ProHoster > Блог > Isakoso > Bii o ṣe le Fi sori ẹrọ ati Lo AIDE (Ayika Iwari ifọle ti ilọsiwaju) lori CentOS 8

Bii o ṣe le Fi sori ẹrọ ati Lo AIDE (Ayika Iwari ifọle ti ilọsiwaju) lori CentOS 8

Ṣaaju ibẹrẹ ti ẹkọ naa "Alakoso Linux" A ti pese itumọ awọn ohun elo ti o nifẹ si.

Bii o ṣe le Fi sori ẹrọ ati Lo AIDE (Ayika Iwari ifọle ti ilọsiwaju) lori CentOS 8

AIDE duro fun “Ayika Iwari ifọle ti ilọsiwaju” ati pe o jẹ ọkan ninu awọn eto olokiki julọ fun ibojuwo awọn ayipada ninu awọn ọna ṣiṣe orisun Linux. AIDE jẹ lilo lati daabobo lodi si malware, awọn ọlọjẹ ati ṣawari awọn iṣẹ ṣiṣe laigba aṣẹ. Lati rii daju iduroṣinṣin faili ati rii awọn ifọle, AIDE ṣẹda data data ti alaye faili ati ṣe afiwe ipo eto lọwọlọwọ pẹlu data data yii. AIDE ṣe iranlọwọ lati dinku akoko iwadii isẹlẹ nipasẹ idojukọ awọn faili ti o ti yipada.

Awọn ẹya ara ẹrọ AIDE:

  • Ṣe atilẹyin ọpọlọpọ awọn abuda faili, pẹlu: iru faili, inode, uid, gid, awọn igbanilaaye, nọmba awọn ọna asopọ, mtime, ctime ati atime.
  • Atilẹyin fun funmorawon Gzip, SELinux, XAttrs, Posix ACL ati awọn abuda eto faili.
  • Ṣe atilẹyin ọpọlọpọ awọn algoridimu pẹlu md5, sha1, sha256, sha512, rmd160, crc32, ati bẹbẹ lọ.
  • Fifiranṣẹ awọn iwifunni nipasẹ imeeli.

Ninu nkan yii, a yoo wo bii o ṣe le fi sii ati lo AIDE fun wiwa ifọle lori CentOS 8.

Awọn ohun pataki

  • Olupin nṣiṣẹ CentOS 8, pẹlu o kere ju 2 GB ti Ramu.
  • root wiwọle

Berè

O ti wa ni niyanju lati mu awọn eto akọkọ. Lati ṣe eyi, ṣiṣe pipaṣẹ atẹle.

dnf update -y

Lẹhin imudojuiwọn, tun bẹrẹ eto rẹ fun awọn ayipada lati mu ipa.

Fifi AIDE sori ẹrọ

AIDE wa ninu ibi ipamọ CentOS 8 aiyipada. O le fi sii ni rọọrun nipa ṣiṣe pipaṣẹ atẹle:

dnf install aide -y

Ni kete ti fifi sori ẹrọ ti pari, o le wo ẹya AIDE nipa lilo aṣẹ atẹle:

aide --version

O yẹ ki o wo atẹle naa:

Aide 0.16

Compiled with the following options:

WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"

Awọn aṣayan to wa aide le wo bi wọnyi:

aide --help

Bii o ṣe le Fi sori ẹrọ ati Lo AIDE (Ayika Iwari ifọle ti ilọsiwaju) lori CentOS 8

Ṣiṣẹda ati ipilẹṣẹ ipilẹ data

Ohun akọkọ ti o nilo lati ṣe lẹhin fifi sori AIDE ni lati ṣe ipilẹṣẹ rẹ. Ibẹrẹ ni ti ṣiṣẹda data data (fọto) ti gbogbo awọn faili ati awọn ilana lori olupin naa.

Lati bẹrẹ data data, ṣiṣe aṣẹ wọnyi:

aide --init

O yẹ ki o wo atẹle naa:

Start timestamp: 2020-01-16 03:03:19 -0500 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz

Number of entries:	49472

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new.gz
  MD5      : 4N79P7hPE2uxJJ1o7na9sA==
  SHA1     : Ic2XBj50MKiPd1UGrtcUk4LGs0M=
  RMD160   : rHMMy5WwHVb9TGUc+TBHFHsPCrk=
  TIGER    : vkb2bvB1r7DbT3n6d1qYVfDzrNCzTkI0
  SHA256   : tW3KmjcDef2gNXYqnOPT1l0gDFd0tBh9
             xWXT2iaEHgQ=
  SHA512   : VPMRQnz72+JRgNQhL16dxQC9c+GiYB8g
             uZp6uZNqTvTdxw+w/IYDSanTtt/fEkiI
             nDw6lgDNI/ls2esijukliQ==


End timestamp: 2020-01-16 03:03:44 -0500 (run time: 0m 25s)

Aṣẹ ti o wa loke yoo ṣẹda aaye data tuntun kan aide.db.new.gz ninu awọn katalogi /var/lib/aide. O le rii ni lilo pipaṣẹ atẹle:

ls -l /var/lib/aide

Esi:

total 2800
-rw------- 1 root root 2863809 Jan 16 03:03 aide.db.new.gz

AIDE kii yoo lo faili data data tuntun yii titi ti yoo fi tunrukọ si aide.db.gz. Eyi le ṣee ṣe bi atẹle:

mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

A gba ọ niyanju pe ki o ṣe imudojuiwọn aaye data lorekore lati rii daju pe a ṣe abojuto awọn ayipada daradara.

O le yi awọn ipo ti awọn database nipa yiyipada paramita DBDIR ninu faili /etc/aide.conf.

Ṣiṣe ọlọjẹ kan

AIDE ti ṣetan lati lo aaye data tuntun. Ṣiṣe ayẹwo AIDE akọkọ lai ṣe awọn ayipada:

aide --check

Aṣẹ yii yoo gba akoko diẹ lati pari da lori iwọn eto faili rẹ ati iye Ramu lori olupin rẹ. Ni kete ti ọlọjẹ naa ti pari o yẹ ki o wo atẹle naa:

Start timestamp: 2020-01-16 03:05:07 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

Ijade ti o wa loke sọ pe gbogbo awọn faili ati awọn ilana ni ibamu pẹlu data data AIDE.

Idanwo AIDE

Nipa aiyipada, AIDE ko tọpinpin ilana ipilẹ root Apache aiyipada /var/www/html. Jẹ ki a tunto AIDE lati wo. Lati ṣe eyi o nilo lati yi faili pada /etc/aide.conf.

nano /etc/aide.conf

Fi loke ila "/root/CONTENT_EX" awọn wọnyi:

/var/www/html/ CONTENT_EX

Nigbamii, ṣẹda faili kan aide.txt ninu awọn katalogi /var/www/html/lilo aṣẹ wọnyi:

echo "Test AIDE" > /var/www/html/aide.txt

Bayi ṣiṣe ayẹwo AIDE ati rii daju pe faili ti o ṣẹda ti ri.

aide --check

O yẹ ki o wo atẹle naa:

Start timestamp: 2020-01-16 03:09:40 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!

Summary:
  Total number of entries:	49475
  Added entries:		1
  Removed entries:		0
  Changed entries:		0

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /var/www/html/aide.txt

A rii pe faili ti o ṣẹda ti rii aide.txt.
Lẹhin ti n ṣatupalẹ awọn ayipada ti a rii, ṣe imudojuiwọn data data AIDE.

aide --update

Lẹhin imudojuiwọn, iwọ yoo rii atẹle naa:

Start timestamp: 2020-01-16 03:10:41 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!
New AIDE database written to /var/lib/aide/aide.db.new.gz

Summary:
  Total number of entries:	49475
  Added entries:		1
  Removed entries:		0
  Changed entries:		0

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /var/www/html/aide.txt

Aṣẹ ti o wa loke yoo ṣẹda aaye data tuntun kan aide.db.new.gz ninu awọn katalogi 

/var/lib/aide/

O le rii pẹlu aṣẹ atẹle:

ls -l /var/lib/aide/

Esi:

total 5600
-rw------- 1 root root 2864012 Jan 16 03:09 aide.db.gz
-rw------- 1 root root 2864100 Jan 16 03:11 aide.db.new.gz

Bayi tunrukọ data tuntun lẹẹkansi ki AIDE lo aaye data tuntun lati tọpa awọn ayipada siwaju. O le fun lorukọ rẹ gẹgẹbi atẹle:

mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Ṣiṣe ayẹwo lẹẹkansi lati rii daju pe AIDE nlo aaye data tuntun:

aide --check

O yẹ ki o wo atẹle naa:

Start timestamp: 2020-01-16 03:12:29 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!

A ṣe adaṣe adaṣe

O jẹ imọran ti o dara lati ṣiṣe ayẹwo AIDE ni gbogbo ọjọ ki o firanṣẹ ijabọ naa. Ilana yii le ṣe adaṣe ni lilo cron.

nano /etc/crontab

Lati ṣiṣe ayẹwo AIDE ni gbogbo ọjọ ni 10:15, ṣafikun laini atẹle si ipari faili naa:

15 10 * * * root /usr/sbin/aide --check

AIDE yoo sọ fun ọ bayi nipasẹ meeli. O le ṣayẹwo meeli rẹ pẹlu aṣẹ atẹle:

tail -f /var/mail/root

Iwe akọọlẹ AIDE le ṣee wo ni lilo pipaṣẹ atẹle:

tail -f /var/log/aide/aide.log

ipari

Ninu nkan yii, o kọ ẹkọ bi o ṣe le lo AIDE lati ṣawari awọn iyipada faili ati ṣe idanimọ iraye si olupin laigba aṣẹ. Fun awọn eto afikun, o le ṣatunkọ faili iṣeto ni /etc/aide.conf. Fun awọn idi aabo, o gba ọ niyanju lati tọju data data ati faili iṣeto ni lori media kika-nikan. Alaye diẹ sii ni a le rii ninu iwe-ipamọ naa AIDE Doc.

Kọ ẹkọ diẹ sii nipa ẹkọ naa.

orisun: www.habr.com

Fi ọrọìwòye kun