ºìÁªLinuxÃÅ»§
Linux°ïÖú

LinuxϵͳÖÐLogcheckµÄ°²×°ºÍÅäÖÃ

·¢²¼Ê±¼ä:2006-02-28 11:07:36À´Ô´:ºìÁª×÷Õß:root
¸ÅÊö
¡¡¡¡ ±£Ö¤ÏµÍ³°²È«µÄÒ»ÏîºÜÖØÒªµÄ¹¤×÷¾ÍÊǶ¨Æڲ鿴ÈÕÖ¾Îļþ¡£ÏµÍ³¹ÜÀíÔ±Ò»°ã±È½Ï棬ûÓÐʱ¼ä¶¨ÆÚÍê³ÉÕâÏ×÷£¬ÕâÑù¾Í¿ÉÄÜ´øÀ´Ò»Ð©°²È«ÎÊÌâ¡£

ÏÂÃæÊÇLogcheck¸ÅÀ¨ÐԵĽéÉÜ£º

ÉóºËºÍ¼Ç¼ϵͳµÄʼþÊǷdz£ÖØÒªµÄ¡£ÌرðÊǵ±ÄãµÄ¼ÆËã»úÁ¬½Óµ½InternetÉÏÖ®ºó£¬ÏµÍ³¹ÜÀíÔ±Èç¹û¶Ô¡°Òì³£¡±µÄʼþ±£³Ö¾¯¾õ£¬¾ÍÄÜ·Àֹϵͳ±»ÈëÇÖ¡£ÔÚUnixϵͳÖÐÈç¹û½ö½ö°Ñϵͳʼþ×÷ΪÈÕÖ¾¼Ç¼ÏÂÀ´£¬¶ø²»È¥²é¿´£¬»¹ÊÇÎÞ¼ÃÓÚÊ¡£Logchek¿ÉÒÔ×Ô¶¯µØ¼ì²éÈÕÖ¾Îļþ£¬ÏÈ°ÑÕý³£µÄÈÕÖ¾ÐÅÏ¢ÌÞ³ýµô£¬°ÑһЩÓÐÎÊÌâµÄÈÕÖ¾±£ÁôÏÂÀ´£¬È»ºó°ÑÕâЩÐÅÏ¢email¸øϵͳ¹ÜÀíÔ±¡£Logcheck±»Éè¼Æ³É×Ô¶¯ÔËÐУ¬¶¨ÆÚ¼ì²éÈÕÖ¾ÎļþÒÔ·¢ÏÖÎ¥·´°²È«¹æÔòÒÔ¼°Òì³£µÄ»î¶¯¡£LogcheckÓÃlogtail³ÌÐò¼ÇסÉÏ´ÎÒѾ­¶Á¹ýµÄÈÕÖ¾ÎļþµÄλÖã¬È»ºó´ÓÕâ¸öλÖÿªÊ¼´¦ÀíеÄÈÕÖ¾ÐÅÏ¢¡£

×¢ÒâÊÂÏî
¡¡¡¡ ÏÂÃæËùÓеÄÃüÁÊÇUnix¼æÈݵÄÃüÁî¡£

Դ·¾¶¶¼Îª¡°/var/tmp¡±£¨µ±È»ÔÚʵ¼ÊÇé¿öÖÐÒ²¿ÉÒÔÓÃÆäËü·¾¶£©¡£

°²×°ÔÚRedHat Linux 6.1ºÍ6.2ϲâÊÔͨ¹ý¡£

ÒªÓá°root¡±Óû§½øÐа²×°¡£

LogcheckµÄ°æ±¾ÊÇ1.1.1¡£

Èí¼þ°üµÄÀ´Ô´
¡¡¡¡ LogcheckµÄÖ÷Ò³£ºhttp://www.psionic.com/abacus/logcheck/¡£

ÏÂÔØ£ºlogcheck-1.1.1.tar.gz¡£

°²×°Èí¼þ°üÐèҪעÒâµÄÎÊÌâ
¡¡¡¡ ×îºÃÔÚ±àÒëÇ°ºÍ±àÒëºó¶¼×öÒ»ÕÅϵͳÖÐËùÓÐÎļþµÄÁÐ±í£¬È»ºóÓá°diff¡±ÃüÁîÈ¥±È½ÏËüÃÇ£¬ÕÒ³öÆäÖеIJî±ð²¢ÖªµÀµ½µ×°ÑÈí¼þ°²×°ÔÚÄÄÀï¡£Ö»Òª¼òµ¥µØÔÚ±àÒë֮ǰÔËÐÐÒ»ÏÂÃüÁî¡°find /* >Logcheck1¡±£¬ÔÚ±àÒëºÍ°²×°ÍêÈí¼þÖ®ºóÔËÐÐÃüÁî¡°find /* > Logcheck2¡±£¬×îºóÓÃÃüÁî¡°diff Logcheck1 Logcheck2 > Logcheck-Installed¡±ÕÒ³ö±ä»¯¡£

½âѹÈí¼þ°ü
¡¡¡¡ °ÑÈí¼þ°ü£¨tar.gz£©½âѹ£º

[root@deep /]# cp logcheck-version.tar.gz /var/tmp/
¡¡¡¡ [root@deep /]# cd /var/tmp
¡¡¡¡ [root@deep tmp]# tar xzpf logcheck-version.tar.gz

±àÒëºÍÓÅ»¯
¡¡¡¡ ±ØÐëÐ޸ġ°Makefile¡±Îļþ£¬ÉèÖÃLogcheckµÄ°²×°Â·¾¶¡¢±àÒë±ê¼Ç£¬»¹Òª¸ù¾ÝÄãµÄϵͳ½øÐÐÓÅ»¯¡£±ØÐë¸ù¾ÝRedHatµÄÎļþϵͳ½á¹¹À´Ð޸ġ°Makefile¡±Îļþ£¬²¢ÇÒÔÚ¡°PATH¡±»·¾³±äÁ¿µÄÉ趨µÄ·¾¶Öа²×°LogcheckµÄ½Å±¾Îļþ¡£

µÚÒ»²½

תµ½LogcheckËùÔÚµÄĿ¼¡£

±à¼­¡°Makefile¡±Îļþ£¨vi Makefile£©²¢¸Ä±äÏÂÃæÕâЩÐУº

CC = cc

¸ÄΪ£º

CC = egcs

CFLAGS = -O

¸ÄΪ£º

CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions

INSTALLDIR = /usr/local/etc

¸ÄΪ£º

INSTALLDIR = /etc/logcheck

INSTALLDIR_BIN = /usr/local/bin

¸ÄΪ£º

INSTALLDIR_BIN = /usr/bin

INSTALLDIR_SH = /usr/local/etc

¸ÄΪ£º

INSTALLDIR_SH = /usr/bin

TMPDIR = /usr/local/etc/tmp

¸ÄΪ£º

TMPDIR = /etc/logcheck/tmp

ÉÏÃæÕâЩÐÞ¸ÄÊÇΪÁË°Ñ¡°Makefile¡±ÅäÖÃΪʹÓá°egcs¡±±àÒëÆ÷£¬Ê¹ÓÃÊÊÓ¦ÓÚÎÒÃÇϵͳµÄ±àÒëÓÅ»¯±ê¼Ç£¬²¢ÇÒ°ÑLogcheckµÄ°²×°Ä¿Â¼ÉèÖóÉ×ñÑ­RedHatµÄÎļþϵͳ½á¹¹¡£

µÚ¶þ²½

±à¼­¡°Makefile¡±Îļþ£¨vi +67 Makefile£©¸Ä±äÏÂÃæÕâЩÐУº

@if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fi

¸ÄΪ£º

@if [ ! -d $(TMPDIR) ]; then /bin/mkdir -p $(TMPDIR); fi

¼ÓÉÏ¡°-p¡±²ÎÊýÊÇÈð²×°³ÌÐò¸ù¾ÝÐèÒª×Ô¶¯´´½¨Ä¿Â¼¡£

µÚÈý²½

°²×°Logcheck£º

[root@deep logcheck-1.1.1]# make linux

ÉÏÃæµÄÃüÁîΪLinux²Ù×÷ϵͳÅäÖÃLogcheck£¬È»ºó°ÑÔ´Îļþ±àÒë³É¶þ½øÖÆÎļþ£¬×îºó°Ñ¶þ½øÖÆÎļþºÍÅäÖÃÎļþ¿½±´µ½ÏàÓ¦µÄĿ¼¡£

Çå³ý²»±ØÒªµÄÎļþ
¡¡¡¡ ÓÃÏÂÃæµÄÃüÁîɾ³ý²»±ØÒªµÄÎļþ£º

[root@deep /]# cd /var/tmp
¡¡¡¡ [root@deep tmp]# rm -rf logcheck-version/ logcheck-version_tar.gz

¡°rm¡±ÃüÁîɾ³ýËùÓбàÒëºÍ°²×°LogcheckËùÐèÒªµÄÔ´³ÌÐò£¬²¢ÇÒ°ÑLogcheckÈí¼þµÄѹËõ°üɾ³ýµô¡£

ÅäÖá°/usr/bin/logcheck.sh¡±Îļþ
¡¡¡¡ ÒòΪÎÒÃDz»Ê¹Óá°/usr/local/etc¡±Õâ¸ö·¾¶£¬ËùÒÔ±ØÐë¸Ä±ä¡°logcheck.hacking¡±¡¢¡°logcheck.violations¡±¡¢¡°logcheck.ignore¡±¡¢¡°logcheck.violations.ignore¡±ºÍ¡°logtail¡±ÖÐËùÓеÄ·¾¶µ½Òª¸Ä±ä¡£LogcheckµÄ½Å±¾Îļþ¡°/usr/bin/logcheck.sh¡±ÔÊÐíÉèÖÃһЩѡÏ¿ÉÒԸıä·¾¶ºÍ³ÌÐòµÄÔËÐС£ÕâЩ¶¼ÓÐÏêϸµÄ×¢ÊÍ£¬Ò²ºÜ¼òµ¥¡£

µÚÒ»²½

±à¼­¡°logcheck.sh¡±Îļþ£¨vi /usr/bin/logcheck.sh£©²¢ÇҸı䣺

LOGTAIL=/usr/local/bin/logtail

¸ÄΪ£º

LOGTAIL=/usr/bin/logtail

TMPDIR=/usr/local/etc/tmp

¸ÄΪ£º

TMPDIR=/etc/logcheck/tmp

HACKING_FILE=/usr/local/etc/logcheck.hacking

¸ÄΪ£º

HACKING_FILE=/etc/logcheck/logcheck.hacking

VIOLATIONS_FILE=/usr/local/etc/logcheck.violations

¸ÄΪ£º

VIOLATIONS_FILE=/etc/logcheck/logcheck.violations

VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore

¸ÄΪ£º

VIOLATIONS_IGNORE_FILE=/etc/logcheck/logcheck.violations.ignore

IGNORE_FILE=/usr/local/etc/logcheck.ignore

¸ÄΪ£º

IGNORE_FILE=/etc/logcheck/logcheck.ignore

µÚ¶þ²½

°ÑLogcheck·Åµ½crontabÖУ¬Ê¹Ö®³ÉΪcronjob£º

°²×°ÍêLogcheckÖ®ºó£¬±ØÐëÒÔ¡°root¡±È¨Ïޱ༭±¾µØµÄ¡°crontab¡±Îļþ£¬²¢°ÑLogcheckÉèÖóÉÿСʱÔËÐÐÒ»´Î£¨µ±È»ÄãÒ²¿ÉÒÔ°Ñʱ¼äÉ賤һµã»òÕßÉè¶ÌÒ»µã£©¡£

l ÓÃÏÂÃæµÄÃüÁî±à¼­crontab£º

[root@deep /]# crontab -e

# Hourly check Log files for security violations and unusual activity.
¡¡¡¡ 00 * * * * /usr/bin/logcheck.sh

×¢Ò⣺Èç¹ûûÓбØÒªµÄ»°£¬LogcheckÊDz»»áÓÃemail±¨¸æÈκζ«Î÷µÄ¡£

°²×°µ½ÏµÍ³ÖеÄÎļþ
¡¡¡¡ > /etc/logcheck
¡¡¡¡ > /usr/bin/logcheck.sh
¡¡¡¡ > /etc/logcheck/tmp
¡¡¡¡ > /etc/logcheck/logcheck.hacking
¡¡¡¡ > /etc/logcheck/logcheck.violations
¡¡¡¡ > /etc/logcheck/logcheck.violations.ignore
¡¡¡¡ > /etc/logcheck/logcheck.ignore
¡¡¡¡ > /usr/bin/logtail
¡¡¡¡ > /var/log/messages.offset
¡¡¡¡ > /var/log/secure.offset
¡¡¡¡ > /var/log/maillog.offset

°æȨ˵Ã÷
¡¡¡¡ ÕâƪÎÄÕ·­ÒëºÍ¸Ä±à×ÔGerhard MouraniµÄ¡¶Securing and Optimizing Linux: RedHat Edition¡·£¬Ô­Îļ°Æä°æȨЭÒéÇë²Î¿¼£ºwww.openna.com¡£
ÎÄÕÂÆÀÂÛ

¹²ÓÐ 0 ÌõÆÀÂÛ