SlideShare a Scribd company logo

Linux 系統管理與安全:進階系統管理系統防駭與資訊安全

維泰 蔡
維泰 蔡

- The document discusses various Linux system log files such as /var/log/messages, /var/log/secure, and /var/log/cron and provides examples of log entries. - It also covers log rotation tools like logrotate and logwatch that are used to manage log files. - Networking topics like IP addressing, subnet masking, routing, ARP, and tcpdump for packet sniffing are explained along with examples.

Technology
1 of 45
Download to read offline
• • • •
• root:log/  #  ls  -­‐F anaconda/    btmp dmesg httpd/      mariadb/    ppp/                      secure        tuned/ audit/          chrony/    dmesg.old lastlog messages    sa/                        spooler      wtmp boot.log      cron grubby          maillog php-­‐fpm/    sa-­‐update.log    tallylog yum.log
• kernel  message  buffer kernel   • kernel   $  dmesg • /var/log/dmesg • •
• • •
• /var/log/messages • • syslog   Feb  14  00:01:50  localhost  kernel:  smpboot:  CPU0:  Intel(R)  Celeron(R)  CPU                 E3400    @  2.60GHz  (fam:  06,  model:  17,  stepping:  0a) Feb  14  00:01:50  localhost  kernel:  Performance  Events:  unsupported  p6  CPU  model  23  no   PMU  driver,  software  events  only. Feb  14  00:01:50  localhost  kernel:  Brought  up  1  CPUs Feb  14  00:01:50  localhost  kernel:  smpboot:  Total  of  1  processors  activated  (5202.48   BogoMIPS)
• /var/log/cron • cron Apr    2  09:01:01  localhost  run-­‐parts(/etc/cron.hourly)[528]:  starting  0yum-­‐hourly.cron Apr    2  09:01:01  localhost  run-­‐parts(/etc/cron.hourly)[544]:  finished  0yum-­‐hourly.cron
• /var/log/secure • • Apr    1  16:12:16  localhost  login:  pam_unix(login:session):  session  opened  for   user  root  by  LOGIN(uid=0) Apr    1  16:12:16  localhost  login:  ROOT  LOGIN  ON  tty1 Mar  29  07:43:34  yuki sshd[18247]:  pam_unix(sshd:auth):  authentication   failure;  logname=  uid=0  euid=0            tty=ssh ruser=  rhost=183.136.216.6     user=root Mar  29  07:43:36  yuki sshd[18247]:  Failed  password  for  root  from   183.136.216.6  port  45215  ssh2
• • •
• daily weekly monthly yearly • anacron • /etc/cron.daily/logrotate
• /etc/logrotate.d/httpd /var/log/httpd/*log  { daily #   minsize 1M #   1MB   missingok #   rotate  14 #   14 compress #   gzip delaycompress #   notifempty #   create  640  root  adm #   sharedscripts #   postrotate #   /bin/systemctl reload  httpd.service >  /dev/null  2>/dev/null  ||  true endscript prerotate #   #  do  nothing endscript } $  man  logrotate
• • • 192.168.1.10  -­‐>  11000000  10101000  00000001  00001010
• • • •
• • • 192.168.1.100 • 192.168.1.100 -­‐>  11000000 10101000 00000001 01100100 • 255.255.255.224 • 255.255.255.224 -­‐>  11111111 11111111 11111111 11100000 • 11000000 10101000 00000001 01100000 • 192.168.1.96
• 255.255.255.224 -­‐>  11111111 11111111 11111111 11100000 • 11100000  -­‐>  3   1  -­‐>  2^3  -­‐>  8   subnet • 256  /  8  =  32 • 32   IP   • 192.168.1.96  ~  192.168.1.127 • 192.168.1.127   broadcast
• • class netmask subnet   id   • 255.255.224.0   11111111 11111111 11111111 11100000 27   1 • -­‐>   a.b.c.d/27 • 192.168.1.96/27 • • 140.115.0.0/16   140.115.1.1   ~  140.115.255.255   ( 255.255.0.0) • 192.168.1.0/24   192.168.1.1   ~  192.168.1.255   ( 255.255.255.0) Q 140.115.1.0/32  
• • #  netstat –r / route • #  ip route #  netstat -­‐r Kernel  IP  routing  table Destination          Gateway                  Genmask Flags  Metric  Ref        Use  Iface default                  192.168.1.1          0.0.0.0                  UG        0            0                0  eth0 10.8.0.0                10.8.0.2                255.255.255.0      UG        0            0                0  tun0 10.8.0.2                *                              255.255.255.255  UH        0            0                0  tun0 link-­‐local            *                              255.255.0.0          U          1000      0                0  eth0 192.168.1.0          *                              255.255.255.0      U          0            0                0  eth0 10.8.0.0~10.8.0.255   IP tun0   10.8.0.2   gateway 10.8.0.2   IP   192.168.1.0~192.168.1.255   IP eth0   192.168.1.1   gateway
• gateway #  route  add  default  gw 192.168.1.1 • IP   #  route  add  -­‐net  192.168.115.0  netmask 255.255.255.0  -­‐dev  eth1 • IP #  ifconfig eth0  192.168.1.1  netmask 255.255.255.0
• • • #  arp Address                        HWtype HWaddress Flags  Mask       Iface 192.168.56.1         ether      08:00:27:00:c4:7a      C                     enp0s8 10.0.2.2                 ether      52:54:00:12:35:02      C                       enp0s3
• ARP   #  arp -­‐s  192.168.1.1  AA:BB:CC:DD:EE:FF • ARP   # arp -­‐d  192.168.1.1
• • • • • • • •
• • enp0s8   #  tcpdump -­‐i enp0s8 • port   ASCII   #  tcpdump -­‐A  -­‐i enp0s8  'port  21' #  tcpdump -­‐A  -­‐i enp0s8  'tcp and  port  21  and  host   192.168.1.1' 22:03:44.870107  IP  localhost.localdomain.54068  >  adl-­‐ 12.csie.ncu.edu.tw.http:  Flags  [P.],  seq 1:17,  ack 1,  win   14600,  length  16 E..8..@.@... ....s5..4.P...x.t6.P.9.....GET  /  HTTP/1.1
• telnet sparc11.cc.ncu.edu.tw tcpdump
• •
• #  yum  install  logwatch • #  cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf • /etc/cron.daily/0logwatch  
• #  vim  /etc/logwatch/conf/logwatch.conf #   stdout mail   file Output  =  mail #   Html Format  =  text #   email   MailTo =  root MailFrom =  Logwatch #   log   Range  =  yesterday #   log  level Low,  Med,  High Detail  =  Low #   /usr/share/logwatch/default.conf/services   Service  =  All
• #  logwatch -­‐-­‐detail  Low  -­‐-­‐output  stdout -­‐-­‐service   all  -­‐-­‐range  today • #  logwatch -­‐-­‐detail  Low  -­‐-­‐output  mail  -­‐-­‐mailto   sntc06@gmail.com  -­‐-­‐service  all  -­‐-­‐range  yesterday
•
• • /etc/cron.d/sysstat #  sar |  head  -­‐n  5 Linux  3.10.0-­‐123.20.1.el7.x86_64  (localhost.localdomain) 00 00 01 CPU          %user          %nice      %system      %iowait %steal          %idle 00 10 01 all            0.02            0.00            0.05            0.01            0.00          99.92 00 20 01 all            0.02            0.00            0.05            0.00            0.00          99.93 #  Run  system  activity  accounting  tool  every  10  minutes */10  *  *  *  *  root  /usr/lib64/sa/sa1  1  1 #  0  *  *  *  *  root  /usr/lib64/sa/sa1  600  6  & #  Generate  a  daily  summary  of  process  accounting  at  23:53 53  23  *  *  *  root  /usr/lib64/sa/sa2  -­‐A
• • $  uptime 18:20:06  up  220  days,  19:46,    2  users,    load   average:  0.00,  0.01,  0.05 • • • •
• • $  free  -­‐h total              used              free          shared        buffers          cached Mem:                    7.8G              7.6G              193M                42M              111M              3.3G -­‐/+  buffers/cache:              4.2G              3.6G 2.0G                38M              2.0G #  vmstat -­‐S  MB procs -­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐memory-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐ -­‐-­‐-­‐swap-­‐-­‐ -­‐-­‐-­‐-­‐-­‐io-­‐-­‐-­‐-­‐ -­‐system-­‐-­‐ -­‐-­‐-­‐-­‐-­‐-­‐cpu-­‐-­‐-­‐-­‐-­‐ r    b      swpd free      buff    cache      si so        bi        bo in      cs us  sy id  wa st 1    0          38        191        116      3395        0        0          8          6      15        1    2    0  98    0    0
• • $  netstat • -­‐n   IP   • -­‐a   socket  ( ) • -­‐p   port   root   • -­‐r  
• • LISTEN SYN_RECV SYN_SENT ESTABLISHED FIN_WAIT1… • $  man  netstat #  netstat -­‐nap Active  Internet  connections  (servers  and  established) Proto  Recv-­‐Q  Send-­‐Q  Local  Address                      Foreign  Address                  State              PID/Program  name tcp 0            0  0.0.0.0:9091                        0.0.0.0:*                              LISTEN            906/transmission-­‐da tcp 0            0  127.0.0.1:3306                    0.0.0.0:*                              LISTEN            1758/mysqld tcp 0            0  127.0.0.1:6379                    0.0.0.0:*                              LISTEN            1841/redis-­‐server  1 tcp 0            0  0.0.0.0:21                            0.0.0.0:*                              LISTEN            1379/vsftpd tcp 0            0  127.0.0.1:3350                    0.0.0.0:*                              LISTEN            2030/xrdp-­‐sesman tcp 0            0  0.0.0.0:22                            0.0.0.0:*                              LISTEN            1569/sshd tcp 0            0  192.168.1.200:64414          203.177.28.183:15044        SYN_RECV        -­‐ tcp 0            0  192.168.1.200:64414          117.211.86.108:258            SYN_RECV        -­‐ tcp 0            0  192.168.1.200:57429          82.78.229.223:8325            TIME_WAIT      -­‐ tcp 0            1  192.168.1.200:55339          79.112.227.120:6881          SYN_SENT        906/transmission-­‐da tcp 0            1  192.168.1.200:56382          36.230.128.108:8290          SYN_SENT        906/transmission-­‐da tcp 0            0  192.168.1.200:22                36.231.168.75:5091            ESTABLISHED  29422/sshd:  sntc06 tcp 0            0  192.168.1.200:64414          61.58.102.97:55302            ESTABLISHED  906/transmission-­‐da tcp 0            0  127.0.0.1:3306                    127.0.0.1:42814                  ESTABLISHED  1758/mysqld
• • iostat [ ]  [< >[< >]] •  %util   $  iostat -­‐d  -­‐x  1 Device:                  rrqm/s      wrqm/s          r/s          w/s        rkB/s         wkB/s  avgrq-­‐sz avgqu-­‐sz await  r_await w_await svctm %util sda 0.00          0.00        0.00      16.00          0.00       188.00        23.50          0.00        0.00        0.00        0.00      0.00      0.00
• • • • • #  yum  install  munin munin-­‐node #  systemctl enable  munin-­‐node • (  epel   )
• /etc/crontab • /etc/httpd/conf.d/munin.conf */5  *  *  *  *          munin  test  -­‐x  /usr/bin/munin-­‐cron  &&  /usr/bin/munin-­‐cron <Directory  /var/cache/munin/www> Order  allow,deny Allow  from  127.0.0.0/8  140.115.0.0/16  ::1 #  Require  ip 140.115 #if  apache  2.4 Options  None </Directory>
• #  htpasswd -­‐c  /etc/munin/munin-­‐htpasswd < > • /etc/munin/munin.conf [local.example.com] address 127.0.0.1 use_node_name yes
• • $  ls  /etc/munin/plugins • • Q cpu if_err_enp0s3                mysql_innodb_bpool_act mysql_qcache_mem postfix_mailvolume df if_err_enp0s8                mysql_innodb_insert_buf mysql_replication processes df_inode interrupts                      mysql_innodb_io mysql_select_types proc_pri diskstats irqstats mysql_innodb_io_pend mysql_slow swap entropy                          load                                  mysql_innodb_log mysql_sorts threads forks                              memory                              mysql_innodb_rows mysql_table_locks uptime fw_conntrack mysql_bin_relay_log mysql_innodb_semaphores mysql_tmp_tables users fw_forwarded_local mysql_commands mysql_innodb_tnx netstat vmstat fw_packets mysql_connections mysql_myisam_indexes open_files if_enp0s3                      mysql_files_tables mysql_network_traffic open_inodes if_enp0s8                      mysql_innodb_bpool mysql_qcache postfix_mailqueue
• • • • #  munin-­‐node-­‐configure  -­‐-­‐shell   -­‐-­‐snmp <snmp_device>  -­‐-­‐snmpversion <ver>   -­‐-­‐snmpcommunity <comm>
• • •

Recommended

Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全維泰 蔡
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)Fernand Galiana
 
コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜
コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜
コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜Retrieva inc.
 
Rac
RacRac
RacMohsen B
 
Containers for sysadmins
Containers for sysadminsContainers for sysadmins
Containers for sysadminsCarlos de Alfonso Laguna
 
Setting up a HADOOP 2.2 cluster on CentOS 6
Setting up a HADOOP 2.2 cluster on CentOS 6Setting up a HADOOP 2.2 cluster on CentOS 6
Setting up a HADOOP 2.2 cluster on CentOS 6Manish Chopra
 
Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 

Recommended

Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全維泰 蔡
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)Fernand Galiana
 
コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜
コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜
コンテナ仮想、その裏側 〜user namespaceとrootlessコンテナ〜Retrieva inc.
 
Rac
RacRac
RacMohsen B
 
Containers for sysadmins
Containers for sysadminsContainers for sysadmins
Containers for sysadminsCarlos de Alfonso Laguna
 
Setting up a HADOOP 2.2 cluster on CentOS 6
Setting up a HADOOP 2.2 cluster on CentOS 6Setting up a HADOOP 2.2 cluster on CentOS 6
Setting up a HADOOP 2.2 cluster on CentOS 6Manish Chopra
 
Creating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server HardeningCreating "Secure" PHP applications, Part 2, Server Hardening
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
 
What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit Meenu Chopra
 
Opendaylight app development
Opendaylight app developmentOpendaylight app development
Opendaylight app developmentvjanandr
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesterscamsec
 
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochKernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochAnne Nicolas
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclassDoug Chang
 
Analysis of Compromised Linux Server
Analysis of Compromised Linux ServerAnalysis of Compromised Linux Server
Analysis of Compromised Linux Serveranandvaidya
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenLex Yu
 
Linux Commands - 3
Linux Commands - 3Linux Commands - 3
Linux Commands - 3Kanchilug
 
/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会Naoya Nakazawa
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Dan Radez
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
 
Proxy arp
Proxy arpProxy arp
Proxy arpMarian Marinov
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)Hari
 
Hadoop Installation
Hadoop InstallationHadoop Installation
Hadoop Installationmrinalsingh385
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 

More Related Content

What's hot

What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit Meenu Chopra
 
Opendaylight app development
Opendaylight app developmentOpendaylight app development
Opendaylight app developmentvjanandr
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesterscamsec
 
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochKernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochAnne Nicolas
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclassDoug Chang
 
Analysis of Compromised Linux Server
Analysis of Compromised Linux ServerAnalysis of Compromised Linux Server
Analysis of Compromised Linux Serveranandvaidya
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenLex Yu
 
Linux Commands - 3
Linux Commands - 3Linux Commands - 3
Linux Commands - 3Kanchilug
 
/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会Naoya Nakazawa
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Dan Radez
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)Hari
 

What's hot (20)

What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
 
Opendaylight app development
Opendaylight app developmentOpendaylight app development
Opendaylight app development
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesters
 
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner KochKernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
Kernel Recipes 2017 - Modern Key Management with GPG - Werner Koch
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO Havana
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclass
 
Analysis of Compromised Linux Server
Analysis of Compromised Linux ServerAnalysis of Compromised Linux Server
Analysis of Compromised Linux Server
 
Crash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_TizenCrash_Report_Mechanism_In_Tizen
Crash_Report_Mechanism_In_Tizen
 
Linux Commands - 3
Linux Commands - 3Linux Commands - 3
Linux Commands - 3
 
/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devices
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network Devices
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPF
 
Proxy arp
Proxy arpProxy arp
Proxy arp
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby Systems
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
Source Code of Building Linux IPv6 DNS Server (Complete Sourcecode)
 
Hadoop Installation
Hadoop InstallationHadoop Installation
Hadoop Installation
 

Similar to Linux 系統管理與安全:進階系統管理系統防駭與資訊安全

Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Ontico
 
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationTazdrumm3r
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringNETWAYS
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
Fine grained monitoring
Fine grained monitoringFine grained monitoring
Fine grained monitoringIben Rodriguez
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
dokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.pptdokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.pptThorOdinson55
 
LISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceLISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceBrendan Gregg
 
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count(NET404) Making Every Packet Count
(NET404) Making Every Packet CountAmazon Web Services
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
hacking-embedded-devices.pptx
hacking-embedded-devices.pptxhacking-embedded-devices.pptx
hacking-embedded-devices.pptxssuserfcf43f
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part IIIAlkin Tezuysal
 
Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...
Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...
Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...Ontico
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1n|u - The Open Security Community
 

Similar to Linux 系統管理與安全:進階系統管理系統防駭與資訊安全 (20)

Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
Linux networking
Linux networkingLinux networking
Linux networking
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)
 
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentation
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDS
 
Fine grained monitoring
Fine grained monitoringFine grained monitoring
Fine grained monitoring
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
 
dokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.pptdokumen.tips_linux-networking-commands.ppt
dokumen.tips_linux-networking-commands.ppt
 
test
testtest
test
 
LISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceLISA2019 Linux Systems Performance
LISA2019 Linux Systems Performance
 
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count(NET404) Making Every Packet Count
(NET404) Making Every Packet Count
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
C&C Botnet Factory
C&C Botnet FactoryC&C Botnet Factory
C&C Botnet Factory
 
hacking-embedded-devices.pptx
hacking-embedded-devices.pptxhacking-embedded-devices.pptx
hacking-embedded-devices.pptx
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part III
 
Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...
Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...
Как понять, что происходит на сервере? / Александр Крижановский (NatSys Lab.,...
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Linux 系統管理與安全:進階系統管理系統防駭與資訊安全

  • 1.
  • 3.
  • 4. • root:log/  #  ls  -­‐F anaconda/    btmp dmesg httpd/      mariadb/    ppp/                      secure        tuned/ audit/          chrony/    dmesg.old lastlog messages    sa/                        spooler      wtmp boot.log      cron grubby          maillog php-­‐fpm/    sa-­‐update.log    tallylog yum.log
  • 5. • kernel  message  buffer kernel   • kernel   $  dmesg • /var/log/dmesg • •
  • 7. • /var/log/messages • • syslog   Feb  14  00:01:50  localhost  kernel:  smpboot:  CPU0:  Intel(R)  Celeron(R)  CPU                 E3400    @  2.60GHz  (fam:  06,  model:  17,  stepping:  0a) Feb  14  00:01:50  localhost  kernel:  Performance  Events:  unsupported  p6  CPU  model  23  no   PMU  driver,  software  events  only. Feb  14  00:01:50  localhost  kernel:  Brought  up  1  CPUs Feb  14  00:01:50  localhost  kernel:  smpboot:  Total  of  1  processors  activated  (5202.48   BogoMIPS)
  • 8. • /var/log/cron • cron Apr    2  09:01:01  localhost  run-­‐parts(/etc/cron.hourly)[528]:  starting  0yum-­‐hourly.cron Apr    2  09:01:01  localhost  run-­‐parts(/etc/cron.hourly)[544]:  finished  0yum-­‐hourly.cron
  • 9. • /var/log/secure • • Apr    1  16:12:16  localhost  login:  pam_unix(login:session):  session  opened  for   user  root  by  LOGIN(uid=0) Apr    1  16:12:16  localhost  login:  ROOT  LOGIN  ON  tty1 Mar  29  07:43:34  yuki sshd[18247]:  pam_unix(sshd:auth):  authentication   failure;  logname=  uid=0  euid=0            tty=ssh ruser=  rhost=183.136.216.6     user=root Mar  29  07:43:36  yuki sshd[18247]:  Failed  password  for  root  from   183.136.216.6  port  45215  ssh2
  • 11. • daily weekly monthly yearly • anacron • /etc/cron.daily/logrotate
  • 12. • /etc/logrotate.d/httpd /var/log/httpd/*log  { daily #   minsize 1M #   1MB   missingok #   rotate  14 #   14 compress #   gzip delaycompress #   notifempty #   create  640  root  adm #   sharedscripts #   postrotate #   /bin/systemctl reload  httpd.service >  /dev/null  2>/dev/null  ||  true endscript prerotate #   #  do  nothing endscript } $  man  logrotate
  • 13.
  • 14.
  • 15. • • • 192.168.1.10  -­‐>  11000000  10101000  00000001  00001010
  • 17. • • • 192.168.1.100 • 192.168.1.100 -­‐>  11000000 10101000 00000001 01100100 • 255.255.255.224 • 255.255.255.224 -­‐>  11111111 11111111 11111111 11100000 • 11000000 10101000 00000001 01100000 • 192.168.1.96
  • 18. • 255.255.255.224 -­‐>  11111111 11111111 11111111 11100000 • 11100000  -­‐>  3   1  -­‐>  2^3  -­‐>  8   subnet • 256  /  8  =  32 • 32   IP   • 192.168.1.96  ~  192.168.1.127 • 192.168.1.127   broadcast
  • 19. • • class netmask subnet   id   • 255.255.224.0   11111111 11111111 11111111 11100000 27   1 • -­‐>   a.b.c.d/27 • 192.168.1.96/27 • • 140.115.0.0/16   140.115.1.1   ~  140.115.255.255   ( 255.255.0.0) • 192.168.1.0/24   192.168.1.1   ~  192.168.1.255   ( 255.255.255.0) Q 140.115.1.0/32  
  • 20. • • #  netstat –r / route • #  ip route #  netstat -­‐r Kernel  IP  routing  table Destination          Gateway                  Genmask Flags  Metric  Ref        Use  Iface default                  192.168.1.1          0.0.0.0                  UG        0            0                0  eth0 10.8.0.0                10.8.0.2                255.255.255.0      UG        0            0                0  tun0 10.8.0.2                *                              255.255.255.255  UH        0            0                0  tun0 link-­‐local            *                              255.255.0.0          U          1000      0                0  eth0 192.168.1.0          *                              255.255.255.0      U          0            0                0  eth0 10.8.0.0~10.8.0.255   IP tun0   10.8.0.2   gateway 10.8.0.2   IP   192.168.1.0~192.168.1.255   IP eth0   192.168.1.1   gateway
  • 21. • gateway #  route  add  default  gw 192.168.1.1 • IP   #  route  add  -­‐net  192.168.115.0  netmask 255.255.255.0  -­‐dev  eth1 • IP #  ifconfig eth0  192.168.1.1  netmask 255.255.255.0
  • 22. • • • #  arp Address                        HWtype HWaddress Flags  Mask       Iface 192.168.56.1         ether      08:00:27:00:c4:7a      C                     enp0s8 10.0.2.2                 ether      52:54:00:12:35:02      C                       enp0s3
  • 23. • ARP   #  arp -­‐s  192.168.1.1  AA:BB:CC:DD:EE:FF • ARP   # arp -­‐d  192.168.1.1
  • 25. • • enp0s8   #  tcpdump -­‐i enp0s8 • port   ASCII   #  tcpdump -­‐A  -­‐i enp0s8  'port  21' #  tcpdump -­‐A  -­‐i enp0s8  'tcp and  port  21  and  host   192.168.1.1' 22:03:44.870107  IP  localhost.localdomain.54068  >  adl-­‐ 12.csie.ncu.edu.tw.http:  Flags  [P.],  seq 1:17,  ack 1,  win   14600,  length  16 E..8..@.@... ....s5..4.P...x.t6.P.9.....GET  /  HTTP/1.1
  • 27.
  • 29. • #  yum  install  logwatch • #  cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf • /etc/cron.daily/0logwatch  
  • 30. • #  vim  /etc/logwatch/conf/logwatch.conf #   stdout mail   file Output  =  mail #   Html Format  =  text #   email   MailTo =  root MailFrom =  Logwatch #   log   Range  =  yesterday #   log  level Low,  Med,  High Detail  =  Low #   /usr/share/logwatch/default.conf/services   Service  =  All
  • 31. • #  logwatch -­‐-­‐detail  Low  -­‐-­‐output  stdout -­‐-­‐service   all  -­‐-­‐range  today • #  logwatch -­‐-­‐detail  Low  -­‐-­‐output  mail  -­‐-­‐mailto   sntc06@gmail.com  -­‐-­‐service  all  -­‐-­‐range  yesterday
  • 32.
  • 33.
  • 34. • • /etc/cron.d/sysstat #  sar |  head  -­‐n  5 Linux  3.10.0-­‐123.20.1.el7.x86_64  (localhost.localdomain) 00 00 01 CPU          %user          %nice      %system      %iowait %steal          %idle 00 10 01 all            0.02            0.00            0.05            0.01            0.00          99.92 00 20 01 all            0.02            0.00            0.05            0.00            0.00          99.93 #  Run  system  activity  accounting  tool  every  10  minutes */10  *  *  *  *  root  /usr/lib64/sa/sa1  1  1 #  0  *  *  *  *  root  /usr/lib64/sa/sa1  600  6  & #  Generate  a  daily  summary  of  process  accounting  at  23:53 53  23  *  *  *  root  /usr/lib64/sa/sa2  -­‐A
  • 35. • • $  uptime 18:20:06  up  220  days,  19:46,    2  users,    load   average:  0.00,  0.01,  0.05 • • • •
  • 36. • • $  free  -­‐h total              used              free          shared        buffers          cached Mem:                    7.8G              7.6G              193M                42M              111M              3.3G -­‐/+  buffers/cache:              4.2G              3.6G 2.0G                38M              2.0G #  vmstat -­‐S  MB procs -­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐memory-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐ -­‐-­‐-­‐swap-­‐-­‐ -­‐-­‐-­‐-­‐-­‐io-­‐-­‐-­‐-­‐ -­‐system-­‐-­‐ -­‐-­‐-­‐-­‐-­‐-­‐cpu-­‐-­‐-­‐-­‐-­‐ r    b      swpd free      buff    cache      si so        bi        bo in      cs us  sy id  wa st 1    0          38        191        116      3395        0        0          8          6      15        1    2    0  98    0    0
  • 37. • • $  netstat • -­‐n   IP   • -­‐a   socket  ( ) • -­‐p   port   root   • -­‐r  
  • 38. • • LISTEN SYN_RECV SYN_SENT ESTABLISHED FIN_WAIT1… • $  man  netstat #  netstat -­‐nap Active  Internet  connections  (servers  and  established) Proto  Recv-­‐Q  Send-­‐Q  Local  Address                      Foreign  Address                  State              PID/Program  name tcp 0            0  0.0.0.0:9091                        0.0.0.0:*                              LISTEN            906/transmission-­‐da tcp 0            0  127.0.0.1:3306                    0.0.0.0:*                              LISTEN            1758/mysqld tcp 0            0  127.0.0.1:6379                    0.0.0.0:*                              LISTEN            1841/redis-­‐server  1 tcp 0            0  0.0.0.0:21                            0.0.0.0:*                              LISTEN            1379/vsftpd tcp 0            0  127.0.0.1:3350                    0.0.0.0:*                              LISTEN            2030/xrdp-­‐sesman tcp 0            0  0.0.0.0:22                            0.0.0.0:*                              LISTEN            1569/sshd tcp 0            0  192.168.1.200:64414          203.177.28.183:15044        SYN_RECV        -­‐ tcp 0            0  192.168.1.200:64414          117.211.86.108:258            SYN_RECV        -­‐ tcp 0            0  192.168.1.200:57429          82.78.229.223:8325            TIME_WAIT      -­‐ tcp 0            1  192.168.1.200:55339          79.112.227.120:6881          SYN_SENT        906/transmission-­‐da tcp 0            1  192.168.1.200:56382          36.230.128.108:8290          SYN_SENT        906/transmission-­‐da tcp 0            0  192.168.1.200:22                36.231.168.75:5091            ESTABLISHED  29422/sshd:  sntc06 tcp 0            0  192.168.1.200:64414          61.58.102.97:55302            ESTABLISHED  906/transmission-­‐da tcp 0            0  127.0.0.1:3306                    127.0.0.1:42814                  ESTABLISHED  1758/mysqld
  • 39. • • iostat [ ]  [< >[< >]] •  %util   $  iostat -­‐d  -­‐x  1 Device:                  rrqm/s      wrqm/s          r/s          w/s        rkB/s         wkB/s  avgrq-­‐sz avgqu-­‐sz await  r_await w_await svctm %util sda 0.00          0.00        0.00      16.00          0.00       188.00        23.50          0.00        0.00        0.00        0.00      0.00      0.00
  • 40. • • • • • #  yum  install  munin munin-­‐node #  systemctl enable  munin-­‐node • (  epel   )
  • 41. • /etc/crontab • /etc/httpd/conf.d/munin.conf */5  *  *  *  *          munin  test  -­‐x  /usr/bin/munin-­‐cron  &&  /usr/bin/munin-­‐cron <Directory  /var/cache/munin/www> Order  allow,deny Allow  from  127.0.0.0/8  140.115.0.0/16  ::1 #  Require  ip 140.115 #if  apache  2.4 Options  None </Directory>
  • 42. • #  htpasswd -­‐c  /etc/munin/munin-­‐htpasswd < > • /etc/munin/munin.conf [local.example.com] address 127.0.0.1 use_node_name yes
  • 43. • • $  ls  /etc/munin/plugins • • Q cpu if_err_enp0s3                mysql_innodb_bpool_act mysql_qcache_mem postfix_mailvolume df if_err_enp0s8                mysql_innodb_insert_buf mysql_replication processes df_inode interrupts                      mysql_innodb_io mysql_select_types proc_pri diskstats irqstats mysql_innodb_io_pend mysql_slow swap entropy                          load                                  mysql_innodb_log mysql_sorts threads forks                              memory                              mysql_innodb_rows mysql_table_locks uptime fw_conntrack mysql_bin_relay_log mysql_innodb_semaphores mysql_tmp_tables users fw_forwarded_local mysql_commands mysql_innodb_tnx netstat vmstat fw_packets mysql_connections mysql_myisam_indexes open_files if_enp0s3                      mysql_files_tables mysql_network_traffic open_inodes if_enp0s8                      mysql_innodb_bpool mysql_qcache postfix_mailqueue
  • 44. • • • • #  munin-­‐node-­‐configure  -­‐-­‐shell   -­‐-­‐snmp <snmp_device>  -­‐-­‐snmpversion <ver>   -­‐-­‐snmpcommunity <comm>