下载

0下载券

加入VIP
  • 专属下载券
  • 上传内容扩展
  • 资料优先审核
  • 免费资料无限下载

上传资料

关闭

关闭

关闭

封号提示

内容

首页 终端服务的日志监控(Log monitoring of terminal services)

终端服务的日志监控(Log monitoring of terminal services).doc

终端服务的日志监控(Log monitoring of ter…

张Megan
2018-10-01 0人阅读 举报 0 0 0 暂无简介

简介:本文档为《终端服务的日志监控(Log monitoring of terminal services)doc》,可适用于社会民生领域

终端服务的日志监控(Logmonitoringofterminalservices)终端服务的日志监控(Logmonitoringofterminalservices)LogmonitoringofterminalservicesThebrandwillseparateterminalservices(TerminalService)ofthelogmonitoringoutthereisareasonthatcomeswithMicrosoftWinserverversionoftheterminalservicesTerminalServiceisbasedonaremotedesktopprotocol(RDP)tool,it'sveryfastandverystable,canbecomeagoodremotemanagementsoftware,butbecauseofthepowerfulsoftwareandonlybypasswordprotection,soitisverydangerous,oncetheintrudershaveadministratorpassword,youcanoperatethemachineaswellastheremoteserverAlthoughmanypeopleareusingterminalservicesforremotemanagement,butnoteveryoneknowshowtoauditterminalservicesMostterminalserversdonotopenlogsforterminalloggingInfact,itiseasytoopenthelogaudit,opentheremotecontrolintheserviceconfigurationmanagementtools(TerminalServiceConfigration),click"connect",rightclickyouwanttoconfiguretheRDPservice(suchasRDPTCPMicrosoftRDP),selectedbookmarkpermissions,clickonthelowerleftcornerofthe"advanced",seethe"audit"itWejoinaEveryonegroup,whichrepresentsallusers,andthenauditsits"connection","disconnect","logout"success,and"login"successandfailureissufficientToomanyauditsarebadTheauditisrecordedinthesecuritylogandcanbeviewedfromtheadministrationtool>logviewerNowwhatIwasloggedcrystalclear,butisthatthepoorthinginwantofperfectiondidn'trecordtheclientIP(onlineuserscanonlyviewtheIP),butwhatthenameofthemachinetorecordtheflashywithoutsubstance,but!IfsomeonehasaPIGmachinenameyouwouldhavetobehismocking,Microsoftdoesnotknowhowtothink,itisnotentirelydependentonMicrosoftah,let'sdowriteaprogram,youcanfixeverything,CNoWhataboutVBNotatallDelphiWhatYoudon'thaveanyprogramminglanguageWell,afterall,thesystemadministratorisnotaprogrammerDon'tworry,don'tworryI'lldosomethingforyouLet'screateabatfilecalledTSLogbatThisfileisusedtorecordtheloginIP,t>>TSLoglognetstatasfollows:timenpTCPfind>>TSLoglogstartExplorer":"Iwillexplainthemeaningofthisfile:thefirstlineistorecorduserlogintime,timetisreturneddirectlytothesystemtime(ifwithoutt,thesystemwillwaitforyoutoenteranewtime),thenweuseadditionalsymbols""thistimecreditedTSLoglogastimefieldlogsecondistorecordtheuser'sIPaddress,netstatisusedtodisplaythecurrentstatusofthenetworkconnectioncommand,ndisplayIPandportinsteadofthedomainname,ptcpprotocol,TCPprotocolisdisplayonly,thenweusethesymbol"and"thepipelinecommandoutputtheresulttothefindcommand,theoutputfromthesearchresultsinclude"cardiac"line(thisiswhatwearegoingtothecustomer'sIPline,ifyouchangetheterminalserviceport,thisvalueshouldmakethecorrespondingchange)Finally,wealsoredirecttheresulttothelogfileTSLoglog,sointheTSLoglogfile,therecordformatisasfollows:Thebrand:TCP::ESTABLISHED:TCP:APThebrandof:ESTABLISHEDistosayaslongastheTSLogbatfiletorun,eveninalloftheportIPwillberecorded,sohowtomakethisbatchfiletorunautomaticallyWeknowthattheterminalservicesallowustocustomstartprogramintheterminalservicesconfiguration,wecovertheuser'sloginscriptsettingsandspecifytheTSLogbatuserlogintoopenthescript,Soeachuserloginmustexecutethescript,becausethedefaultscript(equivalenttoshell)isExplorer(explorer),soIwasinthelastrowoftheTSLogbatandtheExplorerstartExplorercommandtostartIfyoudonotaddthislinecommand,theuserisunabletoaccessthedesktop!Ofcourse,ifyoujustneedtogiveauserspecificshell,suchascmdexeorwordexe,youcanalsoreplacestartExplorerwithanyshellThisscriptcanalsohaveotherway,asasystemadministrator,youcanuseyourimaginationfree,freeuseoftheirownresources,forexample,writeascripttosendeachIPuserlogintoyourmailbox,isalsoagoodwayfortheserverUndernormalcircumstances,thegeneraluserterminalserviceswithoutpermissionsettings,sohewillnotknowthatyouareontheIPauditlog,aslongastheTSLogbatfileandtheTSLoglogfileisenoughinahiddenfolderHowever,itshouldbenotedthatthisisonlyasimpleterminalserviceloggingstrategy,andtherearenotmanysecuritymeasuresandprivilegemechanismsIftheserverhashighersecurityrequirements,itstillneedstobedonebyprogrammingorbuyingintrusionmonitoringsoftware

用户评价(0)

关闭

新课改视野下建构高中语文教学实验成果报告(32KB)

抱歉,积分不足下载失败,请稍后再试!

提示

试读已结束,如需要继续阅读或者下载,敬请购买!

评分:

/4

VIP

在线
客服

免费
邮箱

爱问共享资料服务号

扫描关注领取更多福利