审计功能允许服务器记录用户和管理员执行的敏感操作,以便进行分析并识别系统误用。
Auditing enables the database server to log sensitive operations performed by users and administrators for analysis and identifying system misuses.
审计:系统将记录重要事件,以允许稍后跟踪所发生的事情(例如,捕获攻击者或对攻击者提起诉讼)。
Audit: the system will record important events, to allow later tracking of what happened (for example, to catch or file suit against an attacker).
关于系统上典型的审计日志文件,参见清单1;它还显示了记录的追踪部分。
A typical audit log file on my system is shown in Listing 1; it shows the trail record, as well.
这个 socketcall 系统调用在i386架构上是多元的,因此需要使用-Fa0=2 选项将所生成的审计记录仅仅限制在bind 上。
The socketcall syscall is multiplexed on the i386 architecture, so the -F a0=2 is required to limit the audit records generated to bind only.
审计信息可以存储在每个系统上系统管理员指定的本地文件中,也可以发送到远程系统以便进行集中的日志记录。
The audit information can be stored locally on each system in a file designated by the system administrator, or can be sent to a remote system for centralized logging.
系统管理员可以通过审计系统记录与安全性相关的信息,以后可以分析这些信息,寻找违反和可能违反系统安全策略的地方。
The Auditing subsystem enables the systems administrator to record security-relevant information, which can be analyzed later to detect potential and actual violations of the system's security policy.
即使有些端口现在没有使用,审计子系统可以用来查找已经使用了哪些端口(在审计日志文件记录的时间范围内)。
The audit subsystem can be used to find out which ports have been used (for the duration of the audit log files) even if they are not currently in use.
要想让审计系统输出所有已分析的、作为被监视命令一部分的选项,则需要确保审计系统输出了记录的剩余部分。
To be able to get audit to print any options parsed, as part of the command being monitored, you need to ensure audit prints the trail part of the record.
为了让审计系统了解如何将每个对象作为一条记录输出到审计日志中,需要使用 /etc/security/events文件中的相应条目。
For audit to understand how to print each object as a record to the audit log, it needs a corresponding entry in the /etc/security/events file.
因为我们让审计系统输出记录的剩余部分,现在可以看到传递给pwdadm的命令选项是'alpha- c '。
Because we have informed audit to print the trail part of the record, we can now see that the command options parsed to pwdadm was the 'alpha -c'.
上面的记录代表从IP地址为10.1.1.33的系统发送来的KornShell审计信息。
The example records shown above represent the Korn Shell audit information as sent from a system with an IP address of 10.1.1.33.
拥有了系统的真实的历史记录。给予了更多的好处比如审计和跟踪能力。在某些领域这些都是法律要求要做到的。
Having a true history of the system. Gives further benefits such as audit and traceability. In some fields this is required by law.
网络审计系统广泛应用于园区网络,实现园区网络内的身份认证、访问控制、日志记录以及流量计费等功能。
The network Auditing System usually used to implement the user authentication, access control, log recording and other functions such as flow charge in a large network.
这种审计包括各种各样的对会计记录和内部控制系统的测试,以及其他被认为有必要的审计程序。
This audit includes miscellaneous tests of the accounting records, internal control systems, and other auditing procedures as deemed necessary.
综合现在的研究状况来看,现有的审计系统主要有四个方面需要改进:审计系统对内核的影响、审计的内容、审计的安全、审计记录文件的处理。
According to current research status, auditing system need to be improved in four aspects: the effect to kernel, auditing content, security of audit and the management of auditing record files.
挖掘系统审计记录构造用户的行为轮廓,是异常检测的常见方法。
Mining audit trails to derive the normal user profiles is the common method adapted by anomaly detection.
安全审计系统能够及时地将用户操作以日志的形式记录下来,并且对违规操作进行阻断,日志信息可以为事后取证提供证据。
Security audit system can record the user's actions and block the user's illegal operations in a timely manner. The log information can provide evidence for the computer forensics.
利用审计记录,入侵检测系统能够识别出任何不希望有的活动,从而限制这些活动,以保护系统的安全。
Use of audit records, intrusion detection system can identify any undesirable activities, thereby limiting these activities to protect the security of the system.
电子锁和钥匙通过对系统放行和拒绝的记录,可以做出详细的审计报告。
Both locks and keys record openings and denied entries, providing a detailed audit report.
电子锁和钥匙通过对系统放行和拒绝的记录,可以做出详细的审计报告。
Both locks and keys record openings and denied entries, providing a detailed audit report.
应用推荐