/**********************************************************************

 *                Linux audit安全审计工具

 * 说明:

 *     今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。

 *

 *                                2018-4-23 深圳 宝安西乡 曾剑锋

 *********************************************************************/

一、参考文档:

    . Unable to open /sbin/audispd (No such file or directory)

        https://bugzilla.redhat.com/show_bug.cgi?id=207627

二、Error - audit support not in kernel

    lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

    x  Arrow keys navigate the menu.  <Enter> selects submenus ---> (or empty x

    x  submenus ----).  Highlighted letters are hotkeys.  Pressing <Y>        x

    x  includes, <N> excludes, <M> modularizes features.  Press <Esc><Esc> to x

    x  exit, <?> for Help, </> for Search.  Legend: [*] built-in  [ ]         x

    x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x

    x x    [*] open by fhandle syscalls                                     x x

    x x    [*] uselib syscall                                               x x

    x x    [*] Auditing support         <---------------------              x x

    x x    [*] Enable system-call auditing support                          x x

    x x        IRQ subsystem  --->                                          x x

    x x        Timers subsystem  --->                                       x x

    x x        CPU/Task time and stats accounting  --->                     x x

    x x        RCU Subsystem  --->                                          x x

    x x    <*> Kernel .config support                                       x x

    x x    [*]   Enable access to .config through /proc/config.gz           x x

    x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x

    tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu

    x        <Select>    < Exit >    < Help >    < Save >    < Load >         x

    mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

三、运行测试:

    . 命令测试:

        [buildroot@root ~]#  auditd  -f

        Config file /etc/audit/auditd.conf opened for parsing

        local_events_parser called with: yes

        writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=

        e_logs_parser called with: yes

        log_file_parser called with: /var/log/audit/audit.log

        log_group_parser called with: root

        log_format_parser called with: RAW

        flush_parser called with: INCREMENTAL_ASYNC

        freq_parser called with:

        max_log_size_parser called with:

        num_logs_parser called with:

        priority_boost_parser called with:

        qos_parser called with: lossy

        dispatch_parser called with: /usr/sbin/audispd

        name_format_parser called with: NONE

        max_log_size_action_parser called with: ROTATE

        space_left_parser called with:

        space_action_parser called with: SYSLOG

        action_mail_acct_parser called with: root

        admin_space_left_parser called with:

        admin_space_left_action_parser called with: SUSPEND

        disk_full_action_parser called with: SUSPEND

        disk_error_action_parser called with: SUSPEND

        use_libwrap_parser called with: yes

        tcp_listen_queue_parser called with:

        tcp_max_per_addr_parser called with:

        tcp_client_max_idle_parser called with:

        enable_krb5_parser called with: no

        GSSAPI support is not enabled, ignoring value at line

        krb5_principal_parser called with: auditd

        GSSAPI support is not enabled, ignoring value at line

        distribute_network_parser called with: no

        Started dispatcher: /usr/sbin/audispd pid:

        type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success

        config_manager init complete

        dispatcher  reaped

        Init complete, auditd 2.7. listening for events (startup state enable)

    . 开机自启动:

        [buildroot@root ~]#  ps aux | grep audit

           root     /usr/sbin/auditd

           root     [kauditd]

           root     grep audit

        [buildroot@root ~]#  aureport -m

        Account Modifications Report

        =================================================

        # date time auid addr term exe acct success event

        =================================================

        <no events of interest were found>

        [buildroot@root ~]#

Linux audit安全审计工具的更多相关文章

  1. Linux服务器安全审计工具与流程完全指南

    http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...

  2. 无线安全审计工具FruityWifi初体验

    FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...

  3. linux多线程下载工具mwget

    linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...

  4. 工作常用的linux/mysql/php/工具命令

    工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...

  5. 20个linux命令行工具监视性能(下)

    昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...

  6. linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本

    linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...

  7. 77个常用Linux命令和工具

    77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...

  8. Linux ---> 监控JVM工具

    Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...

  9. Linux 常用性能工具简介

    一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...

随机推荐

  1. git设置远程同步分支

    git push --set-upstream origin yourBranchName

  2. Python学习之路【第三篇】--集合

    语法结构: set1.issubset(set2)判断集合set1是否为set2的子集,返回布尔值. ? 1 2 3 4 5 6 s1 = {'Java', 'PHP', 'Python', 'C++ ...

  3. Qt_Pro详解

    在QT中,有一个工具qmake可以生成一个makefile文件,它是由.pro文件生成而来的,.pro文件的写法如下: 1. 注释 从“#”开始,到这一行结束. 2.模板变量告诉qmake为这个应用程 ...

  4. OllyDbg安装教程

    1.下载 http://tools.pediy.com/windows/debuggers.htm 我们这里选择OllyDbg1.10下载 2.安装 解压下载的压缩包直接双击启动即可使用 3.插件安装 ...

  5. weblogic创建domain教程

    1.创建domain [ls@ls ~]$ cd /weblogic/wlserver_10.3/common/bin/ #进入创建文件所在目录 [ls@ls bin]$ ./config.sh #执 ...

  6. js如何比较两个日期之间相差数(天、时、分、秒)

    首先,我们模拟一个例子 引入js文件 <script type="text/javascript" src="jquery.min.js">< ...

  7. 数据库-->记录操作

    一.概览 MySQL数据操作: DML 在MySQL管理软件中,可以通过SQL语句中的DML语言来实现数据的操作,包括 使用INSERT实现数据的插入 UPDATE实现数据的更新 使用DELETE实现 ...

  8. iOS 统一配置

    1 .统一设置nav标题样式: - (void)_setNavigationTitle { NSDictionary *navigationParams = @{NSForegroundColorAt ...

  9. 安装ubuntu gnome桌面

    注意: ubuntu 14.04.5默认的为unity桌面,有多点触发,没有自带Tweak Tool工具. 安装gnome桌面 sudo apt-get install ubuntu-gnome-de ...

  10. 3.9 C++多继承

    参考:http://www.weixueyuan.net/view/6366.html 总结: C++中一个派生类中允许有两个及以上的基类,我们称这种情况为多继承 使用多继承可以描述事物之间的组合关系 ...