{"id":929,"date":"2016-02-02T06:04:53","date_gmt":"2016-02-01T21:04:53","guid":{"rendered":"http:\/\/www.kinryo.net\/?p=929"},"modified":"2019-05-01T15:06:00","modified_gmt":"2019-05-01T06:06:00","slug":"%ef%bc%91%ef%bc%90%ef%bc%9a%e4%be%b5%e5%85%a5%e6%a4%9c%e7%9f%a5%e3%82%b7%e3%82%b9%e3%83%86%e3%83%a0%e3%81%ae%e5%b0%8e%e5%85%a5%ef%bc%88aide%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.kinryo.net\/?p=929","title":{"rendered":"\uff11\uff10\uff1a\u4fb5\u5165\u691c\u77e5\u30b7\u30b9\u30c6\u30e0\u306e\u5c0e\u5165\uff08aide\uff09"},"content":{"rendered":"<p class=\"itemText\">\u53c2\u8003URL\uff1a<a href=\"http:\/\/www.websec-room.com\/2013\/11\/09\/999\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.websec-room.com\/2013\/11\/09\/999<\/a><br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> yum -y install aide<\/span><br \/>\nAIDE \u306e\u52d5\u4f5c\u8a2d\u5b9a\u306f\u3001\/etc\/aide.conf \u3067\u884c\u3044\u307e\u3059\u304c\u3001\u3053\u3053\u3067\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u4e0a\u306e\u7406\u7531\u3067\u516c\u958b\u3057\u307e\u305b\u3093\u3002\u3068\u8a00\u3046\u306e\u3082\u3001\u60aa\u3055\u3092\u3057\u3088\u3046\u3068\u3059\u308b\u8005\u306f\u5fc5\u305aAIDE\u306eDB\u30d5\u30a1\u30a4\u30eb\u3092\u6539\u7ac4\u3057\u3088\u3046\u3068\u3057\u307e\u3059\u306e \u3067\u3001\u3053\u306e\u5834\u6240\u304c\u975e\u5e38\u306b\u5927\u4e8b\u306b\u306a\u308a\u307e\u3059\u3002\u307e\u305f\u4e0b\u8a18\u306b\u793a\u3057\u3066\u3042\u308b\u306e\u306f\u30c6\u30b9\u30c8\u6642\u306e\u5834\u6240\u3067\u3001\u6700\u5f8c\u306b\u30c6\u30b9\u30c8\u304c\u7d42\u4e86\u5f8c\u3001\u3053\u306e\u4f4d\u7f6e\u3067\u306f\u306a\u304f\u5225\u306e\u5834\u6240\u306b\u3057\u3066\u304a\u308a\u307e\u3059\u3002<br \/>\n\/etc\/aide.conf\u306f\u53c2\u8003URL\u3092\u53c2\u7167\u3057\u3001\u8a2d\u5b9a\u3057\u3066\u3044\u3063\u3066\u304f\u3060\u3055\u3044\u3002<br \/>\n\u76e3\u8996\u5bfe\u8c61\u304b\u3089\u5916\u3059\u306b\u306f\u3001\u5148\u982d\u306b ! \u3092\u4ed8\u3051\u307e\u3059\u3002\u53d6\u308a\u6562\u3048\u305a\u8d70\u3089\u305b\u3001\u30e1\u30fc\u30eb\u304c\u7740\u307e\u3059\u306e\u3067\u3001\u3088\u304f\u5909\u66f4\u306b\u306a\u308bdirectory\u3084\u30d5\u30a1\u30a4\u30eb\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u3051\u3070\u3044\u3044\u3068\u601d\u3044\u307e\u3059\u3002<br \/>\nAIDE\u306e\u6301\u3063\u3066\u3044\u308b\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306e\u521d\u671f\u5316<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> aide &#8211;init<\/span><br \/>\n\u3042\u308a\u3083\u308a\u3083\u30a8\u30e9\u30fc\u304c\u51fa\u308b\u305e\u3001<\/p>\n<div class=\"xoopsCode\">\n<pre><code><span style=\"color: #ff6600;\">\/usr\/sbin\/prelink: \/usr\/sbin\/mtr: at least one of file's dependencies has changed since prelinking\r\nError on exit of prelink child process<\/span><\/code><\/pre>\n<\/div>\n<p>\u3053\u308c\u306f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5f8c\u3001\u6642\u9593\u304c\u7d4c\u3061yum \u306e update\u304c\u8d70\u308a\u3001\u30ea\u30f3\u30af\u6e08\u307f\u306e\u30d0\u30a4\u30ca\u30ea\u3068\u65b0\u3057\u3044\u30d0\u30a4\u30ca\u30ea\u3067\u306f\u30cf\u30c3\u30b7\u30e5\u5024\u304c\u5408\u308f\u306a\u3044\u306e\u3067\u3001prelink\u304c\u30a8\u30e9\u30fc\u3092\u51fa\u3057\u3066\u3044\u308b\u898b\u305f\u3044<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> \/etc\/cron.daily\/prelink<\/span><br \/>\n\u3067\u30cf\u30c3\u30b7\u30e5\u5024\u3092\u66f4\u65b0\u3059\u308b\u3002\u518d\u5ea6<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> aide &#8211;init<\/span><br \/>\n\u3053\u308c\u306f\u5168\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30b9\u30ad\u30e3\u30f3\u3057\u3066\u3044\u308b\u306e\u3067\u6642\u9593\u304c\u304b\u304b\u308b<\/p>\n<div class=\"xoopsCode\">\n<pre><code><span style=\"color: #ff6600;\">AIDE, version 0.14\r\n### AIDE database at \/var\/lib\/aide\/aide.db.new.gz initialized.<\/span><\/code><\/pre>\n<\/div>\n<p>\u3068\u8868\u793a\u3055\u308c\u30d5\u30a1\u30a4\u30eb\u304c\u51fa\u6765\u305f\u306e\u3067\u3001\u51fa\u6765\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u767b\u9332<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> cp \/var\/lib\/aide\/aide.db.new.gz \/var\/lib\/aide\/aide.db.gz<\/span><br \/>\n\u6539\u3056\u3093\u306e\u30c1\u30a7\u30c3\u30af\u3092\u3059\u308b\u305f\u3081\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> echo &#8220;TEST&#8221; &gt;&gt; dummy.txt<\/span><br \/>\naide\u3067\u30c1\u30a7\u30c3\u30af\u3092\u5b9f\u884c<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> aide &#8211;check<\/span><\/p>\n<div class=\"xoopsCode\">\n<pre><code><span style=\"color: #ff6600;\">AIDE found differences between database and filesystem!!\r\nStart timestamp: 2014-05-06 10:19:07\r\nSummary:\r\n  Total number of files:\t180686\r\n  Added files:\t\t\t1\r\n  Removed files:\t\t0\r\n  Changed files:\t\t77\r\n---------------------------------------------------\r\nAdded files:\r\n---------------------------------------------------\r\nadded: \/root\/dummy.txt\r\n---------------------------------------------------\r\nChanged files:\r\n---------------------------------------------------\r\nchanged: \/usr\/sbin changed:\r\n\/usr\/bin changed:\r\n\/usr\/lib64 changed:\r\n\u4e2d\u7565 \r\n--------------------------------------------------\r\nDetailed information about changes:\r\n---------------------------------------------------\r\nDirectory: \/usr\/sbin\r\n  Mtime    : 2014-05-06 10:07:48              , 2014-05-06 10:07:57\r\n  Ctime    : 2014-05-06 10:07:48              , 2014-05-06 10:07:57\r\nDirectory: \/usr\/bin\r\n  Mtime    : 2014-05-06 10:07:49              , 2014-05-06 10:09:38\r\n  Ctime    : 2014-05-06 10:07:49              , 2014-05-06 10:09:38<\/span>\r\n\u5f8c\u7565<\/code><\/pre>\n<\/div>\n<p>\u30d5\u30a1\u30a4\u30eb\u304c\u4e00\u3064\u5897\u3048\uff08dummy.txt\u3092\u8db3\u3057\u305f\u304b\u3089\u5f53\u305f\u308a\u524d\uff09\u3001\uff17\uff17\u306edirectory\u306e Mtime \u3068 Ctime \u306b\u5909\u66f4\u304c\u3042\u3063\u305f\u3002<br \/>\n\u79c1\u306f\u672a\u719f\u306a\u306e\u3067\u4f55\u6545directory\u306e\u6642\u9593\u304c\u5909\u66f4\u306b\u306a\u3063\u305f\u304b\u306f\u4e0d\u660e\u3002<br \/>\nMtime\u3068Ctime\u306f<a href=\"http:\/\/x68000.q-e-d.net\/%7E68user\/unix\/pickup?%A5%BF%A5%A4%A5%E0%A5%B9%A5%BF%A5%F3%A5%D7\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/x68000.q-e-d.net\/~68user\/unix\/pickup?%A5%BF%A5%A4%A5%E0%A5%B9%A5%BF%A5%F3%A5%D7<\/a><br \/>\n\u3092\u53c2\u7167\u3001\u3067\u3082\u5f8c\u3067\u8abf\u3079\u3066\u898b\u3088\u3046\u3002<br \/>\n\u30102015-07-07\u8ffd\u8a18\u3011\u3053\u306e\u7406\u7531\u304c\u5206\u304b\u308a\u307e\u3057\u305f\u3002prelinking\u306e\u305b\u3044\u3060\u305d\u3046\u3067\u3059\u3002\u306a\u306e\u3067<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> gedit \/etc\/sysconfig\/prelink<\/span><\/p>\n<div class=\"xoopsCode\">\n<pre><code><span style=\"color: #0000ff;\"># Set this to no to disable prelinking altogether\r\n# (if you change this from yes to no prelink -ua\r\n# will be run next night to undo prelinking)\r\nPRELINKING=no<\/span>\u3000\u2190 \u3053\u3053\u3092no\u306b\u5909\u66f4<\/code><\/pre>\n<\/div>\n<p>\u5b9a\u671f\u5b9f\u884c\u3059\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u4f5c\u6210<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> gedit \/etc\/cron.daily\/aide<\/span><\/p>\n<div class=\"xoopsCode\">\n<pre><code><span style=\"color: #0000ff;\">#!\/bin\/bash\r\nMAILTO=root\r\nLOGFILE=\/var\/log\/aide\/aide.log\r\nAIDEDIR=\/var\/lib\/aide\r\n\/usr\/sbin\/aide  -u &gt; $LOGFILE\r\ncp $AIDEDIR\/aide.db.new.gz $AIDEDIR\/aide.db.gz\r\nx=$(grep \"Looks okay\" $LOGFILE | wc -l)\r\nif [ $x -eq 1 ]; then\r\n  echo \"All Systems Look OK\" | \/bin\/mail -s \"AIDE OK\" $MAILTO\r\nelse\r\n  echo \"$(egrep \"added|changed|removed\" $LOGFILE)\" | \/bin\/mail -s \"AIDE DETECTED CHANGES\" $MAILTO\r\nfi\r\n\/etc\/cron.daily\/prelink\u3000\u21902015-07-07\u8ffd\u8a18\uff1aprelinking \u3092ignore\u3057\u305f\u306e\u3067\u8ffd\u8a18\r\nexit<\/span><\/code><\/pre>\n<\/div>\n<p>\u79c1\u306f root \u3078\u306e\u30e1\u30fc\u30eb\u306f \/etc\/aliases \u306b\u8a2d\u5b9a\u304c\u3042\u308a\u3001\u305d\u3053\u306b\u8a2d\u5b9a\u3057\u305f\u30e1\u30a2\u30c9\u306b\u30e1\u30fc\u30eb\u304c\u6765\u308b<br \/>\n\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u5b9f\u884c\u6a29\u9650\u3092\u3064\u3051\u308b<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> chmod +x \/etc\/cron.daily\/aide<\/span><br \/>\n\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8a66\u3057\u3066\u307f\u308b<br \/>\n<span style=\"color: #008000;\"><span style=\"color: #ff6600;\">#<\/span> \/etc\/cron.daily\/aide<\/span><br \/>\n\u8a2d\u5b9a\u3057\u305f\u30e1\u30a2\u30c9\u306e\u30e1\u30fc\u30eb\u304c\u7740\u3066\u3044\u308b\u304b\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3002<br \/>\n\u3042\u3068\u3001\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u3042\u3063\u305f\u6642\u306f<br \/>\n<span style=\"color: #008000;\"># aide &#8211;init<\/span><br \/>\n\u3067\u30c7\u30fc\u30bf\u30fc\u30d9\u30fc\u30b9\u3092\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3057\u3066\u304a\u304f\u3053\u3068\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u53c2\u8003URL\uff1ahttp:\/\/www.websec-room.com\/2013\/11\/09\/999 # yum -y install aide AIDE \u306e\u52d5\u4f5c\u8a2d\u5b9a\u306f\u3001\/etc\/aide.conf \u3067\u884c\u3044\u307e\u3059\u304c\u3001\u3053\u3053\u3067\u306f\u30bb\u30ad &hellip; <a href=\"https:\/\/www.kinryo.net\/?p=929\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"vkexunit_cta_each_option":"","footnotes":""},"categories":[8],"tags":[],"class_list":["post-929","post","type-post","status-publish","format-standard","hentry","category-server"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=929"}],"version-history":[{"count":4,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/929\/revisions"}],"predecessor-version":[{"id":1461,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/929\/revisions\/1461"}],"wp:attachment":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}