Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux operating system security tools of the Logs     - YUM install desktop environment in CentOS (Linux)

- Terminal fun: 6 interesting Linux command-line tools (Linux)

- The OpenGL ES GLFW window structures (Programming)

- How to use Linux iptables tool for network sharing (Linux)

- Linux performance monitoring (Linux)

- tespeed - test speed of Python tools (Linux)

- Simple security measures to reinforce the Linux kernel (Linux)

- To share Internet access through NAT mode under Virtual Linux VMware Workstation (Linux)

- Experts teach you safety precautions Linux Sniffer (Linux)

- How to view the Linux program or process used in the library (Linux)

- Security measures under Unix multi-user operating system (Linux)

- Processor in protected mode of protection (Linux)

- Five strokes to find out the IP address you want to know (Linux)

- MultiWriter: while the ISO image concurrent writes 20 USB Startup Disk (Linux)

- How to update the ISPConfig 3 SSL Certificates (Server)

- How do you prevent other users from accessing your home directory in Linux (Linux)

- Servlet 3.0 interfaces of AsyncListener (Programming)

- To compile and install Redis Linux and master-slave replication configuration (Database)

- Mhddfs: multiple smaller partitions into one large virtual storage (Linux)

- RT-11SJ run at ambient PDP-11 MACRO-11 assembly (Programming)

 
         
  Linux operating system security tools of the Logs
     
  Add Date : 2018-11-21      
         
       
         
  For some of the relatively sophisticated attacker who, after entering the Linux operating system, but also to understand their own "clues" and remove these traces, is necessary to understand some of the natural log tool.

(1) logcheck

logchek can automatically check the log files periodically check the log file to find violations of safety rules, and abnormal activities. It first weed out the normal log information to log some problems remain, then email this information to the system administrator. logcheck remember the last location of the log files have been read by logtail program, and then start from this position to handle new log information. logcheck mainly by the following main documents:

logcheck.sh executable script file, records logcheck check those log files, we can add it in the crontab regular operation.

logcheck.hacking is logcheck check pattern file. And the following files together, from top to bottom sequentially. This document shows that the pattern of intrusion activities.
logcheck.violations this file indicates a problem, the pattern of activities contrary to common sense. Priority is less than the above schema file.

logcheck.violations.ignore this document and the above logcheck.violations priority is relative, the schema file is we do not care about the problem.
logcheck.ignore This is the last pattern file checking. If no schema file and the first three matches, no matches this schema file, then output to the report.

Logtail log file information.

Read the relevant log files Logcheck first run everything, Logtail logfile.offset will create a file for each offset concern to the log file in the directory of the log file, so that at the next check from this shift start checking the amount. When Logcheck execution, will not ignore the contents sent by mail to the system administrator logcheck.sh specified user.

(2) logrotate

General Linux distributions comes with this tool. It can automatically make log cycle, remove the oldest log saved, its configuration file is /etc/logrotate.conf, we can set the cycle in the log file, the number of backup log and how to back up the log and so on. In /etc/logrotate.d directory, including some tools log cycle settings file, such as syslog, etc., according to /etc/logrotate.conf specifies how do log rotation, you can also add other files in there in these files in other log cycle services.

(3) swatch

swatch is a real-time log monitoring tools, we can set the events of interest. Swatch has two operating ways: one can withdraw finished checking the log, another log can be monitored continuously with new information. Swatch offers a number of notification methods, including email, ringing, terminal output, a variety of colors and so on. Before installing, you must ensure that the system supports perl. swatch software focused on the profile swatchmessage, this text file tells swatch what need to monitor logs, need to find what triggers, and when triggered the action to be performed. When the swatch was found regular expression match swatchmessage triggers defined, it performs swatchrc defined in the notification procedure.

Of course, the software described above is only Linux in the sea a few beautiful shells, as more and more users to join the ranks of Linux, we believe that outstanding Hack will also be more and more, which in turn will promote the Linux operating system gradually matured, we'll see.
     
         
       
         
  More:      
 
- CentOS yum source deployment (Linux)
- The basic principles of AIX system security (Linux)
- Deb package installation method under ubuntu (Linux)
- Use SVN to automatically deploy code under Apache (Server)
- Intrusion prevention network server security maintenance tips (Linux)
- 5 interesting Linux command line tips (Linux)
- How to handle special characters in JSON (Programming)
- CentOS x86 64bit upgrade to 2.7 Python2.6 (Linux)
- Linux Command Tutorial: du command to view disk space (Linux)
- Linux upgrade Glibc (Linux)
- Upgrading from Fedora 20 to 21 (Linux)
- To install Gitolite in Ubuntu / Fedora / CentOS (Linux)
- C language to view various types of data size (Programming)
- MySQL master-slave database configuration and error handling Raiders (Database)
- Let CentOS6 yum upgrade to support more source rpm package (Linux)
- SQL in the specific internal Oracle process (Database)
- MySQL monitoring tool -Innotop (Database)
- Android Studio 1.0.2 set the memory size (Linux)
- Oracle 11g partition maintenance (two) - Coalescing Partitions (Database)
- Java Foundation - implicit conversion vs cast (Programming)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.