Linux audit安全审计工具
/**********************************************************************
* Linux audit安全审计工具
* 说明:
* 今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。
*
* 2018-4-23 深圳 宝安西乡 曾剑锋
*********************************************************************/ 一、参考文档:
. Unable to open /sbin/audispd (No such file or directory)
https://bugzilla.redhat.com/show_bug.cgi?id=207627 二、Error - audit support not in kernel
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty x
x submenus ----). Highlighted letters are hotkeys. Pressing <Y> x
x includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to x
x exit, <?> for Help, </> for Search. Legend: [*] built-in [ ] x
x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [*] open by fhandle syscalls x x
x x [*] uselib syscall x x
x x [*] Auditing support <--------------------- x x
x x [*] Enable system-call auditing support x x
x x IRQ subsystem ---> x x
x x Timers subsystem ---> x x
x x CPU/Task time and stats accounting ---> x x
x x RCU Subsystem ---> x x
x x <*> Kernel .config support x x
x x [*] Enable access to .config through /proc/config.gz x x
x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x <Select> < Exit > < Help > < Save > < Load > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 三、运行测试:
. 命令测试:
[buildroot@root ~]# auditd -f
Config file /etc/audit/auditd.conf opened for parsing
local_events_parser called with: yes
writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=
e_logs_parser called with: yes
log_file_parser called with: /var/log/audit/audit.log
log_group_parser called with: root
log_format_parser called with: RAW
flush_parser called with: INCREMENTAL_ASYNC
freq_parser called with:
max_log_size_parser called with:
num_logs_parser called with:
priority_boost_parser called with:
qos_parser called with: lossy
dispatch_parser called with: /usr/sbin/audispd
name_format_parser called with: NONE
max_log_size_action_parser called with: ROTATE
space_left_parser called with:
space_action_parser called with: SYSLOG
action_mail_acct_parser called with: root
admin_space_left_parser called with:
admin_space_left_action_parser called with: SUSPEND
disk_full_action_parser called with: SUSPEND
disk_error_action_parser called with: SUSPEND
use_libwrap_parser called with: yes
tcp_listen_queue_parser called with:
tcp_max_per_addr_parser called with:
tcp_client_max_idle_parser called with:
enable_krb5_parser called with: no
GSSAPI support is not enabled, ignoring value at line
krb5_principal_parser called with: auditd
GSSAPI support is not enabled, ignoring value at line
distribute_network_parser called with: no
Started dispatcher: /usr/sbin/audispd pid:
type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success
config_manager init complete
dispatcher reaped
Init complete, auditd 2.7. listening for events (startup state enable)
. 开机自启动:
[buildroot@root ~]# ps aux | grep audit
root /usr/sbin/auditd
root [kauditd]
root grep audit
[buildroot@root ~]# aureport -m Account Modifications Report
=================================================
# date time auid addr term exe acct success event
=================================================
<no events of interest were found> [buildroot@root ~]#
Linux audit安全审计工具的更多相关文章
- Linux服务器安全审计工具与流程完全指南
http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...
- 无线安全审计工具FruityWifi初体验
FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...
- linux多线程下载工具mwget
linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...
- 工作常用的linux/mysql/php/工具命令
工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...
- 20个linux命令行工具监视性能(下)
昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...
- linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本
linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...
- 77个常用Linux命令和工具
77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...
- Linux ---> 监控JVM工具
Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...
- Linux 常用性能工具简介
一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...
随机推荐
- python爬虫基本原理及入门
爬虫:请求目标网站并获得数据的程序 爬虫的基本步骤: 使用python自带的urllib库请求百度: import urllib.request response = urllib.request.u ...
- C++类型检查
与大多数语言一样,C++也是类型决定了能对该对象进行的操作,一条表达式是否合法依赖于其中参与运算的对象的类型,C++是一种静态数据类型语言,它的类型检查发生在编译时, 因此编译器知道程序中每一个变量对 ...
- C++三大特性 封装 继承 多态
C++ 三大特性 封装,继承,多态 封装 定义:封装就是将抽象得到的数据和行为相结合,形成一个有机的整体,也就是将数据与操作数据的源代码进行有机的结合,形成类,其中数据和函数都是类的成员,目的在于将对 ...
- weblogic CVE-2017-10271修复教程
1.简介 CVE-2017-10271是weblogic wls-wsat组件的一个xml反序列化漏洞,可造成远程命令执行.更详细分析可见参考链接,本文强调在进行参考链接修复中的一些细节. 2.影响版 ...
- APK骨架分析
APK反编译的一般步骤是: 使用apktool将apk文件解压(后辍apk改为rar用winrar也可解压但这样不能解密res/value目录下的各文件),厉害的可以直接静态分析smali文件(ida ...
- python文件管理
文件没有修改操作,修改的方式为打开文件--读取文件--内存中编辑文件--将内容写入文件 打开文件方式 with open('a.txt','w') as f: #操作系统自动关闭文件 f.write( ...
- Win10系列:JavaScript动画3
"交叉进出"动画也是Windows动画库中的动画效果."交叉进出"动画的动画效果是在应用程序界面上隐藏一个元素并同时在相同位置显示另一个元素的时候,被隐藏的元素 ...
- learning ddr mode register MR3
- UVA 11990 `Dynamic'' Inversion CDQ分治, 归并排序, 树状数组, 尺取法, 三偏序统计 难度: 2
题目 https://uva.onlinejudge.org/index.php?option=com_onlinejudge&Itemid=8&page=show_problem&a ...
- OO Summary Ⅲ
规格化设计的发展历史 (这一部分并没有找到答案,于是参考了好黄和温莎莎的blogs) 1950年代,第一次分离,主程序和子程序的分离程序结构模型是树状模型,子程序可先于主程序编写.通过使用库函数来简化 ...