Linux審計部署
1) 禁用root 登陸
vi /etc/ssh/sshd_config
PermitRootLogin no
2) 修改啟動模式 3
vi /etc/inittab
3) 關服務
export LANG=en
chkconfig --level 2345 bluetooth off
chkconfig --level 2345 ip6tables off
chkconfig --level 2345 nfslock off
chkconfig --level 2345 nfs off
chkconfig --level 2345 sendmail off
chkconfig --list bluetooth
chkconfig --list ip6tables
chkconfig --list nfslock
chkconfig --list nfs
chkconfig --list sendmail
/etc/init.d/sendmail stop
/etc/init.d/bluetooth stop
/etc/init.d/ip6tables stop
/etc/init.d/nfslock stop
/etc/init.d/nfs stop
/etc/init.d/sendmail status
/etc/init.d/bluetooth status
/etc/init.d/ip6tables status
/etc/init.d/nfslock status
/etc/init.d/nfs status
/etc/init.d/portmap stop
chkconfig --level 2345 portmap off
chkconfig --list portmap
/etc/init.d/portmap status
/etc/init.d/cups stop
chkconfig --level 2345 cups off
chkconfig --list cups
/etc/init.d/cups status
4) 審計
chkconfig --list | grep auditd
service auditd status
service auditd restart
vi /etc/audit/audit.rules
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
vi /etc/ssh/sshd_config
PermitRootLogin no
2) 修改啟動模式 3
vi /etc/inittab
3) 關服務
export LANG=en
chkconfig --level 2345 bluetooth off
chkconfig --level 2345 ip6tables off
chkconfig --level 2345 nfslock off
chkconfig --level 2345 nfs off
chkconfig --level 2345 sendmail off
chkconfig --list bluetooth
chkconfig --list ip6tables
chkconfig --list nfslock
chkconfig --list nfs
chkconfig --list sendmail
/etc/init.d/sendmail stop
/etc/init.d/bluetooth stop
/etc/init.d/ip6tables stop
/etc/init.d/nfslock stop
/etc/init.d/nfs stop
/etc/init.d/sendmail status
/etc/init.d/bluetooth status
/etc/init.d/ip6tables status
/etc/init.d/nfslock status
/etc/init.d/nfs status
/etc/init.d/portmap stop
chkconfig --level 2345 portmap off
chkconfig --list portmap
/etc/init.d/portmap status
/etc/init.d/cups stop
chkconfig --level 2345 cups off
chkconfig --list cups
/etc/init.d/cups status
4) 審計
chkconfig --list | grep auditd
service auditd status
service auditd restart
vi /etc/audit/audit.rules
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/22661144/viewspace-1413188/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Linux網路流量安全審計Linux
- DM7審計之物件審計物件
- DM7審計之語句序列審計
- DM7審計之語句級審計
- 在Linux中,如何理解安全審計工具?如Lynis和OSSEC。Linux
- Java程式碼審計篇 - ofcms系統審計思路講解 - 篇4 - XXE漏洞審計Java
- 開源大資料叢集部署(九)Ranger審計日誌整合(solr)大資料RangerSolr
- AUDIT審計(2)
- Oracle審計(轉)Oracle
- Kubernetes 審計(Auditing)
- IT審計隨想
- Oracle:審計清理Oracle
- MySQL審計auditMySql
- Oracle Linux 7使用syslog來管理Oracle ASM的審計檔案OracleLinuxASM
- Linux Samba 部署LinuxSamba
- Linux部署ShowDocLinux
- Java程式碼審計篇 - ofcms系統審計思路講解 - 篇3 - 檔案上傳漏洞審計Java
- Java程式碼審計篇 - ofcms系統審計思路講解 - 篇2 - SQL隱碼攻擊漏洞審計JavaSQL
- ORACLE AUDIT審計(1)Oracle
- vertica審計日誌
- buu 程式碼審計
- JFinalcms程式碼審計
- CSCMS程式碼審計
- Spring Data Commons審計Spring
- SQL Server 審計(Audit)SQLServer
- Linux安裝部署Linux
- linux 上部署 seleniumLinux
- linux下部署 tomcatLinuxTomcat
- linux 部署jar包LinuxJAR
- linux yum 源部署Linux
- Linux部署之Docker方式部署專案LinuxDocker
- 什麼是程式碼審計?程式碼審計有什麼好處?
- 基於Java關鍵詞審計技巧?網路安全原始碼審計Java原始碼
- [20180525]丟失審計.txt
- 程式碼審計————目錄
- 運維審計系統運維
- 日誌審計系統
- Graudit程式碼安全審計
- Java 審計之SSRF篇Java