/**********************************************************************

 *                Linux audit安全审计工具

 * 说明:

 *     今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。

 *

 *                                2018-4-23 深圳 宝安西乡 曾剑锋

 *********************************************************************/

一、参考文档:

    . Unable to open /sbin/audispd (No such file or directory)

        https://bugzilla.redhat.com/show_bug.cgi?id=207627

二、Error - audit support not in kernel

    lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

    x  Arrow keys navigate the menu.  <Enter> selects submenus ---> (or empty x

    x  submenus ----).  Highlighted letters are hotkeys.  Pressing <Y>        x

    x  includes, <N> excludes, <M> modularizes features.  Press <Esc><Esc> to x

    x  exit, <?> for Help, </> for Search.  Legend: [*] built-in  [ ]         x

    x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x

    x x    [*] open by fhandle syscalls                                     x x

    x x    [*] uselib syscall                                               x x

    x x    [*] Auditing support         <---------------------              x x

    x x    [*] Enable system-call auditing support                          x x

    x x        IRQ subsystem  --->                                          x x

    x x        Timers subsystem  --->                                       x x

    x x        CPU/Task time and stats accounting  --->                     x x

    x x        RCU Subsystem  --->                                          x x

    x x    <*> Kernel .config support                                       x x

    x x    [*]   Enable access to .config through /proc/config.gz           x x

    x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x

    tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu

    x        <Select>    < Exit >    < Help >    < Save >    < Load >         x

    mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

三、运行测试:

    . 命令测试:

        [buildroot@root ~]#  auditd  -f

        Config file /etc/audit/auditd.conf opened for parsing

        local_events_parser called with: yes

        writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=

        e_logs_parser called with: yes

        log_file_parser called with: /var/log/audit/audit.log

        log_group_parser called with: root

        log_format_parser called with: RAW

        flush_parser called with: INCREMENTAL_ASYNC

        freq_parser called with:

        max_log_size_parser called with:

        num_logs_parser called with:

        priority_boost_parser called with:

        qos_parser called with: lossy

        dispatch_parser called with: /usr/sbin/audispd

        name_format_parser called with: NONE

        max_log_size_action_parser called with: ROTATE

        space_left_parser called with:

        space_action_parser called with: SYSLOG

        action_mail_acct_parser called with: root

        admin_space_left_parser called with:

        admin_space_left_action_parser called with: SUSPEND

        disk_full_action_parser called with: SUSPEND

        disk_error_action_parser called with: SUSPEND

        use_libwrap_parser called with: yes

        tcp_listen_queue_parser called with:

        tcp_max_per_addr_parser called with:

        tcp_client_max_idle_parser called with:

        enable_krb5_parser called with: no

        GSSAPI support is not enabled, ignoring value at line

        krb5_principal_parser called with: auditd

        GSSAPI support is not enabled, ignoring value at line

        distribute_network_parser called with: no

        Started dispatcher: /usr/sbin/audispd pid:

        type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success

        config_manager init complete

        dispatcher  reaped

        Init complete, auditd 2.7. listening for events (startup state enable)

    . 开机自启动:

        [buildroot@root ~]#  ps aux | grep audit

           root     /usr/sbin/auditd

           root     [kauditd]

           root     grep audit

        [buildroot@root ~]#  aureport -m

        Account Modifications Report

        =================================================

        # date time auid addr term exe acct success event

        =================================================

        <no events of interest were found>

        [buildroot@root ~]#

Linux audit安全审计工具的更多相关文章

  1. Linux服务器安全审计工具与流程完全指南

    http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...

  2. 无线安全审计工具FruityWifi初体验

    FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...

  3. linux多线程下载工具mwget

    linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...

  4. 工作常用的linux/mysql/php/工具命令

    工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...

  5. 20个linux命令行工具监视性能(下)

    昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...

  6. linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本

    linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...

  7. 77个常用Linux命令和工具

    77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...

  8. Linux ---> 监控JVM工具

    Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...

  9. Linux 常用性能工具简介

    一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...

随机推荐

  1. [luogu P3382] 三分法

    [luogu P3382] 三分法 题目描述 如题,给出一个N次函数,保证在范围[l,r]内存在一点x,使得[l,x]上单调增,[x,r]上单调减.试求出x的值. 输入输出格式 输入格式: 第一行一次 ...

  2. Lunx下 怎样启动和关闭oracle数据库

    1.因为oracle运行在Linux系统下,首先,要连接Linux系统 2.切换到oracle安装用户下. 我的是 ora12. 3.运行oracle的环境变量, 以便输入相关命令. 4.进入orac ...

  3. Intel daal数据预处理

    https://software.intel.com/en-us/daal-programming-guide-datasource-featureextraction-py # file: data ...

  4. java 常用命令

    #查看堆使用情况jmap -heap [pid]#查看占用内存高的对象jmap -histo:live [pid] | head -n 100#查看占用内存高的对象,dump成文件,线下分析jmap ...

  5. js如何将选中图片文件转换成Base64字符串?

    如何将input type="file"选中的文件转换成Base64的字符串呢? 1.首先了解一下为什么要把图片文件转换成Base64的字符串 在常规的web开发过程中,大部分上传 ...

  6. vs2015 编译时项目出现NuGet程序包还原失败,找不到xxx.xxx.xxx版本的程序包,怎么解决这个问题?

    vs2015 编译时出现这个NuGet程序包还原失败问题,项目还是运行得了,就是每次看到错误列表中有很多个错误,就感觉不舒服. 总算被我找到解决方法了 问题截图:

  7. Unity中Button按钮的触发监听事件

    第一种方式:需要把自己添加的Button按钮属性(Inspector)中的(Button)onclick添加方法. public void BtnCreteClick() { Debug.Log(&q ...

  8. CSS技巧-文字分散对齐的方法

    下面的代码可以在IE中实现文字分散对齐: <table width="300" align="center">    <tr>      ...

  9. java 实现单向链表

    package cn.com.factroy2; /** * 可以看做是操作链表的工具类,链表的核心结构就是节点的数据结构 * @author wanjn * */ public class Sing ...

  10. 深度学习caffe测试代码c++

    #include <caffe/caffe.hpp> #include <opencv2/core/core.hpp> #include <opencv2/highgui ...