ssh/id_rsa): <br />Created directory '/home/s0c/.ssh'.<br />Enter passphrase (empty for no passphrase): <br />Enter same passphrase again: <br />Your identification has been saved in /home/s0c/.ssh/id_rsa.<br />Your public key has been saved in /home/s0c/.ssh/id_rsa.pub.<br />The key fingerprint is:<br />85:1e:4f:3f:6d:cd:9c:90:ae:85:fc:59:b5:4a:91:eb s0c@vm15<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~$</span> cd .ssh/<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~/.ssh$</span> ls<br />id_rsa id_rsa.pub<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~/.ssh$</span> cat ./id_rsa.pub >> authorized_keys<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~$</span> logout<br />Connection to localhost closed.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> su s0c<br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> ssh s0c@localhost<br />The authenticity of host 'localhost (127.0.0.1)' can't be established.<br />RSA key fingerprint is b3:47:b8:0b:61:7e:3c:f9:99:3c:47:0e:36:48:2e:d7.<br />Are you sure you want to continue connecting (yes/no)? yes<br />Warning: Permanently added 'localhost' (RSA) to the list of known hosts.<br />Linux vm15 2.6.18-4-xen-vserver-686 #1 SMP Thu May 10 04:02:17 UTC 2007 i686<br /><br />The programs included with the Debian GNU/Linux system are free software;<br />the exact distribution terms for each program are described in the<br />individual files in /usr/share/doc/*/copyright.<br /><br />Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent<br />permitted by applicable law.<br />Last login: Thu Apr 17 18:36:13 2008 from localhost<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~$</span> logout<br />Connection to localhost closed.<br /></pre></div><br /><br />uzivateli povolime pouze jediny prikaz, co muze provest a co se provede vzdy,<br />kdyz se prihlasi<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /home/s0c/.ssh/authorized_keys <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /home/s0c/.ssh/authorized_keys <br />command="echo 'hello' >> /tmp/hello" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzXT18FyeAaQE9gXVwE6acv2wMgTF2N2gNAKNuT9BJ94O5DVh57wQTdCkH<br />eUG4GonQsJqUhiKbWBBFU4+znto5yXiBFsF1JYh8iEGErgClkTLycE8TLEPI4tbsjlD/n3CYHjPlbmOBRxit+W<br />ytUtxzDA3/V6iauxRi8ohIF7zisoJaSHvPNNhj853BtjeiZH/4Af7wGoOUrhDKVd5XI2WPcoCF7SyvbOUX8LCR<br />Kn5+GoPhJ3pXfs7G3iBoQBYCU4a25fU8rlkjRSirwA50Vuvb73IT4F+bYeSwPJ9s6+9zryQsT+e3a6AElFoPtk<br />m+vtvq66iXKRBDLD6xWf0YyyU+w== s0c@vm15<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> su s0c<br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> ssh s0c@localhost<br />Connection to localhost closed.<br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> cat /tmp/hello <br />hello<br /></pre></div><br /><br /><h3>Thu Apr 24 17:25:08 CEST 2008</h3><br /><br />net8.pdf, slide 15:<br /><br />na virtualnim stroji:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> ssh -R 2222:localhost:22 tomim4am@u-pl22.ms.mff.cuni.cz<br />tomim4am@u-pl22.ms.mff.cuni.cz's password: <br />Last login: Thu Apr 24 17:42:07 2008 from bug.ms.mff.cuni.cz<br />NEWS: snadne_upozorneni_na_news bash_completion lprcs_xppcs symlinky_home <br />NEWS: quota_freee.sh diskove_kvoty vypalovani vymenna_media ulimit <br />NEWS: kvoty_na_odchozi_data <br /><span style="color: rgb(204, 0, 0);">u-pl22:~$ </span><br /></pre></div><br /><br />pak se terba lokalne prihlasim na u-pl22:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">u2-7:~$</span> ssh tomim4am@u-pl22.ms.mff.cuni.cz<br />The authenticity of host 'u-pl22.ms.mff.cuni.cz (195.113.21.152)' can't be esta<br />blished.<br />RSA1 key fingerprint is 58:07:72:15:c4:84:e0:d5:7a:b4:70:6b:9b:1a:f2:c3.<br />Are you sure you want to continue connecting (yes/no)? yes<br />Warning: Permanently added 'u-pl22.ms.mff.cuni.cz,195.113.21.152' (RSA1) to the<br />list of known hosts.<br />tomim4am@u-pl22.ms.mff.cuni.cz's password: <br />Last login: Thu Apr 24 17:38:53 2008 from bug.ms.mff.cuni.cz<br />NEWS: snadne_upozorneni_na_news bash_completion lprcs_xppcs symlinky_home <br />NEWS: quota_freee.sh diskove_kvoty vypalovani vymenna_media ulimit <br />NEWS: kvoty_na_odchozi_data <br /><span style="color: rgb(204, 0, 0);">u-pl22:~$</span> ssh -p 2222 s0c@localhost<br />s0c@localhost's password: <br />Linux vm15 2.6.18-4-xen-vserver-686 #1 SMP Thu May 10 04:02:17 UTC 2007 i686<br /><br />The programs included with the Debian GNU/Linux system are free software;<br />the exact distribution terms for each program are described in the<br />individual files in /usr/share/doc/*/copyright.<br /><br />Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent<br />permitted by applicable law.<br />Last login: Thu Apr 17 18:52:09 2008 from localhost<br /><span style="color: rgb(204, 0, 0);">s0c@vm15:~$</span> ls<br />/home/s0c<br /></pre></div><br /><br />slide 16:<br /><br />vyzkousime kopirovani pomoci scp:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> scp tomim4am@u-pl22.ms.mff.cuni.cz:/afs/ms/u/t/tomim4am/test_file /tmp/<br />tomim4am@u-pl22.ms.mff.cuni.cz's password: <br />test_file 100% 0 0.0KB/s 00:00 <br /><span style="color: rgb(204, 0, 0);">vm15:/root</span>$ ls -l /tmp/test_file <br />-rw-r--r-- 1 s0c s0c 0 Apr 24 17:55 /tmp/test_file<br /></pre></div><br /><br /><h2>Posta</h2><br /><br />net9.pdf, slide 7:<br /><br />posleme si zpravu rucne :) (na dole uvedeny mail mi nepiste, je spatne, kvuli<br />spamu .)<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> nc smtp2.ms.mff.cuni.cz 25<br />220 smtp2.ms.mff.cuni.cz ESMTP Sendmail 8.14.2/8.14.2; Thu, 24 Apr 2008 18:15:<br />50 +0200 (CEST)<br />HELO s0cketka<br />250 smtp2.ms.mff.cuni.cz Hello bug.ms.mff.cuni.cz [195.113.18.123], pleased to<br />meet you<br />MAIL FROM: <s0cketka@seznam.cz><br />250 2.1.0 <s0cketka@seznam.cz>... Sender ok<br />RCPT TO: <s0cketka@seznam.cz><br />250 2.1.5 <s0cketka@seznam.cz>... Recipient ok<br />DATA<br />354 Enter mail, end with "." on a line by itself<br />helo :)<br />.<br />250 2.0.0 m3OGFo8S064098 Message accepted for delivery<br />QUIT<br />221 2.0.0 smtp2.ms.mff.cuni.cz closing connection<br /></pre></div><br /><br />falesne udaje:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> nc smtp2.ms.mff.cuni.cz 25<br />220 smtp2.ms.mff.cuni.cz ESMTP Sendmail 8.14.2/8.14.2; Thu, 24 Apr 2008 18:15:<br />15 +0200 (CEST)<br />HELO s0cketka<br />250 smtp2.ms.mff.cuni.cz Hello bug.ms.mff.cuni.cz [195.113.18.123], pleased to<br />meet you<br />MAIL FROM: <s0cketky@mail.cz><br />550 5.7.1 <s0cketky@mail.cz>... MX 10 'pecka.reflektor.cz.' [81.0.208.98] for<br /><s0cketky@mail.cz> rejected address saying "<s0cketky@mail.cz>: Recipient address<br />rejected: User unknown in virtual mailbox table"<br /></pre></div><br /><br /><br />podivejme se na zaznamy seznamu, kam se pripojit, kdyz bychom chteli poslat<br />postu:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> dig seznam.cz MX<br /><br />; <<>> DiG 9.3.4 <<>> seznam.cz MX<br />;; global options: printcmd<br />;; Got answer:<br />;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16359<br />;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2<br /><br />;; QUESTION SECTION:<br />;seznam.cz. IN MX<br /><br />;; ANSWER SECTION:<br />seznam.cz. 298 IN MX 60 mx60.seznam.cz.<br />seznam.cz. 298 IN MX 50 mx50.seznam.cz.<br /><br />;; AUTHORITY SECTION:<br />seznam.cz. 17998 IN NS ms.seznam.cz.<br />seznam.cz. 17998 IN NS ns.seznam.cz.<br /><br />;; ADDITIONAL SECTION:<br />mx50.seznam.cz. 298 IN A 77.75.73.47<br />mx60.seznam.cz. 298 IN A 77.75.73.48<br /><br />;; Query time: 2 msec<br />;; SERVER: 10.0.0.100#53(10.0.0.100)<br />;; WHEN: Thu Apr 24 18:32:37 2008<br />;; MSG SIZE rcvd: 135<br /></pre></div><br /><br />nakonfigurujeme si mailovy server :)<br /><br />zkontroluju, jestli mam nastavene dns:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> dig vm15.seminar MX<br /><br />; <<>> DiG 9.3.4 <<>> vm15.seminar MX<br />;; global options: printcmd<br />;; Got answer:<br />;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63482<br />;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3<br /><br />;; QUESTION SECTION:<br />;vm15.seminar. IN MX<br /><br />;; ANSWER SECTION:<br />vm15.seminar. 259200 IN MX 20 mail.vm15.seminar.<br /><br />;; AUTHORITY SECTION:<br />vm15.seminar. 259200 IN NS ns.vm15.seminar.<br /><br />;; ADDITIONAL SECTION:<br />mail.vm15.seminar. 259200 IN A 10.0.0.115<br />ns.vm15.seminar. 259200 IN A 10.0.0.115<br />ns.vm15.seminar. 259200 IN AAAA 2001:5c0:94c1:1::15<br /><br />;; Query time: 7 msec<br />;; SERVER: 10.0.0.100#53(10.0.0.100)<br />;; WHEN: Thu Apr 24 18:36:47 2008<br />;; MSG SIZE rcvd: 128<br /></pre></div><br /><br />konfigurace:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:#</span> vim /etc/postfix/main.cf<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/postfix/main.cf<br />myhostname = mail.vm15.seminar<br />mydomain = vm15.seminar<br />myorigin = vm15.seminar<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/postfix start<br />Starting Postfix Mail Transport Agent: postfix.<br /><span style="color: rgb(204, 0, 0);">vm15:~# mail -s test</span> root@vm15.seminar<br />Cc: <br />helo<br />.<br /><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mail<br />No mail for root<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> ls /var/spool/mail/<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mailq<br />Mail queue is empty<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> sendmail -q<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nslookup mail.vm15.seminar<br />Server: 10.0.0.100<br />Address: 10.0.0.100#53<br /><br />Non-authoritative answer:<br />Name: mail.vm15.seminar<br />Address: 10.0.0.115<br /></pre></div><br /><br />Proc to neprislo?<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tail -f /var/log/mail.log<br />Apr 24 18:47:50 vm15 postfix/pickup[8174]: 5B590168C0: uid=0 from=<root><br />Apr 24 18:47:50 vm15 postfix/cleanup[8179]: 5B590168C0: message-id=<20080424164<br />750.5B590168C0@mail.vm15.seminar><br />Apr 24 18:47:50 vm15 postfix/qmgr[8175]: 5B590168C0: from=<root@vm15.seminar>, <br />size=334, nrcpt=1 (queue active)<br />Apr 24 18:47:50 vm15 postfix/smtp[8181]: 5B590168C0: to=<root@vm15.seminar>, re<br />lay=none, delay=0.14, delays=0.1/0.04/0.01/0, dsn=5.4.6, status=bounced (mail f<br />or vm15.seminar loops back to myself)<br />Apr 24 18:47:50 vm15 postfix/cleanup[8179]: 7F932168C3: message-id=<20080424164<br />750.7F932168C3@mail.vm15.seminar><br />Apr 24 18:47:50 vm15 postfix/qmgr[8175]: 7F932168C3: from=<>, size=2062, nrcpt=<br />1 (queue active)<br />Apr 24 18:47:50 vm15 postfix/bounce[8182]: 5B590168C0: sender non-delivery noti<br />fication: 7F932168C3<br />Apr 24 18:47:50 vm15 postfix/qmgr[8175]: 5B590168C0: removed<br />Apr 24 18:47:50 vm15 postfix/smtp[8181]: 7F932168C3: to=<root@vm15.seminar>, re<br />lay=none, delay=0.03, delays=0.02/0/0/0, dsn=5.4.6, status=bounced (mail for vm<br />15.seminar loops back to myself)<br />Apr 24 18:47:50 vm15 postfix/qmgr[8175]: 7F932168C3: removed<br /></pre></div><br /><br />On zjistil, ze to ma poslat vlastne sobe. Jenze je malo nastaveny a tak to neumi<br />poslat. Tak to zahodil, zkusil poslat hlasku o zahozeni, ale tu taky neumi poslat,<br />takze to proste zahodil :) Teoreticky by to ted melo jit ale poslat ven nekam,<br />treba na seznam atd.<br /><br /><h3>Thu May 15 17:27:35 CEST 2008</h3><br /><br />slidy 9, slide 15:<br /><br />donastavime si prijem posty:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/postfix/main.cf <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/postfix/main.cf <br />myhostname = mail.vm15.seminar<br />mydomain = vm15.seminar<br />myorigin = vm15.seminar<br />mydestination = vm15.seminar<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mail root@vm15.seminar<br />Cc: <br />Subject: pokus1<br />test1<br />.<br /></pre></div><br /><br />ale nic mi neprislo :(<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> tail /var/log/mail.err<br />May 15 17:30:13 vm15 postfix/local[2655]: fatal: open database /etc/aliases.db:<br />No such file or directory<br /></pre></div><br /><br />aaahaa<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> newaliases <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mail root@vm15.seminar<br />Cc: <br />Subject: opkus 2<br />test2<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mail<br />"/var/mail/root": 2 messages 2 new<br />>N 1 root Thu May 15 17:32 13/425 pokus1<br /> N 2 root Thu May 15 17:32 13/426 opkus 2<br />& q<br />Held 2 messages in /var/mail/root<br /></pre></div><br /><br />zkusime poslat beznemu uzivateli:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> mail s0c@vm15.seminar<br />Cc: <br />Subject: pokus 3<br />test 3<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> su s0c<br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> mail<br />"/var/mail/s0c": 1 message 1 unread<br />>U 1 root Thu May 15 17:36 16/469 pokus 3<br />& q<br />Held 1 message in /var/mail/s0c<br /><span style="color: rgb(204, 0, 0);">vm15:/root$</span> exit<br /></pre></div><br /><br />je tam :) a ted jak se dostane uzivatel nejakym beznym zpusobem ke sve poste?<br /><br />16:<br />nastavime pop3 server:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> vim /etc/dovecot/dovecot.conf <br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> cat /etc/dovecot/dovecot.conf |grep -v '#' |less<br />protocols = pop3 imap<br />log_timestamp = "%Y-%m-%d %H:%M:%S "<br />mail_extra_groups = mail<br />protocol imap {<br />}<br />protocol pop3 {<br /> pop3_uidl_format = %08Xu%08Xv<br />}<br />auth default {<br /> mechanisms = plain<br /> passdb pam {<br /> }<br /> userdb passwd {<br /> }<br /> user = root<br />}<br />dict {<br />}<br />plugin {<br />}<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> /etc/init.d/dovecot restart<br />Restarting mail server: dovecotWarning: Fixing permissions of /var/run/dovecot to be<br />world-readable<br />Warning: Corrected permissions for login directory /var/run/dovecot/login<br />.<br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> nc localhost 110<br />+OK Dovecot ready.<br />USER s0c<br />+OK<br />PASS heslo<br />+OK Logged in.<br />LIST<br />+OK 1 messages:<br />1 438<br />.<br />RETR 1<br />+OK 438 octets<br />Return-Path: <root@vm15.seminar><br />X-Original-To: s0c@vm15.seminar<br />Delivered-To: s0c@vm15.seminar<br />Received: by mail.vm15.seminar (Postfix, from userid 0)<br /> id B60BA168C7; Thu, 15 May 2008 17:36:36 +0200 (CEST)<br />To: <s0c@vm15.seminar><br />Subject: pokus 3<br />X-Mailer: mail (GNU Mailutils 1.1)<br />Message-Id: <20080515153636.B60BA168C7@mail.vm15.seminar><br />Date: Thu, 15 May 2008 17:36:36 +0200 (CEST)<br />From: root@vm15.seminar (root)<br /><br />test 3 <br />.<br />QUIT<br />+OK Logging out.<br /><span style="color: rgb(204, 0, 0);">vm15:~# </span><br /></pre></div><br /><br />Odvazlivci si zkusili i imap, ja to nestihla.<br /><br />17:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> dig seznam.cz ANY |grep TXT<br />seznam.cz. 284 IN TXT "wwrr\00977.75.76.3\0091\009http\00980\00930\0096\0093"<br />seznam.cz. 284 IN TXT "v=spf1 mx ip4:77.75.72.1/24 ip4:77.75.73.1/24 ip4:<br />77.75.76.1/24 ip4:77.75.77.1/24 ?all"<br />seznam.cz. 284 IN TXT "wwrr\00977.75.72.3\0091\009http\00980\00930\0096\0093"<br /></pre></div><br /><br />ten prostredni radek jsou adresy serveru, ktere jsou opravnene posilat maily (viz SPF na slidu)<br /><br />Na zaver zminka ze serie slidu 10:<br /><br />7:<br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> snmpwalk -v1 -c public 10.0.0.100<br />SNMPv2-MIB::sysDescr.0 = STRING: Linux bug.ms.mff.cuni.cz 2.6.18-53.1.13.el5xen #1 SMP Tue Feb 12 14:04:18 EST 2008 i686<br />SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10<br />DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (763702) 2:07:17.02<br />SNMPv2-MIB::sysContact.0 = STRING: root<br />SNMPv2-MIB::sysName.0 = STRING: bug.ms.mff.cuni.cz<br />SNMPv2-MIB::sysLocation.0 = STRING: MS<br />...<br />(strasne dlouhy)<br /></pre></div><br /><br />a ten druhy ukol ze stejneho slidu:<br /><br /><div class="kod"><pre><br /><span style="color: rgb(204, 0, 0);">vm15:~#</span> snmpwalk -v1 -c public eliska.ms.mff.cuni.cz | grep IF-MIB::ifPhy<br />IF-MIB::ifPhysAddress.1 = STRING: 0:1:e6:3:6f:7a<br />IF-MIB::ifPhysAddress.2 = STRING: <br /></pre></div><br /><br /><br /><h2>Bojovka</h2><br /><br />Bojovka probihala v uvolnene atmosfere, byla imho tak nejak primerene tezka, ale kdyz jsem se treba na 10 nebo i 20 minut zasekla na jednom ukolu, bylo to docela deprimujici. Nastesti, kdyz jste skutecne vyzkouseli vsechno, koukate do toho uz veky a nevite, tak se da prihlasit a mozna vam bude mirne napovezeno :) Limit byl 75 minut, ktery jsme ale nakonec pretahovali, protoze vetsina lidi to do toho casu nestihla. Mirek (vyucujici) byl maximalne vstricny. Tak hodne stesti :)Unknownnoreply@blogger.com38tag:blogger.com,1999:blog-36073118.post-21720765657999464052008-03-02T17:02:00.004+01:002008-05-23T19:51:21.927+02:00Zapisky z Metod matematicke statistikyMam v planu prubezne fotit zapisky z prednasek, pristupne jsou zde: <a href="http://s238.photobucket.com/albums/ff152/s0cketka/metody%20matematicke%20statistiky/?action=view&current=001.jpg">photobucket.com</a><br />Po posledni prednasce budou navic vsechny fotky zverejneny v jednom pdf souboru.<br /><br />23.5.08: Zapisky jsou kompletni (90 stranek), pdf nakonec asi delat nebudu, pokud o to vylozene nema nekdo zajem - kdyz tak napiste do komentare.Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-36073118.post-14200361083103672332008-02-29T08:03:00.004+01:002008-03-01T16:35:54.798+01:00Presun webu do blogu / Moving the web to the blog<div><div style="display: block;"><div class="czech">Cas ukazuje, ze na spravu webu i blogu zaroven nemam cas a tak jsem se rozhodla, ze web presunu do blogu. Doufam, ze se mi to povede bezeztratove a vsechno, co jste dosud mohli najit na mem webu, bude pristupne zde :)<br /></div><div class="english">By the time I can see that I am not capable to keep my homepage and also my blog. So I'm going to move all my data into this blog. I hope I won't lose any data :) and you will be able to get all information that are currently on my homepage here.<br /></div></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-62627228365768306272008-02-05T19:04:00.002+01:002008-03-01T16:37:05.853+01:00Postrehy ze zkouskoveho / Exams Observations<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/uceni/binary.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/uceni/binary.gif" alt="" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/uceni/dukaz.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/uceni/dukaz.gif" alt="" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/uceni/dukaz.gif"><br /></a><div><div style="display: block;"><div class="czech">Konec zkouskoveho jeste neni, presto uz ted jsem nasbirala nekolik zajimavych postrehu:<br /><br /><span style="font-weight: bold;">Postreh prvni:</span><br />Vsimla jsem si napadne podobnosti skript a binarniho souboru.<br /><br /><br /><span style="font-weight: bold;">Postreh druhy:</span><br />Vetsinou se v chapani zaseknu na necem, co je dle autora obecne zrejme, jasne, trivialni a tedy to neni treba vysvetlovat.<br /><br /><span style="font-weight: bold;">Postreh treti:</span><br />Co mi prijde obecne zname, jasne, trivialni a nepotrebuji to vysvetlit je vetsinou dokazano na nekolik stranek dukazem tak narocnym, ze to prestanu chapat.<br /><br /><span style="font-weight: bold;">Postreh ctvrty:</span><br />Kdyz uz je vazne nejhur, je potreba si uvedomit, ze vlastne o nic nejde. Tak az vam bude hodne spatne, zkuste se podivat treba na tohle <a href="http://www.youtube.com/watch?v=7_jmxjo8fl8">video</a> a pochopite, ze kdyz zkousku neudelate, tak se vlastne nic tak zleho nestane.<br /></div><div class="english">The end of exams in still far away. However I have some interesting observations already:<br /><br /><span style="font-weight: bold;">Observation No. one:</span><br />I have taken notice of the similarity of a binary file and the official lecture notes.<br /><br /><span style="font-weight: bold;">Observation No. two:</span><br />I have often troubles to understand to something that is according to the author evident, clear, trivial so it doens't need to be explained.<br /><br /><span style="font-weight: bold;">Observation No. three:</span><br />What seems to me to be evident, clear, trivial so it doens't need to be explained is often proved by number of pages in a such difficult way that I desist from understanding it.<br /><br /><span style="font-weight: bold;">Observation No. four:</span><br />When really bad times come I have to realize that at it is all small and unimportant in fact. So if you feel really bad see this <a href="http://www.youtube.com/watch?v=7_jmxjo8fl8">movie</a> and you will understand that there is nothing frightful happening if you do not pass the exam.<br /></div></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-81247868925815940092007-11-17T12:57:00.001+01:002008-03-01T16:39:10.332+01:00Jak jsem zazarila v akademickem mistrovstvi CR v prespolnim behu / How I fascinated at Czech academic cross-country championship<div style="display: block;"><div class="czech"> Po dlouhe dobe se mi na cele dopoledne podarilo zbavit se vsech povinnosti a vydala jsem se s kamaradkou na prespolni beh. Uz 55 let se kona v obore Hvezda tradicni beh 17. listopadu, letos jsem se stala jeho soucasti i ja :) A to docela podstatnou, jak se doctete dale.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.vysokoskolskysport.cz/imagebank/411847/300/500/20061117_014.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 248px; height: 164px;" src="http://www.vysokoskolskysport.cz/imagebank/411847/300/500/20061117_014.jpg" alt="" border="0" /></a><br />Teplota byla na relativne prijemne nule, pozdeji asi i par stupinku nad nulou. Vitr prilis nefoukal, snezilo jen nepatrne. Zazemi zavodu bylo perfektni - oddelene satny, dokonce sprchy.<br /><br />Zavod startoval v 10h, v pul desate jsme dorazily na registraci. Fronta nebyla prilis dlouha, ale na chvili cekani to bylo. Kdyz tu nas oslovily dve pani u stolecku s napisem "AM", jestli nechceme do akademicke kategorie. Nabidka znela lakave - zadna fronta, bezplatny start a stejna delka trati jako v kategorii zeny (4400m), k tomu hezke CVUTacke tricko. Tak jsme kyvly. Ukazalo se, ze jsme se zapsaly do akademickeho mistrovstvi CR v prespolnim behu a k nasemu jmenu byla pripsana skola, kterou reprezentujeme. To jsem zacala uvazovat, co me muze skola za ostudu, kterou pravdepodobne zpusobim svym casem, udelat - napadlo me akorat odebrani ubytovaciho stipendia, coz je vzhledem k jeho vysi nepodstatne :) Na druhou stranu, kazda reklama skole prece jen prospeje.<br /><br />Dostala jsem cislo 19, coz me prekvapilo, ostatni meli cisla nad 100. Vypadala jsem tedy jako skutecna favoritka zavodu :)<br /><br />Na startu jsem se postavila rovnou do zadu a ukazalo se to jako spravny krok. Uz 100m za startem jsem byla se slusnym naskokem posledni. Na prvni krizovatce me navigujici poradatel povzbuzoval, tak jsem ho ujisitla, ze budu rada, kdyz dobehnu (uz tou dobou jsem mela tep mezi 188 a 195 a cely prubeh zavodu neklesl, ale citila jsem se v pohode).<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-6.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 247px; height: 185px;" src="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-6.jpg" alt="" border="0" /></a><br /><br />Po kilometru uz jsem nevidela nikoho pred sebou, ani nikoho za sebou. Ale bylo krasne a tak jsem si to uzivala. Navic uz jen kilometr a budu mit jedno kolecko za sebou. Bezela se totiz dve stejna kolecka po 2200m. V nasledujicim kilometru jsem stihla dvakrat trosku zabloudit, ale jinak se mi bezelo hezky.<br /><br />Byla asi 14. minuta zavodu a ja se blizila ke konci prvniho kolecka, uz jsem videla cil. Vzpomnela jsem si, ze lonska vitezka dobehla v case kolem 15 minut. Hmmm, to asi budu vypadat jako vitezka, napadlo me. A nemylila jsem se - jak jsem se blizila ke konci kolecka, zacali se v cili srocovat lide a dokonce me nataceli. No jo, mela jsem nizke cislo, vypadalo to, ze treba prekonam lonsky cas o par vterin. Presto vypadali vsichni mirne nejiste - na vitezku jsem si to sinula dost pomalu. Kdyz jsem probihala cilem, sdelila jsem kameramanovi, ze nejsem prvni, ale posledni, at si jeste pocka. Tak vypnuli kameru, upustili od zapsani vysledku viteze a povzbudili me k druhemu kolecku :)<br /><br />Na prvnim rozcesti stale jeste stal ten pan, co me pred ctvrt hodinou tak povzbuzoval a povidal: "Vidim, ze si stale drzite svou pozici! Jen tak dal, nenechte se vyvest z miry, uzijte si to!".<br /><br />Zbytek trate jsem dobehla jiz temer bez komplikaci (kdyz nepocitam dvoje smrkani, jedno zavazovani tkanicky a jedno zakopnuti). V cili jsme dostala presladky caj a cely balik susenek. Vsichni byli moc mili a ochotni.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-29.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 247px; height: 185px;" src="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-29.jpg" alt="" border="0" /></a><br />S celkovym casem cca 30 minut jsem celkem spokojena - jsem rada, ze jsou to dobehla :) Asi me budou vecer trochu bolet nohy, ale citim se jako znovuzrozena. Tu pulhodinu jsem v podstate celou prosmala :)<br /></div><div class="english">After many weeks, I had a free Saturday morning with no obligations. I went to the cross-country race with my best friend Johari. This race is held annually for 55 years at Hvezda park on 17th November and this year I took part in it and it was quite serious role - as you will read in a moment.<br /><br />The temperature was getting quite comfortably about zero, later it was about five degrees. No strong wind, snowing only gently. Organization was great, there were separated cloak-rooms with showers also.<br /><br />The race started at ten o'clock, we arrived to registration at half past nine. There was no long queue, just a few people, we thought that we would stand there for just some few minutes. We were standing there when a couple of women told us that we could register as academicians. It seemed to be a good offer - no queue, free registration, the same length of race (4400m) and as a bonus we got a T-shirt with CVUT logo for free. (CVUT is another Czech university). So we accepted this offer happily. Later it showed oneself that we had registered to <a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-1.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 243px; height: 182px;" src="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-1.jpg" alt="" border="0" /></a>Czech academic cross-country championship and to our name there had been added the name of university we represented. I started to wonder about what could my university do to me to penalize me for the shame that I would make for sure. The only thing I thought out was to refuse my accommodation scholarship and this was not important for me in the light of it's highness. On the other hand, every propaganda is good for my school's popularity.<br /><br />They assigned starting number 19 to me. It surprised me because others had numbers bigger than a hundred. I looked like a total leader of the race :)<br /><br />I stand back at the start and this was a really good idea. We were one hundred meters over the start and I was already the last runner. The organizer encouraged me at the first crossroad and I made him sure that my target is to come to the finish not to win (at this moment I already had my heard frequency between 188 and 195 - and it didn't decreased during the race, however I felt fine).<br /><br />After the kilometer I couldn't see anyone behind me nor ahead. Anyway, it was a beautiful day so I enjoyed the run. Moreover there was just one kilometer to finish the first lap. We run two similar laps 2200m long. During the next kilometer I got lost a bit for two times in spite of the fact it was nice.<br /><br />There was the 14th minute of a race coming and I was approaching the finish line of the first lap. I remembered that last year the winner had the time about 15 minutes. Mmmm, then I would look like a winner I thought. And I wasn't wrong. When I was getting closer <a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-7.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 242px; height: 181px;" src="http://www.behej.com/gallery/2007-beh-17-listopadu-praha-7.jpg" alt="" border="0" /></a>to the finish, there were a bigger crowd of people and there was a television filming me. Oh yeah, I had a very low number and it seemed that I would improve the time from the last year. However all of them looked a bit confused - I was running very slowly for the winner. When I run around a camera-man I told him to wait that I was not the first one, but the last one. So they stop filming, stop from writing down my time and encouraged me to the last lap :)<br /><br />There still was the same organizer at the crossroad and he was encouraging me: "I can see that you are holding your position! Great! Keep it up, enjoy it!"<br /><br />The rest of lap I run almost without complications (if I don't bear in mind that I had to blow my nose for two times, tie the laces for one time and tripped out for one time). At the finish I got a very very sweet tea and a package of sweets. All people there were very nice.<br /><br />I'm quite satisfied with my time that was about 30 minutes. I'm happy that I finished it. Maybe I will feel my tired legs in the evening however I feel like born again now. I was laughing during almost whole race :)<br /></div></div>Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-36073118.post-26854296451064443642007-09-16T08:24:00.001+02:002008-03-01T16:39:43.605+01:00Paty turnaj "Golf Club Praha Tour 2007" / The fifth "Golf Club Praha Tour 2007"<div style="display: block;"><div class="czech">I tato sobota byla ve znameni sportu. S Davidem jsme se zucastnili golfoveho turnaje - on jako hrac, ja jako jeho nosic (nebo spis vozic).<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000815.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 257px; height: 193px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000815.jpg" alt="" border="0" /></a><br /><br />Na motolskem hristi jsme byli poprve. Na pohled je krasne, ale prekvapila me jeho clenitost. Tahat po nem vozicek bylo docela narocne, do nekterych svahu jsem se musela doslova drapat, malem po ctyrech.<br /><br />Dalsim specifikem hriste byly velmi caste prelety letadel - nebyla mezi nimi pauza delsi nez nekolik malo minut a kdyz slo o tryskove letadlo, nebylo slyset vlastniho slova.<br /><br />Tentokrat David nesel vyhravat, ani zlepsit handicap a to byl mozna ten duvod, proc bylo skore takove slabe. Ale vubec nam to nevadilo, hezky jsme si zahrali, nadychali se cerstveho vzduchu a nasytili nase oci pohledem na krasnou zelen a modro-sede nebe.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000805.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 253px; height: 337px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000805.jpg" alt="" border="0" /></a><br />Nekomu se golf nejevi jako sport, ale ja ho tak vidim, nebot je srovnatelny nejmene s turistikou. Oba jsme usli kolem 10km. Ja jako nosic jsem to absolvovala vcetne tahani bagu na vozitku, ktery vazi asi 15kg, pres vsechny ty kopecky a hrboly. David jako hrac absolvoval desitky odpalu, navic se musel umet zkoncetrovat na hru, prestat myslet na vsechno ostatni. Po dni stravenem na hristi se citite jako po kazdem jinem venkovnim sportu - prijemne unaveni, mirne ofoukli a opaleni a vase mysl je prijemne uvolnena.</div><div class="english">This Saturday was in token of sport also. We took part of a golf tournament - me and David. He as a player and I was a caddie (with a buggy luckily).<br /><br />We was for the first time on the golf course at Motol. It is a very beautiful course at sight. But I was surprised by it's horizontal articulation. It was realy hard to draw a bag there - there were some slopes where I thought that the bag would draw me down and I scrumbled up almost on all fours.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000813.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 257px; height: 343px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000813.jpg" alt="" border="0" /></a><br />The next interesting think was that there were huge planes flying over the course every few minutes. And if it was a jet we couldn't hear own words.<br /><br />David didn't want to win or improve his handicap this time and that was may be the reason why his score wasn't so good. However it didn't matter - we enjoyed the game, we breathed fresh air and satified our eyes by view of a nice green grass and grey-blue sky.<br /><br />There are people that do not see golf as a sport. I mean that it really is a sport. It is comparable with a hiking at least. We both walked about 10 kilometres. Me as a caddie with bag that is about 15 kilograms heavy and David as a player made many drives and he had to concentrate to the game and stop thinking about all other things... You feel like after any other outdoor sport when you spend a day on a golf course - nice tired, a bit blow over and sunburned and your mind is free.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000803.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 258px; height: 193px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-15%20golf/P1000803.jpg" alt="" border="0" /></a></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-76468153705724214982007-09-09T09:07:00.001+02:002008-03-01T16:40:29.123+01:00Night Grand Prix<div style="display: block;"><div class="czech">Pul roku jsem se tesila, 6 tydnu jsem se snazila trenovat. Ale protoze se mi nestacila zahojit dira po zubu moudrosti, nakonec jsem zustala mezi fanousky, Katka (moje nej kamaradka) musela bezet sama. Ale bylo to super :)<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000728b.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 266px; height: 199px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000728b.jpg" alt="" border="0" /></a><br />Vcera vecer se na Starem Meste konala nocni Grand Prix - beh pro zeny na pet kilometru, muzi si zabehli kilometru hned deset. Start zenskeho behu byl naplanovany na osmou hodinu vecerni, muzi startovali az o hodinu pozdeji.<br /><br />Jak se blizil cas startu zen, zacal se startovni koridor zaplnovat a stejne tak se zacaly kupit davy lidi podel startu a zacatku trasy. Me snahy o foceni byly docela marne, nedokazala jsem se probit na misto, kde by bylo videt zavodnice po startu. Jedine takove misto bylo hned kousek za startem, ale tam stal umelec plivajici ohen na vsechny strany.<br /><br />Mista tesne u zavodniho koridoru se uvolnila, az kdyz zavodnice odstartovaly a zmizely v ulickach Stareho Mesta. Za par minut znovu probihaly Staromestskym namestim, mista kolem trati se opet velmi rychle zaplnila divaky. Byla jsem ale hodne zklamana, ze se publikum tak zdrahalo bezkyne povzbuzovat. Komentatori divaky nekolikrat vyzyvali k potlesku a povzbuzovani, presto vetsina lidi zustala stat nehybne se znudenym vyrazem. Zrejme netusili, jak je pro bezce povzbuzovani dulezite.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000752.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 253px; height: 189px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000752.jpg" alt="" border="0" /></a><br />Sotva probehly timto usekem, nastal cas, abych se presunula k cili, protoze zbyvalo jen nekolik malo minut, nez se ukaze, ktera z ucastnic zvitezi. Jako prvni dobehla dle ocekavani Kenanka Irene Kwambai. Komentatori s napetim ocekavali, kdy dorazi do cile i nektera z ceskych zavodnic a ja cekala, kdy spatrim do cilove rovinky pribihat Katku.<br /><br />Asi minutu po Kenance pribehla i Petra Kaminkova - ze vcerejsich zen nejrychlejsi Ceska. Do cile pak v pomerne dlouhych intervalech dobihaly dalsi zavodice. Organizatori hned pozvali Petru na komentatorske stanoviste a ta jim jeste udychana poskytla rozhovor. Stezovala si na spatne osvetleni - casto svitilo svetlo do oci, po ceste si trikrat vyvrkla kotnik. Zaverem pravila, ze se neda nic delat a ze se musi smirit s tim, ze dnesni zavod byl pro divaky. Coz me prislo jako ponekud nestastne, protoze jsem toho nazoru, ze takove zavody by mely byt pro divaky predevsim, ze to se rozumi samo sebou (nejen proto, ze bez divaku by nebyli sponzori a bez sponzoru by nebyl zavod). Docela me zamrzelo, ze nerekla nic pozitivniho - rada bych totiz, aby se zavod konal za rok zase a abych se mohla konecne zucastnit. Jak znelo heslo teto Grand Prix - "Nektere veci jsou proste lepsi v noci."<br /><br />Blizi se teprve 23. minuta od startu a ja uz vidim, jak se k cili blizi Katka! Cekala jsem, ze dobehne hodne dobre, ale takhle brzo, to me hodne prekvapilo. Nadsene jsem se snazila prichystat si fotak, abych ji udelala cilovou fotku, ale nejak jsem to nezvladla a tak je fotka ponekud tmava :) (to je ta cerna fotografie s bilymi pruhy)<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/katka.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 257px; height: 183px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/katka.jpg" alt="" border="0" /></a><br />Za chvili jsme se sesly na domluvenem miste, trikrat se prodiraly davy na namesti sem a tam, nez jsme nasly, kam se vraci cipy. Organizatori byli sice vzdycky mili a ochotni, ale moc toho nevedeli. Na dotaz, kam se vraci cipy, jednou dokonce odpovedeli "Vy mate naky cipy?:-o".<br /><br />Nez jsme se nadaly, byl odstartovan zavod muzu. Jeste jsme ukoristily par balonku a chvili se toulaly ulickami okolo namesti. Dosli jsme do Parizske ulice, ktera byla posledni ulici pred cilem. V cili bylo hodne lidi, ale v tehle ulici nebyla ani noha, nikdo, kdo by bezce povzbudil. Nemusely jsme dlouho cekat a uz se k nam blizili prvni bezci (prvnich nekolik bylo tradicne z Keni). A tak se stalo, ze jsme nasledujicich 45 minut stravily v teto ztichle ulici tleskanim, piskanim a kricenim "Joooo" a "Peknyyy", "Dobreee", "Jedem, jedem!", "Uz jen kousek", "Do tohooo", "Super" a ke konci "Nevzdavej to, uz jen par metru!" a "Je to taaam!". Asi jsme vypadaly docela blaznive, ale pravda je, ze mnoho bezcu skutecne zrychlilo a ti, co uz jen sli, tak zacali bezet. Energii jsme dodaly, myslim, vetsine z nich. Jeste ted me pali z toho tleskani dlane :)<br /><br />Je to vazne hezky pocit, videt, jak se lide prekonavaji, jak jim prostym krikem dodavate silu. Mezi zavodniky bylo mnoho deti, duchodcu a dokonce i jeden odvazlivec s berlemi. A bylo videt, zvlaste na tech zavodnicich, kteri nemeli uplne nejlepsi casy, ze si to krasne uzili a ze maji radost, ze to zvladli. A tak to ma byt :)<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000737b.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 264px; height: 197px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000737b.jpg" alt="" border="0" /></a><br />Byl to super vecer - setkani s lidmi, kteri se rozhodli, ze se prekonaji, kteri v dnesni line dobe nerezignovali a dokazi si uzit radost z behu. "Joooo, jste dobryyyy!"<br /></div><div class="english">I was looking forward to it for more then six months. I endeavoured to train for six weeks. But my wisdom tooth hole hadn't enough time to skin over so I had to be a fan only. Kate (me dearest friend) had to run without me. However it was great :)<br /><br />There was the Night Grand Prix at Prague Old Town yesterday evening - women's running race for five kilometres and men had run ten kilometres. Start of the women's race was planned to eight p.m. and men started one hour later.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000759.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 262px; height: 196px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000759.jpg" alt="" border="0" /></a><br />When the start time of women's run was drawing nearer, the lane for runners started to fill by competitresses and alongside it were many fans and attendants. I tried to take some pictures however it was vain effort - there was no space along the lane that would allow me to see runners after the start. The only free place near the lane was occupied by some artist who was breathing fire all around him.<br /><br /><br />There was some free space near the lane at last after runners had started and disappeared at streets of the Old Town. They run throught the square again in the opposite direction in few minutes. There re-appear the crowd of attendants along the corridor. But I was quite disappointed that the audience was so hesitating to making noise to encourage runners. Narrators appealed the audience to clap hands many times however they still stood with out a move and having bored faces. They evidently had no idea how important is chucking-up for the runner.<br /><br />After they had run throught this part of their path the time occuredfor me to move near the finish. It remained just few minutes till we would know which one would be the winner. The first competitress was as expecting from Kenya - Irene Kwambai. Narrators were looking forward for the first runner from Czech and I was waiting for the moment when I would see my friend Kate running to the back straigth.<br /><br />The first Czech runner Petra Kaminkova came about one minute after Irene. There were other runners coming in at quite long intervals. Petra was asked to give an interview just after she had came in. She was complaining about bad lighting - it dazzleded her many times so she had her ankle sprained three times. She ended her interview by telling us that it was no go and she had to acquiesce that this race had been for audience. I think that this was quite poor - according to my opinion all races are for audience at first (not only because with no audience there would be no sponsors and with no sponsors there would be no race). I was sorry that she said nothing positive - I would like organizers to arrange Night Prix next year again to allow me to take part in the run. According to the motto of this Grand Prix - "Some things are just more fun in the dark."<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000721.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 267px; height: 200px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/P1000721.jpg" alt="" border="0" /></a><br />The 23th minute was drawing nearer when I saw Kate approaching to he finish! I had expected that she would be great but she was so fast. That really surprised me. I tried to make my camera ready enthusiastically to take her picture at the finish. However I didn't make it well and the picture is quite dark :) (it is the black photo with white stripes on the left side of the screen)<br /><br />We met after a while. Then we had struggled three times throught the square before we found where she should give back the chip. Organizers were indeed nice but they didn't know much information. If we asked them to tell us where chips should be given back they answered: "Oh, do you have any chips? :-o"<br /><br />Time was running fast. It was nine p.m. and the race for men was started. We captured some balloons and we were roaming at streets around the square. We reached Parizska street (Paris Avenue) - the last street of the race that goes straight to finish. There were many people at the finish while nobody was at this st<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/lidi.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 260px; height: 295px;" src="http://i238.photobucket.com/albums/ff152/s0cketka/2007-09-08%20pim%20beh/lidi.jpg" alt="" border="0" /></a>reet. Nobody who would encouarge tired runners. We hadn't to wait for a long time and first racers were coming (first few of them were traditionally from Kenya). So it happend that next 45 minutes we spent at this silent street by clapping hands, whistling and shouting "Yup!" and "Nice!", "Good", "Go go go!", "Just a few meters remains", "Hit it!", "Super" and at the end "Do not give it up! Last few metres!" and "You will make it!". Maybe we looked crazy but the truth is that many runners speeded up and those who were walking started to run. We energized most of them I think. Even now my hands are burnign :)<br /><br />It is really so nice feeling if you see how people overcome themselves, how you energize them by a simple shouting. There were many children and pensioners among the runners. Even there was one using crutches. You could see especially when looking to runners who weren't at the first places that thay really enjoyed the run and thay were happy that thay had made it. And that's how it should be :)<br /><br />It was a real nice evening - meeting people who decided that thay will overcome themselves. At our lazy times they haven't demitted and they can enjoy a happines from runnnig. "Jup, you are so great!"<br /></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-72549265195038567642007-08-07T12:17:00.001+02:002008-03-01T16:49:39.195+01:00Bezlepkove rohliky / Gluten free rolls<div style="display: block;"><div class="czech">Cilem tohoto receptu je vyrobit bezlepkovy rohlik, ktery je co nejvice chutove podobny obycejnemu rohliku ze samosky :)<br /><br /><span style="font-weight: bold;">Suroviny:</span><br /><ul><li>250g bezlepkove smesi Jizerka<br /></li><li>15g bezlepkoveho drozdi</li><li>2 lzicky cukru moucky</li><li>1 lzice oleje</li><li>110ml vody</li><li>3 spetky soli</li><li>2 lzicky sadla</li><li>1 bilek na potreni<br /></li></ul><span style="font-weight: bold;">Postup:</span><br /><br />Drozdi, cukr, jednu lzici mouky a trosku vody smichame v hrnicku na kvasek, nechame chvili odstat.<br /><br />Do misy dame zbytek mouky, olej, sadlo a sul. Pridame teplou vodu a kvasek, dukladne promichame. Nechame asi hodinu kynout na teplem miste (treba na slunicku).<br /><br />Testo rozdelime na ctyri dily, z kazdeho udelame rohlik. Rohliky pokladame na vymazany plech a potirame bilkem.<br /><br />Peceme na 170 stupnu do zlatova, asi 35 minut.<br /><br /></div><div class="english">The goal of this recipe is to bake gluten free rolls that taste like common rolls :)<br /><br /><span style="font-weight: bold;">Ingredients:<br /></span><ul><li>250g gluten free flour (called Jizerka)</li><li>15g gluten free yeast</li><li>2 teaspoons powdered sugar</li><li>1 spoon oil</li><li>110ml water</li><li>3 pinches of salt</li><li>2 teaspoons lard</li><li>1 egg white<br /></li></ul><span style="font-weight: bold;">Directions:</span><br /><br />Let's mix yeast, sugar, one spoon of flour and a little of water in the cup. Let this leaven stay for a few minutes.<br /><br />Put the rest of flour, oil, lard and salt to the bowl. Add warm water and the the leaven from the cup. Mix it well and let it rise for about one hour at the warm place (in the sun for example).<br /><br />Separate the dough up into four parts. Make a roll from each part, put it on the greased baking tin and glair it.<br /><br /><span> Then bake it at 170 degrees C until golden - about 35 minutes.</span><br /></div><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-52090683731972059772007-08-06T13:54:00.001+02:002008-03-01T16:41:04.235+01:00Nove bezecke statistiky / New running statistics<div style="display: block;"><div class="czech">Po mensi bezecke prestavce jsem se zase zacala snazit. Zalozila jsem si ucet na serveru <a href="http://www.runningahead.com/logs/d6c6e71bb2dd4a7888b3209704bebc4e">runningahead.com</a>, tam muzete sledovat me snazeni, starou stranku statistik uz nepouzivam :)<br /></div><div class="english">I have started again to strive for being the runner. I have created an account on the <a href="http://www.runningahead.com/logs/d6c6e71bb2dd4a7888b3209704bebc4e">runningahead.com</a> server - you can watch my records there.<br /></div><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-76384298737817188452007-08-06T10:46:00.001+02:002008-03-01T16:41:33.285+01:00Cesky a Anglicky / Czech and English<div style="display: block;"><div class="czech">Rozhodla jsem se psat si blog dvojjazycne, abych si neomezovala okruh ctenaru :) Od teto chvile se budu snazit psat vsechno cesky a vedle anglicky.</div><div class="english">I have decided to write my blog in two languages to support non Czech readers. From this moment I'll try to write all articles in Czech and also in English.<br /></div><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-50888192192439628412007-08-05T11:36:00.000+02:002007-08-05T11:39:23.469+02:00Syrove tycinky<span style="font-weight: bold;">Suroviny:</span><br /><br />250g polohrube mouky<br />250g nastrouhaneho syra<br />250g hery<br />vejce<br /><br /><br /><span style="font-weight: bold;">Postup:</span><br /><br />Vsechno smichame, udelame placku, tu nakrajime, posypeme sezamem, potreme vejcem a dame upect.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-22468678084782420242007-08-05T11:29:00.000+02:002007-08-05T11:36:44.180+02:00Jatra (nebo neco jineho :)<span style="font-weight: bold;">Suroviny:</span><br /><br />500g jater<br />2 cibule<br />1 sklenicka zavarene kysele cervene papriky<br />1 lzicka cervene papriky (koreni)<br />0.5 lzicky palive papriky (koreni)<br />2 lzice kecupu<br /><br /><span style="font-weight: bold;">Postup:</span><br /><br />Jatra nakrajime na kousky, cibulku na jemno. Na oleji zprudka osmahneme jatra, pak pridame cibulku a opekame, pridame zavarenou papriku, opekame. Nakonec okorenime a pridame kecup.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-60142284615714343882007-08-03T20:58:00.000+02:002007-08-03T21:01:44.569+02:00Proc tolik receptu?Doufam, ze vas nenudim temi vsemi recepty :) Ne, ze bych byla takova labuznice, ale obcas je proste potreba, abych uvarila a kdo si ma vsechno pamatovat... takze hledam recept, ale protoze skoncil nekde na papirku v nejake hromade papiru, nenajdu ho a znovu ho shanim. A to je otrava a tak jsem se rozhodla si to vsechno psat nekam, kde to vzdcky najdu :) Navic tim davam sanci lidem jako jsem ja, nezkusenym kucharum, uvarit neco dobreho :)Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-36073118.post-84733151710371158212007-08-03T20:38:00.000+02:002007-08-03T20:57:34.088+02:00Spagety s masem a (nebo) tofuLze pouzit maso i tofu, nebo klidne jen jedno z toho, dle nalady.<span style="font-weight: bold;"><br /><br />Suroviny:</span><br /><br />spagety<br />0.5kg mlethoe michaneho masa<br />2 tofu (libovolne ochucene, nebo neochucene; testovano s neochucenym a uzenym)<br />smes koreni na spagety<br />4 protlaky (pokud pouzijeme pouze maso nebo pouze tofu, protlaku je treba asi jen polovina)<br />kecup (neni nutny, lze nahradit protlakem nebo vynechat)<br />cibulka<br />cesnek<br />olej<br /><br /><span style="font-weight: bold;">Postup:<br /><br /></span>Pokud pouzijeme tofu:<br />Nakrajime tofu na kosticky asi 5mm velike. Vetsina tofu ma tendence se drolit (ale treba uzene se nedroli). Pokud mame takovy druh, zachazime s nim jemne, aby se nerozpadlo a navic ho pred dalsiupravou povarime, tim zmeni charakter a stane se pruzne a pevnejsi. Dame si varit vodu (pokud pouzivame neochucene tofu, prisypeme do vody trochu koreni na spagety) a kdyz se vari, pridame kosticky tofu. Povarime par minutek a slijeme. Tim mame tofu pripravene.<br /><span style="font-weight: bold;"><br /></span>Na trosce oleje lehce osmahneme nakrajenou cibulku (pokud pouzivame maso, staci oleje jen kapicka, protoze maso je hodne tucne). Pridame maso, osmahneme, dokud nezhnedne. Pridame tofu a chvili na to protlaky a posypeme korenim a pripadne posolime. Smes je ted hodne husta, takze ji zredime kecupem. Pokud kecup nemame, jednoduse zredime vodou a pridame trochu cukru.<br /><br />Nechame smes asi 30 minut dusit, postupne dolivame vodu, co se vyparila, abychom zachovali omackovou konzistenci. Pozor, smes hodne prska a kam prskne, uz nikdy nebude puvodni barva, takze pouzivejte poklicku a zasteru, nebo jiny ochrany odev, kdyz smes michate! (michat se to musi jednou za par minut, jinak se to pripali)<br /><br />Vypneme ohen a dochutime - dle chuti: cukrem, korenim a hlavne nezapomenme na nadrceny cesnek, ten tomu doda tu spravnou chut (nedavejme ho do smesi kdyz se jeste vari, ztratil by riz).<br /><br />Nejlepe chutna s bezlepkovymi kukuricnymi spagetami a nastrouhanym hodne tvrdym ovcim syrem. Ale dobre je to i s obycejnymi spagetami a eidamem :)Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-41115064561056036542007-08-03T20:29:00.000+02:002007-08-03T20:38:18.409+02:00Rychle leco s kuskusem<span style="font-weight: bold;">Suroviny:</span><br /><br />mnozstvi vseho dle chuti<br /><br />(tocenak)<br />cibulka<br />papriky<br />rajcata<br />kuskus<br />vejce<br /><br /><span style="font-weight: bold;">Postup:</span><br /><br />Pokud mame tocenak, tak tocenak s cibulkou, jinak jen samotnou cibulku, lehce osmahneme. Pridame nakrajenou papriku, zalijeme vodou a dusime, dokud paprika nezmekne (dle vkusu). Pridame rajcata a opet dusime, dokud nejsou trochu rozvarena (dle vkusu:). Prubezne dolivame vodou, aby to trochu plavalo.<br /><br />Kdyz je zelenina temer hotova, prisypeme kuskus (musime mit v lecu dostatek vody) a nechame chvilicku povarit, pak pridame vejce a znovu chvili varime, dokud neni vejce uvarene. Muzeme prisolit a je to.<br /><br />Doporucuji zkonzumovat hned po vareni, dalsi den totiz kuskus nasakne vodu, zvetsi se a cela hmota hodne ztuhne a vyschne - je to jedle, ale neni to tak dobre. Pokud chceme mit navareno na vic dnu, tak je lepsi kuskus varit zvlast a pridat ho do pokrmu az tesne pred jidlem.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-36073118.post-28559767202631748332007-08-03T14:52:00.000+02:002007-08-03T20:58:18.360+02:00Rajska<span style="font-weight: bold;">Suroviny:</span><br />asi 750g hoveziho<br />4 male rajske protlaky<br />cukr<br />ocet<br />sul<br />sadlo<br />2 cibule<br />5 kulicek pepre<br />10 kulicek noveho koreni<br />spetka tymianu<br />4 kusy bobkoveho listu<br />2 lzice mouky<br /><br /><span style="font-weight: bold;">Postup:</span><br /><br />Maso vlozime do tlakoveho hrnce, zalijeme vodou, aby bylo cele ponorene, ale aby voda nepresahovala rysku v hrnci (kdyz se nevejde, tak ho rozkrojime). Osolime a dame varit. Kdyz zacne "poskakovat" ventilek hrnce, stlumime ohen a varime 90 minut. Pak hrnec ochladime pod studenou vodou nebo<span style="font-weight: bold;"> velmi</span> opatrne a pomalu upoustime paru ventilkem (napr. pomoci dlouheho noze). Zkontrolujeme, zda je maso dobre varene a pripadne ho dovarime. Ze zbyle vody lze udelat polevku pridanim zeleniny, nudli a ruznych dochucovadel.<br /><br />Cibulky nakrajime na kolecka, spolu s peprem, novym korenim, tymianem a bobkovym listem osmahneme na sadle do zlatova ve velke panvi. Pak zalijeme vodou a 30 minut varime, postupne dolivame odparenou vodu, aby byla hladina stale hodne vysoko.<br /><br />Mezi tim na druhe panvi rozehreje sadlo a do nej nasypeme mouku, lehce do zlatova osmahneme. Tuto smes pridame do smesi s cibulkou po te pulhodince vareni a spolecne varime jeste asi 10 minut.<br /><br />Pripravime si hrnec s jemnym cednikem. Uvarenou smes precedime a ze zbyle hmoty v cedniku rucne vyndame vsechno velke koreni (listy i kulicky). Pote treme smes v cedniku tak dlouho, az ji celou pres nej propasirujeme (to je nejnamahavejsi cast, zacnete na to v posilovne trenovat vcas .).<br /><br />Do propasirovane omacky pridame protlaky a chvili (3 minutky) povarime. Pokud je omacka prilis husta, muzeme ji zredit napr. vyvarem z masa nebo i vodou. Dochutime asi 2 lzicemi cukru, soli a par kapickami octu.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-36073118.post-41828440818334658092007-08-03T14:44:00.000+02:002007-08-03T14:52:48.374+02:00Zemlovka<span style="font-weight: bold;">Suroviny:</span><br /><br />mleko<br />veka nakrajena na platky<br />asi 4 velka jablka<br />cukr<br />skorice<br />4 vejce<br /><br /><span style="font-weight: bold;">Postup:</span><br /><br />Nastrouhame jablka. V misce si smichame cukr (krystal) a skorici. Veku rozlozime na pekac a zalijeme mlekem, aby nam zmekla (muzem delat i postupne na taliri...). Vymazeme si zapekaci misu a jeji dno vylozime nasaklou vekou. Na to dame vrstvu nastrouhanych jablek, posypeme skoricovym cukrem. Nasleduje dalsi vrstva namocene veky, pak jablek a pak skoricoveho cukru. Zaverem polozime vrstvu zmekle veky. Peceme na 190 stupnu asi 30-45 minut.<br /><br />Mezi tim si oddelime zloutek od bilku z vajec. Bilky naslehame na tuhy snih, pak pridame 3 lzice cukru a zase chvili slehame a postupne do snehu zaslehame i zloutky. Smes nalijeme na temer upecenou zemlovku a nechame jeste 15 minut pect.Unknownnoreply@blogger.com0