系统
Rocky Linux
https://rockylinux.org/download
openSUSE
https://www.opensuse.org/
数据库
MySQL
https://dev.mysql.com/downloads/mysql/
https://rockylinux.org/download
https://www.opensuse.org/
https://dev.mysql.com/downloads/mysql/
auditd 只能监控比它后启动的进程,恶意软件如果比它先启动则无法被其监控
在这一行里:
GRUB_CMDLINE_LINUX="......"
添加:
GRUB_CMDLINE_LINUX="...... audit=1"
# grub2-mkconfig -o /boot/grub2/grub.cfg
https://access.redhat.com/solutions/971883
/etc/at.allow
/etc/at.deny
/etc/cron.allow
/etc/cron.deny
$ netstat -ntulap
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:7001 0.0.0.0:* LISTEN 1250/nxnode.bin
tcp 0 0 127.0.0.1:25001 0.0.0.0:* LISTEN 1345/nxrunner.bin
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3001 0.0.0.0:* LISTEN 1316/pipewire
......
(
补充:
1) -n 不解析名称
2) -t 显示 tcp 端口
3) -u 显示 udp 端口
4) -l 显示服务器接口
5) -a 显示所有接口
6) -p 显示 PID 或者程序名称的接口
)
mingyuzhu@mingyuzhu:~$ netstat -W -neopa
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Timer
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 991 6431 - off (0.00/0/0)
tcp 0 0 0.0.0.0:7001 0.0.0.0:* LISTEN 1001 11218 1250/nxnode.bin off (0.00/0/0)
tcp 0 0 127.0.0.1:25001 0.0.0.0:* LISTEN 1001 11498 1345/nxrunner.bin off (0.00/0/0)
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 6018433 - off (0.00/0/0)
tcp 0 0 127.0.0.1:3001 0.0.0.0:* LISTEN 1001 12293 1316/pipewire off (0.00/0/0)
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 121 11121 - off (0.00/0/0)
tcp 0 0 127.0.0.1:26001 0.0.0.0:* LISTEN 1001 11426 1250/nxnode.bin off (0.00/0/0)
tcp 0 0 127.0.0.1:26002 0.0.0.0:* LISTEN 1001 6513629 1065010/nxnode.bin off (0.00/0/0)
......
(
补充:
1) -W 不缩写 IP 地址
2) -n 不解析名称
3) -e 显示更多的信息
4) -o 显示计时器
5) -p 显示 PID 或者程序名称的接口
6) -a 显示所有接口
)
# netstate -apn
(
补充:
1) -a 显示所有接口
2) -n 不解析名称
2) -p 显示 PID 或者程序名称的接口
)
$ ss -ntulap
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 188672 0 80.66.196.238:5353 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:4000 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:4011 0.0.0.0:* users:(("nxnode.bin",pid=1065010,fd=27),("nxnode.bin",pid=1250,fd=70))
......
(
补充:
1) -n 不解析名称
2) -t 显示 tcp 端口
3) -u 显示 udp 端口
4) -l 显示服务器接口
5) -a 显示所有接口
6) -p 显示 PID 或者程序名称的接口
)
# ss -apn
(
补充:
1) -a 显示所有接口
2) -n 不解析名称
2) -p 显示 PID 或者程序名称的接口
)