Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux operating system security tools of the Logs     - Ubuntu U disk do not have write privileges can only read but not write (Linux)

- Struts2 dynamic call DMI and error Solution (Programming)

- Linux system performance tuning of Analysis (Linux)

- MySQL Online DDL tools of pt-online-schema-change (Database)

- Installation and configuration of phpMyAdmin under CentOS (Database)

- Ten linux version of the system (Linux)

- Ubuntu 15.04 and Ubuntu 14.04 installed Cinnamon 2.6 (Linux)

- C language macro definition #define Usage (Programming)

- Explore Android SQLite3 multithreading (Programming)

- Linux for enterprises to build a firewall (Linux)

- Ubuntu 12.04 installed OpenCV 2.3.1, binary image (Linux)

- Notebook computer forget password solution (Linux)

- Build RPM package uses Docker mirror (Linux)

- iOS9 new feature - stacked view UIStackView (Programming)

- Android gets the global process information and the memory used by the process (Programming)

- Oracle table of nested loop connection (Database)

- KUbuntu / Ubuntu 14.04 (downgrade) installed SVN 1.7 (Linux)

- Set up MySQL master and slave servers under Ubuntu 14.04 (Server)

- IP Security Policy is to learn how to prevent Ping and closed ports (Linux)

- Ubuntu and Derivative Edition users install LMMS 0.4.15 (Linux)

  Linux operating system security tools of the Logs
  Add Date : 2018-11-21      
  For some of the relatively sophisticated attacker who, after entering the Linux operating system, but also to understand their own "clues" and remove these traces, is necessary to understand some of the natural log tool.

(1) logcheck

logchek can automatically check the log files periodically check the log file to find violations of safety rules, and abnormal activities. It first weed out the normal log information to log some problems remain, then email this information to the system administrator. logcheck remember the last location of the log files have been read by logtail program, and then start from this position to handle new log information. logcheck mainly by the following main documents:

logcheck.sh executable script file, records logcheck check those log files, we can add it in the crontab regular operation.

logcheck.hacking is logcheck check pattern file. And the following files together, from top to bottom sequentially. This document shows that the pattern of intrusion activities.
logcheck.violations this file indicates a problem, the pattern of activities contrary to common sense. Priority is less than the above schema file.

logcheck.violations.ignore this document and the above logcheck.violations priority is relative, the schema file is we do not care about the problem.
logcheck.ignore This is the last pattern file checking. If no schema file and the first three matches, no matches this schema file, then output to the report.

Logtail log file information.

Read the relevant log files Logcheck first run everything, Logtail logfile.offset will create a file for each offset concern to the log file in the directory of the log file, so that at the next check from this shift start checking the amount. When Logcheck execution, will not ignore the contents sent by mail to the system administrator logcheck.sh specified user.

(2) logrotate

General Linux distributions comes with this tool. It can automatically make log cycle, remove the oldest log saved, its configuration file is /etc/logrotate.conf, we can set the cycle in the log file, the number of backup log and how to back up the log and so on. In /etc/logrotate.d directory, including some tools log cycle settings file, such as syslog, etc., according to /etc/logrotate.conf specifies how do log rotation, you can also add other files in there in these files in other log cycle services.

(3) swatch

swatch is a real-time log monitoring tools, we can set the events of interest. Swatch has two operating ways: one can withdraw finished checking the log, another log can be monitored continuously with new information. Swatch offers a number of notification methods, including email, ringing, terminal output, a variety of colors and so on. Before installing, you must ensure that the system supports perl. swatch software focused on the profile swatchmessage, this text file tells swatch what need to monitor logs, need to find what triggers, and when triggered the action to be performed. When the swatch was found regular expression match swatchmessage triggers defined, it performs swatchrc defined in the notification procedure.

Of course, the software described above is only Linux in the sea a few beautiful shells, as more and more users to join the ranks of Linux, we believe that outstanding Hack will also be more and more, which in turn will promote the Linux operating system gradually matured, we'll see.
- The new task parallel library feature in .NET 4.6 (Programming)
- shell script: LVS start simple script (Server)
- Use Spring cache and ehcache (Programming)
- HBase cluster installation and deployment (Server)
- Oracle RAC node on the expulsion of the inspection process on OEL6.3 (Database)
- Linux NIC driver and version information (Linux)
- Use OpenSSL carried BASE64 encoding and decoding (Linux)
- Category prevent DoS attacks against Linux (Linux)
- Linux basic introductory tutorial ---- regex basis (Linux)
- Unix system security configuration (Linux)
- PLSQL Developer synchronization table tools (Database)
- Linux Firewall Builder shorewall (Linux)
- Linux vi command list (Linux)
- grep search from files and display the file name (Linux)
- DRBD Principle and Features Overview (Server)
- To use iostat display I / O status under Linux (Linux)
- How to manage your to-do list with the Go For It on Ubuntu (Linux)
- Systemd on RHEL7 (Linux)
- ORA-04031 Error Resolution (Database)
- CKEditor + SWFUpload achieve a more powerful editor (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.