{"id":8417,"date":"2020-07-26T08:28:33","date_gmt":"2020-07-26T00:28:33","guid":{"rendered":"https:\/\/www.linuxcool.com\/?p=8417"},"modified":"2020-07-26T08:28:34","modified_gmt":"2020-07-26T00:28:34","slug":"aulast","status":"publish","type":"post","link":"https:\/\/www.linuxcool.com\/aulast","title":{"rendered":"aulast\u547d\u4ee4 &#8211; \u6253\u5370\u4e0a\u6b21\u767b\u5f55\u7528\u6237\u5217\u8868"},"content":{"rendered":"\n<p>aulast\u662f\u4e00\u4e2a\u7a0b\u5e8f\uff0c\u5b83\u6253\u5370\u51fa\u4e0a\u6b21\u767b\u5f55\u7528\u6237\u5217\u8868\uff0c\u7c7b\u4f3c\u4e8elast\u548clastb\u547d\u4ee4\u3002aulast \u641c\u7d22\u5ba1\u6838\u65e5\u5fd7\u6216\u7ed9\u5b9a\u7684\u5ba1\u6838\u65e5\u5fd7\u6587\u4ef6\uff0c\u5e76\u663e\u793a\u6839\u636e\u5ba1\u6838\u65e5\u5fd7\u4e2d\u7684\u65f6\u95f4\u8303\u56f4\u767b\u5f55\uff08\u548c\u6ce8\u9500\uff09\u7684\u6240\u6709\u7528\u6237\u7684\u5217\u8868\u3002\u53ef\u4ee5\u7ed9\u51fa\u7528\u6237\u548c tty \u7684\u540d\u79f0\uff0c\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0caulast \u5c06\u4ec5\u663e\u793a\u4e0e\u53c2\u6570\u5339\u914d\u7684\u6761\u76ee\u3002ttys \u7684\u540d\u79f0\u53ef\u4ee5\u7f29\u5199\uff0c\u56e0\u6b64 aulast 0 \u4e0e\u6700\u540e tty0 \u76f8\u540c\u3002<\/p>\n\n\n\n<p>\u6bcf\u6b21\u91cd\u65b0\u542f\u52a8\u7cfb\u7edf\u65f6\uff0c\u4f2a\u7528\u6237\u4f1a\u767b\u5f55\u3002\u56e0\u6b64\uff0c\u4e0a\u6b21\u91cd\u65b0\u542f\u52a8\u5c06\u663e\u793a\u81ea\u521b\u5efa\u65e5\u5fd7\u6587\u4ef6\u4ee5\u6765\u6240\u6709\u91cd\u65b0\u542f\u52a8\u7684\u65e5\u5fd7\u3002<\/p>\n\n\n\n<p>\u7528\u6237\u4f1a\u6ce8\u610f\u5230\u7684\u4e3b\u8981\u533a\u522b\u662f\uff0c\u4ece\u6700\u65e7\u5230\u6700\u65b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u6253\u5370\u4e8b\u4ef6\uff0c\u800c\u6700\u540e\u6253\u5370\u4ece\u6700\u65b0\u5230\u6700\u65e7\u7684\u8bb0\u5f55\u3002\u6b64\u5916\uff0c\u6bcf\u6b21\u5206\u914d tty \u6216 pty \u65f6\uff0c\u4e0d\u4f1a\u901a\u77e5\u5ba1\u6838\u7cfb\u7edf\uff0c\u56e0\u6b64\u60a8\u53ef\u80fd\u770b\u4e0d\u5230\u6307\u793a\u7528\u6237\u53ca\u5176 tty \u7684\u8bb0\u5f55\u3002<\/p>\n\n\n\n<p><strong>\u8bed\u6cd5\u683c\u5f0f\uff1a<\/strong>aulast [\u53c2\u6570]<\/p>\n\n\n\n<p><strong>\u5e38\u7528\u53c2\u6570\uff1a<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>--bad<\/td><td>\u62a5\u544a\u9519\u8bef\u767b\u5f55<\/td><\/tr><tr><td>--extract<\/td><td>\u5c06\u7528\u4e8e\u521b\u5efa\u663e\u793a\u62a5\u8868\u7684\u539f\u59cb\u5ba1\u6838\u8bb0\u5f55\u5199\u5165\u5f53\u524d\u5de5\u4f5c\u76ee\u5f55\u4e2d\u7684\u6587\u4ef6aulast.log<\/td><\/tr><tr><td>-f file<\/td><td>\u4f7f\u7528\u6587\u4ef6\u800c\u4e0d\u662f\u5ba1\u6838\u65e5\u5fd7\u8fdb\u884c\u8f93\u5165<\/td><\/tr><tr><td>--proof<\/td><td>\u6253\u5370\u51fa\u7528\u4e8e\u786e\u5b9a\u62a5\u8868\u4e0a\u4e00\u884c\u7684\u5ba1\u6838\u4e8b\u4ef6\u5e8f\u5217\u53f7<\/td><\/tr><tr><td>--stdin<\/td><td>\u4ece stdin \u83b7\u5f97\u5ba1\u8ba1\u8bb0\u5f55<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>\u53c2\u8003\u5b9e\u4f8b<\/strong><\/p>\n\n\n\n<p>\u67e5\u770b\u672c\u6708\u7684\u767b\u9646\u8bb0\u5f55\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@linuxcool ~]# ausearch --start this-month --raw | aulast --stdin<\/pre>\n\n\n\n<p>\u6253\u5370\u51fa\u7528\u4e8e\u786e\u5b9a\u62a5\u8868\u4e0a\u4e00\u884c\u7684\u5ba1\u6838\u4e8b\u4ef6\u5e8f\u5217\u53f7\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@linuxcool ~]# ausearch --start this-month --raw | aulast --proof<\/pre>\n\n\n\n<p>\u76f4\u63a5\u4ece stdin \u83b7\u5f97\u5ba1\u8ba1\u8bb0\u5f55\uff0c\u800c\u4e0d\u662f\u4f7f\u7528ausearch\u8fdb\u884c\u65e5\u5fd7\u641c\u7d22\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@linuxcool ~]# aulast --stdin<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>aulast\u662f\u4e00\u4e2a\u7a0b\u5e8f\uff0c\u5b83\u6253\u5370\u51fa\u4e0a\u6b21\u767b\u5f55\u7528\u6237\u5217\u8868\uff0c\u7c7b\u4f3c\u4e8elast\u548clastb\u547d\u4ee4\u3002aulast \u641c\u7d22\u5ba1\u6838\u65e5\u5fd7\u6216 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/posts\/8417"}],"collection":[{"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/comments?post=8417"}],"version-history":[{"count":2,"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/posts\/8417\/revisions"}],"predecessor-version":[{"id":8431,"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/posts\/8417\/revisions\/8431"}],"wp:attachment":[{"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/media?parent=8417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/categories?post=8417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxcool.com\/wp-json\/wp\/v2\/tags?post=8417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}