Microsoft waxay soo saartay nooca isha furan ee Sysmon System Monitor ee Linux

DarkcriztLa cusboonaysiiyay

Faahfaahin la'aan

Halka Microsoft ay ugu horrayn soo saarto codsiyada iyo adeegyada loogu talagalay si aad u isticmaasho nidaamkaaga Daaqadaha ku shaqeeya, sanadihii la soo dhaafay shirkadda Ma aha oo kaliya macOS laakiin sidoo kale Linux. Ka dib markii dhawaan lagu soo bandhigay Windows Subsystem-ka Linux gudaha Windows 11 dukaanka, Microsoft ayaa hadda soo saartay mid kale oo ka mid ah qalabkeeda isticmaalayaasha Linux.

Oo waa in Microsoft ay hadda soo saartay nooca Linux ee Sysmon, qalabka la socodka nidaamka Windows. Sysmon si fudud waa mid ka mid ah aaladaha ku jira ururinta Sysinternals ee ay hayso Microsoft, taasoo siinaysa isticmaaleyaasha awood ay kula socdaan nidaamyada calaamadaha dhaqdhaqaaqa shakiga leh ee markaa la geli karo.

Kani waa qalab si heer sare ah loo habayn karo oo maamulayaasha nidaamku ay habayn karaan si ay u helaan noocyo hawleed aad u gaar ah oo laga yaabo inay walaac yeeshaan.

Ku saabsan Kormeeraha Nidaamka Sysmon

Kuwa aan aqoon Sysmon, waa inaad taas ogaataa waa barnaamij ku rakiban adeeg nidaam ahaan oo way sii socotaa xitaa ka dib reboots-ka xiga.

Oggolow la socodka iyo duubista hawsha nidaamka ee diiwaanka dhacdada Daaqadaha oo bixiya macluumaad faahfaahsan oo ku saabsan abuurista hababka, isku xirka shabakadaha, abuurista iyo wax ka beddelka faylasha. Marka la eego dhacdooyinka uu Sysmon ku soo saaray mishiinka la isticmaalay, maamuluhu waxa uu aqoonsan karaa falalka aan caadiga ahayn ama xaasidnimada leh, fahmi karo sida nidaamka loo isticmaalay, fahamka sida dadka soo galaa ay ugu dhaqmeen nidaamka.

Nooca Linux ee Sysmon aad ayuu uga fog yahay isticmaalka gaarka ah, oo wuxuu isku arkaa inuu ku dhibtoonayo inuu kasbado goob awalba mashquul ahayd. Si kastaba ha ahaatee, waxaad ka heli doontaa taageere ka mid ah maamulayaasha nidaamka kuwaas oo horey u isticmaali jiray Sysmon for Windows oo si weyn u sugayay dekedda Linux si loogu isticmaalo nidaamyada kale.

Qof kasta oo raba inuu ku bilaabo utility wuxuu u baahan doonaa inuu ogaado sida loo ururiyo binaries Linux, laakiin taasi waa inaysan caqabad ku noqonin daawadayaasha bartilmaameedka ah ee qalabka. Dabaaldegga, Mark Russinovich, abuuraha xirmada, ayaa sheegay in Sysinternals hadda laga soo dejisan karo garabka ama Dukaanka Microsoft. Sidoo kale, sidaad horeba u ogeyd, Sysmon hadda waxaa loo sii daayay Linux, oo leh koodka isha furan.

Sida loo rakibo Sysmon Linux?

Nooca Linux wuxuu u baahan yahay rakibaadda SysinternalsEBPF ka dibna qalabaynta isticmaaluhu. Tilmaamaha tan waxay ku yaalaan bogga Sysmon ee GitHub.

Tusaale ahaan, qalabku wuxuu leeyahay hab rakiban oo fudud oo ku yaal Ubuntu, tan iyo markii la rakibay, kaliya fur terminal oo ku qor:

wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt install build-essential gcc g++ make cmake libelf-dev llvm clang libxml2 libxml2-dev libzstd1 git libgtest-dev apt-transport-https dirmngr monodevelop googletest google-mock libjson-glib-dev

sudo apt-get update
sudo apt-get install sysmonforlinux

Inta lagu jiro Debian 11:

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
wget -q https://packages.microsoft.com/config/debian/11/prod.list
sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list

sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install sysmonforlinux

Ama kiiska Fedora 34:

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/fedora/34/prod.repo
sudo dnf install sysmonforlinux

Ka dib markii rakibidda la dhammeeyo, Sysmon ee Linux wuxuu bilaabayaa inuu galo nidaamka hawlgelinta gudaha / var / log / syslog. Qaar ka mid ah dhacdooyinka uu galay qalabku ma khuseeyaan Linux. Warka fiicani waa in Sysmon loo habayn karo si uu u duubo kaliya waxa maamuluhu u arko inay khuseeyaan.

Waxaad bilaabi kartaa barnaamijka oo aad heli kartaa syntax ee amarrada la isticmaali karo. Si tan loo sameeyo, waxay si fudud u qoraan:

sysmon -h

Markaa waxaad aqbali kartaa shuruudaha isticmaalka adoo ku qoraya

sysmon -accepteula

Sysmon waa qalab awood leh oo muddo dheer lagu isticmaalay Windows si loo muujiyo sababaha dabeecadaha aan caadiga ahayn ee lagu ogaado heerka codsiga ama gudaha shabakada maxaliga ah.

Finalmente Haddii aad xiisaynayso inaad waxbadan ka ogaato, waad hubin kartaa faahfaahinta Xiriirka soo socda.


Noqo kuwa ugu horreeya ee faallo bixiya

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.