OpenSUSE :: Add / Setting -auth -audit In X Server
May 21, 2010
I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
View 1 Replies
ADVERTISEMENT
Mar 16, 2011
I am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code:
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny
I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
[code]....
View 8 Replies
View Related
Jan 10, 2011
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
View 1 Replies
View Related
Sep 27, 2010
One of our customers is looking at enterprise audit of their data center (primarily consists of Linux servers) We suggested them towards a SNMP based tool that has some limitations. Any other recommendation is welcome...
View 1 Replies
View Related
Mar 14, 2011
selinux and psacct is disabled in this system (RHEL5.6 2.6.18-194.11.3.el5 SMP x86_64). After performing a yum update, the syslog is flooded with kernel audit messages (related to PAM), even though audit service is turned off. Is there a way to disable this verbosity?
[Code]....
View 2 Replies
View Related
Feb 16, 2010
I am trying to setup auditing for NISPOM requirements using the built-in linux audit kernel which uses auditd and audit.rules for setup. I have been able to meet all other requirements, but I cannot find a way to audit user logout actions. My audit.rules file is listed below
Code:
#This file contains the a sample audit configuration intended to
# meet the NISPOM Chapter 8 rules.
[code]....
View 3 Replies
View Related
Nov 23, 2010
I have /var/log/audit and /var/log/audit.log owned by root and 600 permissions. I've also removed and made an empty /var/log/audit directory when that did not we work either. I can start the service after boot up, but it is not coming up automatically even when configured by chkconfig. I also get this after I attempt a restart...
Stopping auditd: [ OK ]
Error deleting rule (Operation not permitted)
Starting auditd: [ OK ]
The audit system is in immutable mode, no rules loaded
A tail of my /var/log/messages shows this...
Nov 23 16:45:18 hostname kernel: type=1302 audit(1290548718.524:73): item=1 name="/var/run/auditd.pid" inode=131143 dev=fd:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_run_t:s0
Nov 23 16:45:18 hostname kernel: type=1300 audit(1290548718.618:74): arch=c000003e syscall=87 success=no exit=-2 a0=7fff730b2f85 a1=7fff730b2f85 a2=2 a3=0 items=1 ppid=6243 pid=6248 auid=1111 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="rm" exe="/bin/rm" subj=user_u:system_r:unconfined_t:s0 key="delete"
Nov 23 16:45:18 hostname kernel: type=1307 audit(1290548718.618:74): cwd="/"
Nov 23 16:45:18 hostname kernel: type=1302 audit(1290548718.618:74): item=0 name="/var/run/auditd.pid" inode=131073 dev=fd:01 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_run_t:s0
Nov 23 16:45:18 hostname kernel: type=1300 audit(1290548718.620:75): arch=c000003e syscall=87 success=yes exit=0 a0=7fff9b776f81 a1=7fff9b776f81 a2=2 a3=0 items=2 ppid=6243 pid=6249 auid=1111 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="rm" exe="/bin/rm" subj=user_u:system_r:unconfined_t:s0 key="delete"
Nov 23 16:45:18 hostname kernel: type=1307 audit(1290548718.620:75): cwd="/"
Nov 23 16:45:18 hostname auditd[6260]: Started dispatcher: /sbin/audispd pid: 6262
Nov 23 16:45:18 hostname audispd: af_unix plugin initialized
Nov 23 16:45:18 hostname audispd: audispd initialized with q_depth=80 and 1 active plugins
Nov 23 16:45:18 hostname auditd[6260]: Init complete, auditd 1.7.17 listening for events (startup state enable)
View 4 Replies
View Related
Jul 7, 2010
how to audit and delete unwanted rpm packages. how to back up repository list from YaST2.
View 5 Replies
View Related
Jul 22, 2010
Need to track which users are making changes to production files. I have a small number of administrators with access to su, but need to be able to identify which administrator is making changes to which files after they have su.I have read several post and articles regarding auditd tool, but it is not clear to me whether this tool can generate a log that shows the original user and file being altered.
View 3 Replies
View Related
Jul 29, 2010
Been a while but have a few scripts that need to hit a website that's local to that network, but also a public site. Currently there is an .htaccess in that folder with this lockdown;
AuthType Basic
AuthName "Restricated"
Require valid-user
Now, can I break that somehow and say (here is my english translation)
[Code]..
View 1 Replies
View Related
Dec 28, 2010
operating system: CentOS 5.5 git version:1.7.3.4 ldap server:OpenLdap Http server:Apache 2.2 the software above have been installed. How to config /etc/httpd/conf.d/gitweb.conf file to let git authed by ldap?
View 2 Replies
View Related
Aug 3, 2011
I am a bit of a linux newbie, but have been gradually teaching myself how to set up Sendmail 8.13.8 on a CentOS system to handle our MX mail for various domains we own on our local server. Configuration has gone well so far, except I cannot seem to get Outlook to authenticate with the SMTP server and I must readily admit to some large gaps in my knowledge. For testing purposes, I have tried to authenticate using Telnet with the following results:
Code:
220 my.domain.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 3 Aug 2011 14:27:00 GMT
ehlo my.domain.com
250-my.domain.com Hello mytelnethost.btcentralplus.com [109.xxx.xxx.xx], pleased to meet you
250-ENHANCEDSTATUSCODES
[Code]...
View 7 Replies
View Related
Jan 20, 2011
I want to use squid Proxy to ask username password to user for internet usage and if username password not correct squid stops user access.I use following installation commands and configuration but still squid not asking for username password, and I can use Internet browsing by defining proxy in my client proxy.I use following installataion commands one by one but non of them works, and configure squid to use ncsa_auth../configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies
then I use
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers
then I use
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers=NCSA
with following squid.conf configuration one by one.
htpasswd /usr/local/squid/etc/passwd testuser
New password:
Re-type new password:
[code]....
No error received in access.log or /var/logs/messages files, nor on client screen, client still using internet browsing without asking username password by squid,
View 14 Replies
View Related
Aug 26, 2010
I'd like to enable SSL authentication in vsftpd.conf but still somehow force plain data transfer; even if the client is capable of SSL data transfer. The way I understand the config, if I set ssl_enable=YES then if client wants to use SSL for data transfers, it can. I wish for force plain data transer, but still have SSL enabled for login. Is this possible with vsftpd?
View 1 Replies
View Related
Dec 2, 2010
I'm hoping someone here can help, as I've been beating my head on the wall for a week now with little advancement. I've found a number of tutorials on setting this up, however none of them have gotten me 100% of the way there. Here's my situation: home-based Fedora server (Core 8), running sendmail 8.14.2-1. Connecting to hosting company's smtp server over port 587, to bypass Verizon's blocking of port 25.
My /etc/mail/sendmail.mc file looks like this (comment lines removed):Quote:
divert(-1)dnl
define(`SMART_HOST', `smtp2.datarealm.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl
define(`RELAY_MAILER', `esmtp')dnl
[Code]....
View 14 Replies
View Related
Aug 1, 2010
I got one last stop until I've fully configured my Sendmail server. I want the server to verify which address the sender is using when sending mail. Even though authenticated via SMTP AUTH or mailing from an IP listed as RELAY in access.db, the user should not be able to use whichever address he likes.
Ideally, I would like Sendmail to use a file that looks something like this: Username sername@Server.org
where, if logged in with Username, the only accepted sender address is Username@Server.org. As of now, Sendmail just verifies that the sender domain exists and then relays which I don't like. This also applies to a lot of other servers as well... for example in the cases where ISPs have blocked outgoing port 25 and let all their users use their SMTP server. I assume, if they don't use SMTP AUTH which is not the case where I am, that they have their entire IP range listed as RELAY and therefore, using my ISPs SMTP when in their net, I can send mail as whomever I like as long as the sender domain exists.
I've had a look at filters but haven't found any suitable and I assume that this might be realised through a Ruleset or something. What do you think? Have I missed something making this a really stupid suggestion or am I on to something? It would make my day
View 1 Replies
View Related
Jul 6, 2011
i had configured mail server in linux. i had configured sendmail in linux client . i have error while sending mail through thunderbird smtp auth error how can i resolv the issue .....
View 1 Replies
View Related
Oct 6, 2010
I'm testing upgrading from 11.1 to 11.3 and running into a major roadblock. When I try to ssh to the server after upgrading, I am unable to use password or pubkey auth to connect via ssh with my ldap user due to sshd segfault. I can however connect via pubkey to a local account on the system. Both auth methods work (for local users) when I disable UsePAM in sshd_config, but auth via ldap is required. My configuration works fine on fully patched installs of both 11.1 and 11.3, but not a fully patched 11.1 upgraded to 11.3. I've been at this for a while now trying various things but don't seem to be making much progress..
/var/log/messages:
Code:
Oct 6 20:33:15 susetest kernel: [ 1829.251921] sshd[3602]: segfault at 7f4bb0521240 ip 00007f4bb0509354 sp 00007fffdf212850 error 7 in libcrypto.so.1.0.0[7f4bb0449000+188000]/usr/sbin/sshd -ddd:
Code:
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 431
debug2: parse_server_config: config /etc/ssh/sshd_config len 431
[code]....
View 3 Replies
View Related
May 16, 2011
New machine, need to append my id_rsa.pub to my remote SSH box, cannot use ssh-copy-id because I cannot specify the port I've got the machine running on.
View 1 Replies
View Related
Mar 7, 2011
I have a CentOS 5 box that is a web server. When it generates emails, all emails should go out through our Exchange mail server.I believe our Exchange server requires NTLM authentication:
View 1 Replies
View Related
Jan 29, 2010
Is there anyway to monitor the current bandwidth in use by a user (NCSA auth) on squid? Occasionally we get a user downloading too many videos at once, which blocks bandwidth to other users on the network. As I have no idea which user it is until the end of the day (SARG reports), we just restart the squid server to disconnect their downloads.
View 6 Replies
View Related
Jul 26, 2011
I have a problem as below:
When i setup pam_wheel.so in /etc/pam.d/su, it runs correctly. But when i set up pam_wheel.so in /etc/pam.d/common-auth (include file), i can't login to anyone via SSH. Details configuration of /etc/pam.d/su and /etc/pam.d/common-auth:
/etc/pam.d/su:
auth include common-auth
account include common-account
password include common-password
session include common-session
[Code]....
View 1 Replies
View Related
Feb 1, 2010
I'm trying to setup a media server for my Playstation 3 I've opted for the one off of this site PS3 Media Server now the installation instructions in the README don't really say much just make sure you have JRE 6 and run the script which I have done but get a message that I can't even began to cipher which is the following..
Code:
./pms.jar: line 1: PK: command not found
./pms.jar: line 2: h:: command not found
./pms.jar: line 25: h:META-INF/MANIFEST.MFManifest-Version: 1.0
Ant-Version: Apache Ant 1.7.0
[Cpde]....
View 9 Replies
View Related
Feb 6, 2010
I'm having problems setting up an LDAP server for suers. The SUSE user management won;t let me create users with passwords longer than 8 characters in the LDAP directory. Local users are fine. This is a new LDAP server setup using the instructions from Integrating LDAP and Samba using openSUSE
I'm getting the error "The password is too long for the current encryption method. Truncate it to 8 characters?" I can create users with short passwords, but this isn't acceptable - it's a security issue.
The susePasswordHash in LDAP is SSHA (default)
The password hash in users & groups management is blowfish.
how to get this working with long passwords?
View 1 Replies
View Related
Mar 1, 2011
I have downloaded and setup the SUSE Lifecycle Management Server on vmware using the Live CD Distribution. I have connected it to Susestudio.com as my repository and setup a user account via the backend on pg 96 using the slms-admin-ui-user -o to create my administrator account since I lost the password for the initial login. I created a customer and have the following:
Mirroring Credentials - User Name: (random character)
Mirroring Credentials - Password: (random character)
Also I have a test box for installing the Live CD of our application. Do all appliance created on suse studio have the client to connect to the SLMS server or do need to install a client? If there is no client how do I obtain and add it to the appliance on susestudio.com ? How do I setup appliance as a client?
View 1 Replies
View Related
May 23, 2010
setting up my LAMP server to send email messages through my cable network SMTP server. If you respond please realize that I am new to linux/apache. I cannot send emails out with the built in email server on Suse and don't even know if it is enabled. I used to do it with my IIS/ColdFusion server but there were options for the outbound SMTP server and authentication. I have searched and think I have to use something called Pear but to be honest the instructions are vague to say the least and it all looks greek to me.
View 2 Replies
View Related
Aug 24, 2010
I would like to build a server to act as a file/print server for my home. My wife, sister in law, and myself would use it. I would like it to be friendly to both windows and linux. My sister and I are both dual boot and for now my wife is windows only. Pretty soon though I plan on setting her up on linux as well. What would I need? And are there any "good" guides to setting something like this up?
I would like to use the system to:
- Store media / files
- Maybe have KMyMoney on it and share with the wife
- Hook a printer to and use as common printer
View 2 Replies
View Related
May 23, 2011
The only things i need out of it are: mars_nwe (Netware server under Linux) and a reverse telnet server (the dos machine is a bbs) I need the virtual server to support a very old dos machine, and while i COULD use samba for drive mapping, the VNC server I'm useing on the dos machine is a progrm called TINY which pretty much means i'm stuck useing the novell dos network stack.
how best to configure opensuse for this? I'm running the install off of the live-dvd which has quite a bit selected by default. I'm not in need of an x-server or a desktop manager, as this will be a set it up and forget about it once it works VM
View 1 Replies
View Related
Sep 7, 2010
I'm trying to set my openSUSE desktop up to use the printers on my office network via Samba. I managed to get it working in 11.2 but 11.3 is giving me some trouble.I am able to access the printers and use them but I have to enter my network credentials each time I print. In 11.2 I was able to "save" my username/password and was not required to do this. Are there any Samba packages I need to add in addition to the basic ones? There seems to be a lack of documentation on this particular subject, most is concerning Windows clients printing on Linux print servers.
View 2 Replies
View Related
Mar 17, 2009
If I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
View 1 Replies
View Related
