×ðÁú¿­Ê±¹ÙÍøµÇ¼

LinuxÇéÐÎϵÄÈÕÖ¾ÆÊÎöÓëÍøÂçÇå¾²

linuxÇéÐÎϵÄÈÕÖ¾ÆÊÎöÓëÍøÂçÇå¾²

½üÄêÀ´£¬Ëæ×Å»¥ÁªÍøµÄÆÕ¼°ºÍÉú³¤£¬ÍøÂçÇå¾²ÎÊÌâ±äµÃÈÕÒæÑÏËà¡£¹ØÓÚÆóÒµÀ´Ëµ£¬± £»¤ÅÌËã»úϵͳµÄÇå¾²ºÍÎȹÌÖÁ¹ØÖ÷Òª¡£¶øLinux×÷ΪһÖָ߶ÈÎȹ̺Ϳɿ¿µÄ²Ù×÷ϵͳ£¬Ô½À´Ô½¶àµÄÆóҵѡÔñ½«Æä×÷ΪЧÀÍÆ÷ÇéÐΡ£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃLinuxÇéÐÎϵÄÈÕÖ¾ÆÊÎö¹¤¾ßÀ´ÌáÉýÍøÂçÇå¾²ÐÔ£¬²¢¸½´øÏà¹Ø´úÂëʾÀý¡£

Ò»¡¢ÈÕÖ¾ÆÊÎöµÄÖ÷ÒªÐÔ

ÔÚÅÌËã»úϵͳÖУ¬ÈÕÖ¾ÊǼͼϵͳÔËÐм°ÆäÏà¹ØÊÂÎñµÄÖ÷Òª·½·¨¡£Í¨¹ý¶ÔϵͳÈÕÖ¾µÄÆÊÎö£¬ÎÒÃÇ¿ÉÒÔÏàʶϵͳµÄÔËÐÐ״̬¡¢Ê¶±ðÒì³£ÐÐΪ¡¢×·×Ù¹¥»÷ȪԴµÈ¡£Òò´Ë£¬ÈÕÖ¾ÆÊÎöÔÚÍøÂçÇå¾²ÖÐÊÎÑÝ×ÅÖÁ¹ØÖ÷ÒªµÄ½ÇÉ«¡£

¶þ¡¢ÈÕÖ¾ÆÊÎö¹¤¾ßµÄÑ¡Ôñ

ÔÚLinuxÇéÐÎÖУ¬³£ÓõÄÈÕÖ¾ÖÎÀí¹¤¾ßÓÐsyslogd¡¢rsyslogºÍsystemdµÈ¡£ÆäÖÐrsyslogÊÇÒ»¸ö¸ßÐÔÄܵÄÈÕÖ¾ÖÎÀíϵͳ£¬¿ÉÒÔÊä³öµ½ÍâµØÎļþ¡¢Ô¶³ÌsyslogЧÀÍÆ÷ºÍÊý¾Ý¿âµÈ¡£ËüÓëLinuxϵͳ¼¯³ÉϸÃÜ£¬²¢ÇÒÖ§³Ö¸»ºñµÄ¹ýÂ˺ÍÈÕÖ¾ÃûÌû¯¹¦Ð§¡£

ÏÂÃæÊÇÒ»¸öʾÀýµÄÉèÖÃÎļþ/etc/rsyslog.confµÄ¼ò»¯°æ±¾£º

#È«¾ÖÉèÖÃ
$ModLoad imuxsock
$ModLoad imklog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$WorkDirectory /var/spool/rsyslog

#ĬÈÏÊä³öÈÕÖ¾µ½Îļþ
*.*                         /var/log/syslog

#Êä³öÌض¨ÀàÐ͵ÄÈÕÖ¾µ½Ö¸¶¨Îļþ
user.info                   /var/log/user-info.log
user.warn                   /var/log/user-warn.log

#Êä³öÌض¨×°±¸µÄÈÕÖ¾µ½Ö¸¶¨Îļþ
if $fromhost-ip == '192.168.1.100' then /var/log/device-1.log

µÇ¼ºó¸´ÖÆ

ÒÔÉÏÉèÖý«ÏµÍ³ÈÕÖ¾Êä³öµ½/var/log/syslogÎļþ£¬½«user.infoÀàÐ͵ÄÈÕÖ¾Êä³öµ½/var/log/user-info.logÎļþ£¬Î´À´×ÔIPµØµãΪ192.168.1.100µÄ×°±¸µÄÈÕÖ¾Êä³öµ½/var/log/device-1.logÎļþ¡£

Èý¡¢»ùÓÚÈÕÖ¾µÄÍøÂçÇå¾²ÆÊÎö

ϵͳÐÐΪÆÊÎö

̫ͨ¹ýÎöϵͳÈÕÖ¾£¬ÎÒÃÇ¿ÉÒÔÏàʶϵͳÊÇ·ñÊܵ½ÁËÒì³£»á¼û¡¢µÇ¼ʧ°ÜµÈÊÂÎñµÄÓ°Ïì¡£ÀýÈ磬ÎÒÃÇ¿ÉÒÔ̫ͨ¹ýÎö/var/log/auth.logÎļþÀ´¼ì²âÊÇ·ñÓб©Á¦ÆƽâµÄµÇ¼ʵÑé¡£

ʾÀý´úÂ룺

grep "Failed password for" /var/log/auth.log

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂ뽫²éÕÒ²¢ÏÔʾ/var/log/auth.logÎļþÖаüÀ¨”Failed password for”µÄÐУ¬¼´µÇ¼ʧ°ÜµÄ¼Í¼¡£Í¨¹ýÕâÖÖ·½·¨£¬ÎÒÃÇ¿ÉÒÔ×·×Ùʧ°ÜµÇ¼µÄ´ÎÊýºÍȪԴIPµØµã£¬½øÒ»²½ÔöǿϵͳµÄÇå¾²ÐÔ¡£

Çå¾²ÊÂÎñ×·×Ù

µ±ÏµÍ³±¬·¢Çå¾²ÊÂÎñʱ£¬Í¨Ì«¹ýÎöÈÕÖ¾£¬ÎÒÃÇ¿ÉÒÔÏàʶÊÂÎñµÄÏêϸϸ½ÚºÍÔµ¹ÊÔ­ÓÉ£¬²¢×·×Ù¹¥»÷ȪԴ¡£ÀýÈ磬µ±ÏµÍ³ÔâÊܵ½DDoS¹¥»÷ʱ£¬ÎÒÃÇ¿ÉÒÔ̫ͨ¹ýÎö/var/log/syslogÀ´Ê¶±ð¹¥»÷Á÷Á¿ºÍ¹¥»÷Ä¿µÄ¡£

ʾÀý´úÂ룺

grep "ddos" /var/log/syslog

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂ뽫²éÕÒ²¢ÏÔʾ/var/log/syslogÎļþÖаüÀ¨”ddos”µÄÐУ¬´Ó¶øʶ±ðÓëDDoS¹¥»÷Ïà¹ØµÄ¼Í¼¡£Í¨Ì«¹ýÎöÕâЩ¼Í¼£¬ÎÒÃÇ¿ÉÒÔƾ֤¹¥»÷µÄÌØÕ÷Öƶ©Õë¶ÔÐÔµÄÇå¾²·À»¤Õ½ÂÔ¡£

Òì³£ÊÂÎñ¼à¿Ø

ͨ¹ýʵʱ¼à¿ØϵͳÈÕÖ¾£¬ÎÒÃÇ¿ÉÒÔʵʱ·¢Ã÷ϵͳµÄÒì³£ÐÐΪ£¬²¢½ÓÄÉÏìÓ¦µÄÓ¦¶Ô²½·¥¡£ÀýÈ磬ÎÒÃÇ¿ÉÒÔ±àдһ¸ö½ÅÔ­À´ÊµÊ±¼à¿Ø/var/log/syslogÎļþ£¬Ò»µ©·ºÆðÒì³£µÇ¼»òÕß»á¼û£¬Á¬Ã¦·¢ËÍÓʼþ»òÕ߶ÌÐÅ֪ͨÖÎÀíÔ±¡£

ʾÀý´úÂ룺

tail -f /var/log/syslog | grep "Failed password" | mail -s "Warning: Failed login attempt" admin@example.com

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖУ¬tail -fÏÂÁîÓÃÓÚʵʱ¼à¿Ø/var/log/syslogÎļþ£¬grepÏÂÁîÓÃÓÚ¹ýÂ˳ö°üÀ¨”Failed password”µÄÐУ¬È»ºóͨ¹ýÓʼþ·½·¨Í¨ÖªÖÎÀíÔ±¡£

ËÄ¡¢×ܽá

ͨ¹ý¶ÔlinuxÇéÐÎϵÄÈÕÖ¾ÆÊÎöÓëÍøÂçÇå¾²µÄ̽ÌÖ£¬ÎÒÃÇÏàʶµ½ÁËÈÕÖ¾ÆÊÎöÔÚÍøÂçÇå¾²ÖеÄÖ÷ÒªÐÔ¡£Í¬Ê±£¬Í¨¹ýʹÓÃrsyslog¹¤¾ß£¬ÎÒÃÇ¿ÉÒÔÀû±ãµØÍøÂç¡¢ÆÊÎöºÍ¼ì²âϵͳµÄÈÕÖ¾ÐÅÏ¢¡£ÔÚÏÖʵӦÓÃÖУ¬ÎÒÃÇ¿ÉÒÔƾ֤ÐèÒª±àдÏìÓ¦µÄ½ÅÔ­À´ÊµÏÖ×Ô¶¯»¯µÄÈÕÖ¾ÆÊÎöºÍ¼à¿Ø£¬´Ó¶øÌá¸ßÍøÂçÇå¾²ÐÔ¡£

£¨×ÖÊý£º1500×Ö£©

ÒÔÉϾÍÊÇLinuxÇéÐÎϵÄÈÕÖ¾ÆÊÎöÓëÍøÂçÇå¾²µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ