Ngaphambi kokuqala kwesifundo Silungiselele ukuhunyushwa kokwaziswa okuthakazelisayo.
I-AIDE imele “Indawo Yokuthola Ukungena Okuthuthukile” futhi ingenye yezinhlelo ezidume kakhulu zokuqapha izinguquko ezinhlelweni zokusebenza ezisekelwe ku-Linux. I-AIDE isetshenziselwa ukuvikela kuhlelo olungayilungele ikhompuyutha, amagciwane kanye nokuthola imisebenzi engagunyaziwe. Ukuze kuqinisekiswe ubuqotho befayela nokubona ukungena, i-AIDE idala isizindalwazi solwazi lwefayela futhi iqhathanise isimo samanje sesistimu nale database. I-AIDE isiza ukunciphisa isikhathi sophenyo lwesigameko ngokugxila kumafayela ashintshiwe.
Izici ze-AIDE:
- Isekela izici ezihlukahlukene zefayela, kuhlanganise: uhlobo lwefayela, i-inode, i-uid, i-gid, izimvume, inombolo yezixhumanisi, i-mtime, i-ctime kanye ne-atime.
- Ukusekelwa kokucindezelwa kwe-Gzip, i-SELinux, i-XAttrs, i-Posix ACL kanye nezici zesistimu yefayela.
- Isekela ama-algorithms ahlukahlukene afaka i-md5, sha1, sha256, sha512, rmd160, crc32, njll.
- Ithumela izaziso nge-imeyili.
Kulesi sihloko, sizobheka indlela yokufaka nokusebenzisa i-AIDE ukuze kutholwe ukungena ku-CentOS 8.
Okudingeka kuqala
- Iseva esebenzisa i-CentOS 8, okungenani eno-2 GB we-RAM.
- ukufinyelela kwezimpande
Ukuqalisa
Kunconywa ukuthi ubuyekeze isistimu kuqala. Ukuze wenze lokhu, sebenzisa umyalo olandelayo.
dnf update -yNgemva kokubuyekeza, qala kabusha isistimu yakho ukuze izinguquko zisebenze.
Ifaka i-AIDE
I-AIDE iyatholakala endaweni ezenzakalelayo ye-CentOS 8. Ungakwazi ukuyifaka kalula ngokusebenzisa umyalo olandelayo:
dnf install aide -yUma ukufakwa sekuqediwe, ungabuka inguqulo ye-AIDE usebenzisa umyalo olandelayo:
aide --versionKufanele ubone okulandelayo:
Aide 0.16
Compiled with the following options:
WITH_MMAP
WITH_PCRE
WITH_POSIX_ACL
WITH_SELINUX
WITH_XATTR
WITH_E2FSATTRS
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_CURL
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"
Izinketho ezitholakalayo aide ingabukwa kanje:
aide --help
Ukudala nokuqalisa i-database
Into yokuqala okudingeka uyenze ngemuva kokufaka i-AIDE ukuyiqala. Ukuqalisa kuhlanganisa ukudala isizindalwazi (isifinyezo) sawo wonke amafayela nezinkomba kuseva.
Ukuze uqalise i-database, sebenzisa umyalo olandelayo:
aide --initKufanele ubone okulandelayo:
Start timestamp: 2020-01-16 03:03:19 -0500 (AIDE 0.16)
AIDE initialized database at /var/lib/aide/aide.db.new.gz
Number of entries: 49472
---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------
/var/lib/aide/aide.db.new.gz
MD5 : 4N79P7hPE2uxJJ1o7na9sA==
SHA1 : Ic2XBj50MKiPd1UGrtcUk4LGs0M=
RMD160 : rHMMy5WwHVb9TGUc+TBHFHsPCrk=
TIGER : vkb2bvB1r7DbT3n6d1qYVfDzrNCzTkI0
SHA256 : tW3KmjcDef2gNXYqnOPT1l0gDFd0tBh9
xWXT2iaEHgQ=
SHA512 : VPMRQnz72+JRgNQhL16dxQC9c+GiYB8g
uZp6uZNqTvTdxw+w/IYDSanTtt/fEkiI
nDw6lgDNI/ls2esijukliQ==
End timestamp: 2020-01-16 03:03:44 -0500 (run time: 0m 25s)
Umyalo ongenhla uzodala isizindalwazi esisha aide.db.new.gz kukhathalogi /var/lib/aide. Ingabonakala ngokusebenzisa umyalo olandelayo:
ls -l /var/lib/aideUmphumela:
total 2800
-rw------- 1 root root 2863809 Jan 16 03:03 aide.db.new.gz
I-AIDE ngeke isebenzise leli fayela elisha lesizindalwazi kuze kube yilapho liqanjwa kabusha ngokuthi aide.db.gz. Lokhu kungenziwa ngale ndlela elandelayo:
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzKunconywa ukuthi ubuyekeze le database ngezikhathi ezithile ukuze uqinisekise ukuthi izinguquko zigadwa ngendlela efanele.
Ungashintsha indawo ye-database ngokushintsha ipharamitha DBDIR kufayela /etc/aide.conf.
Iqalisa ukuskena
I-AIDE manje isilungele ukusebenzisa isizindalwazi esisha. Qalisa ukuhlola kokuqala kwe-AIDE ngaphandle kokwenza izinguquko:
aide --checkLo myalo uzothatha isikhathi ukuqedwa kuye ngosayizi wesistimu yakho yefayela kanye nenani le-RAM kuseva yakho. Uma ukuskena sekuqediwe kufanele ubone okulandelayo:
Start timestamp: 2020-01-16 03:05:07 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!Okukhiphayo ngenhla kuthi wonke amafayela nezinkomba zifana nedathabheyisi ye-AIDE.
I-AIDE yokuhlola
Ngokuzenzakalelayo, i-AIDE ayilandeleli inkomba yempande ye-Apache /var/www/html. Ake silungiselele i-AIDE ukuze siyibuke. Ukuze wenze lokhu udinga ukushintsha ifayela /etc/aide.conf.
nano /etc/aide.conf
Engeza umugqa ongenhla "/root/CONTENT_EX" okulandelayo:
/var/www/html/ CONTENT_EX
Okulandelayo, dala ifayela aide.txt kukhathalogi /var/www/html/usebenzisa umyalo olandelayo:
echo "Test AIDE" > /var/www/html/aide.txtManje sebenzisa isheke le-AIDE futhi uqiniseke ukuthi ifayela elidaliwe litholakele.
aide --checkKufanele ubone okulandelayo:
Start timestamp: 2020-01-16 03:09:40 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!
Summary:
Total number of entries: 49475
Added entries: 1
Removed entries: 0
Changed entries: 0
---------------------------------------------------
Added entries:
---------------------------------------------------
f++++++++++++++++: /var/www/html/aide.txt
Siyabona ukuthi ifayela elidaliwe litholiwe aide.txt.
Ngemva kokuhlaziya izinguquko ezitholiwe, buyekeza i-AIDE database.
aide --updateNgemva kwesibuyekezo uzobona okulandelayo:
Start timestamp: 2020-01-16 03:10:41 -0500 (AIDE 0.16)
AIDE found differences between database and filesystem!!
New AIDE database written to /var/lib/aide/aide.db.new.gz
Summary:
Total number of entries: 49475
Added entries: 1
Removed entries: 0
Changed entries: 0
---------------------------------------------------
Added entries:
---------------------------------------------------
f++++++++++++++++: /var/www/html/aide.txt
Umyalo ongenhla uzodala isizindalwazi esisha aide.db.new.gz kukhathalogi
/var/lib/aide/Ungayibona ngomyalo olandelayo:
ls -l /var/lib/aide/Umphumela:
total 5600
-rw------- 1 root root 2864012 Jan 16 03:09 aide.db.gz
-rw------- 1 root root 2864100 Jan 16 03:11 aide.db.new.gzManje qamba kabusha isizindalwazi esisha futhi ukuze i-AIDE isebenzise isizindalwazi esisha ukulandelela izinguquko ezengeziwe. Ungayiqamba kabusha kanje:
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gzQalisa ukuhlola futhi ukuze uqinisekise ukuthi i-AIDE isebenzisa isizindalwazi esisha:
aide --checkKufanele ubone okulandelayo:
Start timestamp: 2020-01-16 03:12:29 -0500 (AIDE 0.16)
AIDE found NO differences between database and filesystem. Looks okay!!Senza isheke ngokuzenzakalelayo
Kungumqondo omuhle ukwenza isheke le-AIDE nsuku zonke bese uthumela umbiko. Le nqubo ingenziwa ngokuzenzakalelayo kusetshenziswa i-cron.
nano /etc/crontabUkuze usebenzise isheke le-AIDE nsuku zonke ngo-10:15, engeza umugqa olandelayo ekupheleni kwefayela:
15 10 * * * root /usr/sbin/aide --checkI-AIDE manje izokwazisa ngeposi. Ungahlola imeyili yakho ngomyalo olandelayo:
tail -f /var/mail/rootIlogi ye-AIDE ingabukwa kusetshenziswa umyalo olandelayo:
tail -f /var/log/aide/aide.logisiphetho
Kulesi sihloko, ufunde ukuthi ungasebenzisa kanjani i-AIDE ukuthola izinguquko zefayela nokukhomba ukufinyelela kweseva okungagunyaziwe. Ukuze uthole izilungiselelo ezengeziwe, ungakwazi ukuhlela ifayela lokucushwa /etc/aide.conf. Ngenxa yezizathu zokuphepha, kuyanconywa ukuthi ugcine isizindalwazi kanye nefayela lokumisa kumidiya efundwayo kuphela. Ulwazi olwengeziwe lungatholakala kumadokhumenti .
Source: www.habr.com