Yadda ake Bincika Mutunci Tare da AIDE a Fedora


AIDE (Babban Intrusion Detection Environment) shiri ne don bincika amincin fayil da kundin adireshi akan kowane tsarin zamani kamar Unix. Yana ƙirƙirar rumbun adana bayanai na fayiloli akan tsarin, sannan yayi amfani da waccan bayanan azaman ma'auni don tabbatar da amincin fayil da gano kutsen tsarin.

A cikin wannan labarin, za mu nuna yadda ake shigarwa da amfani da AIDE don bincika fayil da amincin adireshi a cikin rarraba Fedora.

Yadda ake Sanya AIDE a Fedora

1. An haɗa kayan aikin AIDE a cikin Fedora Linux ta tsohuwa, saboda haka, za ku iya amfani da tsoho mai sarrafa kunshin dnf don shigar da shi kamar yadda aka nuna.

$ sudo dnf install aide  

2. Bayan an gama shigarwa, kuna buƙatar ƙirƙirar bayanan AIDE na farko, wanda shine hoton tsarin a cikin yanayin al'ada. Wannan ma'auni zai yi aiki azaman ma'auni wanda za'a auna duk sabuntawa da canje-canje masu zuwa.

Lura cewa yana da mahimmanci don ƙirƙirar bayanan bayanai akan sabon tsarin kafin a kawo shi cikin hanyar sadarwa. Na biyu kuma, saitin taimakon tsoho yana ba da damar bincika saitin kundayen adireshi da fayilolin da aka ayyana a cikin /etc/aide.conf fayil. Kuna buƙatar gyara wannan fayil ɗin daidai don saita ƙarin fayiloli da kundayen adireshi waɗanda masu taimako za su kalla.

Gudun umarni mai zuwa don samar da bayanan farko:

$ sudo aide --init

3. Don fara amfani da ma'ajin bayanai, cire .sabuwar substring daga sunan fayil na farko.

$ sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

4. Don ƙara kare bayanan AIDE, za ku iya canza wurin da aka saba da shi ta hanyar gyara fayil ɗin sanyi da canza darajar DBDIR da nuna shi zuwa sabon wurin da database.

@@define DBDIR  /path/to/secret/db/location

Don ƙarin tsaro, adana fayil ɗin saitin bayanai da fayil ɗin binary /usr/sbin/aide a cikin amintaccen wuri kamar kafofin watsa labarai masu karantawa kawai. Mahimmanci, zaku iya haƙiƙa haɓaka tsaro ta hanyar sanya hannu akan daidaitawa da/ko bayanan bayanai.

Yin Binciken Mutunci a Fedora

5. Don bincika tsarin Fedora da hannu, gudanar da umarni mai zuwa.

$ sudo aide --check

Fitowar umarnin da ke sama yana nuna bambance-bambance tsakanin rumbun adana bayanai da yanayin tsarin fayil na yanzu. Yana nuna taƙaitaccen shigarwar da cikakkun bayanai game da abubuwan da aka canza.

6. Don ingantaccen amfani, ya kamata ka saita AIDE don aiki azaman aikin cron, don yin sikanin da aka tsara, ko dai mako-mako (a mafi ƙarancin) ko yau da kullun (a matsakaici).

Misali, don tsara dubawa da tsakar dare yau da kullun, ƙara shigarwar cron mai zuwa a cikin fayil /etc/crontab.

00  00  *  *  *  root  /usr/sbin/aide --check

Ana sabunta bayanan AIDE

7. Bayan tabbatar da canje-canjen tsarin ku kamar, sabunta fakiti ko gyare-gyaren fayiloli, sabunta bayanan AIDE na tushen ku tare da umarni mai zuwa.

$ sudo aide --update

Umurnin aide --update yana ƙirƙirar sabon fayil ɗin bayanai /var/lib/aide/aide.db.new.gz. Don fara amfani da shi don bincike na gaba, kuna buƙatar sake suna kamar yadda aka nuna a baya (cire .new substring daga sunan fayil).

Don ƙarin bayani akan AIDE kuna iya duba shafin sa na mutum.

$ man aide

Don sauran rabawa na Linux, zaku iya duba: Yadda ake Bincika Mutuncin Fayil da Darakta Ta amfani da AIDE a cikin Linux.

AIDE babban abin amfani ne don bincika amincin fayiloli da kundayen adireshi akan tsarin aiki kamar Unix kamar Linux. A cikin wannan labarin, mun nuna yadda ake shigarwa da amfani da AIDE a cikin Fedora Linux. Kuna da wata tambaya(s) ko sharhi game da AIDE, idan eh, to yi amfani da fom ɗin amsa don isa gare mu.