I want to monitor a part of my filesystem for changes, including file opening and attempts to open files/dirs without necessary permissions.Since every read/write/open is run by syscalls i figured that running the auditd would be the simplest way to do this. I installed auditd and added a rule:
Code: auditctl -w /srv -p warx However I do not get any writes reported via ausearch -i. As a simple example, if I run
Anyone can tell me how to enable and config auditd in linux kernel 2.6.9-5.EL. I have only found command auditd and auditctl in server that run kernel 2.6.9-5.EL. I ran auditd & and can saw auditd ran in my server. But I couldn't do anything with auditctl, no status, no rules, nothing :| . I tried to find audit.rules or auditd.conf but that nothing I can find.
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
Senario is we have a system where root has authorised keys set up so that it can do a passwordless ssh to $WORKSTATION. I then need to run a script on $WORKSTATION as user "bob" and NOT as user "root". I do not want to set up user "bob" to be allowed passwordless ssh so any ideas how I can do this?I have tried variations of (as user "root"):ssh $WORKSTATION "su - bob; ./my_script"
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
Any Linux machine (except PCLOS) that I log into as root user seems to not start networking. I haven't tried sudo /etc/init.d/networking restart , to see if it does start, because anytime I DO this, it's for 'local' work. How about default root user configuration settings???
i want to know the risk with auto mounting flash drive as a root user,if for example there is a Usb Flash drive inserted into the system and we login into root unknowingly, and this flash drive contains an autorun script which calls a new script that can place viruses in your system, since you are in the root it will not even prompt for password and if the script is fast enough you will not even see it executing.
I get the problem to acess root password when i am in user login, means wahen i am in user login and want to install software from terminal then he asked root password, when i supplied root password but he give me login incorrect.
My understanding is SELinux adds type enforcement to standard Linux. This means that both the standard Linux and enhanced SELinux access controls must be satisfied to access an object. Which means that thing that is prevented to do in the normal standard Linux will be also prevented in the SELinux System? Does SELinux make it possible to run a non-root software to bind to a port < 1024? something that standard Linux won't allow? If not, what other suggestions do you have for allowing a program to run as non-root but able to bind to privileged ports? I know all about using the port re-direction such as ipchains, iptables.
I'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
When I go to single user mode for resetting root password, It ask root pawssword for login.The message displayed on prompt is "Give root password for login.On the boot prompt, I select kernel and press 'e' and after one space type 1 for single User mode and then press 'b' for booting.It shows message entering in single user mode but ask root password. Even I tried into rescue mode, but I couldn't ser root password.In rescue mode on prompt, It shows rescue login: I typed root, But when typed 'passwd' foe resetting root pawssword,It shows message unknown user and not authetication.
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
Is It possible to change a process running in root-user to non-root-user by setting suid / uid / euid / gid etc... I so please instruct how, when and wat to set in order to change a process running in root-user to non-root user
We are trying to setup fedora 12, and it has installed and now is asking for a user name on the base install, so far all we have tried will not let us in. We have, installed it a few times to see if there is a place to install the uer name or is there a root user name to use?
Well I did something pretty stupid and now I can't log in with my user other than the root user. Basically, I wanted to change my username and so I when to the admin > user & accounts - and selected the account I wanted to change. Anyway I did that and then logged out. Since then all I get when I reseted is a spinning mouse ball and a black screen. I can get into the shell prompt - but I'm not sure how I'd go about fixing this issue I created. At the moment I'm logged in the shell with root, and if I type 'id' I can see my old username, but I think the links behind it are broken.
I have a fedora 10 server to which I can ssh as the root user using RSA.
However for any user other than root a password is always requested.
I have made changes to PAM and check the rights to all the files and read pages upon pages. I can mess it up completely so no one can login but cant get it so that anyone other than root can use a public key.
Another interesting and may be related item is that when any user logs in, with a password, via ssh then they get the error:
Could not chdir to home directory /home/xxxx: Permission denied
But they can cd to their home directory and have no problems.
I am thinking that this may be to do with the mount. The home directory is on a HDD but the system dive is an SSD.
I have gone over everything so many times I am now lost, I must be overlooking something so simple and obvious its just not coming to mind.
I did a fresh fedora install and have overwritten the root user directory ( /root) with a backup of a previous install. Now I cannot log on through the login screen with the root user password. I can login su - as root on the command line with the password OK.
I've recently upgraded my hardware. Now, the system boots perfectly fine, but I can't login to the tty as root or any other user. Infact yes, I can login, but as soon as it shows Last Login, it exits and then I'm back to a login prompt. I've successfully booted into single user mode, and changed all the passwords, but still it fails. X doesn't start, although I think it's due to the old xorg.conf having the wrong driver.