Intrusion detection
For further improvement of your security you should store a checksum (a fingerprint) for all files. At regular intervals, but in any case before a backup, you examine the checksums of your files. If the checksums do not agree, the file was changed or deleted.
In order to compute and store the checksums, you open a shell and enter the following commands:
md5sum /usr/bin/md5sum
Create a checksum of the program md5sum. Write down the checksum.
mount /dev/hda4 /mnt/hda4
Mount the harddrive with your files.
find /mnt/hda4 -type f -exec ls -ail {} \; \-exec md5sum {} \; > /root/check1.dat
Create the file check1.dat with the checksums of all files.
md5sum /root/check1.dat
Create a checksum of the file. Write down the checksum.
If you want to check, which files have been changed enter these commands:
md5sum /usr/bin/md5sum
Create a checksum of the program md5sum. Compare the checksum with the checksum of step (1).
md5sum /root/check1.dat
Create a checksum of the file /root/check1.dat. Compare the checksum with the checksum of step (3).
mount /dev/hda4 /mnt/hda4
Mount the harddrive with your files.
find /mnt/hda4 -type f -exec ls -ail {} \; \-exec md5sum {} \; > /root/check2.dat
Create the file check2.dat with the actual checksums of the files.
diff /root/check1.dat /root/check2.dat > /root/diff.txt
Compare the two files check1.dat and check2.dat. The differences are written to the file diff.txt.
Open the file /root/diff.txt and check, if you know about the changed files. If not think why these files have been changed.
Delete the file /root/check1.dat
Rename the file /root/check2.dat as /root/check1.dat.
md5sum /root/check1.dat
Create a checksum of the new check1.dat-file. Write down the checksum.
For further improvement of your security you should store a checksum (a fingerprint) for all files. At regular intervals, but in any case before a backup, you examine the checksums of your files. If the checksums do not agree, the file was changed or deleted.
In order to compute and store the checksums, you open a shell and enter the following commands:
md5sum /usr/bin/md5sum
Create a checksum of the program md5sum. Write down the checksum.
mount /dev/hda4 /mnt/hda4
Mount the harddrive with your files.
find /mnt/hda4 -type f -exec ls -ail {} \; \-exec md5sum {} \; > /root/check1.dat
Create the file check1.dat with the checksums of all files.
md5sum /root/check1.dat
Create a checksum of the file. Write down the checksum.
If you want to check, which files have been changed enter these commands:
md5sum /usr/bin/md5sum
Create a checksum of the program md5sum. Compare the checksum with the checksum of step (1).
md5sum /root/check1.dat
Create a checksum of the file /root/check1.dat. Compare the checksum with the checksum of step (3).
mount /dev/hda4 /mnt/hda4
Mount the harddrive with your files.
find /mnt/hda4 -type f -exec ls -ail {} \; \-exec md5sum {} \; > /root/check2.dat
Create the file check2.dat with the actual checksums of the files.
diff /root/check1.dat /root/check2.dat > /root/diff.txt
Compare the two files check1.dat and check2.dat. The differences are written to the file diff.txt.
Open the file /root/diff.txt and check, if you know about the changed files. If not think why these files have been changed.
Delete the file /root/check1.dat
Rename the file /root/check2.dat as /root/check1.dat.
md5sum /root/check1.dat
Create a checksum of the new check1.dat-file. Write down the checksum.
- 适合打印的版本
- 9464 次点击
入侵检测(Intrusion detection)
如果要加固你的安全堡垒,你最好为你所有的文档创建个checksum文件(就是文档指纹)。在你定期的备份操作之前,一定要先核对下所有文件的checksum,如果不符的话,那说明文件有被改动或者删除了。
要为checksum这个程序自身计算个checksum指纹,请在终端中输入命令:
如何运用checksum保障系统安全
这里以/dev/hda4分区为例,下面是第一遍操作:
(1)挂载分区,输入命令:(2)为挂载的分区上的文档创建指纹,结果保存在/root/check1.dat,输入命令:
find /mnt/hda4 -type f -exec ls -ail {} \; \-exec md5sum {} \; > /root/check1.dat(3)为这个新创建的指纹文件check1.dat创建指纹,输入命令:下面是第二遍操作
(4)挂载分区(5)创建指纹,并把结果保存到/root/check2.dat
find /mnt/hda4 -type f -exec ls -ail {} \; \-exec md5sum {} \; > /root/check2.dat(6)对比第二步和第五步结果,并保存结果到/root/diff.txt
如果你觉得文档有可能被改变了,打开/root/diff.txt并检查下,如果之前没想到会有改变,想想为什么会改变。
如果一切都OK没问题,接下来你应该删除第一遍的指纹:
然后重命名check2.dat
最后再为新check1.dat创建指纹:
感觉有点晕了,其实就是创建指纹,然后比对下指纹。
发表新评论