Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Ngoại lệ thứ hai với các quy định về chỉ có một tên người dùng mỗi UID là khi bạn có nhiều người truy cập vào một tài khoản hệ thống, bao gồm cả tài khoản superuser, và bạn muốn theo dõi các hoạt động của họ thông qua các đường mòn kiểm toán. | Chapter 24 24.2 Discovering an Intruder 24.2.3 Monitoring the Intruder Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com You may wish to monitor the intruder s actions to figure out what he is doing. This will give you an idea if he is modifying your accounting database or simply rummaging around through your users email. There are a variety of means that you can use for monitoring the intruder s actions. The simplest way is to use programs such as ps or lastcomm to see which processes the intruder is using. Depending on your operating system you may be able to monitor the intruder s keystrokes using programs such as ttywatch or snoop. These commands can give you a detailed packet-by-packet account of information sent over a network. They can also give you a detailed view of what an intruder is doing. For example snoop asy8.vineyard.net - next SMTP C port 1974 asy8.vineyard.net - next SMTP C port 1974 MAIL FROM dfddf@vin next - asy8.vineyard.net asy8.vineyard.net - next SMTP SMTP R C port 1974 250 dfddf@vineyard. port 1974 asy8.vineyard.net - next SMTP C port 1974 RCPT TO vdsalaw@ix. next - asy8.vineyard.net asy8.vineyard.net - next SMTP SMTP R C port 1974 250 vdsalaw@ix.netc port 1974 asy8.vineyard.net - next SMTP C port 1974 DATA r n next - asy8.vineyard.net SMTP R port 1974 354 Enter mail end In this case an email message was intercepted as it was sent from asy8.vineyard.net to the computer next. As the above example shows these utilities will give you a detailed view of what people on your system are doing and they have a great potential for abuse. You should be careful with the tools that you install on your system as these tools can be used against you to monitor your monitoring. Also consider using tools such as snoop on another machine not the one that has been compromised . Doing so lessens the chance of being discovered by the intruder. 24.2.4 Tracing a Connection The ps w and who commands all report the terminals to which each user
