Agụ - Ngwá Ọrụ Nyochaa Nchekwa Unix na Intrusion


Agụ bụ mkpokọta n'efu, nke mepere emepe nke shei scripts maka nyocha nchekwa na nchọpụta nnabata nnabata, maka sistemụ Unix dị ka Linux. Ọ bụ ihe nleba anya nchekwa nke edere kpamkpam n'asụsụ shei ma na-eji ngwaọrụ POSIX dị iche iche na azụ azụ. Nzube ya bụ isi bụ ịlele nhazi usoro na ọnọdụ.

Ọ dị nnọọ mfe karịa ngwaọrụ nchekwa ndị ọzọ, ma nwee faịlụ nhazi dị mma. Ọ na-enyocha faịlụ nhazi usoro, sistemụ faịlụ, na faịlụ nhazi onye ọrụ maka nsogbu nchekwa enwere ike ma na-akọ ha.

N'isiokwu a, anyị ga-egosi otu esi etinye ma jiri Tiger nche checker nwere ihe atụ bụ isi na Linux.

Otu esi etinye ihe nchekwa Tiger na Linux

Na Debian na usoro ya dị ka Ubuntu na Linux Mint, ị nwere ike ịwụnye ngwa nchekwa Tiger ngwa ngwa site na ebe nchekwa ndabara site na iji nri ngwugwu dị ka egosiri.

$ sudo apt install tiger 

Na nkesa Linux ndị ọzọ, ị nwere ike sudo iwu iji nweta ohere mgbọrọgwụ.

$ wget  -c  http://download.savannah.gnu.org/releases/tiger/tiger-3.2rc3.tar.gz
$ tar -xzf tiger-3.2rc3.tar.gz
$ cd tiger-3.2/
$ sudo ./tiger

Site na ndabara, agbanyere nlele niile, na faịlụ tigerrc ma ị nwere ike dezie ya site na iji editọ CLI nke masịrị gị iji mee ka naanị ndenye ego masịrị gị:

Mgbe nyochachara nchekwa ahụ zuru, a ga-ewepụta akụkọ nchekwa na ndekọ ndekọ ndekọ aha, ị ga-ahụ ozi yiri nke a (ebe tecment bụ aha nnabata):

Security report is in `log//security.report.tecmint.181229-11:12'.

Ị nwere ike ịlele ọdịnaya nke faịlụ mkpesa nche site na iji iwu pusi.

$ sudo cat log/security.report.tecmint.181229-11\:12

Ọ bụrụ na ị chọrọ naanị ozi ndị ọzọ na otu ozi nchekwa, mee iwu tigexp (TIGer EXPlain) wee nye msgid ka ọ bụrụ arụmụka, ebe \msgid bụ ederede dị n'ime [] metụtara ozi ọ bụla.

Dịka ọmụmaatụ, iji nweta ozi ndị ọzọ gbasara ozi ndị a, ebe [ac001w] na [path009w] bụ msgids:

--WARN-- [acc015w] Login ID nobody has a duplicate home directory (/nonexistent) with another user.  
--WARN-- [path009w] /etc/profile does not export an initial setting for PATH.

Naanị mee iwu ndị a:

$ sudo ./tigexp acc015w
$ sudo ./tigexp path009w

Ọ bụrụ na ịchọrọ itinye nkọwa (ozi ndị ọzọ gbasara otu ozi agụ mepụtara) na akụkọ ahụ, ị nwere ike were ọkọlọtọ -E gbaa agụ.

$ sudo ./tiger -E 

Ma ọ bụ ọ bụrụ na i meela ya, wee jiri tigexp iwu na ọkọlọtọ -F kọwaa faịlụ akụkọ, dịka ọmụmaatụ:

$ sudo ./tigexp -F log/security.report.tecmint.181229-11\:12

Iji wepụta faịlụ nkọwa dị iche site na faịlụ mkpesa, mee iwu a (ebe -f na-eji ezipụta faịlụ akụkọ):

$ sudo ./tigexp -f log/security.report.tecmint.181229-11\:12

Dị ka ị na-ahụ, ịwụnye tiger adịghị mkpa. Agbanyeghị, ọ bụrụ na ịchọrọ ịwụnye ya na sistemụ gị maka ebumnuche dị mma, gbaa iwu ndị a (jiri ./configure – -help iji lelee nhọrọ nhazi nhazi):

$ ./configure
$ sudo make install

Maka ozi ndị ọzọ, hụ ibe nwoke n'okpuru ./man/ sub-directory, wee jiri iwu pusi ka ịlele ha. Mana ọ bụrụ na ị tinyela ngwugwu ahụ, gbaa ọsọ:

$ man tiger 
$ man tigerexp

Ibe oru ngo Tiger: https://www.nongnu.org/tiger/

Agụ bụ usoro edemede nke na-enyocha usoro Unix dị ka nke na-achọ nsogbu nchekwa - ọ bụ onye na-enyocha nchekwa. N'isiokwu a, anyị egosila otu esi etinye na iji Tiger na Linux. Jiri mpempe nzaghachi jụọ ajụjụ ma ọ bụ kesaa echiche gị gbasara ngwá ọrụ a.