I-Microsoft ikhiphe inguqulo yomthombo ovulekile ye-Sysmon System Monitor ye-Linux

Darkcrizt

Imizuzu ye-4

Ngenkathi iMicrosoft ikhiqiza izinhlelo zokusebenza namasevisi yakhelwe ukusebenzisa nesistimu yakho IWindows isebenza, ngokuhamba kweminyaka inkampani amukelanga i-macOS kuphela kodwa futhi neLinux. Ngemuva kokwethula iWindows Subsystem yeLinux ku Windows 11 isitolo, iMicrosoft isanda kukhipha elinye lamathuluzi ayo kubasebenzisi beLinux.

Futhi ukuthi iMicrosoft isanda kukhipha inguqulo ye-Linux ye-Sysmon, ithuluzi lokuqapha uhlelo lweWindows. I-Sysmon imane ingelinye lamathuluzi eqoqweni le-Sysinternals eligcinwe yi-Microsoft, elinikeza abasebenzisi ikhono lokuqapha amasistimu ukuze bathole izimpawu zemisebenzi esolisayo ezingase zifakwe.

Leli ithuluzi elilungiseka kakhulu abalawuli besistimu abangalenza ngendlela oyifisayo ukuze bathole izinhlobo eziqondile kakhulu zomsebenzi ongase ukhathazeke ngazo.

Mayelana ne-Sysmon System Monitor

Kulabo abangayijwayele iSysmon, kufanele wazi ukuthi lokhu wuhlelo olufakwa njengensizakalo yesistimu futhi iyaqhubeka nokusebenza ngisho nangemva kokuqalisa kabusha okulandelayo.

Ivumela ukugadwa nokurekhodwa komsebenzi wesistimu kulogu yomcimbi I-Windows futhi inikeza ulwazi oluningiliziwe ngokudala izinqubo, ukuxhumana kwenethiwekhi, ukudala nokuguqula amafayela. Ngokuhlola izehlakalo ezikhiqizwe i-Sysmon emshinini osetshenziswayo, umlawuli angakwazi ukubona umsebenzi ongaqondakali noma oyingozi, aqonde ukuthi isistimu isetshenziswe kanjani, aqonde ukuthi abahlaseli benze kanjani ohlelweni.

Inguqulo ye-Linux ye-Sysmon ikude nosizo oluhlukile, futhi uzithola edonsa kanzima ukuze athole ukunakwa ensimini esivele imatasa. Kodwa-ke, uzothola abalandeli phakathi kwabaphathi bohlelo asebevele besebenzisa i-Sysmon yeWindows futhi abebelinde ngabomvu imbobo ye-Linux ukuthi isetshenziswe kwezinye izinhlelo.

Noma ubani ofuna ukuqala ukusebenzisa insiza uzodinga ukwazi ukuthi angahlanganisa kanjani amabhanari e-Linux, kodwa lokho akufanele kube isithiyo kuzithameli eziqondiwe zethuluzi. Emgubheni, uMark Russinovich, umdali waleli phakheji, uthe iSysinternals manje ingalandwa nge-winget noma Isitolo seMicrosoft. Futhi, njengoba usuvele wazi, i-Sysmon isanda kudedelwa i-Linux, enekhodi yomthombo ovulekile.

Ungayifaka kanjani i-Sysmon ku-Linux?

Inguqulo ye-Linux idinga ukufakwa kwe-SysinternalsEBPF bese kuba ukuhlanganiswa kwethuluzi ngumsebenzisi. Imiyalo yalokhu isekhasini le-Sysmon ku-GitHub.

Isibonelo, ithuluzi linendlela yokufaka elula ku-Ubuntu, njengoba ukuyifaka, vele uvule i-terminal bese uthayipha:

wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt install build-essential gcc g++ make cmake libelf-dev llvm clang libxml2 libxml2-dev libzstd1 git libgtest-dev apt-transport-https dirmngr monodevelop googletest google-mock libjson-glib-dev

sudo apt-get update
sudo apt-get install sysmonforlinux

Ngenkathi ku-Debian 11:

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
wget -q https://packages.microsoft.com/config/debian/11/prod.list
sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list

sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install sysmonforlinux

Noma esimweni se-Fedora 34:

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/fedora/34/prod.repo
sudo dnf install sysmonforlinux

Ngemuva kokuthi ukufakwa sekuqediwe, i-Sysmon ye-Linux iqala imisebenzi yesistimu yokungena ku / var / log / syslog. Eminye yemicimbi efakwe ithuluzi ayisebenzi ku-Linux. Izindaba ezinhle ukuthi i-Sysmon ingahlelwa ukuthi iqophe kuphela lokho umlawuli akubona kufanele.

Ungaqala uhlelo futhi uthole i-syntax yemiyalo esebenzisekayo. Ukuze benze lokhu, bamane bathayiphe:

sysmon -h

Ungakwazi ke ukwamukela imigomo yokusetshenziswa ngokuthayipha

sysmon -accepteula

I-Sysmon iyithuluzi elinamandla osekunesikhathi lisetshenziswa ku-Windows ukugqamisa izimbangela zokutholwa ukuziphatha okuxakile ezingeni lesicelo noma ngaphakathi kwenethiwekhi yendawo.

Okokugcina Uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.