I mua i te tiimata o te akoranga Kua whakaritea e matou he whakamaoritanga o nga mea whakamiharo.
Ko te AIDE e tu ana mo te "Taiao Whaiaro Whakauru Ake" a ko tetahi o nga punaha rongonui mo te aro turuki i nga huringa i roto i nga punaha whakahaere a Linux. Ka whakamahia te AIDE ki te whakamarumaru i te kino, i nga huaketo me te kite i nga mahi kore mana. Hei manatoko i te tika o te konae me te kite i nga pokanoa, ka hangaia e AIDE he papaa raraunga o nga korero konae me te whakataurite i te ahuatanga o te punaha o naianei ki tenei papaa raraunga. Ka awhina a AIDE ki te whakaiti i te wa tirotiro mai i nga aitua ma te aro ki nga konae kua whakarereketia.
Nga waahanga AIDE:
- Ka tautokohia nga momo huanga konae, tae atu ki: momo konae, inode, uid, gid, whakaaetanga, maha o nga hononga, mtime, ctime me te wa.
- Tautoko mo te Gzip compression, SELinux, XAttrs, Posix ACL me nga huanga o te punaha konae.
- Ka tautokohia nga momo algorithms tae atu ki te md5, sha1, sha256, sha512, rmd160, crc32, etc.
- Te tuku whakamohiotanga ma te imeera.
I roto i tenei tuhinga, ka titiro tatou me pehea te whakauru me te whakamahi i te AIDE mo te rapunga pokanoa i runga i te CentOS 8.
Nga whakaritenga
- Ko te tūmau e whakahaere ana i te CentOS 8, me te 2 GB o te RAM.
- uru pakiaka
Tīmata
E taunaki ana kia whakahouhia te punaha i te tuatahi. Ki te mahi i tenei, whakahaere i te whakahau e whai ake nei.
dnf update -yWhai muri i te whakahōu, tīmata anō i tō pūnaha kia whai mana ngā huringa.
Tāuta AIDE
Kei te waatea te AIDE i roto i te taunoa CentOS 8. Ka taea e koe te whakauru ngawari ma te whakahaere i te whakahau e whai ake nei:
dnf install aide -yKia oti te whakaurunga, ka taea e koe te tiro i te putanga AIDE ma te whakamahi i te whakahau e whai ake nei:
aide --versionMe kite koe i nga mea e whai ake nei:
Aide 0.16
Compiled with the following options:
WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"
Kōwhiringa wātea aide ka taea te tiro penei:
aide --help
Te hanga me te arawhiti i te papaunga raraunga
Ko te mea tuatahi hei mahi i muri i te whakaurunga AIDE ko te arawhiti. Ko te mahi tuatahi ko te hanga i tetahi papaa raraunga (whakaahua) o nga konae me nga raarangi katoa kei runga i te tūmau.
Hei arawhiti i te patengi raraunga, whakahaerehia te whakahau e whai ake nei:
aide --initMe kite koe i nga mea e whai ake nei:
Start timestamp: 2020-01-16 03:03:19 -0500 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Number of entries: 49472
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new.gz
MD5 : 4N79P7hPE2uxJJ1o7na9sA==
SHA1 : Ic2XBj50MKiPd1UGrtcUk4LGs0M=
RMD160 : rHMMy5WwHVb9TGUc+TBHFHsPCrk=
TIGER : vkb2bvB1r7DbT3n6d1qYVfDzrNCzTkI0
SHA256 : tW3KmjcDef2gNXYqnOPT1l0gDFd0tBh9
xWXT2iaEHgQ=
SHA512 : VPMRQnz72+JRgNQhL16dxQC9c+GiYB8g
uZp6uZNqTvTdxw+w/IYDSanTtt/fEkiI
nDw6lgDNI/ls2esijukliQ==
End timestamp: 2020-01-16 03:03:44 -0500 (run time: 0m 25s)
Ko te whakahau i runga ake nei ka hanga he putunga raraunga hou aide.db.new.gz i roto i te rārangi /var/lib/aide. Ka kitea ma te whakamahi i te whakahau e whai ake nei:
ls -l /var/lib/aideHua:
total 2800
-rw------- 1 root root 2863809 Jan 16 03:03 aide.db.new.gz
Kare a AIDE e whakamahi i tenei konae raraunga hou kia whakaingoatia ra ano aide.db.gz. Ka taea te mahi penei:
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzE taunaki ana kia whakahōuhia tēnei pātengi raraunga i ia wā kia tika ai te aro turuki i ngā huringa.
Ka taea e koe te huri i te waahi o te papanga raraunga ma te huri i te tawhā DBDIR i roto i te kōnae /etc/aide.conf.
Te whakahaere karapa
Kua reri a AIDE ki te whakamahi i te putunga raraunga hou. Whakahaerehia te tirotiro AIDE tuatahi me te kore e whakarereke:
aide --checkKa roa tenei whakahau ki te whakaoti i runga i te rahi o to punaha konae me te nui o te RAM i runga i to tūmau. Kia oti te karapa me kite koe i enei e whai ake nei:
Start timestamp: 2020-01-16 03:05:07 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!Ko te putanga i runga ake nei e kii ana ko nga konae me nga whaiaronga katoa e rite ana ki te paataka raraunga AIDE.
Whakamatau AIDE
Ma te taunoa, kaore a AIDE e whai i te whaiaronga pakiaka taunoa o Apache /var/www/html. Me whirihora AIDE hei tiro. Ki te mahi i tenei me huri koe i te konae /etc/aide.conf.
nano /etc/aide.conf
Tāpirihia te raina ki runga "/root/CONTENT_EX" whai muri:
/var/www/html/ CONTENT_EX
Muri iho, hanga he konae aide.txt i roto i te rārangi /var/www/html/te whakamahi i te whakahau e whai ake nei:
echo "Test AIDE" > /var/www/html/aide.txtInaianei whakahaeretia te tirotiro AIDE me te mohio kei te kitea te konae i hangaia.
aide --checkMe kite koe i nga mea e whai ake nei:
Start timestamp: 2020-01-16 03:09:40 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!
Summary:
Total number of entries: 49475
Added entries: 1
Removed entries: 0
Changed entries: 0
---------------------------------------------------
Added entries:
---------------------------------------------------
f++++++++++++++++: /var/www/html/aide.txt
Ka kite tatou ka kitea te konae i hangaia aide.txt.
Whai muri i te wetewete i nga huringa kua kitea, whakahōuhia te pātengi raraunga AIDE.
aide --updateI muri i te whakahou ka kite koe i nga mea e whai ake nei:
Start timestamp: 2020-01-16 03:10:41 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!
New AIDE database written to /var/lib/aide/aide.db.new.gz
Summary:
Total number of entries: 49475
Added entries: 1
Removed entries: 0
Changed entries: 0
---------------------------------------------------
Added entries:
---------------------------------------------------
f++++++++++++++++: /var/www/html/aide.txt
Ko te whakahau i runga ake nei ka hanga he putunga raraunga hou aide.db.new.gz i roto i te rārangi
/var/lib/aide/Ka taea e koe te kite me te whakahau e whai ake nei:
ls -l /var/lib/aide/Hua:
total 5600
-rw------- 1 root root 2864012 Jan 16 03:09 aide.db.gz
-rw------- 1 root root 2864100 Jan 16 03:11 aide.db.new.gzInaianei whakaingoatia ano te patengi raraunga hou kia whakamahia e AIDE te paatengi raraunga hou ki te whai i etahi atu huringa. Ka taea e koe te whakaingoa ano e whai ake nei:
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzWhakahaerehia ano te haki ki te whakarite kei te whakamahi a AIDE i te papaunga raraunga hou:
aide --checkMe kite koe i nga mea e whai ake nei:
Start timestamp: 2020-01-16 03:12:29 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!Ka whakaaunoa matou i te haki
He pai te whakaaro ki te whakahaere i te tirotiro AIDE ia ra me te tuku i te ripoata. Ka taea te mahi aunoa ma te whakamahi cron.
nano /etc/crontabHei whakahaere i te tirotiro AIDE ia ra i te 10:15, taapirihia te rarangi e whai ake nei ki te mutunga o te konae:
15 10 * * * root /usr/sbin/aide --checkKa whakamōhio atu a AIDE ki a koe mā te mēra. Ka taea e koe te tirotiro i to mēra me te whakahau e whai ake nei:
tail -f /var/mail/rootKa taea te tiro i te raarangi AIDE ma te whakamahi i te whakahau e whai ake nei:
tail -f /var/log/aide/aide.logmutunga
I roto i tenei tuhinga, i ako koe me pehea te whakamahi i te AIDE ki te kite i nga huringa o nga konae me te tautuhi i te urunga tūmau kore mana. Mo etahi atu tautuhinga, ka taea e koe te whakatika i te konae whirihora /etc/aide.conf. Mo nga take haumarutanga, e taunaki ana kia penapenahia te paataka raraunga me te konae whirihora ki runga panui-anake. Ka kitea etahi atu korero i roto i nga tuhinga .
Source: will.com