Linux
01.系统维护
CPU
内存
drop_cache为什么有些不释放
swap交换分区
磁盘
lvm磁盘扩容
文件夹加密ecryptfs-utils
linux挂载ISCSI磁盘
创建lvm
fstab挂载文件系统
systemd.mount
存储故障
曲线为目录配置限额
lvm缩容
进程
如何找到某一个正在运行的进程?
CRIU进程快照
网络
TCP连接的10种状态
Ubuntu禁用ipv6
close_wait数量过多阻塞网络连接
IP地址与二进制转换
支持ACME的DNS服务器PowerDNS
系统
CentOS版本及对应默认内核版本
修改shell语言
系统启动流程
cgroup
CentOS7升级内核并开启BBR
配置内核参数优化linux
更新grub2默认启动的内核
CentOS-SCLo源
修改键盘映射
Debian12升级时内核编译错误
timesync(ntp)
内核
drop_caches
软件
更新openssl
GUI
Gnome Workspace Names
02.系统安全
Auditd审计服务配置
ssh登陆免公钥验证
恶意脚本处置
2023挖矿脚本m0nad
为ssh服务添加多因子认证
03.基本概念
Out Of Memory
70.QEMU
磁盘格式转换
80.LFS
90.常用脚本
使用except修改操作系统密码
init.d脚本模板
shell脚本判断参数数量
安装oh-my-zsh
systemd脚本模板
端口测试
适用于truenas的ipv6阿里云ddns脚本
更新nginx白名单
将文件改名为md5值
djvu转换为pdf并ocr
99.常用命令
man page中命令后的数字释义
tcpdump
nslookup
nc
rsync
awk
sed
echo
rm
tar
chage
auditctl
ausearch
ab
openssl
parted
find
date
firewall-cmd
sort
vmstat
nice-调整进程的优先级
top
taskset-进程绑定CPU核心
iptables
iostat
sysctl
tr
rpmbuild
转载nginx.spec含说明
安装使用rpmbuild
unpacked files found
grep
vimtutor
tlinux - tos
snmpwalk
chattr
本文档使用 MrDoc 发布
-
+
首页
ausearch
# ausearch 使用ausearch命令可以搜索审计记录,必须以root用户身份执行ausearch命令。 ## 使用帮助 ```shell [root@ansible ~]# ausearch --help usage: ausearch [options] -a,--event <Audit event id> search based on audit event id --arch <CPU> search based on the CPU architecture -c,--comm <Comm name> search based on command line name --checkpoint <checkpoint file> search from last complete event --debug Write malformed events that are skipped to stderr -e,--exit <Exit code or errno> search based on syscall exit code -f,--file <File name> search based on file name --format [raw|default|interpret|csv|text] results format options -ga,--gid-all <all Group id> search based on All group ids -ge,--gid-effective <effective Group id> search based on Effective group id -gi,--gid <Group Id> search based on group id -h,--help help -hn,--host <Host Name> search based on remote host name -i,--interpret Interpret results to be human readable -if,--input <Input File name> use this file instead of current logs --input-logs Use the logs even if stdin is a pipe --just-one Emit just one event -k,--key <key string> search based on key field -l, --line-buffered Flush output on every line -m,--message <Message type> search based on message type -n,--node <Node name> search based on machine's name -o,--object <SE Linux Object context> search based on context of object -p,--pid <Process id> search based on process id -pp,--ppid <Parent Process id> search based on parent process id -r,--raw output is completely unformatted -sc,--syscall <SysCall name> search based on syscall name or number -se,--context <SE Linux context> search based on either subject or object --session <login session id> search based on login session id -su,--subject <SE Linux context> search based on context of the Subject -sv,--success <Success Value> search based on syscall or event success value -te,--end [end date] [end time] ending date & time for search -ts,--start [start date] [start time] starting data & time for search -tm,--terminal <TerMinal> search based on terminal -ua,--uid-all <all User id> search based on All user id's -ue,--uid-effective <effective User id> search based on Effective user id -ui,--uid <User Id> search based on user id -ul,--loginuid <login id> search based on the User's Login id -uu,--uuid <guest UUID> search for events related to the virtual machine with the given UUID. -v,--version version -vm,--vm-name <guest name> search for events related to the virtual machine with the name. -w,--word string matches are whole word -x,--executable <executable name> search based on executable name ``` ## 示例 ### 查看支持的字段 ```shell ausearch -m ``` ### 搜索关键字 事先已用[auditctl](https://blog.ihoiwan.com/project-2/doc-137/ "auditctl")或audit.rules文件定义了key ```shell ausearch -k removefile ``` ### 搜索登陆失败日志 ```shell ausearch --message USER_LOGIN --success no --interpret ``` ### 搜索用户/群组变更记录 ```shell ausearch -m ADD_USER -m DEL_USER -m ADD_GROUP -m USER_CHAUTHTOK -m DEL_GROUP -m CHGRP_ID -m ROLE_ASSIGN -m ROLE_REMOVE -i ```
zhangky
2021年6月9日 16:52
分享文档
收藏文档
上一篇
下一篇
微信扫一扫
复制链接
手机扫一扫进行分享
复制链接
关于 MrDoc
觅思文档MrDoc
是
州的先生
开发并开源的在线文档系统,其适合作为个人和小型团队的云笔记、文档和知识库管理工具。
如果觅思文档给你或你的团队带来了帮助,欢迎对作者进行一些打赏捐助,这将有力支持作者持续投入精力更新和维护觅思文档,感谢你的捐助!
>>>捐助鸣谢列表
微信
支付宝
QQ
PayPal
Markdown文件
分享
链接
类型
密码
更新密码