Linux如何获取USB设备的使用记录
[英]How to get the usage record of USB device on Linux
问题描述
I want to write a linux inspection tool to check the usb device usage records on a certain machine.
我想写一个linux检查工具来检查某台机器上的usb设备使用记录。 Parsing the dmesg method can obtain the usb usage record from the system startup to the present, and does not use dmesg -c to clear the dmesg information.解析dmesg方法可以获取系统启动到现在的usb使用记录,不使用dmesg -c清除dmesg信息。 So the point of the question is whether there is a place on the Linux system that records all USB usage records in the system, just like the Windows system writes this in the registry.所以问题的重点是在Linux系统上是否有一个地方可以记录系统中所有的USB使用记录,就像Windows系统在注册表中写这个一样。
1 个解决方案
解决方案1
0 已采纳 2020-02-06 00:15:40
Linux doesn't natively provide this functionality. Linux 本身不提供此功能。 It isn't seen as an intrinsically important feature to have, and as mentioned, it can be done easily with a udev rule for those who want it.它不被视为具有本质上重要的功能,并且如前所述,对于需要它的人,可以使用udev规则轻松完成。 It's generally assumed that anyone with physical access to the machine can read any unencrypted data on it and execute arbitrary code on it if it's running, so logging USB devices isn't really an effective security measure.通常假设任何对机器有物理访问权限的人都可以读取其上的任何未加密数据并在其运行时执行任意代码,因此记录 USB 设备并不是真正有效的安全措施。
If you want to see the recent history, you can check the kernel log (often /var/log/kern.log ) to read the recent and older entries that the kernel has output when a USB device has been inserted.如果要查看最近的历史记录,可以检查内核日志(通常是/var/log/kern.log )以读取插入 USB 设备时内核输出的最近和较旧的条目。 Do note that these are rotated periodically, so they won't provide the entire history of the system.请注意,它们会定期轮换,因此它们不会提供系统的完整历史记录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.