linx/StateGrid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

删除与审计相关的配置文件

Browse Source
This commit is contained in:
Jinnan Wang
2014-03-18 14:09:57 +08:00
parent 319bace7d7
commit b81f1ec1fc
5 changed files with 0 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
install_shell/audit.rules
View File

@@ -1,103 +0,0 @@
##
-D
##
-b 32768
##
-f 1
##
-w /var/log/audit/ -k LOG_audit
-w /etc/audit/ -p wa -k CFG_audit
-w /etc/sysconfig/auditd -p wa -k CFG_auditd.conf
-w /etc/libaudit.conf -p wa -k CFG_libaudit.conf
-w /etc/audisp/ -p wa -k CFG_audisp
##
-w /home/d5000/fujian/bin/ -p wa -k BIN_d5000
-w /home/d5000/fujian/conf/ -p wa -k CFG_d5000
-w /home/d5000/fujian/.cshrc -p wa -k CFG_cshrc
-w /etc/hosts -p wa -k CFG_hosts
-w /etc/services -p wa -k CFG_services
-w /etc/sysctl.conf -p wa -k CFG_sysctl.conf
-w /etc/syslog.conf -p wa -k CFG_syslog.conf
-w /etc/security/limits.conf -p wa -k CFG_limits.conf
##
-a exit,always -F path=/home/d5000/fujian/bin/sca_analog -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_point -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_cal -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_op -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_manage -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_topo -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_handle -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_com -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_mgr -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_gps -S all
-a exit,always -F path=/home/d5000/fujian/bin/rtdb_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/rtdb_modify -S all
-a exit,always -F path=/home/d5000/fujian/bin/case_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/download_daemon -S all
-a exit,always -F path=/home/d5000/fujian/bin/download_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/db_modify_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/sql_sp_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/db_commit -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_nicmonitor -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_procm -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_procm_mon -S all
-a exit,always -F path=/home/d5000/fujian/bin/msg_bus -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_servicemanage -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_trans_alarm -S all
-a exit,always -F path=/home/d5000/fujian/bin/remote_exed -S all
-a exit,always -F path=/home/d5000/fujian/bin/locator -S all
-a exit,always -F path=/home/d5000/fujian/bin/proxy -S all
-a exit,always -F path=/home/d5000/fujian/bin/midmmi -S all
-a exit,always -F path=/home/d5000/fujian/bin/midbrow -S all
-a exit,always -F path=/home/d5000/fujian/bin/middata -S all
-a exit,always -F path=/home/d5000/fujian/bin/evt_sender -S all
-a exit,always -F path=/home/d5000/fujian/bin/evt_recv -S all
-a exit,always -F path=/home/d5000/fujian/bin/hissam -S all
-a exit,always -F path=/home/d5000/fujian/bin/hissec -S all
-a exit,always -F path=/home/d5000/fujian/bin/midhs -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrep -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrec -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_ser -S all
##
#-w /database/ -p wa -k DAT_database
##
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/group -p wa -k CFG_group
-w /etc/shadow -p wa -k CFG_shadow
##
-a entry,always -F arch=b32 -S setxattr -S lsetxattr -S removexattr -S lremovexattr
-a entry,always -F arch=b64 -S setxattr -S lsetxattr -S removexattr -S lremovexattr
##
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
-w /etc/cron.d/ -p wa -k CFG_cron.d
-w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/crontabs/root -k CFG_crontab_root
-w /var/spool/cron/crontabs/d5000 -p wa -k CFG_crontab_root
#trace kill
#-a entry,always -F arch=b32 -F a1>0 -S kill
#-a entry,always -F arch=b64 -F a1>0 -S kill

103
install_shell/audit.rules.d5000
View File

@@ -1,103 +0,0 @@
##
-D
##
-b 32768
##
-f 1
##
-w /var/log/audit/ -k LOG_audit
-w /etc/audit/ -p wa -k CFG_audit
-w /etc/sysconfig/auditd -p wa -k CFG_auditd.conf
-w /etc/libaudit.conf -p wa -k CFG_libaudit.conf
-w /etc/audisp/ -p wa -k CFG_audisp
##
-w /home/d5000/fujian/bin/ -p wa -k BIN_d5000
-w /home/d5000/fujian/conf/ -p wa -k CFG_d5000
-w /home/d5000/fujian/.cshrc -p wa -k CFG_cshrc
-w /etc/hosts -p wa -k CFG_hosts
-w /etc/services -p wa -k CFG_services
-w /etc/sysctl.conf -p wa -k CFG_sysctl.conf
-w /etc/syslog.conf -p wa -k CFG_syslog.conf
-w /etc/security/limits.conf -p wa -k CFG_limits.conf
##
-a exit,always -F path= PATH=/home/d5000/fujian/bin/sca_analog -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_point -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_cal -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_op -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_manage -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_topo -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_handle -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_com -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_mgr -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_gps -S all
-a exit,always -F path=/home/d5000/fujian/bin/rtdb_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/rtdb_modify -S all
-a exit,always -F path=/home/d5000/fujian/bin/case_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/download_daemon -S all
-a exit,always -F path=/home/d5000/fujian/bin/download_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/db_modify_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/sql_sp_server -S all
-a exit,always -F path=/home/d5000/fujian/bin/db_commit -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_nicmonitor -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_procm -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_procm_mon -S all
-a exit,always -F path=/home/d5000/fujian/bin/msg_bus -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_servicemanage -S all
-a exit,always -F path=/home/d5000/fujian/bin/sys_trans_alarm -S all
-a exit,always -F path=/home/d5000/fujian/bin/remote_exed -S all
-a exit,always -F path=/home/d5000/fujian/bin/locator -S all
-a exit,always -F path=/home/d5000/fujian/bin/proxy -S all
-a exit,always -F path=/home/d5000/fujian/bin/midmmi -S all
-a exit,always -F path=/home/d5000/fujian/bin/midbrow -S all
-a exit,always -F path=/home/d5000/fujian/bin/middata -S all
-a exit,always -F path=/home/d5000/fujian/bin/evt_sender -S all
-a exit,always -F path=/home/d5000/fujian/bin/evt_recv -S all
-a exit,always -F path=/home/d5000/fujian/bin/hissam -S all
-a exit,always -F path=/home/d5000/fujian/bin/hissec -S all
-a exit,always -F path=/home/d5000/fujian/bin/midhs -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrep -S all
-a exit,always -F path=/home/d5000/fujian/bin/sca_pdrrec -S all
-a exit,always -F path=/home/d5000/fujian/bin/fes_ser -S all
##
#-w /database/ -p wa -k DAT_database
##
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/group -p wa -k CFG_group
-w /etc/shadow -p wa -k CFG_shadow
##
-a entry,always -F arch=b32 -S setxattr -S lsetxattr -S removexattr -S lremovexattr
-a entry,always -F arch=b64 -S setxattr -S lsetxattr -S removexattr -S lremovexattr
##
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
-w /etc/cron.d/ -p wa -k CFG_cron.d
-w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/crontabs/root -k CFG_crontab_root
-w /var/spool/cron/crontabs/d5000 -p wa -k CFG_crontab_root
#trace kill
#-a entry,always -F arch=b32 -F a1>0 -S kill
#-a entry,always -F arch=b64 -F a1>0 -S kill

31
install_shell/audit_patch.sh
View File

@@ -1,31 +0,0 @@
#!/bin/sh
. ./check_function.sh
AUDIT_CONFIG=/etc/audit/audit.rules
check_config $AUDIT_CONFIG '^-f' 1
if [ $rtn -eq 1 ]; then
sed -i '/-f/s@[0-9]@1@' $AUDIT_CONFIG
elif [ $rtn -eq 2 ]; then
line=$(grep -n ^-b $AUDIT_CONFIG | cut -d: -f1)
num=`expr ${line} + 2`
sed -i "${num}a\-f 1" /etc/audit/audit.rules
fi
DATE=$(date +%Y%m%d)
sed -i.bak_$DATE '/kill/d' $AUDIT_CONFIG
echo "#trace kill">> $AUDIT_CONFIG
echo "#-a entry,always -F arch=b32 -F a1>0 -S kill">> $AUDIT_CONFIG
echo "#-a entry,always -F arch=b64 -F a1>0 -S kill">> $AUDIT_CONFIG
USER_NAME=$1
USER_HOME=$2
#if [ -z $1 ];then
# UNIT_NAME=guodiao
#else
# UNIT_NAME=$1
#fi
# copy new script
cp auditd.conf /etc/audit
cp audit.rules /etc/audit/audit.rules.${USER_NAME}
#sed -i "s#fujian#${UNIT_NAME}#g" /etc/audit/audit.rules.${USER_NAME}
sed -i "s#/home/d5000/fujian#${USER_HOME}#g" /etc/audit/audit.rules.${USER_NAME}

25
install_shell/auditd.conf
View File

@@ -1,25 +0,0 @@
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
log_format = RAW
log_group = root
priority_boost = 4
flush = INCREMENTAL
freq = 20
num_logs = 16
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
##name = mydomain
max_log_file = 300
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = audadmin
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND

4
setup.sh
View File

@@ -25,10 +25,6 @@ echo "====Set ssh...."
./ntpd_cron_patch.sh
echo "====Set ntp client..."
./audit_patch.sh $1 $2 $3
echo "====Set audit.rules ..."
./set_fonts.sh
echo "====add fonts===="