Research And Implementation Of User Privilege&Log Audit System Based On Linux Cluster Operating Platform

Along with Internet development, the size of Internet Company s Linux Cluster isgrowing rapidly. The traditional server operation and management methods can t catch upwith the rapid growth. Most of the Chinese Internet Companies choose to use OperationPlatform to manage Linux Clusters. Each company shares the idea of Operation Platformdevelopment, but the realization of Operation Platform differs. Linux Clusert OperationPlatform meets various challenge, including how to catch up with the PV quick changes ofInternet Application, how to deal with the complex replationship among InternetApplication backends, how to support R&D team s request of quick deployment and coderelease/rollback. Also, Linux Clusert Operation Platform should be stable and secure asalways.This paper described how to design security related modules of Linux ClusertOperation Platform(user privilege and log audit system).This paper described the process ofbuild user privilege authorization service based on Kerberos and LDAP technoledge, andpointed out the usage of Rsyslogd tool to collect authorization log to make sure the securityof user privilege system. This paper also described the design idea of log audit system basedon Fluentd/Mongodb technoledge along with the detail steps, with the introduction of logaudit system s practice in production envrinoment.Firstly, this paper destribed the current research status of authorization mechanism,security log audit and real time log-analyse process for Big Data. Based on the research, thispaper described how to realize authorization mechanism based on Kerberos and LDAPtechnoledge, how to collect authorization log using Rsyslogd. This paper researched themain street massive log analyse tool, including Splunk, Scribe Hive, then pointed out theadvantage and disadvantage of these open source products. Also described how to design log collection tools based on Fluentd, parsing log and store structured log to MongoDB,solve the real time log-analyse problem based on MongoDB s flexibility and high queryperformance. Based on the security log monitor tool, system can generate realtime alarm forpossible hacking activit from MongoDB data.After that, this paper described how to install and config LDAP server and Kerberosserver, and use LVS/Keepalived to ensure the High-Availability of the authorization service.This paper described the way of building Load balance servers, discussed the requirementbased on the hands-on Operation Engineer s needs of Linux Cluster Operation Platform.Operation Engineer needs to use Operation Platform to check the health state of variousdomains, the trends of response time, need to be awared of any possible hacking activitybased on the log audit system. Also described how to config Fluentd plugin, how to designmongodb document schema, and the design and realization of log-analyse programs.After the implementation, this paper described how to verify the result by deploying itin the production system. The LDAP/Kerberos server s performance appeared good in thestress test. Log audit system showed good stability during the stress test.