Linux audit安全审计工具
/**********************************************************************
* Linux audit安全审计工具
* 说明:
* 今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。
*
* 2018-4-23 深圳 宝安西乡 曾剑锋
*********************************************************************/ 一、参考文档:
. Unable to open /sbin/audispd (No such file or directory)
https://bugzilla.redhat.com/show_bug.cgi?id=207627 二、Error - audit support not in kernel
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty x
x submenus ----). Highlighted letters are hotkeys. Pressing <Y> x
x includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to x
x exit, <?> for Help, </> for Search. Legend: [*] built-in [ ] x
x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [*] open by fhandle syscalls x x
x x [*] uselib syscall x x
x x [*] Auditing support <--------------------- x x
x x [*] Enable system-call auditing support x x
x x IRQ subsystem ---> x x
x x Timers subsystem ---> x x
x x CPU/Task time and stats accounting ---> x x
x x RCU Subsystem ---> x x
x x <*> Kernel .config support x x
x x [*] Enable access to .config through /proc/config.gz x x
x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x <Select> < Exit > < Help > < Save > < Load > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 三、运行测试:
. 命令测试:
[buildroot@root ~]# auditd -f
Config file /etc/audit/auditd.conf opened for parsing
local_events_parser called with: yes
writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=
e_logs_parser called with: yes
log_file_parser called with: /var/log/audit/audit.log
log_group_parser called with: root
log_format_parser called with: RAW
flush_parser called with: INCREMENTAL_ASYNC
freq_parser called with:
max_log_size_parser called with:
num_logs_parser called with:
priority_boost_parser called with:
qos_parser called with: lossy
dispatch_parser called with: /usr/sbin/audispd
name_format_parser called with: NONE
max_log_size_action_parser called with: ROTATE
space_left_parser called with:
space_action_parser called with: SYSLOG
action_mail_acct_parser called with: root
admin_space_left_parser called with:
admin_space_left_action_parser called with: SUSPEND
disk_full_action_parser called with: SUSPEND
disk_error_action_parser called with: SUSPEND
use_libwrap_parser called with: yes
tcp_listen_queue_parser called with:
tcp_max_per_addr_parser called with:
tcp_client_max_idle_parser called with:
enable_krb5_parser called with: no
GSSAPI support is not enabled, ignoring value at line
krb5_principal_parser called with: auditd
GSSAPI support is not enabled, ignoring value at line
distribute_network_parser called with: no
Started dispatcher: /usr/sbin/audispd pid:
type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success
config_manager init complete
dispatcher reaped
Init complete, auditd 2.7. listening for events (startup state enable)
. 开机自启动:
[buildroot@root ~]# ps aux | grep audit
root /usr/sbin/auditd
root [kauditd]
root grep audit
[buildroot@root ~]# aureport -m Account Modifications Report
=================================================
# date time auid addr term exe acct success event
=================================================
<no events of interest were found> [buildroot@root ~]#
Linux audit安全审计工具的更多相关文章
- Linux服务器安全审计工具与流程完全指南
http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...
- 无线安全审计工具FruityWifi初体验
FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...
- linux多线程下载工具mwget
linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...
- 工作常用的linux/mysql/php/工具命令
工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...
- 20个linux命令行工具监视性能(下)
昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...
- linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本
linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...
- 77个常用Linux命令和工具
77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...
- Linux ---> 监控JVM工具
Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...
- Linux 常用性能工具简介
一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...
随机推荐
- 【LeetCode】Valid Parentheses合法括号
给定一个仅包含 '('.')'.'{'.'}'.'['.']'的字符串,确定输入的字符串是否合法. e.g. "()"."()[]{}"."[()]( ...
- 部署项目到linux中报Spring MVC报异常:org.springframework.web.util.NestedServletException: Request processing failed
@RequestMapping(value = "/security/login", method = RequestMethod.POST) public ModelAndVie ...
- Vue 使用 vuelidate 实现表单验证
表单验证的应用场景十分广泛,因为网站对用户输入内容的限制是非常必要的. 在vue中,我们使用vuelidate方便地实现表单验证. 官方文档在这里https://monterail.github.io ...
- 牛客网 PAT 算法历年真题 1001 : A+B和C (15)
1001 : A+B和C (15) 时间限制 1000 ms 内存限制 32768 KB 代码长度限制 100 KB 判断程序 Standard 题目描述 给定区间[-2的31次方, 2的31次方]内 ...
- mysql索引类型和方式
索引 数据库的索引就像一本书的目录,能够加快数据库的查询速度. MYSQL索引有四种PRIMARY.INDEX.UNIQUE.FULLTEXT, 其中PRIMARY.INDEX.UNIQUE是一类,F ...
- POJ 1006 生理周期(中国剩余定理)
POJ 1006 生理周期 分析:中国剩余定理(注意结果要大于d即可) 代码: #include<iostream> #include<cstdio> using namesp ...
- python运算符号
运算符 比较运算 赋值运算 逻辑运算 成员运算
- python vue 项目
http://www.jianshu.com/p/fe74907e16b9 mac 电脑,亲测可以,可以看下开源的写法及思路
- es6新增的math函数有哪些
Math.trunc():用于去除一个数的小数部分,返回整数部分. Math.sign():用来判断一个数到底是正数.负数.还是零. Math.cbrt():用于计算一个数的立方根. Math.hyp ...
- jquery 操作table样式拖动参考
参考: http://blog.csdn.net/kdiller/article/details/6059727 http://www.jb51.net/article/59795.htm