Enable ISM Server User operation Auditing
問題提出: ISMServer由於管理原因授權其他使用者有activate及處理profile、element的許可權。有天發現ISMServer上面的監控的Profile莫名其妙的被人刪了,實在發現這是個安全隱患。
解決: 到$NCHOME/ism/profiles/deleted裡面把查詢一下,把被刪除的profile複製到active下面
cd $NCHOME/ism/profile/deleted
cp xxxxxxx.xml ../active
修改passfile的登入密碼,進行相應的許可權限制
開啟日誌審計
vi $NCHOME/ism/ismserver/ismserver.props
編輯
auditlog=true
auditlogfile=ismserver_useraudit.log
auditlogfilesize=10000
重啟ismserver
./ismserver_stop.sh
nohup ./ismserver_start.sh &
登入ismserver檢查是否有日誌記錄
cd /opt/netcool/log/ism/
[root@ismServer ism]# more ismserver_useraudit.log
13/August/2009:09:32:17 -- 192.168.103.135 ism -- ACTION: LOGOUT -- -- RESULT: SUCCESS
13/August/2009:09:32:24 -- 192.168.103.135 - -- ACTION: LOGIN -- USERNAME: ism PASSWORD: sdlf -- RESULT: FAILURE
13/August/2009:09:32:31 -- 192.168.103.135 ism -- ACTION: LOGIN -- -- RESULT: SUCCESS
[root@ismServer ism]#
可以看到有審計的日誌,每天透過此日誌審計,使用者是否有越權操作,責任到人。
其實最好的方式是把使用者的許可權限制到最少,什麼操作都做不得,至少沒有增刪的許可權。
參考netcool infocenter文章
[@more@]來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/12262773/viewspace-1025236/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- tidb Error: Operation aborted by user answer '' (cliutil.operation_aborted)TiDBError
- maridb Error 'Operation DROP USER failed forErrorAI
- Enable Oracle NUMA support with Oracle Server Version 11.2.0.1OracleServer
- Standard Database AuditingDatabase
- Auditing Database AccessDatabase
- -bash: ulimit: max user processes: cannot modify limit: Operation not permitted問題的處理MIT
- sql server 基於fix補丁之incremental servicing model或ISM初識之一SQLServerREM
- Fine Grained Auditing (FGA)AI
- MySQL建立使用者報錯 ERROR 1396 (HY000): Operation CREATE USER failed for 'afei'@'%'MySqlErrorAI
- How to enable Hibernate option in windows 2008 R2 server?WindowsServer
- enable password 7與enable secret的區別
- Hacked VisualSVN Server by PHP to allow user change passwordServerPHP
- Timeout expired. The timeout period elapsed prior to completion of the operation or the server is noServer
- oracle ENABLE=BROKENOracle
- ODM enable on Veritas
- Elasticsearch Auditing(es的審計功能)Elasticsearch
- enable_index_filterIndexFilter
- How to enable the flashback database:Database
- How to enable trace in OracleOracle
- FSM:Enable shift register
- ISM Web工業視覺化組態軟體Web視覺化
- Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.Server
- macOS: sudo : Operation not permittedMacMIT
- oracle redo log operationOracle Redo
- Oracle 12c 統一審計(Unified Auditing)OracleNifi
- 基於值的審計(value-based auditing)
- oracleasm enable顯示失敗OracleASM
- enable table lock 的enqueue等待ENQ
- enable run glance utility in windows CMDWindows
- ASM file metadata operationASM
- Spring中Enable*功能的使用Spring
- 如何enable ActiveX 及JavaScript in IEJavaScript
- Practical Road Safety Auditing.pdf 免費下載
- 3.4.3 Restoring the System to Normal OperationRESTORM
- Enable CSS active pseudo styles in Mobile SafariCSS
- How to enable NUMA on 10G @ linuxLinux
- 轉: enable multipathing on RedHat Linux 5.3RedhatLinux
- Event 10046 - Enable SQL Statement TraceSQL