Bash 操作审计和安全加固 —— 筑梦之路
2023-12-16 05:03:24
bash 记录
配置环境变量:/etc/profile
export HISTTIMEFORMAT="%F %T "
export HISTORY_FILE=/var/log/history/bash_history.log
export PROMPT_COMMAND='{ thisHistID=`history 1|awk "{print \\$1}"`;lastCommand=`history 1| awk "{\\$1=\"\" ;print}"`;user=`id -un`;whoStr=(`who -u am i`);realUser=${whoStr[0]};logMonth=${whoStr[2]};logTime=${whoStr[3]};pid=${whoStr[6]};ip=${whoStr[7]};if [ ${thisHistID}x != ${lastHistID}x ];then echo -E `date "+%Y/%m/%d %H:%M:%S"` $user\($realUser\)@$ip[PID:$pid][LOGIN:$logMonth $logTime] --- $lastCommand ;lastHistID=$thisHistID;fi; } >> $HISTORY_FILE'
安全加固
默认情况?
/var/log/history/bash_history.log
?文件权限为所有人可写,为了进一步提升安全性,调整该文件中内容只可追加:
$ ls -l /var/log/history/bash_history.log
$ chattr +a /var/log/history/bash_history.log
$ lsattr /var/log/history/bash_history.log
-----a---------- /var/log/history/bash_history.log
?日志优化
进行日志切割
/var/log/history/bash_history.log {
daily
missingok
dateext
rotate 180
notifempty
copytruncate
prerotate
chattr -a /var/log/history/bash_history.log > /dev/null
endscript
postrotate
chattr +a /var/log/history/bash_history.log > /dev/null
chmod 644 /var/log/history/bash_history.log-`date '+%Y%m%d'`
endscript
}
搜集学习之用
文章来源:https://blog.csdn.net/qq_34777982/article/details/135018396
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!