服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 如何在CentOS上安装auditd?
Intereting Posts
Drupalpipe理部分 – 页面未find 只上载OpenSSH和Linux的SFTP? 从Cisco Catalyst到EnGenius的中继端口 VHD上的Windows服务器和客户端的加载,比较和差异registry? 如何使用我们现有的mac专业人士作为分布式存储? ssh使用开瓶器通过http代理失败 正确的方法在Google Analytics中logging自己 禁用ADSL路由器端口之间的路由 Server 2012 NPS服务器不validationIKEv2请求 通过java客户端代码的服务器UnknownHostException 在Tomcat重新启动之后,JSP修改会保留吗? 在防火墙后面使用带有Exchange服务器的Android 2.0 Nginx的proxy_cache_purge替代 – 从caching中获取文件 用于Windows Web Server 2008的Active Directory? PowerShell:复制GPO失败HRESULT:0x8007000D

如何在CentOS上安装auditd?

如何在CentOS 6.4 x64上安装auditd? 我想要logging所有由pipe理员运行的命令在生产服务器上loggingpipe理员运行的所有命令编辑:我无法运行aduditd服务

我做了这个tut 在这里input链接描述 

sudo yum install audit sudo chkconfig auditd on

将这两行添加到/etc/audit/audit.rules 

 -a exit,always -F arch=b64 -F euid=0 -S execve -a exit,always -F arch=b32 -F euid=0 -S execve

我运行了一些命令,没有auditd目录login/ var / log /

现在审计不起作用,我不能得到运行服务。 在消息日志中我得到这个 

 Sep 7 18:05:40 vesoljedomen auditd[6777]: Started dispatcher: /sbin/audispd pid: 6779 Sep 7 18:05:40 vesoljedomen audispd: No plugins found, exiting Sep 7 18:05:40 vesoljedomen auditd[6777]: Unable to set audit pid, exiting Sep 7 18:05:40 vesoljedomen auditd: Cannot daemonize (Success) Sep 7 18:05:40 vesoljedomen auditd: The audit daemon is exiting. Sep 7 18:05:40 vesoljedomen auditd[6777]: The audit daemon is exiting. Sep 7 18:05:47 vesoljedomen auditd[6791]: Started dispatcher: /sbin/audispd pid: 6793 Sep 7 18:05:47 vesoljedomen audispd: No plugins found, exiting Sep 7 18:05:47 vesoljedomen auditd[6791]: Unable to set audit pid, exiting Sep 7 18:05:47 vesoljedomen auditd: Cannot daemonize (Success) Sep 7 18:05:47 vesoljedomen auditd: The audit daemon is exiting. Sep 7 18:05:47 vesoljedomen auditd[6791]: The audit daemon is exiting. Sep 7 18:06:01 vesoljedomen auditd[6924]: Started dispatcher: /sbin/audispd pid: 6926 Sep 7 18:06:01 vesoljedomen audispd: No plugins found, exiting Sep 7 18:06:01 vesoljedomen auditd[6924]: Unable to set audit pid, exiting Sep 7 18:06:01 vesoljedomen auditd: Cannot daemonize (Success) Sep 7 18:06:01 vesoljedomen auditd: The audit daemon is exiting. Sep 7 18:06:01 vesoljedomen auditd[6924]: The audit daemon is exiting. -bash-4.1# -bash-4.1# chkconfig --list | grep auditd -bash: -bash-4.1#: command not found -bash-4.1# auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off Usage: auditd [-f] [-l] [-n] [-s disable|enable|nochange] -bash-4.1# -bash-4.1# service auditd status -bash: -bash-4.1#: command not found -bash-4.1# service auditd start -bash-4.1# auditd is stopped

目录被称为/var/log/audit/ not /var/log/auditd/

如果丢失,然后有人删除该目录,运行sudo yum reinstall audit重新创build它。

audit是默认安装并运行,反正运行sudo service auditd start

注意:

我想logging所有由pipe理员运行的命令在生产服务器上loggingpipe理员运行的所有命令

auditd将不会帮助你,因为它不能logging所有东西,特别是当日志存储在同一台机器上时。