Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux operating system security tools of the Logs     - Android Send HTTP POST requests (Programming)

- DataGuard the MRP can not start to analyze and solve problems (Database)

- Linux file permissions to modify the command: chmod (Linux)

- To install the Git and Github under Ubuntu (Linux)

- Import and export myloader accelerate mydumper (Database)

- To create someone else can not afford to delete the administrator user (Linux)

- Linux Security and Optimization (Linux)

- C ++ inheritance and derived (induction principle) (Programming)

- Tmux Crash Course: Tips and adjustment (Linux)

- To install Docker under CentOS7 (Linux)

- Linux support exFAT and NTFS (Linux)

- Ubuntu and Archlinux install Notepadqq 0.50.2 (Linux)

- OpenGL Programming Guide (8th edition of the original book) - compute shader (Programming)

- CentOS6 install Redis (Database)

- Ubuntu How to install screen recording tool Simple Screen Recorder 0.3.1 (Linux)

- Learn about EditText little depth (Programming)

- Ubuntu 15.10 under Python + Apache + CGI fully configured (Server)

- Linux uses a screen recording under RecordMyDesktop (Linux)

- Linux OOM killer mechanism (Linux)

- Steps to build MPICH2 development environment on CentOS 6.4 (Linux)

  Linux operating system security tools of the Logs
  Add Date : 2018-11-21      
  For some of the relatively sophisticated attacker who, after entering the Linux operating system, but also to understand their own "clues" and remove these traces, is necessary to understand some of the natural log tool.

(1) logcheck

logchek can automatically check the log files periodically check the log file to find violations of safety rules, and abnormal activities. It first weed out the normal log information to log some problems remain, then email this information to the system administrator. logcheck remember the last location of the log files have been read by logtail program, and then start from this position to handle new log information. logcheck mainly by the following main documents:

logcheck.sh executable script file, records logcheck check those log files, we can add it in the crontab regular operation.

logcheck.hacking is logcheck check pattern file. And the following files together, from top to bottom sequentially. This document shows that the pattern of intrusion activities.
logcheck.violations this file indicates a problem, the pattern of activities contrary to common sense. Priority is less than the above schema file.

logcheck.violations.ignore this document and the above logcheck.violations priority is relative, the schema file is we do not care about the problem.
logcheck.ignore This is the last pattern file checking. If no schema file and the first three matches, no matches this schema file, then output to the report.

Logtail log file information.

Read the relevant log files Logcheck first run everything, Logtail logfile.offset will create a file for each offset concern to the log file in the directory of the log file, so that at the next check from this shift start checking the amount. When Logcheck execution, will not ignore the contents sent by mail to the system administrator logcheck.sh specified user.

(2) logrotate

General Linux distributions comes with this tool. It can automatically make log cycle, remove the oldest log saved, its configuration file is /etc/logrotate.conf, we can set the cycle in the log file, the number of backup log and how to back up the log and so on. In /etc/logrotate.d directory, including some tools log cycle settings file, such as syslog, etc., according to /etc/logrotate.conf specifies how do log rotation, you can also add other files in there in these files in other log cycle services.

(3) swatch

swatch is a real-time log monitoring tools, we can set the events of interest. Swatch has two operating ways: one can withdraw finished checking the log, another log can be monitored continuously with new information. Swatch offers a number of notification methods, including email, ringing, terminal output, a variety of colors and so on. Before installing, you must ensure that the system supports perl. swatch software focused on the profile swatchmessage, this text file tells swatch what need to monitor logs, need to find what triggers, and when triggered the action to be performed. When the swatch was found regular expression match swatchmessage triggers defined, it performs swatchrc defined in the notification procedure.

Of course, the software described above is only Linux in the sea a few beautiful shells, as more and more users to join the ranks of Linux, we believe that outstanding Hack will also be more and more, which in turn will promote the Linux operating system gradually matured, we'll see.
- IP Security Policy is to learn how to prevent Ping and closed ports (Linux)
- Repair after installing Ubuntu no boot device error (Linux)
- Shell for loop (Programming)
- How to Disable Linux IPv6 (Linux)
- CentOS 6 rapid deployment of Java applications (Linux)
- Install the Red Hat Container Development Kit on OSX (Server)
- After Oracle 11g dataguard failover rebuild the archive logs are not applied to be NO problem (Database)
- MongoDB collection data migration to MySQL database (Database)
- Valgrind * not * leak check tool (Linux)
- Use XtraBackup be physical standby database MySQL (Database)
- Security of data to create a safe .mdb database (Linux)
- Transfer files and permissions from Windows to Linux system by Samba (Linux)
- Hadoop safe hftp (Server)
- How to install Hadoop on CentOS7 (Server)
- What happens after the MySQL disk space is full (Database)
- The principle Httpclient4.4 (execution request) (Programming)
- Restrict console access to Linux servers to improve security (Linux)
- Installation Yarock 1.1.4 Music Player in Ubuntu (Linux)
- Delegate in C # (Programming)
- CentOS 7 update source - the use of domestic sources 163 yum (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.