ProHoster > Блог > administratio > Quomodo inaugurare et uti ADSTATOR (Advanced Intrusion Detection Environment) on CentOS 8

Quomodo inaugurare et uti ADSTATOR (Advanced Intrusion Detection Environment) on CentOS 8

Ante initium cursus "Administrator Linux" translationem materiae iucundae paravimus.

Quomodo inaugurare et uti ADSTATOR (Advanced Intrusion Detection Environment) on CentOS 8

ADSIDUUS significat "Intrusionem Detectionis Environment provectae" et una ex plerisque popularibus systematibus ad vigilantias mutationes in systematis operandi Linux fundatis. ADSTATOR contra malware, virus et actiones alienas deprehendere adhibetur. Ad integritatem limam verificandam et intrusiones deprehendendas, ADSTATOR database informationes tabellae creat et praesentem statum systematis huic datorum comparat. ADSTATOR adiuvat investigationem incidentium reducere tempus positis in lima quae mutatae sunt.

ADSTATOR lineamenta:

  • Fasciculi varios attributa sustinet, inter quas: fasciculi genus, inode, uid, gid, permissiones, numerus nexuum, mtime, ctime et atime.
  • Support pro compressione Gzip, SELinux, XAttrs, Posix ACL attributa et lima ratio.
  • Varia algorithms incluso md5, sha1, sha256, sha512, rmd160, crc32, etc.
  • Acta Vicimediorum Mittens per email.

In hoc articulo videbimus quomodo instituere et uti ADSTATOR pro intrusione deprehensio in CentOS VIII.

PRAEREQUISITIS

  • Servus currens CentOS 8 cum quolibet 2 GB ipsius RAM.
  • radix accessum

questus Coepi

Commendatur ut primum systema update. Ad hoc currendum tale mandatum.

dnf update -y

Post adaequationis, systema tuum sileo pro mutationibus ad effectum deducendi.

installing ADSTATOR

ADSTATOR praesto est in repositorio defalta CentOS VIII. Hoc facile instituere potes sequenti mandato:

dnf install aide -y

Cum institutionem integram sit, versionem ADSTATOREM uti potes hoc mandato:

aide --version

Videas quae sequuntur;

Aide 0.16

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"

Praesto optiones aide videri potest:

aide --help

Quomodo inaugurare et uti ADSTATOR (Advanced Intrusion Detection Environment) on CentOS 8

Creando et initializing database

Primum, quod debes facere, insertis ADSTATOR est ut initialize eam. Initialisatio consistit in creando database (snapshot) omnium imaginum et directorium in calculonis servi.

Ad initialize datorum, hoc mandatum currite:

aide --init

Videas quae sequuntur;

Start timestamp: 2020-01-16 03:03:19 -0500 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz

Number of entries:	49472

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new.gz
  MD5      : 4N79P7hPE2uxJJ1o7na9sA==
  SHA1     : Ic2XBj50MKiPd1UGrtcUk4LGs0M=
  RMD160   : rHMMy5WwHVb9TGUc+TBHFHsPCrk=
  TIGER    : vkb2bvB1r7DbT3n6d1qYVfDzrNCzTkI0
  SHA256   : tW3KmjcDef2gNXYqnOPT1l0gDFd0tBh9
             xWXT2iaEHgQ=
  SHA512   : VPMRQnz72+JRgNQhL16dxQC9c+GiYB8g
             uZp6uZNqTvTdxw+w/IYDSanTtt/fEkiI
             nDw6lgDNI/ls2esijukliQ==


End timestamp: 2020-01-16 03:03:44 -0500 (run time: 0m 25s)

Quod supra mandatum novum database creabit aide.db.new.gz in catalogo /var/lib/aide. Videri potest utens mandato sequenti:

ls -l /var/lib/aide

effectus:

total 2800
-rw------- 1 root root 2863809 Jan 16 03:03 aide.db.new.gz

ADSTATOR hoc novo fasciculo datorum non utetur donec renamedetur aide.db.gz. Fieri potest ut hoc modo fiat;

mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Commendatur ut hoc database periodice update sis ut mutationes recte monitores sint.

Mutare locum potes database mutando modulum DBDIR in file /etc/aide.conf.

Currens a scan

ADSTATOR nunc paratus est ad usum datorum novorum. Curre primum ADSTATOR reprehendo sine mutationibus;

aide --check

Hoc praeceptum tempus aliquod capiet ut secundum magnitudinem tabulae documenti tui et quantitatem RAM in servo tuo compleam. Semel scan completum est ut sequentia videas:

Start timestamp: 2020-01-16 03:05:07 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

Praesens output dicit omnia documenta et directoria aequare datorum ADSTATOR.

Testis ADSTATOR

Per defaltam, ADSTATOR non indagat default Apache radix presul /var/www/html. Let's configurare ADSTATOR ad eam videndam. Hoc facere debes mutare tabella /etc/aide.conf.

nano /etc/aide.conf

Adde supra lineam "/root/CONTENT_EX" haec;

/var/www/html/ CONTENT_EX

Deinde, lima creare aide.txt in catalogo /var/www/html/hoc utens imperio;

echo "Test AIDE" > /var/www/html/aide.txt

Nunc perspice ADSTATOR percurre et fac ut fasciculus creatus detegatur.

aide --check

Videas quae sequuntur;

Start timestamp: 2020-01-16 03:09:40 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!

Summary:
  Total number of entries:	49475
  Added entries:		1
  Removed entries:		0
  Changed entries:		0

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /var/www/html/aide.txt

Videmus file creatum deprehenditur aide.txt.
Postquam detectas mutationes examinare, datorum adiutorium update.

aide --update

Post renovationem sequentia videbis:

Start timestamp: 2020-01-16 03:10:41 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!
New AIDE database written to /var/lib/aide/aide.db.new.gz

Summary:
  Total number of entries:	49475
  Added entries:		1
  Removed entries:		0
  Changed entries:		0

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /var/www/html/aide.txt

Quod supra mandatum novum database creabit aide.db.new.gz in catalogo 

/var/lib/aide/

Hoc videre potes cum sequenti imperio;

ls -l /var/lib/aide/

effectus:

total 5600
-rw------- 1 root root 2864012 Jan 16 03:09 aide.db.gz
-rw------- 1 root root 2864100 Jan 16 03:11 aide.db.new.gz

Nunc renominare novum database iterum ut ADSTATOR novis datorum utitur ad ulteriores mutationes vestiendas. Renominare potes hoc modo:

mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Iterum ut reprehendo run ut ADSTATOR utendo novo database:

aide --check

Videas quae sequuntur;

Start timestamp: 2020-01-16 03:12:29 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

Nos reprehendo automate

Bonum idea est ut cotidie perseveret et electronica audiat. Hic processus uti cron automated potest.

nano /etc/crontab

AD MINISTRORUM CONSTITUTIONEM currere cotidie ad 10:15, lineam sequentem ad finem tabellae adde:

15 10 * * * root /usr/sbin/aide --check

ADSTATOR nunc te per epistulas certiorem faciet. Potes reprehendo epistularum tuum cum sequenti imperio:

tail -f /var/mail/root

ADSTATOR iniuriarum considerari potest utens hoc mandatum:

tail -f /var/log/aide/aide.log

conclusio,

In hoc articulo didicisti ADMINISTRATIO uti ad lima mutationes deprehendere et accessum servo alienum cognoscere. Adiectis adiectis, /etc/aide.conf lima configurationem recensere potes. Propter rationes securitatis, suadetur ut fasciculum datorum et configurationem in instrumentis tantum lectis condere. Plura reperiri possunt in documentis ADSTATOR Doc.

Plura de cursus.

Source: www.habr.com

Add a comment