OpenSUSE Network :: Audit Original User That Changed File After Su?
Jul 22, 2010
Need to track which users are making changes to production files. I have a small number of administrators with access to su, but need to be able to identify which administrator is making changes to which files after they have su.I have read several post and articles regarding auditd tool, but it is not clear to me whether this tool can generate a log that shows the original user and file being altered.
View 3 Replies
ADVERTISEMENT
May 15, 2011
When I first installed openSUSE 11.4 the /boot directory looked like this:
I had installed VirtualBox through Yast and decoded to delete. After deleting the /boot directory looked like this, pointing now to the desktop kernel.
I went into YAST and deleted all kernel entries that contained desktop, trying to get back to the original configuration.
After doing this, the /boot directory now looks like this.
Is there any way to get back to the original kernel configuration without having to do a complete installation?
View 6 Replies
View Related
Dec 31, 2010
Initially, I was trying to get around a Nautilus log in error. Using this, I was able to log in, but I entered what seems to be a perfectly clean version of Ubuntu...with no access to my files. [URL].... Now, I can't seem to find any of my original files. Some of the commands I entered in the terminal included:
[code]...
I'm afraid that I may have deleted the files, or have moved them to another user or someplace on the drive I can't see.
View 6 Replies
View Related
Mar 21, 2011
I used to use the root account for everything for more than a year then I moved to a user account for security reasons but almost all files had root as owner so I could not go 5 minutes without having to change to root and then change the owner of a file to my username to make it usable. I got fed up with this so I just changed the owner of every file on the system to my username instead of root.
command chown -R myusername * in the base directory /
Everything was fine until I restarted and the login screen became non functional and I got 2 error messages related to xsession and gnome errors. I think this is because the login screen might have its own user account and it cant access the files for the login process because it is owned by myusername. So my question is what is the user-name of the login account and what folders/files need to have their owner changed so the login process can work? I'm on 10.04 lucid.
View 6 Replies
View Related
Nov 17, 2010
I deleted the firewall files "K09SuSEfirewall2_init", "K01SuSEfirewall2_setup", "S11SuSEfirewall2_setup" and "S01SuSEfirewall2_init" from "/etc/rc.d/rc5.d" in order to disable the firewall when rebooting.
As a consequence all network services are not working. I can't connect to any other machine nor to the internet.
I rebuilt the symbolic files based on the ones for runlevel 3, but still no network services are available.
Any suggestions how to make it work again? I'm using Suse 11.3.
View 9 Replies
View Related
Jul 30, 2010
Some time ago I asked about SCPM in 11.3. Turns out it was removed, and the suggestion is made to use Network Manager.
Some of us are not excited about this, because despite the name Network Manager did not manage networks - it managed connections. Those of us who presently use SCPM to choose which NFS fstab entries, which printer, etc
When changing connections want to know whether indeed Network Manager can indeed now manage networks instead of just connections.
View 1 Replies
View Related
Jan 2, 2010
in 11.1 (2.6.27*) there were occasional kernel msgs generated in the "messages" log:May 26 21:57:28 blkdragon kernel: TCP: Treason uncloaked! Peer 188.48.28.209:18769/58845 shrinks window 2778476289:2778478629. Repaired.had to do with torrents/java and azureus/utorrent, with the outside ip number/port assignments easily understood and parsed if necessary.in 11.2 (2.6.31.5) the same type of entry is:00:24:23 blkdragon kernel: [258668.819024] TCP: Peer 0000:0000:0000:0000:0000:ffff:54b6:489e:10858/44949 unexpectedly shrunk window 3076383191:3076383869 (repaired)
View 4 Replies
View Related
Sep 1, 2010
I'm currently running 11.2 and I configured Proxy settings in the YaST module. It seems that when I use a proxy I have problems updating. It can retrieve some files, but while getting others it fails. Furthermore, I can't establish a connection with the timeserver in the YaST -> NTP configuration module.
My question is if there have been changes from this version to 11.3 regarding the Proxy settings.
View 1 Replies
View Related
Apr 11, 2011
I am running RHEL 5.4 Server (32-bit) and have my audit.rules file set up per a template that I am required to use. There is one particular rule that audit is auditing the unlink of files. With this set, my log files are filling up very fast, as there is a particular app that constantly touches/ deletes a couple of files, which the unlink is catching. Here is the audit rule:-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k deleteI commented out the "-S unlink" and my logging returns to normal (as expected). For right now, I was wondering if there was a way to set this rule up to exclude these couple of files from what auditd is capturing?
View 1 Replies
View Related
Aug 17, 2011
how could i automate the audit of computer's hardwares present in network?
View 1 Replies
View Related
Jun 9, 2011
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
View 1 Replies
View Related
Apr 11, 2011
I am running RHEL 5.4 Server (32-bit) and have my audit.rules file set up per a template that I am required to use. There is one particular rule that audit is auditing the unlink of files. With this set, my log files are filling up very fast, as there is a particular app that constantly touches/ deletes a couple of files, which the unlink is catching. Here is the audit rule:-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k deleteI commented out the "-S unlink" and my logging returns to normal (as expected). For right now, I was wondering if there was a way to set this rule up to exclude these couple of files from what auditd is capturing?
View 1 Replies
View Related
Mar 16, 2011
I am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code:
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny
I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
[code]....
View 8 Replies
View Related
Feb 22, 2010
I tried to use a windows server side program in wine but seems the ip has changed.
View 9 Replies
View Related
Jan 21, 2010
Prelude: OpenSUSE 11.2 (2.6.31.8-0.1-desktop), installed Novell client 2.0 SP2 (novell-client-2.0-sp2-sle11-i586.iso).
I found that if any usual user is logged into a NDS-tree, then _local_ root has full access to user's network shares, including the user's home directory located on remote Netware-server. Is it by design or
have I missed something? Nevertheless in windows local admin has no access to network resources mounted of any other user. If you runas shell (as admin) then admin in principle can't "see" network shares which were mounted (connected) by other users - they are accessible ("visible") per session.
View 3 Replies
View Related
May 30, 2011
Take a physical user FRED. FRED is a linux user ( known by linux on his laptop ) FRED is a Samba user ( Known by samba on the samba pdc server ) When he logs locally (with username/password) on its standalone laptop (with no network), he is known as FRED:user. He access his data in /home/FRED/. When he logs through samba (with username/password) on the domain MY_DOM, he is known as MY_DOMFRED:MY_DOMdomain user. He access his data in /home/MY_DOM/FRED/. ) Is it possible that the human FRED has only one repository and have full access to its repository regardless of how it was connected. If yes, how to do it
2) If not, Is it possible that the human FRED has full access to /home/FRED/.............. and /home/MY_DOM/FRED/.
View 4 Replies
View Related
Feb 16, 2010
I am trying to setup auditing for NISPOM requirements using the built-in linux audit kernel which uses auditd and audit.rules for setup. I have been able to meet all other requirements, but I cannot find a way to audit user logout actions. My audit.rules file is listed below
Code:
#This file contains the a sample audit configuration intended to
# meet the NISPOM Chapter 8 rules.
[code]....
View 3 Replies
View Related
May 11, 2011
I've been running smoothly for most of the time but last time I booted my Lap a login screen appears. I had this disabled as I'm the only one using that machine. After trying several times it appears none of my passwords works. I log in as root (offline mode) to reset the pwd and then log in again with my standard user. Fine again and I disable log in so no account is asked when booting. As I got a new access point I had to reconfigure wireless connection. Shortly after I do so (1hr approx), the Wireless gets disconnected and it request my WEP key again. I entered and verified several times but no connection. I confirm with another device that the wireless is working and the WEP key is correct. So I restart to see if this fixes my connection and ,surprise, log in screen again and no pwd is recognized
I haven't touch that machine again but I'm afraid a malicious SW can be stealing my pwd. Only SW I have installed is from the official repositories
View 6 Replies
View Related
Sep 14, 2010
I've accidentally changed /usr/bin/php file on my server by running a cp command. I know this is bad, i just don't know how bad. Everything is working fine (websites using php), so i just wanted to know what this action could cause and also how can i restore original content.
View 4 Replies
View Related
May 21, 2010
I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
View 1 Replies
View Related
Jul 7, 2010
how to audit and delete unwanted rpm packages. how to back up repository list from YaST2.
View 5 Replies
View Related
Jul 7, 2010
Trying to configurate gadmid-bind, I change the user and group of my entire filesystem, I archive some advance getting all back but for now,sudo leave me with a problem about guid, i changed sudoers to root againg, but i don't get all back.I dosen't have network connection, because nm-applet dosen't start on my user, and when i run on a xserver with root user it give me: The device is not ready.
View 9 Replies
View Related
Sep 20, 2015
I want to back up an entire Linux system on a 3Tb external Western DIgital USB3 drive.
I do not want to reformat it from what it is, apparemtly NTFS.
Is there a utility that can act like a file manager like mc, that will permit me to create an ever expanding (to 320Gb) TAR file that will retain all the original file permissions. I have had nothing but disappointment with Linux backup utils with a FAT32 external drive, and I am concerned if I just try an tar the entire drive at once, with around 3 million files, I might run out of memory.
View 5 Replies
View Related
Apr 2, 2011
Q: How can I allow my users to mount a cifs share without an entry in fstab in OpenSuse 11.4?
I have an answer myself. Until OpenSuse 11.2 I could mount my samba shares by making mount.cifs and umount.cifs setuid root. Today I installed OpenSuse 11.4. Unfortunately mount.cifs isn't anymore allowed to be setuid due to security concerns. Security is not an issue in my case, so I copied the mount.cifs and umount.cifs from 11.2 to make it work again:
1. Download cifs-mount-3.4.2-1.1.3.1.x86_64.rpm from this repository (I use 64 bit):
"http://download.opensuse.org/distribution/11.2/repo/oss/suse/x86_64/"
2. Extract the files mount.cifs and umount.cifs from the rpm and copy them to /sbin
3. Make them setuid root:
Code:
linux-y5qw:~ # chmod u+s /sbin/mount.cifs
linux-y5qw:~ # chmod u+s /sbin/umount.cifs
4. Mount your cifs shares as a normal user:
Code:
martin@linux-y5qw:~> /sbin/mount.cifs //192.168.2.2/data /home/martin/data/ -ousername=martin
Password:
View 1 Replies
View Related
Jan 11, 2010
how can I allow a non-root user to do ping?
View 6 Replies
View Related
Jan 1, 2011
how to add user to my opensuse 11.3 box from a ldap server ? I used useradd but can't log in with the ldap credentials .
View 1 Replies
View Related
May 28, 2010
I have asked this over on Launchpad and have found bugs filed on the eclipse bug tracker but it seems to be going nowhere so I guess ill ask here.
I am using Eclipse for some development work and having saved a file, defocus the eclipse window (to test changes in a browser) when I refocus the eclipse window I get the following error...
The file 'path omyfile' has been changed on the file system.Do you want to replace the editor contents with these changes?
I have searched and searched and this seems to be a CIFS/SAMBA problem. I even found one solution suggesting that changing his mounts from cifs to smbfs fixed his problem however that would appear not to be an option for me since using smbfs in the fstab causes cifs mounts. This problem would seem to occur in Bluefish as well as some other IDE's so it is not an Eclipse issue.
---------- LINKS TO RELATED ----------
Launchpad Question
Eclipse Bug
--------------------------------------
View 2 Replies
View Related
Mar 10, 2010
I was recently messing around learning chgrp commands, and set my (only) user account to a different group. Now whenever I try to sudo a command, I get 'john is not in the sudoers file. This incident will be reported' message.I *seem* to have a root account (one is listed in System->admin->users and groups), but I'm almost certain that the password for it would be one of 3 things, and it's none of them.
View 2 Replies
View Related
Apr 16, 2010
Ubunto 8.4, running on 2nd partition on Apple Intel iMac. Several months ago, following a routine update, I found I could no longer install routine updates. Investigating further, I find
"You don't have permissions to..."
then sudo: /etc/sudoers is owned by gid 1002, should be 0.
That's not me! I am the owner and root user of this computer. How could this get changed? How can I change it back to me? The Linux platform of the computer has not been exposed to the net except for Ubuntu forums and updates. No one else has used this computer.
View 5 Replies
View Related
Jul 25, 2011
Vmware tells me it cannot start services.I believe the issue is tied to permissions because the message indicated the log with the full details was located in /tmp/vmware-root/setup-4772.log but when I go there I receive a message telling me I do not have permission to the directory and there's a lock symbol on the directory from the File Browser utility.What do I need to do to unlock the folder and get vmware working again ?
View 2 Replies
View Related
