Pro zjisteni pouzijeme aide tak aby sledovala cely fs krome /dev a /proc .
- spustime aide -C (vytvori nam referencni soubor)
- prihlasime se a napiseme par prikazu
- aide -i > aide.diff
Zapsane soubory jsou tyto:
- /var/log/btmp
- /var/log/wtmp(utmp)
- /var/log/lastlog
- /var/log/secure
- /var/log/.bash_history
zaznamenava spatne loginy - binarni soubor. lastb pro zobrazeni.
ad 2.
zaznamenava vsechny loginy - binarni soubor. last pro zobrazeni
Oba zaznemenavaji cas a IP adresu
ad 3.
textovy soubor kde je zapis posledniho prihlaseni pro vsechny uzivatele. lastlog pro zobrazeni
ad 4.
textovy soubor se vsim moznym co se tyka bezpecnosti (zaznamenany spatny pokus o nalogovani)
ad 5.
textovy soubor s historii prikazu.
who
Shows a listing of currently logged-in users.
w
Shows who is logged on and what they are doing.
last
Shows a list of last logged-in users, including login time, logout time, login IP address, etc.
lastb
Same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
lastlog
This command reports data maintained in /var/log/lastlog, which is a record of the last time a user logged in.
ac
Prints out the connect time in hours on a per-user basis or daily basis etc. This command reads /var/log/wtmp.
dump-utmp
Converts raw data from /var/run/utmp or /var/log/wtmp into ASCII-parsable format.
No comments:
Post a Comment