/**********************************************************************

 *                Linux audit安全审计工具

 * 说明:

 *     今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。

 *

 *                                2018-4-23 深圳 宝安西乡 曾剑锋

 *********************************************************************/

一、参考文档:

    . Unable to open /sbin/audispd (No such file or directory)

        https://bugzilla.redhat.com/show_bug.cgi?id=207627

二、Error - audit support not in kernel

    lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

    x  Arrow keys navigate the menu.  <Enter> selects submenus ---> (or empty x

    x  submenus ----).  Highlighted letters are hotkeys.  Pressing <Y>        x

    x  includes, <N> excludes, <M> modularizes features.  Press <Esc><Esc> to x

    x  exit, <?> for Help, </> for Search.  Legend: [*] built-in  [ ]         x

    x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x

    x x    [*] open by fhandle syscalls                                     x x

    x x    [*] uselib syscall                                               x x

    x x    [*] Auditing support         <---------------------              x x

    x x    [*] Enable system-call auditing support                          x x

    x x        IRQ subsystem  --->                                          x x

    x x        Timers subsystem  --->                                       x x

    x x        CPU/Task time and stats accounting  --->                     x x

    x x        RCU Subsystem  --->                                          x x

    x x    <*> Kernel .config support                                       x x

    x x    [*]   Enable access to .config through /proc/config.gz           x x

    x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x

    tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu

    x        <Select>    < Exit >    < Help >    < Save >    < Load >         x

    mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

三、运行测试:

    . 命令测试:

        [buildroot@root ~]#  auditd  -f

        Config file /etc/audit/auditd.conf opened for parsing

        local_events_parser called with: yes

        writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=

        e_logs_parser called with: yes

        log_file_parser called with: /var/log/audit/audit.log

        log_group_parser called with: root

        log_format_parser called with: RAW

        flush_parser called with: INCREMENTAL_ASYNC

        freq_parser called with:

        max_log_size_parser called with:

        num_logs_parser called with:

        priority_boost_parser called with:

        qos_parser called with: lossy

        dispatch_parser called with: /usr/sbin/audispd

        name_format_parser called with: NONE

        max_log_size_action_parser called with: ROTATE

        space_left_parser called with:

        space_action_parser called with: SYSLOG

        action_mail_acct_parser called with: root

        admin_space_left_parser called with:

        admin_space_left_action_parser called with: SUSPEND

        disk_full_action_parser called with: SUSPEND

        disk_error_action_parser called with: SUSPEND

        use_libwrap_parser called with: yes

        tcp_listen_queue_parser called with:

        tcp_max_per_addr_parser called with:

        tcp_client_max_idle_parser called with:

        enable_krb5_parser called with: no

        GSSAPI support is not enabled, ignoring value at line

        krb5_principal_parser called with: auditd

        GSSAPI support is not enabled, ignoring value at line

        distribute_network_parser called with: no

        Started dispatcher: /usr/sbin/audispd pid:

        type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success

        config_manager init complete

        dispatcher  reaped

        Init complete, auditd 2.7. listening for events (startup state enable)

    . 开机自启动:

        [buildroot@root ~]#  ps aux | grep audit

           root     /usr/sbin/auditd

           root     [kauditd]

           root     grep audit

        [buildroot@root ~]#  aureport -m

        Account Modifications Report

        =================================================

        # date time auid addr term exe acct success event

        =================================================

        <no events of interest were found>

        [buildroot@root ~]#

Linux audit安全审计工具的更多相关文章

  1. Linux服务器安全审计工具与流程完全指南

    http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...

  2. 无线安全审计工具FruityWifi初体验

    FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...

  3. linux多线程下载工具mwget

    linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...

  4. 工作常用的linux/mysql/php/工具命令

    工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...

  5. 20个linux命令行工具监视性能(下)

    昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...

  6. linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本

    linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...

  7. 77个常用Linux命令和工具

    77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...

  8. Linux ---> 监控JVM工具

    Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...

  9. Linux 常用性能工具简介

    一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...

随机推荐

  1. HBase环境搭建、shell操作及Java API编程

    一. 1.掌握Hbase在Hadoop集群体系结构中发挥的作用和使过程. 2.掌握安装和配置HBase基本方法. 3.掌握HBase shell的常用命令. 4.使用HBase shell命令进行表的 ...

  2. Python函数式编程,map/reduce,filter和sorted

    什么是函数式编程? 与面向对象编程(Object-oriented programming)和过程式编程(Procedural programming)并列的编程范式. 最主要的特征是,函数是第一等公 ...

  3. 二十、MVC的WEB框架(Spring MVC)

    一.Spring MVC 运行原理:客户端请求提交到DispatcherServlet,由DispatcherServlet控制器查询HandlerMapping,找到并分发到指定的Controlle ...

  4. django学习之——创建项目

    创建项目让我迷茫了会: 直接cmd 执行django-admin.py startproject  pro_name 肯定是不行的 必须cd到 D:\Program Files\Python3.3.5 ...

  5. Python3+BaiduAI识别高颜值妹子图片

    一.在百度云平台创建应用 为什么要到百度云平台创建应用,首先来说是为了获取获取access_token时需要的API Key和Secret Key 至于为什么需要API Key和Secret Key才 ...

  6. 运行网站项目时,有时出现Bad Request,该怎么解决?

    有时运行网站项目时,出现Bad Request问题

  7. nyoj 1091 还是01背包(超大数dp)

    nyoj 1091 还是01背包 描述 有n个重量和价值分别为 wi 和 vi 的物品,从这些物品中挑选总重量不超过W的物品,求所有挑选方案中价值总和的最大值 1 <= n <=40 1 ...

  8. 为什么IT运维工程师要学习Linux系统

    不论你是否知道,其实你每天都在使用Linux.每次你访问微博.百度甚至是一些小电影网站,你的客户端(浏览器)都在与运行在Linux系统上的服务端程序进行通讯,大多数的电子设备,例如数位录像机.飞机.自 ...

  9. 每天CSS学习之text-shadow

    今天学习的是CSS3的一个属性text-shadow.该属性能映射出文字的阴影. text-shadow一共就四个属性: text-shadow: h-shadow  v-shadow  [blur] ...

  10. Factory,工厂设计模式,C++描述

    body, table{font-family: 微软雅黑; font-size: 13.5pt} table{border-collapse: collapse; border: solid gra ...