Yadda ake Ƙirƙirar Rahotanni daga Lissafin Audit Amfani da 'aureport' akan CentOS/RHEL

Wannan labarin shine jerin shirye-shiryen mu mai gudana akan rajistan ayyukan tambaya ta amfani da utility ausearch.

A cikin wannan kashi na uku, za mu yi bayanin yadda ake samar da rahotanni daga fayilolin rajistar rajista ta amfani da kayan aikin aureport a cikin rarrabawar Linux na CentOS da RHEL.

aureport shine mai amfani da layin umarni da ake amfani dashi don ƙirƙirar rahotannin taƙaitaccen bayani daga fayilolin rajistar bayanan da aka adana a /var/log/audit/. Kamar ausearch, yana kuma karɓar danyen bayanan log daga stdin.

Abu ne mai sauƙin amfani; kawai wuce wani zaɓi don takamaiman irin rahoton da kuke buƙata, kamar yadda aka nuna a cikin misalan da ke ƙasa.

Umurnin aurepot zai samar da rahoto game da duk maɓallan da kuka ayyana a cikin dokokin duba, ta amfani da alamar -k.

# aureport -k 

Kuna iya kunna fassarar abubuwan lambobi zuwa rubutu (misali canza UID zuwa sunan asusun) ta amfani da zaɓin -i.

# aureport -k -i

Idan kana buƙatar rahoto game da duk abubuwan da suka faru da suka shafi ƙoƙarin tabbatarwa ga duk masu amfani, yi amfani da zaɓin -au.

# aureport -au 
OR
# aureport -au -i

Zaɓin -l yana gaya wa aureport don samar da rahoton duk shiga kamar haka.

Umurni mai zuwa yana nuna yadda ake ba da rahoton duk abubuwan da suka faru.

# aureport --failed

Hakanan yana yiwuwa a samar da rahotanni na ƙayyadadden lokaci; -ts yana bayyana kwanan watan farawa kuma -te yana saita kwanan wata/lokaci. Hakanan zaka iya amfani da kalmomi kamar yanzu, kwanan nan, yau, jiya, wannan-mako, sati-sati, wannan-wata, wannan-shekara maimakon ainihin tsarin lokaci.

# aureport -ts 09/19/2017 15:20:00 -te now --summary -i 
OR
# aureport -ts yesterday -te now --summary -i 

Idan kana son ƙirƙirar rahoto daga wani fayil daban ban da tsoffin fayilolin log in /var/log/audit directory, yi amfani da alamar -if don tantance fayil ɗin.

Wannan umarnin yana ba da rahoton duk abubuwan shiga da aka rubuta a /var/log/tecmint/hosts/node1.log.

# aureport -l -if /var/log/tecmint/hosts/node1.log 

Kuna iya samun duk zaɓuɓɓuka da ƙarin bayani a cikin shafin aureport man.

# man aureport

A ƙasa akwai jerin labarai game da sarrafa log, da bayar da rahoton kayan aikin ƙirƙira a cikin Linux:

1. 4 Kyawawan Buɗaɗɗen Tushen Shigar Bayanan Kulawa da Kayan Aikin Gudanarwa don Linux
2. SARG - Rahoton Binciken Squid Generator da Kayan aikin Sa ido kan Bandiddigar Intanet
3. Smem - Yana ba da rahoton Amfani da Ƙwaƙwalwar Ƙwaƙwalwar Ƙwaƙwalwar Tsari da Tushen Mai Amfani a cikin Linux
4. Yadda ake Sarrafa rajistar rajistar tsarin (Shirya, Juyawa da Shigo cikin Database)

A cikin wannan koyawa, mun nuna yadda ake samar da taƙaitaccen rahotanni daga fayilolin rajistar rajista a cikin RHEL/CentOS/Fedora. Yi amfani da sashin sharhin da ke ƙasa don yin kowace tambaya ko raba kowane tunani game da wannan jagorar.

Na gaba, za mu nuna yadda ake duba takamaiman tsari ta amfani da kayan aikin 'autrace', har sai lokacin, a kulle zuwa Tecment.