Windows NT máy trạm được dễ dàng hơn để an toàn, nhưng cần được kiểm tra cấu hình mặc định để đảm bảo rằng mạng không phải là dễ bị tổn thương. Trên một mạng NT-chỉ, nó có thể vô hiệu hóa Lanman xác thực bằng cách thêm | 04 02 0l 04 02 0l 04 02 0l 04 02 05 seclinux1 seclinux1 seclinux1 seclinux1 30 30 30 30 user news by Jul Jul Jul Jul for uid 0 Jul for Jul job to Jul opened for user y uid 0 30 04 02 05 seclinuxl user news 30 04 22 00 seclinux1 2000-07-30 30 04 59 06 seclinux1 eric b syslogd syslogd syslogd PAM_pWdb 3637 PAM_pwdb 3637 restart. restart. restart. su session opened su session closed anacron 3692 Updated timestamp for PAM_pwdb 9788 login session Jul 30 05 43 19 seclinux1 ftpd 9839 FTP 8 eric Jul 30 06 19 43 seclinux1 after 900 seconds at S un Jul 30 06 19 43 2000 ftpd 9839 Use Jul 30 06 19 43 seclinux1 ftpd 9839 FTP Jul 30 06 19 43 seclinux1 inetd 576 pid Jul 30 07 47 51 seclinux1 inetd 576 pid Jul 31 04 02 00 seclinux1 for job to 2000-07-31 anacron 10493 Jul 31 04 02 03 seclinux1 for user news by uid 0 PAM_pwdb 10602 Jul 31 04 02 03 seclinux1 for user news PAM_pwdb 10602 su session su session LOGIN FROM r eric timed out session closed 9839 exit status 1 9787 exit status 1 Updated timestamp opened closed The message file is ASCII-based and can be viewed by typing the more var log messages command. You can also use the grep command to find activities that contain a certain key word. For example if I want to see anything that was done by user John I would type the following command moremessages grep john. The following is the output root@seclinux1 log more messages grep john Aug 5 06 44 55 seclinux1 PAM_pwdb 13976 authentication failure uid 0 - jo hn for login service Aug 5 06 44 56 seclinux1 login 13976 FAILED LOGIN 2 FROM FOR john Authentication failure In this case John had several failed logon attempts. It is important to note that you need root access to view the messages file. Hackers Beware New Riders Publishing 650 Secure The following log file is ASCII text and can be read with the more command. It contains information about any connections that were made to the box and where they .