Isakhelo soPhicotho lweLinux: Konke malunga nomyalelo woPhicotho-zincwadi
Kwiintsuku ezimbalwa ezidlulileyo, ukuqala ngoFebruwari, sakhwela i-a isithuba esikhethekileyo enkulu ingqokelela yemiyalelo ebalulekileyo (esisiseko kunye nephakathi) ekhoyo kwiinkqubo ezininzi ezisimahla nezivulelekileyo ezisekwe kwi-GNU/Linux. Ngenxa yoko, ezinye zazilula kakhulu, kwaye zeziphi iifolda kunye neefayile ezinokuguqulwa, kunye nolwazi oluboniswe kuzo. Ngelixa ezinye zazintsonkothile ngakumbi, kwaye ngoluphi ulungelelwaniso kunye neeparamitha ezinokulawulwa.
Kodwa, le ngqokelela yayigubungela kuphela okuthozamileyo 60 imiyalelo ye-linux. Kwaye kunikwe ukuba, ngokomndilili, kukho amakhulu emiyalelo ekhoyo kuninzi lwe-GNU/Linux Distributions, lixesha, kancinci kancinci, ukulungisa ezinye ezifanayo okanye ezibaluleke ngakumbi, eziphambili okanye ezikhethekileyo. Njengokuba, i Umyalelo we-Linux Auditd o "Isakhelo soPhicotho lweLinux", esiza kujongana nayo namhlanje kule post.
Imiyalelo ye-Linux: Eyona nto ibalulekileyo ukuze ukwazi kakuhle ngonyaka ka-2023
Kodwa, ngaphambi kokuba uqale le post inomdla malunga ne Umyalelo we-Linux Auditd o "Isakhelo soPhicotho lweLinux", sicebisa upapasho lwangaphambili, ukuze lufundwe kamva:
Isakhelo soPhicotho lwe-Linux: Indawo yophicotho yeLinux enamandla
Yintoni i-Auditd Command (isakhelo soPhicotho lweLinux)?
Ngokufutshane, sinokuchaza wathi umyalelo wophicotho njengesixhobo sesoftware (isakhelo) uphicotho lweLinux, olubonelela nge Inkqubo yophicotho ethobelayo ye-CAPP (IProfayili yoKhuseleko oluLawulwayo, ngesiNgesi, okanye iProfayili yoKhuseleko oluLawulwayo lokuFikelela, ngeSpanish). Kunjalo ke ukwazi ukuqokelela ulwazi ngokuthembekileyo malunga naso nasiphi na isiganeko esifanelekileyo (okanye hayi) sokhuseleko kwinkqubo yokusebenza yeLinux.
Ngenxa yoko, kufanelekile ukusixhasa xa sisenza ukubeka esweni iintshukumo ezenziwa kwi-OS. Ngale ndlela, umyalelo we-Auditd okanye i Linux Audit Framework (iLinux Audit Framework okanye LAF) iyakwazi ukusinceda silondoloze i-OS yethu ekhuselekileyo, enkosi ngokusinika iindlela eziyimfuneko zokuhlalutya okwenzekayo kuyo kunye nenqanaba elikhulu leenkcukacha.
Nangona kunjalo, kwaye njengoko kufuneka kuqondwe, ayinikezeli ukuzithemba okongeziweyo, oko kukuthi, ayikhuseli i-OS yethu ngokuchasene nokungasebenzi kakuhle kwekhowudi okanye naluphi na uhlobo lokuxhaphaza ngesoftware enobungozi okanye uhlaselo olungenamsebenzi. Kodwa, Kuluncedo ekulandeleni phantsi iingxaki ezinokuthi zibekho ukuze kuhlalutywe ngakumbi kunye nokulungiswa., ngaloo ndlela, ukuthatha amanyathelo okhuseleko olongezelelweyo ukuwanciphisa kwaye nokubaphepha. Ekugqibeleni, yena UMTHETHO isebenza ngokumamela iminyhadala exelwe yi-kernel kwaye ingene kwifayile yelog ukuze ihlalutywe kamva kwaye inike ingxelo kumsebenzisi.
Sisixhobo sesithuba somsebenzisi sophicotho lokhuseleko. Iphakheji yophicotho iqulethe izinto eziluncedo zomhlaba zokugcina kunye nokukhangela iilogi zophicotho ezenziwe yi-Linux kernel audit subsystem, ukusuka kwinguqulelo 2.6 ukuya phambili. iphakheji ephicothiweyo (kwiDebian)
Uwufaka kwaye uwusebenzise njani umyalelo we-Auditd?
Njengemiyalelo emininzi, ngeTheminali (CLI), inokufakwa lula kwaye ifakwe rhoqo. usebenzisa engagqibekanga okanye ekhethwayo umphathi wempahla ye GNU/Linux Distro yakho.
Umzekelo, ngaphakathi I-Debian GNU / Linux kunye nezinto eziphuma kuzo ziya kuba:
sudo apt install auditdOkwangoku in Fedora GNU/Linux kunye neRed Hat, kwaye okufanayo kuya kuba:
sudo dnf install auditdsudo yum install auditKwaye kusetyenziso lwayo olusisiseko kunye nolumiselweyo, kuyimfuneko kuphela ukwenza le miyalelo ilandelayo yomyalelo:
- Jonga isimo sokwenziwa
sudo systemctl status audit- Vula inkonzo yangasemva
sudo systemctl enable auditd- Jonga ngoku imithetho emiselweyo
sudo auditctl -l- Ukwenziwa kwemigaqo yokubonisa (iwotshi) okanye ulawulo (syscall)
sudo auditctl -w /carpeta/archivo -p permisos-otorgadossudo auditctl -a action,filter -S syscall -F field=value -k keyword- Lawula yonke imithetho eyenziweyo
sudo vim /etc/audit/audit.rules- Dwelisa zonke iziganeko ezihambelana nenkqubo ethile ngokwe-PID yayo, igama elingundoqo elihambelanayo, indlela okanye ifayile okanye iifowuni zenkqubo.
sudo ausearch -p PIDsudo ausearch -k keywordsudo ausearch -f rutasudo ausearch -sc syscall- Ukuvelisa iingxelo zophicotho-zincwadi
sudo aureport -nsudo aureport --summarysudo aureport -f --summarysudo aureport -l --summarysudo aureport --failed- Landela ukuphunyezwa kwenkqubo
sudo autracet /ruta/comandoNangona kunjalo, ukufunda ngakumbi ngayo Sincoma ukuphonononga ezi linki zilandelayo:
- Debian Manpages: Auditd
- Indawo yeWebhusayithi esemthethweni
- Icandelo elisemthethweni kwi-GitHub
- ArchLinux Wiki: Auditd
- ISikhokelo soKhuseleko se-Red Hat Linux: Uphicotho lweSahluko seNkqubo
- Isikhokelo soKhuseleko se-SUSE: Isahluko seSikhokelo soPhicotho lweLinux
- ISikhokelo soKhuseleko lwe-OpenSUSE kunye nokuQinisa: Isahluko soPhicotho lweSikhokelo seLinux
Isishwankathelo
Ngamafutshane, sinethemba lokuba olu papasho lunxulumene ne Indawo yophicotho enamandla edityaniswe kwi-GNU/Linux eyaziwayo "Isakhelo soPhicotho lweLinux", enikezelwa nge Umyalelo we-Linux Auditd, vumela abaninzi, amandla uphicotho (vavanya kwaye uvavanye) wonke umsebenzi weenkqubo zayo zokusebenza ezisimahla nezivulekileyo ezisekwe kwi-GNU/Linux. Kwaye ke, banokufumanisa ngokulula kwaye balungise naluphi na ulungelelwaniso olungaqhelekanga, olungafanelekanga okanye oluyingozi okanye umsebenzi ngokukhawuleza.
Okokugqibela, ungalibali ukufaka uluvo lwakho ngesihloko sanamhlanje, ngamagqabantshintshi. Kwaye ukuba uyayithanda le post, Sukuyeka ukwabelana nabanye. Kwakhona, khumbula ndwendwela iphepha lethu lasekhaya en «DesdeLinux» ukujonga iindaba ezingakumbi, kwaye ujoyine ijelo lethu elisemthethweni le ITelegram ye DesdeLinux, Bucala ngasekunene iqela ngolwazi oluthe vetshe ngesihloko sanamhlanje.