¸ÅÊö
¡¡¡¡ ±£Ö¤ÏµÍ³°²È«µÄÒ»ÏîºÜÖØÒªµÄ¹¤×÷¾ÍÊǶ¨Æڲ鿴ÈÕÖ¾Îļþ¡£ÏµÍ³¹ÜÀíÔ±Ò»°ã±È½Ï棬ûÓÐʱ¼ä¶¨ÆÚÍê³ÉÕâÏ×÷£¬ÕâÑù¾Í¿ÉÄÜ´øÀ´Ò»Ð©°²È«ÎÊÌâ¡£
ÏÂÃæÊÇLogcheck¸ÅÀ¨ÐԵĽéÉÜ£º
ÉóºËºÍ¼Ç¼ϵͳµÄʼþÊǷdz£ÖØÒªµÄ¡£ÌرðÊǵ±ÄãµÄ¼ÆËã»úÁ¬½Óµ½InternetÉÏÖ®ºó£¬ÏµÍ³¹ÜÀíÔ±Èç¹û¶Ô¡°Òì³£¡±µÄʼþ±£³Ö¾¯¾õ£¬¾ÍÄÜ·Àֹϵͳ±»ÈëÇÖ¡£ÔÚUnixϵͳÖÐÈç¹û½ö½ö°Ñϵͳʼþ×÷ΪÈÕÖ¾¼Ç¼ÏÂÀ´£¬¶ø²»È¥²é¿´£¬»¹ÊÇÎÞ¼ÃÓÚÊ¡£Logchek¿ÉÒÔ×Ô¶¯µØ¼ì²éÈÕÖ¾Îļþ£¬ÏÈ°ÑÕý³£µÄÈÕÖ¾ÐÅÏ¢ÌÞ³ýµô£¬°ÑһЩÓÐÎÊÌâµÄÈÕÖ¾±£ÁôÏÂÀ´£¬È»ºó°ÑÕâЩÐÅÏ¢email¸øϵͳ¹ÜÀíÔ±¡£Logcheck±»Éè¼Æ³É×Ô¶¯ÔËÐУ¬¶¨ÆÚ¼ì²éÈÕÖ¾ÎļþÒÔ·¢ÏÖÎ¥·´°²È«¹æÔòÒÔ¼°Òì³£µÄ»î¶¯¡£LogcheckÓÃlogtail³ÌÐò¼ÇסÉÏ´ÎÒѾ¶Á¹ýµÄÈÕÖ¾ÎļþµÄλÖã¬È»ºó´ÓÕâ¸öλÖÿªÊ¼´¦ÀíеÄÈÕÖ¾ÐÅÏ¢¡£
×¢ÒâÊÂÏî
¡¡¡¡ ÏÂÃæËùÓеÄÃüÁÊÇUnix¼æÈݵÄÃüÁî¡£
Դ·¾¶¶¼Îª¡°/var/tmp¡±£¨µ±È»ÔÚʵ¼ÊÇé¿öÖÐÒ²¿ÉÒÔÓÃÆäËü·¾¶£©¡£
°²×°ÔÚRedHat Linux 6.1ºÍ6.2ϲâÊÔͨ¹ý¡£
ÒªÓá°root¡±Óû§½øÐа²×°¡£
LogcheckµÄ°æ±¾ÊÇ1.1.1¡£
Èí¼þ°üµÄÀ´Ô´
¡¡¡¡ LogcheckµÄÖ÷Ò³£ºhttp://www.psionic.com/abacus/logcheck/¡£
ÏÂÔØ£ºlogcheck-1.1.1.tar.gz¡£
°²×°Èí¼þ°üÐèҪעÒâµÄÎÊÌâ
¡¡¡¡ ×îºÃÔÚ±àÒëÇ°ºÍ±àÒëºó¶¼×öÒ»ÕÅϵͳÖÐËùÓÐÎļþµÄÁÐ±í£¬È»ºóÓá°diff¡±ÃüÁîÈ¥±È½ÏËüÃÇ£¬ÕÒ³öÆäÖеIJî±ð²¢ÖªµÀµ½µ×°ÑÈí¼þ°²×°ÔÚÄÄÀï¡£Ö»Òª¼òµ¥µØÔÚ±àÒë֮ǰÔËÐÐÒ»ÏÂÃüÁî¡°find /* >Logcheck1¡±£¬ÔÚ±àÒëºÍ°²×°ÍêÈí¼þÖ®ºóÔËÐÐÃüÁî¡°find /* > Logcheck2¡±£¬×îºóÓÃÃüÁî¡°diff Logcheck1 Logcheck2 > Logcheck-Installed¡±ÕÒ³ö±ä»¯¡£
½âѹÈí¼þ°ü
¡¡¡¡ °ÑÈí¼þ°ü£¨tar.gz£©½âѹ£º
[root@deep /]# cp logcheck-version.tar.gz /var/tmp/
¡¡¡¡ [root@deep /]# cd /var/tmp
¡¡¡¡ [root@deep tmp]# tar xzpf logcheck-version.tar.gz
±àÒëºÍÓÅ»¯
¡¡¡¡ ±ØÐëÐ޸ġ°Makefile¡±Îļþ£¬ÉèÖÃLogcheckµÄ°²×°Â·¾¶¡¢±àÒë±ê¼Ç£¬»¹Òª¸ù¾ÝÄãµÄϵͳ½øÐÐÓÅ»¯¡£±ØÐë¸ù¾ÝRedHatµÄÎļþϵͳ½á¹¹À´Ð޸ġ°Makefile¡±Îļþ£¬²¢ÇÒÔÚ¡°PATH¡±»·¾³±äÁ¿µÄÉ趨µÄ·¾¶Öа²×°LogcheckµÄ½Å±¾Îļþ¡£
µÚÒ»²½
תµ½LogcheckËùÔÚµÄĿ¼¡£
±à¼¡°Makefile¡±Îļþ£¨vi Makefile£©²¢¸Ä±äÏÂÃæÕâЩÐУº
CC = cc
¸ÄΪ£º
CC = egcs
CFLAGS = -O
¸ÄΪ£º
CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions
INSTALLDIR = /usr/local/etc
¸ÄΪ£º
INSTALLDIR = /etc/logcheck
INSTALLDIR_BIN = /usr/local/bin
¸ÄΪ£º
INSTALLDIR_BIN = /usr/bin
INSTALLDIR_SH = /usr/local/etc
¸ÄΪ£º
INSTALLDIR_SH = /usr/bin
TMPDIR = /usr/local/etc/tmp
¸ÄΪ£º
TMPDIR = /etc/logcheck/tmp
ÉÏÃæÕâЩÐÞ¸ÄÊÇΪÁË°Ñ¡°Makefile¡±ÅäÖÃΪʹÓá°egcs¡±±àÒëÆ÷£¬Ê¹ÓÃÊÊÓ¦ÓÚÎÒÃÇϵͳµÄ±àÒëÓÅ»¯±ê¼Ç£¬²¢ÇÒ°ÑLogcheckµÄ°²×°Ä¿Â¼ÉèÖóÉ×ñÑRedHatµÄÎļþϵͳ½á¹¹¡£
µÚ¶þ²½
±à¼¡°Makefile¡±Îļþ£¨vi +67 Makefile£©¸Ä±äÏÂÃæÕâЩÐУº
@if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fi
¸ÄΪ£º
@if [ ! -d $(TMPDIR) ]; then /bin/mkdir -p $(TMPDIR); fi
¼ÓÉÏ¡°-p¡±²ÎÊýÊÇÈð²×°³ÌÐò¸ù¾ÝÐèÒª×Ô¶¯´´½¨Ä¿Â¼¡£
µÚÈý²½
°²×°Logcheck£º
[root@deep logcheck-1.1.1]# make linux
ÉÏÃæµÄÃüÁîΪLinux²Ù×÷ϵͳÅäÖÃLogcheck£¬È»ºó°ÑÔ´Îļþ±àÒë³É¶þ½øÖÆÎļþ£¬×îºó°Ñ¶þ½øÖÆÎļþºÍÅäÖÃÎļþ¿½±´µ½ÏàÓ¦µÄĿ¼¡£
Çå³ý²»±ØÒªµÄÎļþ
¡¡¡¡ ÓÃÏÂÃæµÄÃüÁîɾ³ý²»±ØÒªµÄÎļþ£º
[root@deep /]# cd /var/tmp
¡¡¡¡ [root@deep tmp]# rm -rf logcheck-version/ logcheck-version_tar.gz
¡°rm¡±ÃüÁîɾ³ýËùÓбàÒëºÍ°²×°LogcheckËùÐèÒªµÄÔ´³ÌÐò£¬²¢ÇÒ°ÑLogcheckÈí¼þµÄѹËõ°üɾ³ýµô¡£
ÅäÖá°/usr/bin/logcheck.sh¡±Îļþ
¡¡¡¡ ÒòΪÎÒÃDz»Ê¹Óá°/usr/local/etc¡±Õâ¸ö·¾¶£¬ËùÒÔ±ØÐë¸Ä±ä¡°logcheck.hacking¡±¡¢¡°logcheck.violations¡±¡¢¡°logcheck.ignore¡±¡¢¡°logcheck.violations.ignore¡±ºÍ¡°logtail¡±ÖÐËùÓеÄ·¾¶µ½Òª¸Ä±ä¡£LogcheckµÄ½Å±¾Îļþ¡°/usr/bin/logcheck.sh¡±ÔÊÐíÉèÖÃһЩѡÏ¿ÉÒԸıä·¾¶ºÍ³ÌÐòµÄÔËÐС£ÕâЩ¶¼ÓÐÏêϸµÄ×¢ÊÍ£¬Ò²ºÜ¼òµ¥¡£
µÚÒ»²½
±à¼¡°logcheck.sh¡±Îļþ£¨vi /usr/bin/logcheck.sh£©²¢ÇҸı䣺
LOGTAIL=/usr/local/bin/logtail
¸ÄΪ£º
LOGTAIL=/usr/bin/logtail
TMPDIR=/usr/local/etc/tmp
¸ÄΪ£º
TMPDIR=/etc/logcheck/tmp
HACKING_FILE=/usr/local/etc/logcheck.hacking
¸ÄΪ£º
HACKING_FILE=/etc/logcheck/logcheck.hacking
VIOLATIONS_FILE=/usr/local/etc/logcheck.violations
¸ÄΪ£º
VIOLATIONS_FILE=/etc/logcheck/logcheck.violations
VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore
¸ÄΪ£º
VIOLATIONS_IGNORE_FILE=/etc/logcheck/logcheck.violations.ignore
IGNORE_FILE=/usr/local/etc/logcheck.ignore
¸ÄΪ£º
IGNORE_FILE=/etc/logcheck/logcheck.ignore
µÚ¶þ²½
°ÑLogcheck·Åµ½crontabÖУ¬Ê¹Ö®³ÉΪcronjob£º
°²×°ÍêLogcheckÖ®ºó£¬±ØÐëÒÔ¡°root¡±È¨Ïޱ༱¾µØµÄ¡°crontab¡±Îļþ£¬²¢°ÑLogcheckÉèÖóÉÿСʱÔËÐÐÒ»´Î£¨µ±È»ÄãÒ²¿ÉÒÔ°Ñʱ¼äÉ賤һµã»òÕßÉè¶ÌÒ»µã£©¡£
l ÓÃÏÂÃæµÄÃüÁî±à¼crontab£º
[root@deep /]# crontab -e
# Hourly check Log files for security violations and unusual activity.
¡¡¡¡ 00 * * * * /usr/bin/logcheck.sh
×¢Ò⣺Èç¹ûûÓбØÒªµÄ»°£¬LogcheckÊDz»»áÓÃemail±¨¸æÈκζ«Î÷µÄ¡£
°²×°µ½ÏµÍ³ÖеÄÎļþ
¡¡¡¡ > /etc/logcheck
¡¡¡¡ > /usr/bin/logcheck.sh
¡¡¡¡ > /etc/logcheck/tmp
¡¡¡¡ > /etc/logcheck/logcheck.hacking
¡¡¡¡ > /etc/logcheck/logcheck.violations
¡¡¡¡ > /etc/logcheck/logcheck.violations.ignore
¡¡¡¡ > /etc/logcheck/logcheck.ignore
¡¡¡¡ > /usr/bin/logtail
¡¡¡¡ > /var/log/messages.offset
¡¡¡¡ > /var/log/secure.offset
¡¡¡¡ > /var/log/maillog.offset
°æȨ˵Ã÷
¡¡¡¡ ÕâƪÎÄÕ·ÒëºÍ¸Ä±à×ÔGerhard MouraniµÄ¡¶Securing and Optimizing Linux: RedHat Edition¡·£¬ÔÎļ°Æä°æȨÐÒéÇë²Î¿¼£ºwww.openna.com¡£