Yadda ake Sanya PAM don tantance Ayyukan Mai Amfani da Shell Logging


Wannan shine jerin shirye-shiryen mu mai gudana akan Linux Auditing, a cikin wannan kashi na huɗu na wannan labarin, zamuyi bayanin yadda ake saita PAM don tantance shigarwar Linux TTY (Ayyukan Mai amfani da Shell Shell) don takamaiman masu amfani ta amfani da kayan aikin pam_tty_audit.

Linux PAM (Pluggable Authentication Modules) hanya ce mai sauƙi don aiwatar da ayyukan tabbatarwa a cikin aikace-aikace da sabis na tsarin daban-daban; ya fito daga asalin Unix PAM.

Yana raba ayyukan tantancewa zuwa manyan nau'ikan gudanarwa guda hudu, wato: asusu, na'urorin tantancewa, tsarin kalmar sirri da tsarin zaman. Cikakken bayanin ƙungiyoyin gudanarwa na theses ya wuce iyakar wannan koyawa.

Kayan aikin tantancewa yana amfani da tsarin pam_tty_audit PAM don kunna ko kashe duba bayanan shigarwar TTY don takamaiman masu amfani. Da zarar an saita mai amfani don tantancewa, pam_tty_audit yana aiki tare tare da binciken don bin diddigin ayyukan masu amfani akan tashar kuma idan an daidaita shi, kama ainihin maɓallan maɓalli da mai amfani ya yi, sannan a rubuta su a cikin /var/log/audit/audit. log file.

Saita PAM don Shigar Mai Amfani TTY a cikin Linux

Kuna iya saita PAM don duba shigarwar TTY na musamman masu amfani a cikin /etc/pam.d/system-auth da /etc/pam.d/password-auth fayiloli, ta amfani da zaɓin kunnawa. A gefe guda, kamar yadda aka zata, musaki yana kashe shi don takamaiman masu amfani, a cikin tsarin da ke ƙasa:

session required pam_tty_audit.so disable=username,username2...  enable=username,username2..

Don kunna shigar da ainihin maɓallai na mai amfani (ciki har da sarari, wuraren baya, maɓallan dawowa, maɓallin sarrafawa, maɓallin sharewa da sauransu), ƙara zaɓin log_passwd tare da sauran zaɓuɓɓuka, ta amfani da wannan fom:

session required pam_tty_audit.so disable=username,username2...  enable=username log_passwd

Amma kafin ku yi kowane tsari, lura cewa:

  • Kamar yadda aka gani a cikin rubutun da ke sama, zaku iya tura sunayen masu amfani da yawa zuwa zaɓin kunna ko kashewa.
  • Duk wani zaɓi na musaki ko kunna zaɓi ya ƙetare wani zaɓi na baya wanda ya dace da sunan mai amfani iri ɗaya.
  • Bayan kunna duban TTY, ana gadar ta ta duk hanyoyin da aka tsara ta mai amfani.
  • Idan an kunna rikodin maɓallai, ba a shigar da shigarwar nan take, tunda TTY na duban farko yana adana maɓallan maɓallai a cikin buffer kuma ya rubuta abun ciki na buffer a cikin tazara, ko kuma bayan mai amfani da aka duba ya fita, cikin /var/log. /audit/audit.log file.

Bari mu kalli misali a ƙasa, inda za mu saita pam_tty_audit don yin rikodin ayyukan mai amfani tecmint gami da maɓalli, a duk tashoshi, yayin da muke hana tantancewar TTY ga duk sauran masu amfani da tsarin.

Buɗe waɗannan fayiloli guda biyu masu biyowa.

# vi /etc/pam.d/system-auth
# vi /etc/pam.d/password-auth

Ƙara layi mai biyo baya zuwa fayilolin daidaitawa.
zaman da ake buƙata pam_tty_audit.so disable=* kunna = tecmint

Kuma don kama duk maɓallan maɓallan da mai amfani tecmint ya shigar, za mu iya ƙara zaɓin log_passwd wanda aka nuna.

session required pam_tty_audit.so disable=*  enable=tecmint log_passwd

Yanzu ajiye kuma rufe fayilolin. Bayan haka, duba fayil ɗin log ɗin da aka duba don kowane shigarwar TTY da aka yi rikodi, ta amfani da kayan aikin aureport.

# aureport --tty

Daga abin da aka fitar a sama, zaku iya ganin tecmint mai amfani wanda UID ɗin 1000 ya yi amfani da editan vi/vim, ya ƙirƙiri wani directory mai suna bin kuma ya shiga ciki, ya share tashar da sauransu.

Don bincika rajistan ayyukan shigarwar TTY da aka yi rikodin tambarin lokaci daidai ko bayan takamaiman lokaci, yi amfani da -ts don tantance kwanan wata/lokaci da -te don saita ƙarshen. kwanan wata/lokaci.

Ga wasu misalai:

# aureport --tty -ts 09/25/2017 00:00:00 -te 09/26/2017 23:00:00
# aureport --tty -ts this-week

Kuna iya samun ƙarin bayani, a cikin pam_tty_audit man page.

# man  pam_tty_audit

Duba labarai masu amfani.

  1. Ka saita \Babu kalmar wucewa ta SSH Maɓallan Tabbatarwa tare da PuTTY akan Sabar Linux
  2. Kafa Tabbacin tushen LDAP a cikin RHEL/CentOS 7
  3. Yadda ake Saita Tabbatar da Factor Biyu (Google Authenticator) don SSH Logins
  4. SSH Password Shigar Amfani da SSH Keygen a cikin Sauƙaƙe Matakai 5
  5. Yadda ake Gudun Umurnin 'sudo' Ba tare da Shigar da Kalmar wucewa a Linux ba

A cikin wannan labarin, mun bayyana yadda ake saita PAM don tantance shigarwar don takamaiman masu amfani akan CentOS/RHEL. Idan kuna da wasu tambayoyi ko ƙarin ra'ayoyi don raba, yi amfani da sharhi daga ƙasa.