×ðÁú¿­Ê±¹ÙÍøµÇ¼

ÔõÑù¾ÙÐÐLinuxϵͳµÄÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎö

ÔõÑù¾ÙÐÐLinuxϵͳµÄÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎö

×÷ΪһÖÖ¿ªÔ´µÄ²Ù×÷ϵͳ£¬LinuxÔÚÆóÒµºÍСÎÒ˽ÈËÓû§ÖÐÊܵ½ÁËÆÕ±éµÄʹÓá£È»¶ø£¬Ëæ×ÅÍøÂç¹¥»÷ºÍºÚ¿ÍÊÖÒÕµÄÒ»Ö±Éú³¤£¬°ü¹ÜLinuxϵͳµÄÇå¾²ÐÔ±äµÃÓÈΪÖ÷Òª¡£ÎªÁËʵʱ·¢Ã÷ºÍÓ¦¶ÔÇå¾²Íþв£¬¾ÙÐÐÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎöÊDZز»¿ÉÉٵġ£±¾ÎĽ«ÏòÄúÏÈÈÝLinuxϵͳµÄÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎö£¬²¢ÌṩÁËÏêϸµÄ´úÂëʾÀý¡£

Çå¾²Éó¼Æ£º

Çå¾²Éó¼ÆÊǶÔϵͳ¾ÙÐÐÖÜÈ«¼ì²éºÍÆÊÎö£¬ÒÔ·¢Ã÷DZÔÚµÄÎó²îºÍÇå¾²Íþв¡£ÏÂÃæÊÇһЩ³£ÓõÄLinuxϵͳÇå¾²Éó¼Æ¹¤¾ßºÍÊÖÒÕ£º

1.1 Éó¼ÆÈÕÖ¾£¨Audit Log£©

Linuxϵͳ×Ô´øµÄÉó¼Æ¹¤¾ß¿ÉÒԼͼϵͳµÄÖ÷Òª²Ù×÷ºÍÊÂÎñ£¬ÈçµÇ¼¡¢Îļþ¸ü¸Ä¡¢Àú³ÌÆô¶¯µÈ¡£¿ÉÒÔʹÓÃauditctlºÍausearchÏÂÁîÀ´ÉèÖúÍÅÌÎÊÉó¼ÆÈÕÖ¾¡£ÏÂÃæÊÇÒ»¸öʾÀý£º

# ¿ªÆôÉó¼ÆÈÕÖ¾
auditctl -e 1

# ÅÌÎÊÉó¼ÆÈÕÖ¾
ausearch -m USER_LOGIN

µÇ¼ºó¸´ÖÆ

1.2 OpenSCAP

OpenSCAPÊÇÒ»¿î¿ªÔ´µÄÇå¾²ºÏ¹æÐÔÆÀ¹À¹¤¾ß£¬¿ÉÒÔ¶ÔLinuxϵͳ¾ÙÐÐ×Ô¶¯»¯µÄÇå¾²Éó¼Æ¡£ÏÂÃæÊÇÒ»¸öʹÓÃOpenSCAP¼ì²éϵͳÇå¾²ÐÔµÄʾÀý£º

# ×°ÖÃOpenSCAP
yum install -y openscap-scanner scap-security-guide

# ÔËÐÐÇ徲ɨÃè
oscap xccdf eval --profile stig-rhel7-server-upstream /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

µÇ¼ºó¸´ÖÆ

1.3 Lynis

LynisÊÇÒ»¿îÇáÁ¿¼¶µÄÇå¾²Éó¼Æ¹¤¾ß£¬¿ÉÒÔɨÃè²¢ÆÀ¹ÀϵͳµÄÇ徲״̬¡£ÒÔÏÂÊÇÒ»¸öʹÓÃLynis¾ÙÐÐÇå¾²Éó¼ÆµÄʾÀý£º

# ×°ÖÃLynis
apt install -y lynis

# ÔËÐÐÇ徲ɨÃè
lynis audit system

µÇ¼ºó¸´ÖÆ

ÈÕÖ¾ÆÊÎö£º

ÈÕÖ¾ÆÊÎöÊÇͨ¹ý¶ÔϵͳÈÕÖ¾µÄ¼à¿ØºÍÆÊÎö£¬À´·¢Ã÷ºÍʶ±ðDZÔÚµÄÇå¾²Íþв¡£ÏÂÃæÊÇһЩ³£ÓõÄLinuxϵͳÈÕÖ¾ÆÊÎö¹¤¾ßºÍÊÖÒÕ£º

2.1 ELK Stack

ELK StackÊÇÒ»×éÇ¿Ê¢µÄÈÕÖ¾ÖÎÀí¹¤¾ß£¬°üÀ¨Elasticsearch¡¢LogstashºÍKibana¡£Í¨¹ýʹÓÃELK Stack£¬Äú¿ÉÒÔÇáËɵØÍøÂç¡¢ÆÊÎöºÍ¿ÉÊÓ»¯LinuxϵͳµÄÈÕÖ¾Êý¾Ý¡£ÒÔÏÂÊÇÒ»¸öʹÓÃELK Stack¾ÙÐÐÈÕÖ¾ÆÊÎöµÄʾÀý£º

×°ÖúÍÉèÖÃElasticsearch¡¢LogstashºÍKibana£»

ÉèÖÃLogstashÍøÂçLinuxϵͳµÄÈÕÖ¾Êý¾Ý£»

ʹÓÃKibana½¨ÉèÒDZíÅÌÀ´¿ÉÊÓ»¯ÈÕÖ¾Êý¾Ý¡£

2.2 rsyslog

rsyslogÊÇLinuxϵͳÉϳ£ÓõÄÈÕÖ¾ÖÎÀí¹¤¾ß¡£¿ÉÒÔͨ¹ýÉèÖÃrsyslogÀ´ÍøÂç¡¢¹ýÂ˺ʹ洢ϵͳµÄÈÕÖ¾Êý¾Ý¡£ÒÔÏÂÊÇÒ»¸öʹÓÃrsyslog¾ÙÐÐÈÕÖ¾ÆÊÎöµÄʾÀý£º

# ÉèÖÃrsyslogÍøÂçÈÕÖ¾
vim /etc/rsyslog.conf

# Ìá½»ÉèÖøü¸Ä²¢ÖØÆôrsyslogЧÀÍ
systemctl restart rsyslog

# ÅÌÎÊÈÕÖ¾
cat /var/log/syslog | grep "ERROR"

µÇ¼ºó¸´ÖÆ

×ܽ᣺

LinuxϵͳµÄÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎö¹ØÓÚ°ü¹ÜϵͳµÄÇå¾²ÐÔÖÁ¹ØÖ÷Òª¡£±¾ÎÄÏÈÈÝÁËһЩ³£ÓõÄLinuxϵͳÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎö¹¤¾ß¼°ÊÖÒÕ£¬²¢ÌṩÁËÏìÓ¦µÄ´úÂëʾÀý¡£Ï£Íû¶ÔÄúÓÐËù×ÊÖú£¬Ê¹ÄúÄܸüºÃµØ±£»¤LinuxϵͳÃâÊÜÇå¾²ÍþвµÄÓ°Ïì¡£

ÒÔÉϾÍÊÇÔõÑù¾ÙÐÐLinuxϵͳµÄÇå¾²Éó¼ÆºÍÈÕÖ¾ÆÊÎöµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ