download * ebook * pobieranie * pdf * do ÂściÂągnięcia

Pokrewne

• Strona Główna
• Zola Germinal
• Magdalena Parys Magik (2014)
• 1187 Perez Reverte Arturo Fechmistrz
• Stalo sie jutro Zbior 19 (SCAN dal 833)
• Kunzru Hari Impresjonista
• 3375
• Charles Dickens Klub Pickwicka
• Follet Ken Na skrzydlach orlow
• Potop II Henryk Sienkiewicz(1)
• Stanislaw Lem Glos Pana (2)
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• wpserwis.htw.pl

[ Pobierz całość w formacie PDF ]
.PTEARHCCHRAETPPTEARHCCHREATPTAERHCCHREATPPTAERHCCRHEATP146 Part I: Managing Internet SecurityAudit Trails under UnixUnix is by far the most prevalent operating system in use on the Internet.Luckily for adminis-trators, Unix provides a large number of auditing and logging tools and utilities.Many of theselogs are generated automatically by utilities that are part of the default configuration of everyUnix machine.Other logging utilities must be turned on and configured by the administrator.Common Unix LogsThe Unix operating system stores most of its logging in ASCII text files, through which youcan sort easily with normal text-editing utilities.Some logs, however, are stored in variousbinary formats and require specialized utilities for their contents to be viewed.lastlogThe lastlog file keeps track of each user s most recent login time and each user s originatingdestination.When a user logs in to a Unix system, the login program looks for the user s UIDin the lastlog file.If the program finds it, Unix displays the time and TTY of the user s lastlogin.Some versions of Unix display successful logins as well as unsuccessful login attempts.BSDI BSD/386 1.1 unixbox (ttyp5)login: phrackPassword:Last login: Sun Apr 2 16:35:49 from phrack.comThe login program then updates the lastlog file with the new login time and TTY information.Further, the program updates the UTMP and WTMP files.UTMPThe Unix operating system keeps track of users currently logged in to the system with a filecalled the UTMP.This file is constantly changing as users enter and leave the system.It doesnot keep a long historical tally of users who have been on the system; it only keeps track ofthose online at the exact moment.UTMP might not contain entirely accurate information.Sporadic errors can cause a user sshell to terminate without UTMP having been updated.UTMP is also not particularly reliablebecause it comes world-writable by default on many Unix platforms.The normal user s ability to modify this file makes it very easy for an intruder to hide fromview.The UTMP log is usually stored in the file /etc/utmp, although you might find it in otherlocations on some Unix versions.UTMP is usually viewed with commands such as who or w,but you can also access the file through other commands, such as finger, rwho, and users.Audit Trails 147The following is sample output from the who command:freeside % whophrack ttyp3 Apr 2 16:35 (phrack)user ttyp4 Apr 2 17:12 (fakehost.com)slip1 ttya0 Apr 2 17:13ppp1 ttya1 Apr 2 16:29ccr ttya6 Apr 2 16:35ppp2 ttyb2 Apr 2 13:48freeside %WTMPThe WTMP file keeps track of logins and logouts.It is similar to the UTMP file but continu-ally grows in length with each login or logout.In some Unix versions, programs such as ftprecord access information in WTMP as well.WTMP also records the times of normal systemshutdowns, such as those caused by the reboot or shutdown commands.Unix generally storesWTMP in the file /var/adm/wtmp.The WTMP file is normally accessed by the last command.Unix displays output generated bythe last command in reverse order the most recent information appears first, followed byolder entries.The last command also can generate reports based on name, TTY or event (suchas shutdown); or print only a specified number of entries.freeside % last -10slip1 ttya0 Sun Apr 2 17:13 still logged inuser ttyp4 fakehost.com Sun Apr 2 17:12 still logged inUaust ttya0 Sun Apr 2 17:10 - 17:11 (00:00)user2 ftp college.edu Sun Apr 2 17:07 - 17:11 (00:03)slip1 ttya3 Sun Apr 2 16:50 - 16:53 (00:03)slip2 ttyb5 Sun Apr 2 16:46 - 16:48 (00:01)aco ttya5 Sun Apr 2 16:45 - 17:09 (00:24)dzz ttyp4 slip00 Sun Apr 2 16:45 - 16:47 (00:02)ppp2 ttya3 Sun Apr 2 16:44 - 16:45 (00:00)dzz ftp slip00 Sun Apr 2 16:43 - 16:48 (00:04)freeside %Another command, ac, formats the data stored in the WTMP file in a different way.It cangenerate its reports either by person (ac -p) or by day (ac -d).These reports might quickly alertthe administrator to improper usage.An inactive account that suddenly starts logging numer-ous hours of connect time, for example, is easily spotted in an ac report.freeside % ac -pftp 573.56foo 898.05spot 125.62rickm 39.24faust 27.21test 4.02jj 178.77148 Part I: Managing Internet Securitycma 10.97gre 10.73erikb 12.39sp 0.18total 1880.73The ac report can also be sorted by user and date combined.If the administrator feels, forexample, that the utilization of 898.05 connect hours for the foo account looks out of place,that administrator can run a more specific ac report:freeside % ac -dp fooApr 1 total 10.30Apr 2 total 12.50Apr 3 total 8.20Apr 4 total 815.04Apr 5 total 12.01The April 4 system usage is obviously out of character for the foo account.Logs, unfortunately,aren t usually this easy to read.With the growing use of multiple login instances throughapplications such as X-windows, a single user can easily record several hundred hours worth ofconnect time in just a few days.syslogsyslog is an extremely useful message-logging facility.Originally developed for BSD-basedUnix as a companion to sendmail, it is now included with almost every Unix variant [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

agnieszka90.opx.pl