¤· ¿ø°Ý ¼ºñ½º ¸ð´ÏÅ͸µ
port º° : http, ssh, telnet, ftp, dns, smtp/imap/imaps/pop3/pops/mysql/oracle, Å͹̳μ¹ö, ÆÄÀϼ¹ö µî ( Á¢¼Ó½Ã°£. Warning, critical)
¤· ·ÎÄà ÀÚ¿ø ¸ð´ÏÅ͸µ
- µð½ºÅ© : °¢ ÆÄƼ¼Çº° »ç¿ëºñÀ²
- CPU : user / system / idle / ÀÔÃâ·Â ´ë±â ÇÁ·Î¼¼½º (vmstat,ps ¿¡¼ w)
- Mem : (used-buffer-cache)/total ºñÀ²
- Swap : swapin/swapout
- ³×Æ®¿öÅ© : inbound/outbond Æ®·¡ÇÈ (tcpÄ¿³Ø¼Ç, udp Ä¿³Ø¼Ç)
- I/O : µð¹ÙÀ̽ºº° io (tps, read, write)
- load average: 1,5,15ºÐ
- ±âŸ : ÇöÀç ·Î±×ÀÎÇÑ »ç¿ëÀÚ, total process,
- ÇÁ·Î¼¼½º : ƯÁ¤ ÇÁ·Î¼¼½º °³¼ö, ¼¼¼Ë °³¼ö(httpd ÇÁ·Î¼¼½º¼ýÀÚ¿Í netstat ÀÇ °³¼ö)
¤· ÇÁ·Î±×·¥ ¸ð´ÏÅ͸µ
- mysql : µ¥¸ó üũ, ·Î±×ÀÎÁ¡Á¡, ij½¬È÷Æ®À²(Key_reads/Key_read_request), Select_full_join, Table_locks_waited , max connection, slow query, ÃÊ´ç query ¼ö, ÀÓ½ÃÅ×À̺í¼ö, data µð·ºÅ丮 ¿ë·®
- oracle : ´ë¸óüũ, ·Î±×ÀÎÁ¡°Ë, cache Á¡°Ë, tablespace ¿ë·® Á¡°Ë
- DNS : ÃÊ´ç Äõ¸®. denied zone transfer
- Mail(sendmail,qmail) : mailq °³¼ö, ¸ÞÀÏÀü¼ÛȽ¼ö, ¸ÞÀÏÆ®·¡ÇÈ. rejected mail host
- ÇÁ·Î±×·¥º° ·Î±× : °¢ ÇÁ·Î±×·¥º° Àç½ÃÀ۽ð£(mysql error.log, apache error.log µî)
- °¡»ó¼¹öº° Æ®·¡ÇÈ, page view, hit
- ftp : Æ®·¡ÇÈ, hit
¤· ·Î±×¸Þ½ÃÁö
- /var/log/message ¿¡¼ kernel ·Î±×
- login ½ÇÆРüũ (lastb µî) : ip,host, ´ë¸óº°. wtmp, btmp (last, lastb)
- reboot Á¡°Ë (last)
- tcp wrapper, message ·Î±×(login failure , refused connectionµî)
- ·Î±×¸Þ½ÃÁö/º¸¾Èüũ´Â cron ÀÌ¿ë ÁÖ±âÁ¡°Ë
- network interface »óȲ
- mailq
- rejected mail hosts
- denied zone transfer (¿©±â±îÁö daily run output)
¤· º¸¾Èüũ
- tripwire ·Î ÆÄÀϹ«°á¼º Á¡°Ë (Á¦¿ÜÇÒ µð·ºÅ丮 ¼³Á¤)
- rpm –V ¸¦ ÀÌ¿ëÇÏ¿© º¯°æµÈ ÆÐÅ°Áö Á¡°ËÇÔ
- rpm –qa µî ÀÌ¿ëÇÏ¿© ÆÐÅ°Áö º¯È ÃßÀû
- °èÁ¤¿¡ º¯ÈµÈ ³»¿ë Á¡°Ë (/etc/passwd, /etc/shadow, /etc/group)
- port scanning Á¡°Ë
- chkrootkit ÀÌ¿ëÇÏ¿© rootkit Á¡°Ë
- setuid/setgid, uid°¡ 0ÀÎ »ç¿ëÀÚ, Æнº¿öµå ¾ø´Â »ç¿ëÀÚ,
- ½º´ÏÇÎ Á¡°Ë
- /etc/aliases º¯ÈµÈ ³»¿ë º¸¿©ÁÖ±â
- mailq
¤· ±âŸ
- °¢ isp º°·Î ping ¼Óµµ üũÇϱâ
- ½Ã½ºÅÛ ·Î±× ¸ð´ÏÅ͸µ : .history µîµî
|
|
