Bash 操作审计和安全加固 —— 筑梦之路

2023-12-16 05:03:24

bash 记录

配置环境变量:/etc/profile

export HISTTIMEFORMAT="%F %T "

export HISTORY_FILE=/var/log/history/bash_history.log

export PROMPT_COMMAND='{ thisHistID=`history 1|awk "{print \\$1}"`;lastCommand=`history 1| awk "{\\$1=\"\" ;print}"`;user=`id -un`;whoStr=(`who -u am i`);realUser=${whoStr[0]};logMonth=${whoStr[2]};logTime=${whoStr[3]};pid=${whoStr[6]};ip=${whoStr[7]};if [ ${thisHistID}x != ${lastHistID}x ];then echo -E `date "+%Y/%m/%d %H:%M:%S"` $user\($realUser\)@$ip[PID:$pid][LOGIN:$logMonth $logTime] --- $lastCommand ;lastHistID=$thisHistID;fi; } >> $HISTORY_FILE'

安全加固

默认情况?/var/log/history/bash_history.log?文件权限为所有人可写,为了进一步提升安全性,调整该文件中内容只可追加:

$ ls -l /var/log/history/bash_history.log


$ chattr +a /var/log/history/bash_history.log

$ lsattr /var/log/history/bash_history.log
-----a---------- /var/log/history/bash_history.log

?日志优化

进行日志切割

/var/log/history/bash_history.log {
    daily
    missingok
    dateext
    rotate 180
    notifempty
    copytruncate
    prerotate
        chattr -a /var/log/history/bash_history.log > /dev/null
    endscript
    postrotate
        chattr +a /var/log/history/bash_history.log > /dev/null
        chmod 644 /var/log/history/bash_history.log-`date '+%Y%m%d'`
    endscript
}

搜集学习之用

文章来源:https://blog.csdn.net/qq_34777982/article/details/135018396
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。