日志管理与openssh
日志管理
调试级别系统
[root@YL ~]# dmesg |tail -3
[ 10.982033] vmxnet3 0000:0b:00.0 eth1: NIC Link is Up 10000 Mbps
[ 456.837356] ISO 9660 Extensions: Microsoft Joliet Level 3
[ 456.843736] ISO 9660 Extensions: RRIP_1991A
系统标准错误日志信息;非内核产生的引导信息;各子系统产生的信息
[root@YL ~]# cat /var/log/messages |tail -5
Jul 19 13:45:08 YL systemd[1]: man-db-cache-update.service: Succeeded.
Jul 19 13:45:08 YL systemd[1]: Started man-db-cache-update.service.
Jul 19 13:45:08 YL systemd[1]: run-rd0b2ca889a964e6d9677ccc622702a3a.service: Succeeded.
Jul 19 13:49:01 YL systemd[1]: Started Session 4 of user root.
Jul 19 13:49:01 YL systemd[1]: session-4.scope: Succeeded.
与安全相关的日志信息
[root@YL ~]# cat /var/log/secure |tail -3
Jul 19 13:53:32 YL sshd[2271]: Accepted password for root from 192.168.124.1 port 64605 ssh2
Jul 19 13:53:32 YL systemd[2276]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 19 13:53:32 YL sshd[2271]: pam_unix(sshd:session): session opened for user root by (uid=0)
facility可以理解为日志的来源或设备,目前常用的facility有以下几种:
|auth #认证相关的
authpriv #权限、授权相关的
cron #任务计划相关的
daemon #守护进程相关的
kern #内核相关的
lpr #打印机关的
mail #邮件相关的
mark #标记相关的
news #新闻相关的
security #安全相关的,与auth类似
syslog #syslog自己的
user #用户相关的
uucp #unix to unix cp相关的
local0到local7 #用户自定义使用
* # *表示所有的facility
priority(log level)日志的级别,一般有以下几种级别(从低到高),级别越低,信息越详细:
debug #程序或系统的调试信息
info #一般信息
notice #不影响正常功能,需要注意的消息
warning/warn #可能影响系统功能,需要提醒用户的重要事件
err/error #错误信息
crit #紧急,比较严重的
alert #必须马上处理的
emerg/panic #会导致系统不可用的
* # 表示所有的日志级别
none #跟相反,表示啥也没有
action(动作)日志记录的位置:
系统上的绝对路径 #普通文件,如:/var/log/xxx
| COMMAND #管道,通过管道送给其他的命令处理
终端 #终端,如:/dev/console
@HOST #远程主机(远程主机必须要监听在tcp或udp协议514端口上提供服务),如:@10.0.0.1
用户 #系统用户,如:root
* #登录到系统上的所有用户,一般emerg级别的日志是这样定义的
事件产生的日期时间 主机 进程(pid): 事件内容
将授权的所有一般信息,都放入到/root/opt/lt这个目录下
authpriv.info /root/opt/lt
邮箱的一般信息都放入到192.168.124.128这个主机上
mail.info @192.168.124.128
[root@YL ~]# cat /var/log/messages |tail -1
Jul 19 15:07:25 YL rsyslogd[2563]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8 try https://www.rsyslog.com/e/0 ] //七月十九日启动的这个时间 在YL这个主机下 进程为2563 事件内容imjournal: journal files changed,
配置rsyslog服务器:
编辑配置文件(/etc/rsyslog.conf),将下列内容前面的注释去掉,然后重启rsyslog服务即可:
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
Provides TCP syslog reception
for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
[root@YL ~]# systemctl restart rsyslog.service
lastlog命令:显示当前系统每一个用户最近一次的登录时间
[root@YL ~]# lastlog
Username Port From Latest
root pts/0 192.168.124.1 Tue Jul 19 13:53:32 +0800 2022
bin **Never logged in**
daemon **Never logged in**
服务端免密登录
使用ssh-keygen创建公私密钥
[root@YL ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OmsmuAnIvCshMrBpFUzMjqRFYPWdUck8IWLm0eE9Bv4 root@YL
The key's randomart image is:
+---[RSA 3072]----+
|.+Bo =.==oo |
|...== *.*= |
|o.o .o = +. |
|o. o o . |
|.o. SE |
|@. . |
|*= . o |
|..o.. oo |
|.o+. +. |
+----[SHA256]-----+
将公钥复制给远程主机
[root@YL ~]# ssh-copy-id root@192.168.124.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.124.129's password:
Permission denied, please try again.
root@192.168.124.129's password:
Number of key(s) added: 1
进行免密登录
[root@YL network-scripts]# ssh root@192.168.124.129
Last login: Tue Jul 19 18:45:20 2022 from 192.168.124.129
[root@liu ~]#
客户端免密登录
使用ssh-keygen创建公私密钥
[root@liu ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ThGdiS+5IzUyCSLdybVBFhOU+7ixe+7ZeEfC95pcUA8 root@liu
The key's randomart image is:
+---[RSA 3072]----+
| . o =X+.o o |
|. o =..+..+ |
| . . ..o.o E |
| = =.. . o |
| *S= . .|
| +o+ o o. |
| =.. + .. |
| o .+...o. |
| .==...+. |
+----[SHA256]-----+
将公钥复制到远程主机上
[root@liu ~]# ssh-copy-id root@192.168.124.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.124.12's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.124.12'"
and check to make sure that only the key(s) you wanted were added.
进行免密登录
[root@liu ~]# ssh root@192.168.124.12
Last login: Tue Jul 19 18:48:46 2022 from 192.168.124.128
[root@YL ~]#
远程传输文件
使用 ssh 命令无命令登录远程主机
将1这个文件传输到另外一个主机,然后删掉他,通过ssh将他从另外一个主机下载回来
[root@YL ~]# scp 1 root@192.168.124.12:/opt
root@192.168.124.12's password:
1 100% 0 0.0KB/s 00:00
[root@YL ~]# ls
1 anaconda-ks.cfg passwd
[root@YL ~]# rm -rf 1
[root@YL ~]# scp root@192.168.124.12:/opt/1 .
root@192.168.124.12's password:
Permission denied, please try again.
root@192.168.124.12's password:
1 100% 0 0.0KB/s 00:00
[root@YL ~]# ls
1 anaconda-ks.cfg passwd