Home HomeMicrosoft Press Microsoft Encyclopedia of SecurityConfiguring Windows 2000 Server Securitylinux securityRedhat Linux 7.2 BibleMasterton Graham Podpalacze Ludzi t.1 (SCAN dalAnne McCaffrey Pokolenie wojownikow (2)Sapkowski Andrzej narrenturm XQWZ57GOZN73DR2QO7HIOrwell George Rok 1984 (3)Silverberg Robert Zamek lorda Valentaine'a t.2 (SJ.Chmielewska 2 Wielki diament
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • pruchnik.xlx.pl
    •  

    [ Pobierz całość w formacie PDF ]
    .This will rotate 'x' number of# times based on KEEP_LOGS belowLOG_FILE = "/var/log/sxid.log"# How many logs to keepKEEP_LOGS = "5"166Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing Securities Software (Monitoring Tools) 1CHAPTER 0# Rotate the logs even when there are no changes?ALWAYS_ROTATE = "no"# Directories where +s is forbidden (these are searched# even if not explicitly in SEARCH), EXCLUDE rules applyFORBIDDEN = "/home /tmp"# Remove (-s) files found in forbidden directories?ENFORCE = "yes"# This implies ALWAYS_NOTIFY.It will send a full list of# entries along with the changesLISTALL = "no"# Ignore entries for directories in these paths# (this means that only files will be recorded, you# can effectively ignore all directory entries by# setting this to "/").The default is /home since# some systems have /home g+s.IGNORE_DIRS = "/home"# File that contains a list of (each on it's own line)# of other files that sxid should monitor.This is useful# for files that aren't +s, but relate to system# integrity (tcpd, inetd, apache.).# EXTRA_LIST = "/etc/sxid.list"# Mail program.This changes the default compiled in# mailer for reports.You only need this if you have changed# it's location and don't want to recompile sxid.# MAIL_PROG = "/usr/bin/mail"Step 2Place an entry into root's crontabs to make sXid run as a cronjob:SXid will run from crond; basically it tracks any changes in your s[ug]id files and folders.If thereare any new ones, ones that aren't set any more, or they have changed bits or other modes thenit reports the changes.To add sxid in your cronjob you must edit the crontab and add thefollowing line:" To edit the crontab, use the command (as root):[root@deep /]# crontab -e# Sample crontab entry to run every day at 4am0 4 * * * /usr/bin/sxidFurther documentationFor more details, there are some man pages you can read:$ man sxid.conf (5) - configuration settings for sxid$ man sxid (1) - check for changes in s[ug]id files and directoriessXid Administrative ToolsThis program is meant to run as a cronjob.It must run once a day, but busy shell boxes may wantto run it twice a day.You can also run this manually for spot-checking." To run sxid manually, use the command:167Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing Securities Software (Monitoring Tools) 1CHAPTER 0[root@deep /]# sxid -ksXid Vers : 4.1Check run : Wed Dec 29 12:40:32 1999This host : mail.openna.comSpotcheck : /home/adminExcluding : /proc /mnt /cdrom /floppyIgnore Dirs: /homeForbidden : /home /tmpNo changes foundThis checks for changes by recursing the current working directory.Log files will not be rotatedand no email sent.All output will go to stdout.Installed files> /etc/sxid.conf> /usr/bin/sxid> /usr/man/man1/sxid.1> /usr/man/man5/sxid.conf.5168Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing Securities Software (Monitoring Tools) 1CHAPTER 0Linux LogcheckOverviewOne important task in the security world is to regularly check the log files.Often the daily activitiesof an administrator don t allow him the time to do this task and this can bring about problems.As explained in the Logcheck abstract:Auditing and logging system events is important! What is more important is that systemadministrators be aware of these events so they can prevent problems that will inevitably occur ifyou have a system connected to the Internet.Unfortunately for most Unices it doesn't matter howmuch you log activity if nobody ever checks the logs, which is often the case.This is wherelogcheck will help.Logcheck automates the auditing process and weeds out "normal" loginformation to give you a condensed look at problems and potential troublemakers mailed towherever you please.Logcheck is a software package that is designed to automatically run andcheck system log files for security violations and unusual activity.Logcheck utilizes a programcalled logtail that remembers the last position it read from in a log file and uses this position onsubsequent runs to process new information.These installation instructions assumeCommands are Unix-compatible.The source path is  /var/tmp (other paths are possible).Installations were tested on Red Hat Linux 6.1 and 6.2.All steps in the installation will happen in super-user account  root.Logcheck version number is 1.1.1PackagesLogcheck Homepage Site: http://www.psionic.com/abacus/logcheck/You must be sure to download: logcheck-1.1.1.tar.gzTarballsIt is a good idea to make a list of files on the system before you install Logcheck, and oneafterwards, and then compare them using  diff to find out what files were placed where.Simplyrun  find /* > Logcheck1 before and  find /* > Logcheck2 after you install the software, and use diff Logcheck1 Logcheck2 > Logcheck-Installed to get a list of what changed.CompilationDecompress the tarball (tar.gz).[root@deep /]# cp logcheck-version.tar.gz /var/tmp/[root@deep /]# cd /var/tmp[root@deep tmp]# tar xzpf logcheck-version.tar.gzCompile and OptimizeYou must modify the  Makefile file of Logcheck to specify installation paths, compilation flags,and optimizations for your system.We must modify this file to be compliant with Red Hat s filesystem structure and install Logcheck script files under our PATH Environment variable.Step 1Move into the new Logcheck directory and type the following commands on your terminal:169Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs Publishing Securities Software (Monitoring Tools) 1CHAPTER 0Edit the Makefile file (vi Makefile) and change the following lines:CC = ccTo read:CC = egcsCFLAGS = -OTo read:CFLAGS = -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptionsINSTALLDIR = /usr/local/etcTo read:INSTALLDIR = /etc/logcheckINSTALLDIR_BIN = /usr/local/binTo read:INSTALLDIR_BIN = /usr/binINSTALLDIR_SH = /usr/local/etcTo read:INSTALLDIR_SH = /usr/binTMPDIR = /usr/local/etc/tmpTo read:TMPDIR = /etc/logcheck/tmpThe above changes will configure the software to use  egcs compiler, optimization flags specificto our system, and locate all files related to Logcheck software to the destination target directorieswe have chosen to be compliant with the Red Hat file system structure.Step 2Edit the Makefile file (vi +67 Makefile) and change the following line:@if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fiTo read:@if [ ! -d $(TMPDIR) ]; then /bin/mkdir -p $(TMPDIR); fiThe above change (-p) will allow the installation program to create parent directories as needed [ Pobierz caÅ‚ość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • syriusz777.pev.pl

    •