Linux audit安全审计工具
/**********************************************************************
* Linux audit安全审计工具
* 说明:
* 今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。
*
* 2018-4-23 深圳 宝安西乡 曾剑锋
*********************************************************************/ 一、参考文档:
. Unable to open /sbin/audispd (No such file or directory)
https://bugzilla.redhat.com/show_bug.cgi?id=207627 二、Error - audit support not in kernel
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty x
x submenus ----). Highlighted letters are hotkeys. Pressing <Y> x
x includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to x
x exit, <?> for Help, </> for Search. Legend: [*] built-in [ ] x
x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [*] open by fhandle syscalls x x
x x [*] uselib syscall x x
x x [*] Auditing support <--------------------- x x
x x [*] Enable system-call auditing support x x
x x IRQ subsystem ---> x x
x x Timers subsystem ---> x x
x x CPU/Task time and stats accounting ---> x x
x x RCU Subsystem ---> x x
x x <*> Kernel .config support x x
x x [*] Enable access to .config through /proc/config.gz x x
x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x <Select> < Exit > < Help > < Save > < Load > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 三、运行测试:
. 命令测试:
[buildroot@root ~]# auditd -f
Config file /etc/audit/auditd.conf opened for parsing
local_events_parser called with: yes
writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=
e_logs_parser called with: yes
log_file_parser called with: /var/log/audit/audit.log
log_group_parser called with: root
log_format_parser called with: RAW
flush_parser called with: INCREMENTAL_ASYNC
freq_parser called with:
max_log_size_parser called with:
num_logs_parser called with:
priority_boost_parser called with:
qos_parser called with: lossy
dispatch_parser called with: /usr/sbin/audispd
name_format_parser called with: NONE
max_log_size_action_parser called with: ROTATE
space_left_parser called with:
space_action_parser called with: SYSLOG
action_mail_acct_parser called with: root
admin_space_left_parser called with:
admin_space_left_action_parser called with: SUSPEND
disk_full_action_parser called with: SUSPEND
disk_error_action_parser called with: SUSPEND
use_libwrap_parser called with: yes
tcp_listen_queue_parser called with:
tcp_max_per_addr_parser called with:
tcp_client_max_idle_parser called with:
enable_krb5_parser called with: no
GSSAPI support is not enabled, ignoring value at line
krb5_principal_parser called with: auditd
GSSAPI support is not enabled, ignoring value at line
distribute_network_parser called with: no
Started dispatcher: /usr/sbin/audispd pid:
type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success
config_manager init complete
dispatcher reaped
Init complete, auditd 2.7. listening for events (startup state enable)
. 开机自启动:
[buildroot@root ~]# ps aux | grep audit
root /usr/sbin/auditd
root [kauditd]
root grep audit
[buildroot@root ~]# aureport -m Account Modifications Report
=================================================
# date time auid addr term exe acct success event
=================================================
<no events of interest were found> [buildroot@root ~]#
Linux audit安全审计工具的更多相关文章
- Linux服务器安全审计工具与流程完全指南
http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...
- 无线安全审计工具FruityWifi初体验
FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...
- linux多线程下载工具mwget
linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...
- 工作常用的linux/mysql/php/工具命令
工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...
- 20个linux命令行工具监视性能(下)
昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...
- linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本
linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...
- 77个常用Linux命令和工具
77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...
- Linux ---> 监控JVM工具
Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...
- Linux 常用性能工具简介
一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...
随机推荐
- Node.js + Express中间件详解
使用中间件 Express是一种路由和中间件Web框架,它具有自己的最小功能:Express应用程序本质上是一系列中间件函数调用. 中间件函数是可以访问请求对象 (req),响应对象(res)以及应用 ...
- IDEA上传一个项目到github
IDEA上传一个项目到github 只要3步 1. 2. 3. 4. 5.查看页面 上传成功... 详情: https://blog.csdn.net/qq_27093465/article/d ...
- 启动Oracle时提示:ORA-01078:failure in processing system parameters
一.使用环境操作系统:CentOS release 6.2 (Final) 数据库:Oracle 12g数据库主目录:/ora12/product/product/12.1.0/db_1 二.问题描述 ...
- Scheduler & Task & Worker & Thread & Request & Session & Connection of SQL Server
MSSQL一直以来被人们认为简单.好学,但等到大家掌握了入门操作,深入理解起来又觉得非常的“拧巴”,尤其是对用惯了Oracle的同学来说,究其根本原因,无非是MSSQL引入和暴露了太多的概念.细节和理 ...
- PHP函数总结(个人版)
($saying[$key][, , 'utf-8'); 1.//mb_substr() string mb_substr ( string $str , int $start [, int $len ...
- Linux安装配置samba教程(CentOS 6.5)
一.服务端安装配置samba 1.1 服务端安装samba yum install -y samba 1.2 创建共享目录并写入配置文件 以/samba为共享目录为例,为了更直观地观测我们在该目录中创 ...
- learning ddr Electrical Characteristics and AC Timing
reference: JEDS79-3F.pdf , page:181
- Spring Boot + Spring Cloud 实现权限管理系统 (集成 Shiro 框架)
Apache Shiro 优势特点 它是一个功能强大.灵活的,优秀开源的安全框架. 它可以处理身份验证.授权.企业会话管理和加密. 它易于使用和理解,相比Spring Security入门门槛低. 主 ...
- 利用VisualVm和JMX远程监控Java进程
自Java 6开始,Java程序启动时都会在JVM内部启动一个JMX agent,JMX agent会启动一个MBean server组件,把MBeans(Java平台标准的MBean + 你自己创建 ...
- sqlserver查询父子级关系
自上向下的查询方法,查询出自身以及所有的子孙数据: --自上往下搜索 ;with maco as ( union all select t.* from ty_Dictionary t,maco m ...