LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºÊ¹ÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²â
LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºÊ¹ÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²â
ÓÉÓÚ»¥ÁªÍøµÄ¿ìËÙÉú³¤ºÍÆÕ±éÓ¦Óã¬Ð§ÀÍÆ÷µÄÇå¾²ÐÔ±äµÃÓÈΪÖ÷Òª¡£Linux²Ù×÷ϵͳÔÚЧÀÍÆ÷ÁìÓòÕ¼ÓÐ×ÅÖ÷Ҫְ룬ÓÉÓÚËü¿É¿¿ÎȹÌÇҾ߱¸Ç¿Ê¢µÄÇå¾²¹¦Ð§¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²â£¬ÒÔÌá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔ¡£
Ò»¡¢ÈëÇÖ¼ì²âµÄÖ÷ÒªÐÔ
ÈëÇÖ¼ì²âÊÇָͨ¹ý¼à¿ØºÍÆÊÎöϵͳÔ˶¯£¬Ê¶±ð¿ÉÄܵÄÍøÂç¹¥»÷ºÍ²»·¨ÐÐΪ¡£Ð§ÀÍÆ÷×÷Ϊ³ÐÔØÍøÕ¾ºÍÓ¦ÓóÌÐòµÄÖ÷Ҫװ±¸£¬¾³£³ÉΪ¹¥»÷ÕßµÄÄ¿µÄ¡£ÊµÊ±·¢Ã÷²¢Ó¦¶ÔÈëÇÖÐÐΪÖÁ¹ØÖ÷Òª£¬¿ÉÒÔ×èÖ¹Êý¾Ýй¶¡¢ÏµÍ³Íß½âºÍЧÀÍÖÐÖ¹µÈÑÏÖØЧ¹û¡£
¶þ¡¢Ê¹ÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²â
Linux²Ù×÷ϵͳÌṩÁËÇ¿Ê¢µÄÏÂÁîÐй¤¾ß£¬¿ÉÒÔ×ÊÖúÎÒÃǾÙÐÐÈëÇÖ¼ì²â¡£ÒÔÏÂÊÇһЩ³£ÓõÄÏÂÁîºÍʾÀý´úÂ룺
Éó²éµÇ¼ÈÕÖ¾
ͨ¹ýÉó²éµÇ¼ÈÕÖ¾¿ÉÒÔ¼à¿ØËÔÚºÎʱºÎµØµÇ¼ЧÀÍÆ÷¡£ÎÒÃÇ¿ÉÒÔʹÓÃÈçÏÂÏÂÁîÉó²éµÇ¼ÈÕÖ¾£º
cat /var/log/auth.log
µÇ¼ºó¸´ÖÆ
¼ì²é¿ª·Å¶Ë¿Ú
¿ª·Å¶Ë¿ÚÊǹ¥»÷ÕßÈëÇÖЧÀÍÆ÷µÄÖ÷ÒªÈë¿Ú¡£ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÀ´¼ì²éЧÀÍÆ÷ÉÏ¿ª·ÅµÄ¶Ë¿Ú£º
netstat -tuln
µÇ¼ºó¸´ÖÆ
²éÕÒÒì³£Àú³Ì
Òì³£Àú³Ì¿ÉÄÜÊÇÈëÇÖÕßÖ²ÈëµÄ¶ñÒâÈí¼þ¡£ÒÔÏÂÏÂÁî¿ÉÒÔÁгöÔËÐÐÔÚЧÀÍÆ÷ÉϵÄËùÓÐÀú³Ì£º
ps -aux
µÇ¼ºó¸´ÖÆ
¼à¿ØϵͳÐÔÄÜ
ѹÁ¦²âÊÔ¿ÉÄÜÊǹ¥»÷ÕßʹÓõÄÒ»ÖÖ³£¼ûÊֶΡ£ÎÒÃÇ¿ÉÒÔʹÓÃÈçÏÂÏÂÁî¼à¿ØЧÀÍÆ÷µÄ¸ºÔØÇéÐΣº
top
µÇ¼ºó¸´ÖÆ
¼ì²é·À»ðǽ
·À»ðǽÊDZ£»¤Ð§ÀÍÆ÷Çå¾²µÄÖ÷Òª×é³É²¿·Ö¡£ÒÔÏÂÏÂÁî¿ÉÒÔÉó²éЧÀÍÆ÷ÉϵķÀ»ðǽ¹æÔò£º
iptables -L
µÇ¼ºó¸´ÖÆ
Èý¡¢×Ô¶¯»¯ÈëÇÖ¼ì²â
³ýÁËÊÖ¶¯Ê¹ÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²âÍ⣬ÎÒÃÇ»¹¿ÉÒÔʹÓÃ×Ô¶¯»¯¹¤¾ßÀ´Ìá¸ßÊÂÇéЧÂÊ¡£ÒÔÏÂÊÇһЩ³£ÓõÄ×Ô¶¯»¯¹¤¾ß£º
AIDE
AIDE£¨Advanced Intrusion Detection Environment£©ÊÇÒ»¿îÓÃÓÚ¼ì²âÎļþºÍĿ¼µÄÍêÕûÐԵŤ¾ß¡£Ëü¿ÉÒÔ°´ÆÚ¾ÙÐÐÎļþÒ»ÖÂÐÔ¼ì²é£¬²¢ÌìÉú±¨¸æÒÔ¹©ÆÊÎö¡£
OSSEC
OSSEC£¨Open Source Security£©ÊÇÒ»¿î¿ªÔ´ÈëÇÖ¼ì²âϵͳ¡£Ëü¼à¿ØЧÀÍÆ÷ÉϵÄÈÕÖ¾Îļþ£¬²¢Æ¾Ö¤Ô¤½ç˵µÄ¹æÔòÀ´¼ì²âDZÔÚµÄÈëÇÖÐÐΪ¡£
Snort
SnortÊÇÒ»¿îÊ¢ÐеÄÈëÇÖ¼ì²âºÍ·ÀÓùϵͳ¡£Ëü¿ÉÒÔʵʱ¼à¿ØÍøÂçÁ÷Á¿£¬²¢Æ¾Ö¤Ô¤½ç˵µÄ¹æÔòÀ´¼ì²âDZÔڵĹ¥»÷ÐÐΪ¡£
ËÄ¡¢×ܽá
LinuxЧÀÍÆ÷µÄÇå¾²ÐÔ¹ØÓÚ±£»¤ÍøÕ¾ºÍÓ¦ÓóÌÐòµÄÎȹÌÔËÐÐÖÁ¹ØÖ÷Òª¡£Í¨¹ýʹÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²â£¬ÎÒÃÇ¿ÉÒÔ¿ìËÙ·¢Ã÷ÈëÇÖÐÐΪ£¬²¢½ÓÄÉÏìÓ¦²½·¥¾ÙÐÐÓ¦¶Ô¡£±ðµÄ£¬×Ô¶¯»¯¹¤¾ß¿ÉÒÔ×ÊÖúÎÒÃÇÌá¸ßÊÂÇéЧÂʺÍ׼ȷÐÔ¡£Ï£Íû±¾ÎÄÄܶÔÄúÏàʶLinuxЧÀÍÆ÷Çå¾²ÐÔÒÔ¼°ÈëÇÖ¼ì²âÓÐËù×ÊÖú¡£
ÒÔÉϾÍÊÇLinuxЧÀÍÆ÷Çå¾²ÐÔ£ºÊ¹ÓÃÏÂÁîÐоÙÐÐÈëÇÖ¼ì²âµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡