Linux syslog进程退出日志审计
Linux syslog进程退出日志审计
一、syslog正常关闭
二、syslog正常启动
三、syslog正常重启
四、kill掉sylsog进程(没有产生任何日志)
五、nessus扫描产生的日志
Jan 9 15:17:36 localhost sshd[4838]: Did not receive identification string from UNKNOWN
Jan 9 15:18:21 localhost sshd[4845]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:20:56 localhost sshd[4860]: Did not receive identification string from UNKNOWN
Jan 9 15:21:45 localhost sshd[4882]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:46 localhost sshd[4886]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:46 localhost sshd[4883]: Invalid user emailswitch from 192.168.31.27
Jan 9 15:21:46 localhost sshd[4891]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-OpenSSH_5.0
Jan 9 15:21:46 localhost sshd[4887]: Invalid user anonymous from 192.168.31.27
Jan 9 15:21:46 localhost sshd[4885]: input_userauth_request: invalid user emailswitch
Jan 9 15:21:46 localhost sshd[4883]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:46 localhost sshd[4883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:46 localhost sshd[4883]: pam_succeed_if(sshd:auth): error retrieving information about user emailswitch
Jan 9 15:21:46 localhost sshd[4888]: input_userauth_request: invalid user anonymous
Jan 9 15:21:46 localhost sshd[4887]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:46 localhost sshd[4887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:46 localhost sshd[4887]: pam_succeed_if(sshd:auth): error retrieving information about user anonymous
Jan 9 15:21:46 localhost sshd[4889]: Invalid user _9hwH87a from 192.168.31.27
Jan 9 15:21:46 localhost sshd[4890]: input_userauth_request: invalid user _9hwH87a
Jan 9 15:21:46 localhost sshd[4889]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:46 localhost sshd[4889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:46 localhost sshd[4889]: pam_succeed_if(sshd:auth): error retrieving information about user _9hwH87a
Jan 9 15:21:47 localhost sshd[4892]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-OpenSSH_5.0
Jan 9 15:21:48 localhost sshd[4893]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-OpenSSH_5.0
Jan 9 15:21:48 localhost sshd[4895]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:49 localhost sshd[4883]: Failed password for invalid user emailswitch from 192.168.31.27 port 62201 ssh2
Jan 9 15:21:49 localhost sshd[4885]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:49 localhost sshd[4887]: Failed password for invalid user anonymous from 192.168.31.27 port 62203 ssh2
Jan 9 15:21:49 localhost sshd[4888]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:49 localhost sshd[4889]: Failed password for invalid user _9hwH87a from 192.168.31.27 port 62204 ssh2
Jan 9 15:21:49 localhost sshd[4890]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:49 localhost sshd[4896]: Invalid user product from 192.168.31.27
Jan 9 15:21:49 localhost sshd[4898]: Invalid user guest from 192.168.31.27
Jan 9 15:21:49 localhost sshd[4899]: input_userauth_request: invalid user guest
Jan 9 15:21:49 localhost sshd[4898]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:49 localhost sshd[4898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:49 localhost sshd[4898]: pam_succeed_if(sshd:auth): error retrieving information about user guest
Jan 9 15:21:49 localhost sshd[4900]: Invalid user VWWjRsTx from 192.168.31.27
Jan 9 15:21:49 localhost sshd[4902]: Invalid user n3ssus from 192.168.31.27
Jan 9 15:21:49 localhost sshd[4903]: input_userauth_request: invalid user n3ssus
Jan 9 15:21:49 localhost sshd[4902]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:49 localhost sshd[4902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:49 localhost sshd[4902]: pam_succeed_if(sshd:auth): error retrieving information about user n3ssus
Jan 9 15:21:49 localhost sshd[4905]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:50 localhost sshd[4907]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:51 localhost sshd[4898]: Failed password for invalid user guest from 192.168.31.27 port 62236 ssh2
Jan 9 15:21:51 localhost sshd[4899]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:51 localhost sshd[4902]: Failed password for invalid user n3ssus from 192.168.31.27 port 62238 ssh2
Jan 9 15:21:51 localhost sshd[4903]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:51 localhost sshd[4909]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:51 localhost sshd[4911]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:51 localhost sshd[4913]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:52 localhost sshd[4914]: Invalid user admin from 192.168.31.27
Jan 9 15:21:52 localhost sshd[4915]: input_userauth_request: invalid user admin
Jan 9 15:21:52 localhost sshd[4914]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:52 localhost sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:52 localhost sshd[4914]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Jan 9 15:21:54 localhost sshd[4897]: input_userauth_request: invalid user product
Jan 9 15:21:54 localhost sshd[4896]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:54 localhost sshd[4896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:54 localhost sshd[4896]: pam_succeed_if(sshd:auth): error retrieving information about user product
Jan 9 15:21:54 localhost sshd[4901]: input_userauth_request: invalid user VWWjRsTx
Jan 9 15:21:54 localhost sshd[4901]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:54 localhost sshd[4914]: Failed password for invalid user admin from 192.168.31.27 port 62275 ssh2
Jan 9 15:21:54 localhost sshd[4915]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:55 localhost sshd[4916]: Invalid user admin from 192.168.31.27
Jan 9 15:21:55 localhost sshd[4917]: input_userauth_request: invalid user admin
Jan 9 15:21:55 localhost sshd[4916]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:55 localhost sshd[4916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:55 localhost sshd[4916]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Jan 9 15:21:55 localhost sshd[4920]: Invalid user guest from 192.168.31.27
Jan 9 15:21:55 localhost sshd[4923]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:55 localhost sshd[4918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:21:56 localhost sshd[4896]: Failed password for invalid user product from 192.168.31.27 port 62234 ssh2
Jan 9 15:21:56 localhost sshd[4897]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:56 localhost sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:21:57 localhost sshd[4926]: Failed password for root from 192.168.31.27 port 62305 ssh2
Jan 9 15:21:57 localhost sshd[4927]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:57 localhost sshd[4916]: Failed password for invalid user admin from 192.168.31.27 port 62296 ssh2
Jan 9 15:21:57 localhost sshd[4917]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:57 localhost sshd[4929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:21:57 localhost sshd[4931]: Invalid user admin from 192.168.31.27
Jan 9 15:21:57 localhost sshd[4918]: Failed password for root from 192.168.31.27 port 62297 ssh2
Jan 9 15:21:57 localhost sshd[4919]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:57 localhost sshd[4932]: input_userauth_request: invalid user admin
Jan 9 15:21:58 localhost sshd[4931]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:58 localhost sshd[4931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:58 localhost sshd[4931]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Jan 9 15:21:59 localhost sshd[4929]: Failed password for root from 192.168.31.27 port 62319 ssh2
Jan 9 15:21:59 localhost sshd[4930]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:21:59 localhost sshd[4934]: Invalid user admin1 from 192.168.31.27
Jan 9 15:21:59 localhost sshd[4935]: input_userauth_request: invalid user admin1
Jan 9 15:21:59 localhost sshd[4934]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:21:59 localhost sshd[4934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:21:59 localhost sshd[4934]: pam_succeed_if(sshd:auth): error retrieving information about user admin1
Jan 9 15:22:00 localhost sshd[4931]: Failed password for invalid user admin from 192.168.31.27 port 62320 ssh2
Jan 9 15:22:00 localhost sshd[4932]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:00 localhost sshd[4936]: Invalid user Jh_Z_Oa0 from 192.168.31.27
Jan 9 15:22:00 localhost sshd[4937]: input_userauth_request: invalid user Jh_Z_Oa0
Jan 9 15:22:00 localhost sshd[4936]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:00 localhost sshd[4936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:00 localhost sshd[4936]: pam_succeed_if(sshd:auth): error retrieving information about user Jh_Z_Oa0
Jan 9 15:22:00 localhost sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:22:00 localhost sshd[4922]: input_userauth_request: invalid user guest
Jan 9 15:22:00 localhost sshd[4922]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:01 localhost sshd[4934]: Failed password for invalid user admin1 from 192.168.31.27 port 62334 ssh2
Jan 9 15:22:01 localhost sshd[4935]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:01 localhost sshd[4940]: Invalid user shelladmin from 192.168.31.27
Jan 9 15:22:01 localhost sshd[4941]: input_userauth_request: invalid user shelladmin
Jan 9 15:22:01 localhost sshd[4940]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:01 localhost sshd[4940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:01 localhost sshd[4940]: pam_succeed_if(sshd:auth): error retrieving information about user shelladmin
Jan 9 15:22:02 localhost sshd[4936]: Failed password for invalid user Jh_Z_Oa0 from 192.168.31.27 port 62336 ssh2
Jan 9 15:22:02 localhost sshd[4937]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:02 localhost sshd[4938]: Failed password for root from 192.168.31.27 port 62349 ssh2
Jan 9 15:22:02 localhost sshd[4939]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:02 localhost sshd[4942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:22:03 localhost sshd[4940]: Failed password for invalid user shelladmin from 192.168.31.27 port 62356 ssh2
Jan 9 15:22:03 localhost sshd[4941]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:04 localhost sshd[4942]: Failed password for root from 192.168.31.27 port 62359 ssh2
Jan 9 15:22:04 localhost sshd[4943]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:05 localhost sshd[4951]: Invalid user manage from 192.168.31.27
Jan 9 15:22:05 localhost sshd[4953]: input_userauth_request: invalid user manage
Jan 9 15:22:05 localhost sshd[4951]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:05 localhost sshd[4951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:05 localhost sshd[4951]: pam_succeed_if(sshd:auth): error retrieving information about user manage
Jan 9 15:22:06 localhost sshd[4924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:22:07 localhost sshd[4951]: Failed password for invalid user manage from 192.168.31.27 port 62440 ssh2
Jan 9 15:22:07 localhost sshd[4953]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:07 localhost sshd[4960]: Invalid user monitor from 192.168.31.27
Jan 9 15:22:07 localhost sshd[4961]: input_userauth_request: invalid user monitor
Jan 9 15:22:07 localhost sshd[4960]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:07 localhost sshd[4960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:07 localhost sshd[4960]: pam_succeed_if(sshd:auth): error retrieving information about user monitor
Jan 9 15:22:07 localhost sshd[4924]: Failed password for root from 192.168.31.27 port 62304 ssh2
Jan 9 15:22:07 localhost sshd[4925]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:09 localhost sshd[4960]: Failed password for invalid user monitor from 192.168.31.27 port 62543 ssh2
Jan 9 15:22:09 localhost sshd[4961]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:09 localhost sshd[4974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=ftp
Jan 9 15:22:11 localhost sshd[4985]: Invalid user admin from 192.168.31.27
Jan 9 15:22:11 localhost sshd[4986]: input_userauth_request: invalid user admin
Jan 9 15:22:11 localhost sshd[4985]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:11 localhost sshd[4985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:11 localhost sshd[4985]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Jan 9 15:22:11 localhost sshd[4974]: Failed password for ftp from 192.168.31.27 port 62697 ssh2
Jan 9 15:22:11 localhost sshd[4975]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:13 localhost sshd[4985]: Failed password for invalid user admin from 192.168.31.27 port 62820 ssh2
Jan 9 15:22:13 localhost sshd[4986]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:13 localhost sshd[5009]: Did not receive identification string from UNKNOWN
Jan 9 15:22:14 localhost sshd[5015]: Invalid user cisco from 192.168.31.27
Jan 9 15:22:14 localhost sshd[5016]: input_userauth_request: invalid user cisco
Jan 9 15:22:15 localhost sshd[5015]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:15 localhost sshd[5015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:15 localhost sshd[5015]: pam_succeed_if(sshd:auth): error retrieving information about user cisco
Jan 9 15:22:15 localhost sshd[5017]: Invalid user __user from 192.168.31.27
Jan 9 15:22:16 localhost sshd[5015]: Failed password for invalid user cisco from 192.168.31.27 port 63129 ssh2
Jan 9 15:22:16 localhost sshd[5016]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:17 localhost sshd[5023]: Invalid user Cisco from 192.168.31.27
Jan 9 15:22:17 localhost sshd[5024]: input_userauth_request: invalid user Cisco
Jan 9 15:22:17 localhost sshd[5023]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:17 localhost sshd[5023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:17 localhost sshd[5023]: pam_succeed_if(sshd:auth): error retrieving information about user Cisco
Jan 9 15:22:19 localhost sshd[5023]: Failed password for invalid user Cisco from 192.168.31.27 port 63226 ssh2
Jan 9 15:22:19 localhost sshd[5024]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:19 localhost sshd[5030]: Invalid user from 192.168.31.27
Jan 9 15:22:19 localhost sshd[5031]: input_userauth_request: invalid user
Jan 9 15:22:19 localhost sshd[5031]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:20 localhost sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:22:22 localhost sshd[5040]: Failed password for root from 192.168.31.27 port 63387 ssh2
Jan 9 15:22:22 localhost sshd[5041]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:22 localhost sshd[5053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27 user=root
Jan 9 15:22:24 localhost sshd[5053]: Failed password for root from 192.168.31.27 port 63413 ssh2
Jan 9 15:22:24 localhost sshd[5054]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:25 localhost sshd[5018]: input_userauth_request: invalid user __user
Jan 9 15:22:25 localhost sshd[5017]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:25 localhost sshd[5017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:25 localhost sshd[5017]: pam_succeed_if(sshd:auth): error retrieving information about user __user
Jan 9 15:22:27 localhost sshd[5017]: Failed password for invalid user __user from 192.168.31.27 port 63140 ssh2
Jan 9 15:22:27 localhost sshd[5018]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:22:27 localhost sshd[5108]: Invalid user __super from 192.168.31.27
Jan 9 15:22:27 localhost sshd[5109]: input_userauth_request: invalid user __super
Jan 9 15:22:27 localhost sshd[5108]: pam_unix(sshd:auth): check pass; user unknown
Jan 9 15:22:27 localhost sshd[5108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27
Jan 9 15:22:27 localhost sshd[5108]: pam_succeed_if(sshd:auth): error retrieving information about user __super
Jan 9 15:22:29 localhost sshd[5108]: Failed password for invalid user __super from 192.168.31.27 port 63566 ssh2
Jan 9 15:22:29 localhost sshd[5109]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:12 localhost sshd[5670]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:12 localhost sshd[5675]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:12 localhost sshd[5678]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:13 localhost sshd[5680]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:18 localhost sshd[5682]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:18 localhost sshd[5694]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:18 localhost sshd[5697]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:18 localhost sshd[5699]: fatal: Read from socket failed: Connection reset by peer
Jan 9 15:23:18 localhost sshd[5700]: Invalid user vagrant from 192.168.31.27
Jan 9 15:23:19 localhost sshd[5701]: input_userauth_request: invalid user vagrant
Jan 9 15:23:19 localhost sshd[5701]: fatal: Read from socket failed: Connection reset by peer
六、进行history命令记录清理
1、修改 /etc/profile 将 HISTSIZE=1000改成0或1
清除用户home路径下 bash_history
2、立即清空history当前历史命令的记录
history –c
3、bash执行命令时不是马上把命令名称写入history文件的,二是放在内部的buffer中,等bash退出时会一并写入。不过调用history –w命令要求bash立即更新history文件。
history –w
七、介绍一款清理入侵痕迹工具——logtamper
注意使用logtamper,只能清除日志痕迹,而且主要针对utmp,wtmp,lastlog。而事实上,linux系统重要的会留下你的痕迹的日志有:lastlog、utmp、wtmp、message、syslog、sulog以及各种shell记录用户使用命令历史(history)
logtamper是一款*修改*linux日志的工具,在修改日志文件的同时,能够保留被修改文件的时间信息。
Linux syslog进程退出日志审计相关推荐
- linux中进程退出函数:exit()和_exit()的区别
linux中进程退出函数:exit()和_exit()的区别 (1)_exit()执行后立即返回给内核,而exit()要先执行一些清除操作,然后将控制权交给内核. (2)调用_exit函数时,其会关闭 ...
- linux排查进程退出原因面试,linux面试中经常会遇到的问题
Linux 面试题答案解析 1.绝对路径用什么符号表示?当前目录.上层目录用什么表示?主目录用什么表示? 切换目录用什么命令? 答案: 绝对路径: 如/etc/init.d 当前目录和上层目录: ./ ...
- Linux主进程退出,主进程创建的线程会退出吗?
1.主进程的退出方式<1>.return 0;<2>.exit(0);2.线程退出方式pthread_exit();3.主进程和线程退出区别 <1>.主进程执行完r ...
- linux多进程的日志记录实现,Linux守护进程的日志实现
[syslogd守护进程] 由于守护进程没有控制终端进行信息的输出,而有些情况还需要根据进程提供的信息进行系统管理和维护工作.因此Linux提供了syslogd守护进程,专门用于接受其他守护进程提供的 ...
- linux主进程退出时,结束子进程
简介 主进程创建p1, p2两个进程,在主进程结束同时也让子进程结束! 代码 #include <stdio.h> #include <signal.h> #include & ...
- linux查看进程临时日志,Linux sed查看某时间段的系统日志
在系统应用集中部署的时候,很多日志因为太多难以定位,获取某段时间的日志是对运维人员非常关键的事情. 一.sed查看某时间段到现在的系统日志: sed -n '/May 20 17/,$p' / ...
- Linux进程退出详解(do_exit)--Linux进程的管理与调度(十四)
Linux进程的退出 linux下进程退出的方式 正常退出 从main函数返回return 调用exit 调用_exit 异常退出 调用abort 由信号终止 _exit, exit和_Exit的区别 ...
- linux日志审计audit
Linux内核有用日志记录事件的能力,比如记录系统调用和文件访问.然后,管理员可以评审这些日志,确定可能存在的安全裂口,比如失败的登录尝试,或者 用户对系统文件不成功的访问.这种功能称为Linux审计 ...
- linux syslog日志
一.syslog协议介绍 二.syslog函数 三.Linux syslog配置 一.syslog协议介绍 1.介绍 在Unix类操作系统上,syslog广泛应用于系统日志.syslog日志消息既可以 ...
最新文章
- clickhouse官方文档_clickhouse分析:chproxy使用
- Cs Tip08: 文件存储
- return view前端怎么获取_前端判断上传图片格式
- GitHub 上又一个面向韭菜玩家的开源项目...
- c++ 快速排序_常用排序算法之快速排序
- 今年的 618,你清空的不仅仅是购物车,还有焦虑和迷茫
- 条件判断_判断疑似陨石应具备什么条件下,才能判断陨石真伪
- 2020年 显卡天梯图 / Top Graphics Ranking
- 《Java从入门到放弃》文章目录
- java–转换文件编码
- 双显卡的电脑linux系统安装,双显卡笔记本在Ubuntu下使用cuda的解决方案
- network 网站流量
- vscode更改配置文件路径_Visual Studio Code安装和配置
- 天啦噜!知道硬盘很慢,但没想到比 CPU L1 Cache 慢 10000000 倍
- aardio - 时钟例程
- easyui教程 php,Easyui 创建子网格_EasyUI 教程
- Unity WebGL网页背景透明化(2021更新)
- 定位漏水_即使在移动中也要防止销售漏水
- 画图软件visio安装
- 移动宽带光猫真正后台上网设置