Skip to content
Eternal Center

Eternal Center

  • Single-Node (单节点)
    • System (系统)
    • Service (服务)
    • Database (数据库)
    • Container (容器)
    • Virtualization (虚拟化)
  • Multi-Node (多节点)
    • Cluster (集群)
    • Big Data (大数据)
    • Cloud Computing (云计算)
    • Batch Processing (批量处理)
  • Approach (方式方法)
    • Languages (语言)
    • Ideas (思路)
    • Programing (编程)
    • Project (项目)
  • Eternity (永恒)
    • News (消息)
    • Creations (创作)
    • Classics (经典)
    • Legends (传说)
    • Chronicle (编年史)
    • FNIOS (宇宙公民开源学院)
Posted on October 12, 2024October 12, 2024 by Mingyu Zhu

[步骤] Linux 让 auditd 对所有进程进行监控的设置 (让 auditd 日志进程最早被启动)

  • 正文:
    • 步骤一:让 auditd 日志进程最早被启动的目的
    • 步骤二:让 auditd 日志进程最早被启动
      • 2.1 修改 /etc/default/grub 文件
      • 2.2 使刚刚的修改生效
  • 参考文献:

正文:

步骤一:让 auditd 日志进程最早被启动的目的

auditd 只能监控比它后启动的进程,恶意软件如果比它先启动则无法被其监控

步骤二:让 auditd 日志进程最早被启动

2.1 修改 /etc/default/grub 文件

在这一行里:

GRUB_CMDLINE_LINUX="......"

添加:

GRUB_CMDLINE_LINUX="...... audit=1"

2.2 使刚刚的修改生效

# grub2-mkconfig -o /boot/grub2/grub.cfg

参考文献:

https://access.redhat.com/solutions/971883

CategoriesChinese Post (中文帖子), Service (服务), SFTP, Storage Service (存储服务), System (系统), System File Security (系统文件安全), System Log (系统日志), System Login Security (系统登录安全), System Network & System Security & System Log (系统网络 & 系统安全 & 系统日志), System Operation & System Setting & System Software (系统操作 & 系统设置 & 系统软件), System Port Security (系统端口安全), System Privilege Security (系统权限安全), System Process Security (系统进程安全), System Security (系统安全), System Security Log (系统安全日志), System Setting (系统设置), System Setting Others (系统设置其它)

Post navigation

Previous PostPrevious [步骤] MariaDB & MySQL 用户密码的修改
Next PostNext [步骤] Linux 所有可登录用户的显示

Aspiration (愿景):

Everyone can achieve self-achievement and self-happiness fairly

每个人都能公平地实现自我成就和自我幸福

Position (位置):

Running on DigitalOcean

正在 DigitalOcean 上运行

Logo (徽标):

Additional Information (其他信息):

About Manual Clone Contact Disclaimer Friendly Links Donation
   关于       手册      克隆       联系        免责申明           友情链接              捐赠      

Eternal URL (永恒网址):

https://eternity.eternalcenter.com Will be last access method / 将是最后的访问方式

Search Outside Website (站外搜索):

Google Wikipedia Bing
Proudly powered by LNMP Proudly powered by WordPress