linux下安装构建Tripwire系统 利用Tripwire监测数据完整性 详细教程

前言

当服务器遭到黑客攻击时,在多数情况下,黑客可能对系统文件等等一些重要的文件进行修改。对此,我们用Tripwire建立数据完整性监测系统。虽然 它不能抵御黑客攻击以及黑客对一些重要文件的修改,但是可以监测文件是否被修改过以及哪些文件被修改过,从而在被攻击后有的放矢的策划出解决办法。

Tripwire的原理是Tripwire被安装、配置后,将当前的系统数据状态建立成数据库,随着文件的添加、删除和修改等等变化,通过系统数据现状与不断更新的数据库进行比较,来判定哪些文件被添加、删除和修改过。正因为初始的数据库是在Tripwire本体被安装、配置后建立的原因,我们务必应该在服务器开放前,或者说操作系统刚被安装后用Tripwire构建数据完整性监测系统。

Tripwire简介

当Tripwire运行在数据库生成模式时,会根据管理员设置的一个配置文件对指定要监控的文件进行读取,对每个文件生成相应数字签名,并将这些结果保存在自己的数据库中,在缺省状态下,MD5和SNCFRN(Xerox的安全哈希函数)加密手段被结合用来生成文件的数字签名。除此以外,管理员还可使用 MD4,CRC32,SHA等哈希函数,但实际上,使用上述两种哈希函数的可靠性已相当高了,而且结合MD5和sncfrn两种算法(尤其是 sncfrn)对系统资源的耗费已较大,所以在使用时可根据文件的重要性做取舍。当怀疑系统被入侵时,可由Tripwire根据先前生成的,数据库文件来做一次数字签名的对照,如果文件被替换,则与Tripwire数据库内相应数字签名不匹配,这时Tripwire会报告相应文件被更动,管理员就明白系统不"干净"了。

Tripwire软件特点

Tripwire支持绝大多数Unix操作系统,它的安装需要编译环境,如gcc,cc等,还需要gzip,gunzip等解压工具。这些工具管理员可从相应站点获取,这里不讨论。到它的主页download部分,可以看到当前可免费 download的Tripwire1.3 ASR版本,下载下来就是。

使用Tripwire和aide等检测工具能够及时地帮助你发现攻击者的入侵,它们能够很好地提供系统完整性的检查。这类工具不同于其它的入侵检测工具,它们不是通过所谓的攻击特征码来检测入侵行为,而是监视和检查系统发生的变化。

当服务器遭到黑客攻击时,在多数情况下,黑客可能对系统文件等等一些重要的文件进行修改。对此,我们用Tripwire建立数据完整性监测系统。虽然 它不能抵御黑客攻击以及黑客对一些重要文件的修改,但是可以监测文件是否被修改过以及哪些文件被修改过,从而在被攻击后有的放矢的策划出解决办法。

Tripwire 的原理是Tripwire被安装、配置后,将当前的系统数据状态建立成数据库,随着文件的添加、删除和修改等等变化,通过系统数据现 状与不断更新的数据库进行比较,来判定哪些文件被添加、删除和修改过。正因为初始的数据库是在Tripwire本体被安装、配置后建立的原因,我们务必应 该在服务器开放前,或者说操作系统刚被安装后用Tripwire构建数据完整性监测系统。

安装 Tripwire

首先来安装 Tripwire 。

[root@sample ~]# wget http://jaist.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.3.1-2.tar.gz ← 下载源代码

--02:21:30-- http://jaist.dl.sourceforge.net/sourceforge/tripwire/tripwire-2.3.1-2.tar.gz
=> `tripwire-2.3.1-2.tar.gz'
Resolving jaist.dl.sourceforge.net... 150.65.7.130
Connecting to jaist.dl.sourceforge.net|150.65.7.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,514,955 (1.4M) [application/x-gzip]

100%[====================================>] 1,514,955 1.29M/s

02:21:32 (1.28 MB/s) - `tripwire-2.3.1-2.tar.gz' saved [1514955/1514955]

[root@sample ~]# tar zxvf tripwire-2.3.1-2.tar.gz ← 将被压缩的文件展开

[root@sample ~]# cd tripwire-2.3.1-2 ← 进入被解压缩的目录

[root@sample tripwire-2.3.1-2]# wget http://distfiles-od.opendarwin.org/tw-20030919.patch.gz ← 下载 Tripwire Patch文件

--02:28:43-- http://distfiles-od.opendarwin.org/tw-20030919.patch.gz
=> `tw-20030919.patch.gz'
Resolving distfiles-od.opendarwin.org... 216.73.106.93
Connecting to distfiles-od.opendarwin.org|216.73.106.93|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 786,411 (768K) [application/x-gzip]

100%[====================================>] 786,411 164.35K/s ETA 00:00

02:28:50 (154.51 KB/s) - `tw-20030919.patch.gz' saved [786411/786411]

[root@sample tripwire-2.3.1-2]# gunzip tw-20030919.patch.gz ← 将 Tripwire Patch 文件解压缩

[root@sample tripwire-2.3.1-2]# patch -p1 < tw-20030919.patch ← Patch编译

[root@sample tripwire-2.3.1-2]# chmod 755 configure ← 赋予配置文件configure可执行的权限

[root@sample tripwire-2.3.1-2]# ./configure --sysconfdir=/etc/tripwire ← 运行configure
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD compatible install... /usr/bin/install -c
……………………………………
……………………………………
……中间提示信息省略……
……………………………………
……………………………………
config.status: creating src/twprint/Makefile
config.status: creating src/twadmin/Makefile
config.status: creating src/siggen/Makefile
config.status: creating src/tripwire/Makefile
config.status: creating config.h

[root@sample tripwire-2.3.1-2]# make ← 编译

cd . && /bin/sh /root/tripwire-2.3.1-2/missing --run autoheader
configure.in:9: warning: do not use m4_patsubst: use patsubst or m4_bpatsubst
aclocal.m4:546: AM_CONFIG_HEADER is expanded from...
configure.in:9: the top level
configure.in:401: warning: do not use m4_regexp: use regexp or m4_bregexp
aclocal.m4:559: _AM_DIRNAME is expanded from...
configure.in:401: the top level
cd .
&& CONFIG_FILES= CONFIG_HEADERS=config.h
/bin/sh ./config.status
……………………………………
……………………………………
……中间提示信息省略……
……需要花费一段时间……
……………………………………
……………………………………
make[2]: Leaving directory `/root/tripwire-2.3.1-2/src'
make[2]: Entering directory `/root/tripwire-2.3.1-2'
make[2]: Nothing to be done for `all-am'.
make[2]: Leaving directory `/root/tripwire-2.3.1-2'
make[1]: Leaving directory `/root/tripwire-2.3.1-2'

[root@sample tripwire-2.3.1-2]# make install ← 安装配置

Making install in man
make[1]: Entering directory `/root/tripwire-2.3.1-2/man'
Making install in man4
make[2]: Entering directory `/root/tripwire-2.3.1-2/man/man4'
make[3]: Entering directory `/root/tripwire-2.3.1-2/man/man4'
make[3]: Nothing to be done for `install-exec-am'.
/bin/sh ../../mkinstalldirs /usr/local/man/man4
mkdir /usr/local/man
……………………………………
……………………………………
……中间提示信息省略…………
……………………………………
……………………………………
Copyright (C) 1998-2000 Tripwire (R) Security Systems, Inc. Tripwire (R)
is a registered trademark of the Purdue Research Foundation and is
licensed exclusively to Tripwire (R) Security Systems, Inc.

LICENSE AGREEMENT for Tripwire(R) 2.3 Open Source

Please read the following license agreement. You must accept the
agreement to continue installing Tripwire.

Press ENTER to view the License Agreement.  ← 按回车键阅读协议
……………………………………
……………………………………
协议浏览中按空格键翻页
……………………………………
……………………………………
Please type "accept" to indicate your acceptance of this
license agreement. [do not accept] accept ← 输入“accept”同意协议
Using configuration file ./install/install.cfg

Checking for programs specified in install configuration file....

/usr/sbin/sendmail exists. Continuing installation.

/bin/vi exists. Continuing installation.

----------------------------------------------
Verifying existence of binaries...

./bin/siggen found
./bin/tripwire found
./bin/twprint found
./bin/twadmin found

This program will copy Tripwire files to the following directories:

TWBIN: /usr/local/sbin
TWMAN: /usr/local/man
TWPOLICY: /etc/tripwire
TWREPORT: /usr/local/lib/tripwire/report
TWDB: /usr/local/lib/tripwire
TWSITEKEYDIR: /etc/tripwire
TWLOCALKEYDIR: /etc/tripwire

CLOBBER is false.

Continue with installation? [y/n] y ← 键入y继续安装

----------------------------------------------
Creating directories...

/usr/local/sbin: already exists
/etc/tripwire: created
/usr/local/lib/tripwire/report: created
/usr/local/lib/tripwire: already exists
/etc/tripwire: already exists
/etc/tripwire: already exists
/usr/local/man: already exists
/usr/local/doc/tripwire: created

----------------------------------------------
Copying files...

/usr/local/doc/tripwire/README: copied
/usr/local/doc/tripwire/Release_Notes: copied
/usr/local/doc/tripwire/COPYING: copied
/usr/local/doc/tripwire/TRADEMARK: copied
/usr/local/doc/tripwire/policyguide.txt: copied
/etc/tripwire/twpol-Linux.txt: copied

----------------------------------------------
The Tripwire site and local passphrases are used to
sign a variety of files, such as the configuration,
policy, and database files.

Passphrases should be at least 8 characters in length
and contain both letters and numbers.

See the Tripwire manual for more information.

----------------------------------------------
Creating key files...

(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)

Enter the site keyfile passphrase:  ← 输入“site keyfile”口令(输入后不会显示),并且记住这个口令
Verify the site keyfile passphrase:  ← 再次确认“site keyfile”口令
Generating key (this may take several minutes)...Key generation complete.

(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)

Enter the local keyfile passphrase:  ← 输入“local keyfile”口令(输入后不会显示),并且记住这个口令
Verify the local keyfile passphrase:  ← 再次确认“local keyfile”口令
Generating key (this may take several minutes)...Key generation complete.

----------------------------------------------
Generating Tripwire configuration file...

----------------------------------------------
Creating signed configuration file...
Please enter your site passphrase:  ← 输入“site keyfile”口令(输入后不会显示)
Wrote configuration file: /etc/tripwire/tw.cfg

A clear-text version of the Tripwire configuration file
/etc/tripwire/twcfg.txt
has been preserved for your inspection. It is recommended
that you delete this file manually after you have examined it.

----------------------------------------------
Customizing default policy file...

----------------------------------------------
Creating signed policy file...
Please enter your site passphrase:  ← 输入“site keyfile”口令(输入后不会显示)
Wrote policy file: /etc/tripwire/tw.pol

A clear-text version of the Tripwire policy file
/etc/tripwire/twpol.txt
has been preserved for your inspection. This implements
a minimal policy, intended only to test essential
Tripwire functionality. You should edit the policy file
to describe your system, and then use twadmin to generate
a new signed copy of the Tripwire policy.

----------------------------------------------
The installation succeeded.

Please refer to /usr/local/doc/tripwire/Release_Notes
for release information and to the printed user documentation
for further instructions on using Tripwire 2.3 Open Source.
make[3]: Leaving directory `/root/tripwire-2.3.1-2'
make[2]: Leaving directory `/root/tripwire-2.3.1-2'
make[1]: Leaving directory `/root/tripwire-2.3.1-2'

[root@sample tripwire-2.3.1-2]# cd ← 回到root用户的根目录

[root@sample ~]# rm -rf tripwire-2.3.1-2 tripwire-2.3.1-2.tar.gz ← 删除安装用过的原文件
配置 Tripwire
[root@sample ~]# vi /etc/tripwire/twcfg.txt  ← 修改文本格式的Tripwire配置文件

LOOSEDIRECTORYCHECKING =false  ← 找到这一个行,将false的值变为true(不监测所属目录的数据完整性)

LOOSEDIRECTORYCHECKING =true   ← 变为此状态

REPORTLEVEL =3  ← 找到这一行,将3变为4(改变监测结果报告的等级)

REPORTLEVEL =4  ← 变为此状态

[root@sample ~]# twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt  ← 从文本配置文件建立加密格式配置文件

Please enter your site passphrase:  ← 输入“site keyfile”口令(输入后不会显示)
Wrote configuration file: /etc/tripwire/tw.cfg

[root@sample ~]# rm -f /etc/tripwire/twcfg.txt ← 为不留安全隐患,删除文本格式的配置文件

注:恢复文本格式的Tripwire配置文件,可通过执行“twadmin --print-cfgfile > /etc/tripwire/twcfg.txt”。

[2] Policy文件的配置

Tripwire的数据库是基于Policy文件建立的。但默认的Policy文件并没有有效的依照我们的需要建立数据完整性监测规则,所以这里通过一段Perl脚本来让数据监测实际满足于我们的需要。

[root@sample ~]# vi /etc/tripwire/twpolmake.pl  ← 建立用于建立Policy文件的Perl脚本

#!/usr/bin/perl
# Tripwire Policy File customize tool
# ----------------------------------------------------------------
# Copyright (C) 2003 Hiroaki Izumi
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# ----------------------------------------------------------------
# Usage:
# perl twpolmake.pl {Pol file}
# ----------------------------------------------------------------
#
$POLFILE=$ARGV[0];

open(POL,"$POLFILE") or die "open error: $POLFILE" ;
my($myhost,$thost) ;
my($sharp,$tpath,$cond) ;
my($INRULE) = 0 ;

while (<POL>) {
chomp;
if (($thost) = /^HOSTNAMEs*=s*(.*)s*;/) {
$myhost = `hostname` ; chomp($myhost) ;
if ($thost ne $myhost) {
$_="HOSTNAME="$myhost";" ;
}
}
elsif ( /^{/ ) {
$INRULE=1 ;
}
elsif ( /^}/ ) {
$INRULE=0 ;
}
elsif ($INRULE == 1 and ($sharp,$tpath,$cond) = /^(s*#?s*)(/S+)b(s+->s+.+)$/) {
$ret = ($sharp =~ s/#//g) ;
if ($tpath eq '/sbin/e2fsadm' ) {
$cond =~ s/;s+(tune2fs.*)$/; #$1/ ;
}
if (! -s $tpath) {
$_ = "$sharp#$tpath$cond" if ($ret == 0) ;
}
else {
$_ = "$sharp$tpath$cond" ;
}
}
print "$_n" ;
}
close(POL) ;
[root@sample ~]# perl /etc/tripwire/twpolmake.pl /etc/tripwire/twpol.txt > /etc/tripwire/twpol.txt.out  ← 建立Policy文件

[root@sample ~]# rm -f /etc/tripwire/twpol.txt   ← 删除默认Policy文件

[root@sample ~]# mv /etc/tripwire/twpol.txt.out /etc/tripwire/twpol.txt  ← 将新建立的Policy文件的名改为默认Policy文件的文件名

[root@sample ~]# vi /etc/tripwire/twpol.txt  ← 编辑Policy文件

$(TWREPORT)    -> $(SEC_CONFIG) (recurse=0) ;  ← 找到这一行,在这一行的下一行添加语句(113行前后)
!$(TWDB)/$(HOSTNAME).twd ;  ← 添加这一句(不对数据库进行监测)

[root@sample ~]# twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt  ← 从文本配置文件建立加密格式配置文件

Please enter your site passphrase: ← 输入“site keyfile”口令(输入后不会显示)
Wrote policy file: /etc/tripwire/tw.pol

[root@sample ~]# rm -f /etc/tripwire/twcfg.txt ← 为不留安全隐患,删除文本格式的配置文件

注:恢复文本格式的Tripwire配置文件,可通过执行“twadmin --print-cfgfile > /etc/tripwire/twcfg.txt”。

[3] 建立数据库

[root@sample ~]# tripwire --init ← 建立数据库

Please enter your local passphrase:  ← 输入“local keyfile”口令(输入后不会显示)
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
Wrote database file: /usr/local/lib/tripwire/sample.centospub.com.twd
The database was successfully generated.

运行 Tripwire

下面开始测试并让Tripwire开始工作。

[1] 建立Tripwire运行脚本:

[root@sample ~]# vi tripwire-check ← 建立Tripwire运行脚本

#!/bin/bash

PATH=/usr/local/sbin:/usr/bin:/bin
SITEPASS=******** # Site Key Passphrase ← 将星号部分换为Site Keyfile的口令
LOCALPASS=******** # Local Key Passphrase ← 将星号部分换为Local Keyfile的口令
REPORTFILE=/usr/local/lib/tripwire/report/`hostname`-`date +%Y%m%d`.twr

# Run the Tripwire
tripwire --check -r "$REPORTFILE"| logger -t tripwire

# Mail the Tripwire Report to root
cd /etc/tripwire
REPORTPRINT=`mktemp`
twprint -m r -c tw.cfg -r "$REPORTFILE" -L `hostname`-local.key -t 4 > $REPORTPRINT
if [ -z "$(grep 'Total violations found: 0' $REPORTPRINT)" ]; then
cat $REPORTPRINT | mail -s "Tripwire(R) Integrity Check Report in `hostname`" root
fi
rm -f $REPORTPRINT

# Update the Policy File
cd /etc/tripwire
twadmin --print-polfile > twpol.txt
perl twpolmake.pl twpol.txt > twpol.txt.out
twadmin --create-polfile -S site.key -Q $SITEPASS twpol.txt.out | logger -t tripwire
rm -f twpol.*
# update the Database
rm -f /usr/local/lib/tripwire/`hostname`.twd
tripwire --init -P $LOCALPASS | logger -t tripwire

[root@sample ~]# chmod 700 tripwire-check ← 赋予运行脚本文件可执行的权限

注:Tripwire的监测报告会被加密保存到/usr/local/lib/tripwire/report目录下。日志被保存在/var/log/messages中。

[2] 测试运行脚本

[root@sample ~]# ./tripwire-check  ← 运行一次脚本
由于增加了运行脚本本身,也被认作系统被作了改动,会发邮件通知root…查看邮箱回收到监测报告

[root@sample ~]# ./tripwire-check ← 再次运行一次脚本
由于两次连续运行,之间不太可能有文件变更,所以请确认不会发送E-mail给root

[3] 在服务器本地监测报告的浏览

[root@sample ~]# ls -l /usr/local/lib/tripwire/report/ ← 监测报告所在目录的文件列表
total 32
-rw-r--r-- 1 root root 8222 Aug 23 05:46 sample.centospub.com-20060823.twr ← 比如想浏览此篇报告
-rw-r--r-- 1 root root 8230 Aug 23 05:46 sample.centospub.com-20060823.twr.bak

[root@sample ~]# cd /etc/tripwire ← 进入Tripwire配置文件所在目录

[root@sample tripwire]# twprint -m r -c tw.cfg -r "/usr/local/lib/tripwire/report/sample.centospub.com-20060823.twr" -L sample.centospub.com-local.key -t 4 > tripwire-report ← 将监测报告保存到名为tripwire-report的文件中

[root@sample tripwire]# cat tripwire-report ← 浏览监测报告
Note: Report is not encrypted.
Tripwire(R) 2.3.0 Integrity Check Report

Report generated by: root
Report created on: Wed 23 Aug 2006 05:45:01 AM CST
Database last updated on: Never

===============================================================================
Report Summary:
===============================================================================

Host name: sample.centospub.com
Host IP address: 127.0.0.1
Host ID: None
Policy file used: /etc/tripwire/tw.pol
Configuration file used: /etc/tripwire/tw.cfg
Database file used: /usr/local/lib/tripwire/sample.centospub.com.twd
Command line used: tripwire --check -r /usr/local/lib/tripwire/report/sample.centospub.com-20060823.twr

===============================================================================
Rule Summary:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

Rule Name Severity Level Added Removed Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
Tripwire Data Files 100 0 0 0
Temporary directories 33 0 0 0
Critical devices 100 0 0 0
(/proc/kcore)
Tripwire Binaries 100 0 0 0
Libraries 66 0 0 0
User binaries 66 0 0 0
Critical system boot files 100 0 0 0
File System and Disk Administraton Programs
100 0 0 0
Kernel Administration Programs 100 0 0 0
Networking Programs 100 0 0 0
System Administration Programs 100 0 0 0
Hardware and Device Control Programs
100 0 0 0
System Information Programs 100 0 0 0
Application Information Programs
100 0 0 0
(/sbin/rtmon)
Shell Related Programs 100 0 0 0
Operating System Utilities 100 0 0 0
Critical Utility Sym-Links 100 0 0 0
Shell Binaries 100 0 0 0
OS executables and libraries 100 0 0 0
System boot changes 100 0 0 0
Critical configuration files 100 0 0 0
Security Control 100 0 0 0
Login Scripts 100 0 0 0
* Root config files 100 0 0 1

Total objects scanned: 17363
Total violations found: 1

===============================================================================
Object Summary:
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
-------------------------------------------------------------------------------

Modified:
"/root/tripwire-check"

===============================================================================
Object Detail:
===============================================================================

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Rule Name: Root config files (/root)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Modified Objects: 1
----------------------------------------

Modified object name: /root/tripwire-check

Property: Expected Observed
------------- ----------- -----------
Object Type Regular File Regular File
Device Number 64768 64768
File Device Number 0 0
Inode Number 351317 351317
Mode -rwx------ -rwx------
Num Links 1 1
UID root (0) root (0)
GID root (0) root (0)
* Size 953 951
* Modify Time Wed 23 Aug 2006 05:21:26 AM CST
Wed 23 Aug 2006 05:43:10 AM CST
* Change Time Wed 23 Aug 2006 05:21:26 AM CST
Wed 23 Aug 2006 05:43:10 AM CST
Blocks 16 16
* CRC32 Ay0oV9 BDzM8Y
* MD5 BoeMoWfjEKCSLOJCs/E7mj ABQN3hl5wF0PyTcXugPE5U

 

===============================================================================
Error Report:
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***
Tripwire 2.3 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.

[root@sample tripwire]# rm -f tripwire-report ← 删除监测报告

[4] 让监测脚本每天自动运行

[root@sample tripwire]# cd  ← 进入Tripwire运行脚本所在的root目录

[root@sample ~]# mv tripwire-check /etc/cron.daily/  ← 转移脚本到每天自动运行的目录中

放在/etc/cron.daily下的脚本,会在每天4点02分自动被运行。这样通过数据完整性监测来监视系统文件的状况。如果增加、修改或删除的情况,将会给root发送邮件,并自动转送到初始环境设置中设置的转送邮箱中。

使用Tripwire监测Linux的文件是否修改,然后再来判断服务器是不是被黑客攻击,也是一个非常有效的办法,因为如果不修改系统文件就能攻破你的Linux,说明那个黑客已经是高手中的高手了。

时间: 2024-10-02 10:37:53

linux下安装构建Tripwire系统 利用Tripwire监测数据完整性 详细教程的相关文章

在Linux下安装显卡驱动程序

程序     { 相信大多数人在安装Linux时遇到的第一个难题,就是Linux不认你的显卡.而显卡安装不正确或胡乱选一个驱动程序安上则难以进入X Window.即使勉强进去了,因为分辨率太低,桌面上的文字和图片都放大了好几倍,仍无法使用.我的Linux是Red Hat,显卡是Trident Blade 3D,属于Linux不认识之列.于我是四处找资料,经过一段时间的摸索,终于成功地安装了显卡驱动.现在我就把经验写出来,好让大家都能顺利进入X Window,领略Linux的风采.    一.下载

linux下安装oracle9i

oracle                                                        Oracle安装报告    JH King                                                                                                    因公司需要,要在linux下安装oracle,在安装过程中发现了很多问题,写成报告给需要的人使用.              软件环境

linux下安装oracle 10g

在linux下安装oracle是一件令人生畏的事情,其复杂程度远远超过安装linux操作系统本身.如果能够进行成功的安装oracle,那么同时也就顺便掌握了linux一些技术.本文介绍在redhat linux 下安装oracle 10g 的方法.在这里说明一,Oracle 10g的g是grid 的缩写,意为网格,目前较为前沿的网络计算技术. Oracle 10g 对软硬件的要求都非常的高,所以要玩转的话的花不少银子.首先来看看它对硬件的要求:内存512兆(建议1G),cpu 主频2.0G以上,

linux下安装apache详解

下面是linux下安装apache的完整代码,系统是redhat5.5 下载httpd-2.2.6.tar.bz2 把httpd-2.2.6.tar.bz2放到/soft 下 [root@localhost ~]#cd /soft [root@localhost soft]#tar jxvf httpd-2.2.6.tar.bz2 //解压apache的压缩包 [root@localhost soft]#cd httpd-2.2.6 //定位到httpd-2.2.6 文件夹下 [root@loc

Linux下安装Apache+ASP环境的原因

 为什么要在Linux下安装ASP环境?且看这几个原因够不够:     A. 作为Linux下的开发环境     B. 当IIS中的ASP仅用于后台,同时使用人数较少.前台页面主要以HTML静态页面展示,ASP用来做的事情较少,本身对系统的负担很轻 综合以上,当ASP显得有点鸡肋时,相应的应用完全可以移植到Linux下,以充分发挥Linux下系统平台优势和资源优势. 因为ASP本为Windows下IIS的原生产物,移植到Linux下确实有些怪异,所以实现方案也比较少,目前能找到的基本以Perl转

Linux下安装php加速软件Xcache的步骤

 Xcache是php的一个加速软件了,我们可以通过安装Xcache来提高php的运行性能了,有点像phpfast了,下面一起来看看安装php加速软件Xcache的步骤   说明: php安装目录:/usr/local/php php.ini配置文件路径:/usr/local/php/etc/php.ini Nginx安装目录:/usr/local/nginx Nginx网站根目录:/usr/local/nginx/html 1.安装xcache cd /usr/local/src #进入软件包

32位Linux下安装64位Hadoop的问题

问题描述 32位Linux下安装64位Hadoop的问题 本人最近在学习Hadoop, 使用的版本为2.5.2,目前已经在Linux环境下搭建好了. 但是现在在hadoop中建立上传文件目录时,碰到如下问题: 在/hadoop-2.5.2/bin下执行: ./hdfs dfs -mkdir -p ~/hdfile 之后报出错误提示信息: Java HotSpot(TM) Client VM warning: You have loaded library /home/wluser/hadoop-

Redhat linux下安装oracle11r2手册+截图_toto_V1.0

 在Linux下安装配置Oracle 11g R2详细过程(在整个过程中是在虚拟机下模拟的,虚拟机磁盘设置成了100GB) 1.Linux环境配置准备 环境:Linux:Redhat Enterprise 6,DB:Oracle 11gR2 X64,Oracle安装到/home/oralce_11目录下. 配置过程如下:(大部分是网上的内容,个人也是按照网上步骤来的) 1) 检查基本需求(对于牛逼的服务器来说,这个肯定是满足要求的,可以跳过)内存大小grep MemTotal /proc/m

linux下安装ffmpeg

linux下安装ffmpeg   1.下载ffmpeg.    2.解压  tar xvfj ffmpeg-0.11.1.tar.bz2  得到解压后的目录是ffmpeg-0.11.1   3.配置  www.2cto.com     ./configure --enable-shared --prefix=/usr/local/ffmpeg  其中:--enable-shared 是允许其编译产生动态库,在以后的编程中要用到这个几个动态库.--prefix设置的安装目录.    4.编译并安装