Git Product home page Git Product logo

cornerstone's Introduction

关于我们

Website:https://security.immomo.com

WeChat:

项目介绍

准备

安装并启用syslog服务,做好对应日志级别(根据LOGGER函数中所使用的facility.severity)及权限的配置。

安装

  1. 将momosec_bashrc放在/etc/下,权限修改为644,属组为root
  2. 在/etc/bashrc中加载该文件,如[ -f /etc/momosec_bashrc ] && . /etc/momosec_bashrc

效果

收集到的每条日志格式如下:

[syslog_part]: [ssh_client_ip] [server_name] [server_ip] [login_time] [ssh_pid] [tty] [login_user] [sudo_user] [pwd] [cmd]

  • syslog_part:syslog服务添加的部分,具体内容由syslog配置决定
  • ssh_client_ip:登录者IP,如从服务器A ssh登录到服务器B,则该项表示服务器A的IP
  • server_name:命令执行时所在的服务器主机名
  • server_ip:命令执行时所在的服务器IP
  • login_time:命令执行者的登录时间
  • ssh_pid:命令执行者的ssh进程号
  • tty:命令执行者所处会话的tty
  • login_user:命令执行者的ssh登录身份
  • sudo_user:命令执行者的当前身份
  • pwd:命令执行时所在的目录
  • cmd:执行的命令,具体内容由history的格式决定

example

覆盖功能

功能项 命令记录转发
身份识别 ✔︎
记录非交互式shell命令 ✔︎
实时记录 ✔︎
记录无tty下的命令 ✔︎
记录sh命令 ✔︎
记录脚本文件内执行的命令 ✔︎
记录norc启动的shell命令 ✔︎
是否方便数据的后续处理 ✔︎
是否可以控制命令的执行
非bash shell上执行的命令

cornerstone's People

Contributors

kkilloas avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.