鲲鹏社区首页
中文
注册
开发者
支持
我要评分
文档获取效率
文档正确性
内容完整性
文档易理解
提交
在线提单
论坛求助

权限检查

  • 在卸载节点检查haf_daemon服务所属的用户是否为haf,检查haf_executor的用户属主是否是haf_user。

    检查haf_daemon。

    [root@ceph2 software]# ps -ef | grep haf_daemon| grep -v grep
haf      3382525       1 87 Nov19 ?        22:04:28 /opt/haf-target/bin/haf_daemon

    检查haf_executor。

    [root@ceph2 software]# ps -ef | grep haf_executor| grep -v grep
root      144570  144562  0 Nov19 ?        00:00:00 su -s /bin/bash - haf_user -c /opt/haf-target/bin/haf_executor 144885119
haf_user  144571  144570 99 Nov19 ?        28-07:58:34 /opt/haf-target/bin/haf_executor 144885119
  • 检查卸载节点的文件和文件夹是否为haf和haf_user用户权限。
    [root@ceph2 software]# ll /opt/haf-target
total 28K
dr-xr-x--- 2 haf haf 4.0K Nov 16 06:59 bin
drwx------ 2 haf haf 4.0K Nov 16 09:12 etc
-rw------- 1 haf haf   93 Nov 16 09:12 haf.conf
-rw------- 1 haf haf  396 Nov 16 09:12 haf_target_install.conf
dr-xr-x--- 5 haf haf 4.0K Nov 19 10:49 lib
drwxrwx--- 8 haf haf 4.0K Nov 19 11:04 run
dr-x------ 3 haf haf 4.0K Nov 16 09:12 tools
[root@ceph1 ~]# ll /opt/haf-target/run/
total 16K
drwx------ 5 haf      haf 4.0K Nov 20 09:34 daemon
drwxrwx--- 3 haf_user haf 4.0K Nov 20 09:39 haf_user
drwxrwx--- 3 haf      haf 4.0K Nov 20 09:33 IPCSocket
drwxr-x--- 2 haf      haf 4.0K Nov 20 09:34 share

    ll /opt/haf-target/run/haf_user/

    该目录下的文件的属主为haf_user,用户组组名为haf。

    [root@ceph2 ~]# ll /opt/haf-install/haf-target/run/haf_user/
total 172K
lrwxrwxrwx 1 haf_user haf   96 Nov 20 09:39 0189a49eebdf7cde92f36e77c9addbcec9b94f3fe0cdec561cbb1752b0b39f2c -> /opt/haf-install/haf-target/run/haf_user/omnidata/lib/boostkit-omnidata-server-1.1.0-aarch64.jar
lrwxrwxrwx 1 haf_user haf   52 Nov 20 09:39 4f29003d6badf930857a3781099906e83f570d3d2fd7a9b2c45d2af76188b8f0 -> /opt/haf-install/haf-target/lib/libhostJNI_device.so
lrwxrwxrwx 1 haf_user haf   45 Nov 20 09:34 ca.crt -> /opt/haf-install/haf-target/run/share//ca.crt
-rw-rw---- 1 haf_user haf  16K Nov 20 09:39 executor.conf
-r-xr-x--- 1 haf_user haf 115K Nov 20 09:33 haf-jni-call.jar
-rw-r----- 1 haf_user haf  234 Nov 20 09:33 LogAuditCfg.json
-rw-r----- 1 haf_user haf  236 Nov 20 09:33 LogServiceCfg.json
drwxr-x--- 6 haf_user haf 4.0K Nov 20 09:39 omnidata
-rw-rw---- 1 haf_user haf 5.7K Nov 20 09:34 service.crt
-rw-rw---- 1 haf_user haf 2.5K Nov 20 09:33 service.key
-rw-rw---- 1 haf_user haf  512 Nov 20 09:33 service.ksfa
-rw-rw---- 1 haf_user haf  512 Nov 20 09:33 service.ksfb
-rw-rw---- 1 haf_user haf  112 Nov 20 09:33 service.password
父主题: 安全加固指南