/**********************************************************************

 *                Linux audit安全审计工具

 * 说明:

 *     今天接触到安全审计,查看一下,发现内核有支持安全审计方面的东西。

 *

 *                                2018-4-23 深圳 宝安西乡 曾剑锋

 *********************************************************************/

一、参考文档:

    . Unable to open /sbin/audispd (No such file or directory)

        https://bugzilla.redhat.com/show_bug.cgi?id=207627

二、Error - audit support not in kernel

    lqqqqqqqqqqqqqqqqqqqqqqqqqqqqq General setup qqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

    x  Arrow keys navigate the menu.  <Enter> selects submenus ---> (or empty x

    x  submenus ----).  Highlighted letters are hotkeys.  Pressing <Y>        x

    x  includes, <N> excludes, <M> modularizes features.  Press <Esc><Esc> to x

    x  exit, <?> for Help, </> for Search.  Legend: [*] built-in  [ ]         x

    x lqqqq^(-)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x

    x x    [*] open by fhandle syscalls                                     x x

    x x    [*] uselib syscall                                               x x

    x x    [*] Auditing support         <---------------------              x x

    x x    [*] Enable system-call auditing support                          x x

    x x        IRQ subsystem  --->                                          x x

    x x        Timers subsystem  --->                                       x x

    x x        CPU/Task time and stats accounting  --->                     x x

    x x        RCU Subsystem  --->                                          x x

    x x    <*> Kernel .config support                                       x x

    x x    [*]   Enable access to .config through /proc/config.gz           x x

    x mqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x

    tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu

    x        <Select>    < Exit >    < Help >    < Save >    < Load >         x

    mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

三、运行测试:

    . 命令测试:

        [buildroot@root ~]#  auditd  -f

        Config file /etc/audit/auditd.conf opened for parsing

        local_events_parser called with: yes

        writaudit: type= audit(61.430:): audit_pid= old= auid= ses= res=

        e_logs_parser called with: yes

        log_file_parser called with: /var/log/audit/audit.log

        log_group_parser called with: root

        log_format_parser called with: RAW

        flush_parser called with: INCREMENTAL_ASYNC

        freq_parser called with:

        max_log_size_parser called with:

        num_logs_parser called with:

        priority_boost_parser called with:

        qos_parser called with: lossy

        dispatch_parser called with: /usr/sbin/audispd

        name_format_parser called with: NONE

        max_log_size_action_parser called with: ROTATE

        space_left_parser called with:

        space_action_parser called with: SYSLOG

        action_mail_acct_parser called with: root

        admin_space_left_parser called with:

        admin_space_left_action_parser called with: SUSPEND

        disk_full_action_parser called with: SUSPEND

        disk_error_action_parser called with: SUSPEND

        use_libwrap_parser called with: yes

        tcp_listen_queue_parser called with:

        tcp_max_per_addr_parser called with:

        tcp_client_max_idle_parser called with:

        enable_krb5_parser called with: no

        GSSAPI support is not enabled, ignoring value at line

        krb5_principal_parser called with: auditd

        GSSAPI support is not enabled, ignoring value at line

        distribute_network_parser called with: no

        Started dispatcher: /usr/sbin/audispd pid:

        type=DAEMON_START msg=audit(61.435:): op=start ver=2.7. format=raw kernel=4.1.+g30278ab auid= pid= uid= ses= res=success

        config_manager init complete

        dispatcher  reaped

        Init complete, auditd 2.7. listening for events (startup state enable)

    . 开机自启动:

        [buildroot@root ~]#  ps aux | grep audit

           root     /usr/sbin/auditd

           root     [kauditd]

           root     grep audit

        [buildroot@root ~]#  aureport -m

        Account Modifications Report

        =================================================

        # date time auid addr term exe acct success event

        =================================================

        <no events of interest were found>

        [buildroot@root ~]#

Linux audit安全审计工具的更多相关文章

  1. Linux服务器安全审计工具与流程完全指南

    http://Linux.chinaitlab.com/server/860516.html 当今许多linux服务器都不是刚刚部署完毕的新机器,有专业的Linux系统管理员进行定期维护,IT技术人员 ...

  2. 无线安全审计工具FruityWifi初体验

    FruityWIfi是一款有名的无线安全审计的开源工具,其灵感来自于wifipineapple,目前该工具已经更新到2.4.它能够让用户通过web界面来控制和管理模块,十分方便.FriutyWifi最 ...

  3. linux多线程下载工具mwget

    linux多线程下载工具mwget 经常使用wget进行文件下载,然而wget的处理速度并不如人意.遇到一些国外的站点,经常慢得像蜗牛一般.然而为了解决这个问题,便有了mwget:m表示multi多线 ...

  4. 工作常用的linux/mysql/php/工具命令

    工作常用的linux/mysql/php/工具命令: 1. tar备份目录 tar zcvf ****.tar.gz ****/ tar 备份跳过目录 tar --exclude=test1 3. s ...

  5. 20个linux命令行工具监视性能(下)

    昨天晚上第一次翻译了<20 Command Line Tools to Monitor Linux Performance>中的前十个命令,翻译得不是很好,今天晚上继续把后面的十个也翻译给 ...

  6. linux自动交互工具expect,tcl安装和安装包,以及自动互信脚本

    linux自动交互工具expect,tcl安装,以及自动互信脚本 工作中需要对几十台服务器做自动互信,无意中发现expect命令,研究一番. 在网上找了许多资料也没有安装成功,摸索着总算成功了.现分享 ...

  7. 77个常用Linux命令和工具

    77个常用Linux命令和工具 Linux管理员不能单靠GUI图形界面吃饭.这就是我们编辑这篇最实用Linux命令手册的原因.这个指南是特别为Linux管理员和系统管理员 设计的,汇集了最有用的一些工 ...

  8. Linux ---> 监控JVM工具

    Linux ---> 监控JVM工具shkingshking 发布时间: 2013/10/10 01:27 阅读: 2642 收藏: 26 点赞: 1 评论: 0 JDK内置工具使用 jps(J ...

  9. Linux 常用性能工具简介

    一.wget 文件下载 使用wget下载单个文件:wget URL 下载并以不同的文件名保存:wget -O wordpress.zip URL wget限速下载:wget --limit-rate= ...

随机推荐

  1. git 连接github的配置

    这段时间要先在git上开发,上传代码到github上,所以首先需配置本地的git和github. 这几篇文章都不错,可以参考一下,大体的配置都很清楚. 1:https://blog.csdn.net/ ...

  2. codepen素材 coffeeScript -> JavaScript

    将coffeeScript代码复制到下面的网址进行转换: http://js2.coffee/

  3. python之命令行参数解析模块argparse

    """argparse模块使得写用户友好性命令行接口很容易,程序定义所需要的参数,argparse会从ays.argv中提取出这些参数.argparse模块也能自动的产生 ...

  4. [LeetCode] 95. Unique Binary Search Trees II(给定一个数字n,返回所有二叉搜索树) ☆☆☆

    Unique Binary Search Trees II leetcode java [LeetCode]Unique Binary Search Trees II 异构二叉查找树II Unique ...

  5. 我个人对OOP的理解

    OOP面向对象的思维:pay1:封装 A.避免使用非法数据赋值 B.保证数据的完整性 C.避免类内部发生修改的时候,导致整个程序的修改 pay2:继承 A.继承模拟了现实世界的关系,OOP中强调一切皆 ...

  6. linux git:fatal: HTTP request failed

    问题 问题的出现比较奇怪 我一台电脑 git clone   没问题 另外一台电脑  git  clone  有问题 解决 yum update nss nss-util nspr 参考 https: ...

  7. ID基本操作(新建文档,页面编码)5.8

    “文件”“新建”“文档”选择页数,页面大小.页面方向,“边距和分栏”设置上下左右的边距,栏数,如三栏 还可以改变分栏距离·改变排版方向,如图,垂直 单击“页面”可以查看我们的页面情况 超过两页会可以看 ...

  8. hibernate创建构架

    创建hibernate架构: 注意:需要将所需的架包导进去: 二:Java工程的具体结构: 具体代码如下:hibernate.cfg.xml <!DOCTYPE hibernate-config ...

  9. day040 数据库索引补充 存储过程 事务等

    1.正确使用索引 视图: 关键词 view 视图是体格虚拟表 创建视图 : create view 视图名称 as sql语句; 例: create view t_view as select * f ...

  10. mysql的取整函数

    一:四舍五入:ROUND() 二:向上取整:CEILING() 三:向下取整:FLOOR() 下面是示例代码. SELECT round('123.1'), round('123.4'), round ...