Yadda ake Binciken Tsarin Linux Ta amfani da 'autrace' akan CentOS/RHEL


Wannan labarin shine jerin shirye-shiryen mu mai gudana akan tambayoyin duba rajistan ayyukan ta amfani da ausearch da samar da rahotanni ta amfani da kayan aikin aureport.

A cikin wannan labarin, za mu bayyana yadda za a duba wani tsari da aka bayar ta amfani da autrace utility, inda za mu bincikar wani tsari ta hanyar gano tsarin da ake kira tsari.

autrace shine mai amfani da layin umarni wanda ke tafiyar da shirin har sai ya fita, kamar dai strace; yana ƙara ƙa'idodin dubawa don gano tsari kuma yana adana bayanan dubawa a cikin /var/www/audit/audit.log file. Domin yin aiki (watau kafin gudanar da shirin da aka zaɓa), dole ne ka fara share duk ƙa'idodin binciken da ke akwai.

An nuna tsarin amfani da autrace a ƙasa, kuma yana karɓar zaɓi ɗaya kawai, -r wanda ke iyakance syscalls ɗin da aka tattara zuwa waɗanda ake buƙata don tantance amfanin aikin:

# autrace -r program program-args

Hankali: A cikin autrace man page, syntax kamar haka, wanda shine ainihin kuskuren rubuce-rubuce. Domin yin amfani da wannan fom, shirin da kuke gudanarwa zai ɗauka cewa kuna amfani da ɗayan zaɓi na ciki don haka haifar da kuskure ko aiwatar da tsohowar da zaɓin ya kunna.

# autrace program -r program-args

Idan kuna da wasu ƙa'idodin dubawa da ke halarta, autrace yana nuna kuskuren mai zuwa.

# autrace /usr/bin/df

Da farko share duk dokokin da aka bincika tare da umarni mai zuwa.

# auditctl -D

Sannan ci gaba don gudanar da autrace tare da shirin da kuke so. A cikin wannan misalin, muna bin diddigin aiwatar da umarnin df, wanda ke nuna amfani da tsarin fayil.

# autrace /usr/bin/df -h

Daga hoton hoton da ke sama, zaku iya nemo duk shigarwar log ɗin da za ku yi tare da alamar, daga fayil ɗin rajistar rajista ta amfani da kayan aikin ausearch kamar haka.

# ausearch -i -p 2678

Inda zaɓi:

  • -i - yana ba da damar fassarar ƙimar lambobi zuwa rubutu.
  • -p - ya wuce ID ɗin tsari don bincika.

Don samar da rahoto game da cikakkun bayanai, zaku iya gina layin umarni na ausearch da aureport kamar wannan.

# ausearch -p 2678 --raw | aureport -i -f

Inda:

  • --raw - yana gaya wa ausearch don isar da ingantaccen shigarwa zuwa aureport.
  • -f - yana ba da damar bayar da rahoto game da fayiloli da sockets af_unix.
  • -i - yana ba da damar fassarar ƙimar lambobi zuwa rubutu.

Kuma ta amfani da umarnin da ke ƙasa, muna iyakance sysscalls da aka tattara zuwa waɗanda ake buƙata don nazarin amfani da albarkatu na tsarin df.

# autrace -r /usr/bin/df -h

Da ace kun kaddamar da shirin a sati daya da ya gabata; ma'ana akwai bayanai da yawa da aka zubar a cikin rajistan ayyukan tantancewa. Don samar da rahoto don bayanan yau kawai, yi amfani da alamar ausearch -ts don tantance kwanan wata/lokacin farawa don bincike:

# ausearch -ts today -p 2678 --raw | aureport -i -f

Shi ke nan! ta wannan hanyar zaku iya ganowa da bincika takamaiman tsarin Linux ta amfani da kayan aikin autrace, don ƙarin bayani bincika shafukan mutum.

Hakanan zaka iya karanta waɗannan jagororin masu alaƙa, masu amfani:

  1. Sysdig – Kayan aikin Kulawa da Shirya matsala don Linux
  2. BCC - Kayan aikin Bincike Mai Tsaru don Kulawa da Ayyukan Linux, Sadarwar Sadarwa da ƙari
  3. 30 Misalai na 'ps Command' Masu Amfani don Kula da Tsarin Linux
  4. CPUTool – Iyakance da Sarrafa Amfani da CPU na kowane tsari a cikin Linux
  5. Nemi Manyan Tsarukan Gudu ta Mafi Girman Ƙwaƙwalwa da Amfani da CPU a Linux

Wannan ke nan a yanzu! Kuna iya yin kowace tambaya ko raba tunani game da wannan labarin ta hanyar sharhi daga ƙasa. A cikin labarin na gaba, za mu bayyana yadda ake saita PAM (Module Tabbatar da Pluggable) don duba shigarwar TTY don takamaiman masu amfani CentOS/RHEL.