Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux operating system security tools of the Logs     - How to choose the correct HTTP status code (Server)

- Xmanager Remote Desktop login CentOS 6.5 (Linux)

- OGG-03510 Problem (Database)

- Linux Mint 17 set up the Ruby environment (Linux)

- Linux System Tutorial: Fix ImportError: No module named wxversion error (Linux)

- Linux kernel compilation, the configuration of the motor drive (Programming)

- Linux terminal program running in the background (Linux)

- Depth understanding of Python character set encoding (Programming)

- Five Linux user space debugging tool (Linux)

- Java Builder mode (Programming)

- MySQL bulk insert data script (Database)

- The compiler installed Kaldi under Ubuntu 12.04 (Linux)

- Introduction and bash history command to quickly call (Linux)

- MySQL partition summary (Database)

- in no backup ex: error: Xin Tourou ah backup child process has Singles DAT / US person / bin / in no backup ex (Database)

- JDK tools jstat (Linux)

- Ubuntu 12.04 installation instructions under GAMIT10.40 (Linux)

- pdf.js Tutorial (Linux)

- Exploring the Android Listview display confusion (Programming)

- Linux Basics Tutorial: Combining awk delete data before the specified date hdfs (Linux)

  Linux operating system security tools of the Logs
  Add Date : 2018-11-21      
  For some of the relatively sophisticated attacker who, after entering the Linux operating system, but also to understand their own "clues" and remove these traces, is necessary to understand some of the natural log tool.

(1) logcheck

logchek can automatically check the log files periodically check the log file to find violations of safety rules, and abnormal activities. It first weed out the normal log information to log some problems remain, then email this information to the system administrator. logcheck remember the last location of the log files have been read by logtail program, and then start from this position to handle new log information. logcheck mainly by the following main documents:

logcheck.sh executable script file, records logcheck check those log files, we can add it in the crontab regular operation.

logcheck.hacking is logcheck check pattern file. And the following files together, from top to bottom sequentially. This document shows that the pattern of intrusion activities.
logcheck.violations this file indicates a problem, the pattern of activities contrary to common sense. Priority is less than the above schema file.

logcheck.violations.ignore this document and the above logcheck.violations priority is relative, the schema file is we do not care about the problem.
logcheck.ignore This is the last pattern file checking. If no schema file and the first three matches, no matches this schema file, then output to the report.

Logtail log file information.

Read the relevant log files Logcheck first run everything, Logtail logfile.offset will create a file for each offset concern to the log file in the directory of the log file, so that at the next check from this shift start checking the amount. When Logcheck execution, will not ignore the contents sent by mail to the system administrator logcheck.sh specified user.

(2) logrotate

General Linux distributions comes with this tool. It can automatically make log cycle, remove the oldest log saved, its configuration file is /etc/logrotate.conf, we can set the cycle in the log file, the number of backup log and how to back up the log and so on. In /etc/logrotate.d directory, including some tools log cycle settings file, such as syslog, etc., according to /etc/logrotate.conf specifies how do log rotation, you can also add other files in there in these files in other log cycle services.

(3) swatch

swatch is a real-time log monitoring tools, we can set the events of interest. Swatch has two operating ways: one can withdraw finished checking the log, another log can be monitored continuously with new information. Swatch offers a number of notification methods, including email, ringing, terminal output, a variety of colors and so on. Before installing, you must ensure that the system supports perl. swatch software focused on the profile swatchmessage, this text file tells swatch what need to monitor logs, need to find what triggers, and when triggered the action to be performed. When the swatch was found regular expression match swatchmessage triggers defined, it performs swatchrc defined in the notification procedure.

Of course, the software described above is only Linux in the sea a few beautiful shells, as more and more users to join the ranks of Linux, we believe that outstanding Hack will also be more and more, which in turn will promote the Linux operating system gradually matured, we'll see.
- Easy to install Ubuntu 15.04 and Ubuntu 15.04 GNOME on Wayland trial (Linux)
- Linux LVM Logical Volume Management to resize partitions (Linux)
- Use Bosh deploy CloudFoundry problems encountered on OpenStack (Server)
- Linux Network Programming - non-blocking program (Programming)
- Linux common network tools: batch scanning of hosting services netcat (Linux)
- Use regular expressions to check whether the input box to enter a URL (Programming)
- How to install Unbound and DNSCrypt in Archlinux (Server)
- Linux kernel likely and unlikely to resolve macro definitions (Linux)
- JavaScript common functions summary (Programming)
- Asynchronous JavaScript loading (Programming)
- CentOS terminal display Chinese (Linux)
- Bootstrap 3.3.5 release download, Web front-end UI framework (Linux)
- Remote database using RMAN recovery test (RAC return to single-instance database) (Database)
- CentOS 6.x and CentOS7 install MPlayer (Linux)
- WordPress plug-ins installed in Ubuntu, enter the subject of FTP and not create directory problem (Server)
- SSH without password (Linux)
- TL-WR703N to install OpenWrt process notes (Linux)
- Fedora 22 users to install the VLC media player (Linux)
- Linux find command usage summary (Linux)
- Nginx Keepalived Nginx monitoring scripts (Server)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.