Programming :: Extracting Auditing Info Using Awk System And Ausearch?
Aug 25, 2010
I'm a linux newbie and scripting novice and I'm trying to pull auditing info and dump it into a file. I made some login changes so it would get audited but I don't want to have to sift through the log to see who the user was and what was done. This is what I have below here and I can't seem to get it to extract the info want using the event id. The "ausearch -a $10" from the script should get it from the 10th column but it's not working.If I can get this to work I would like to add additional aureport options.
#!/bin/bash
yyyy=`date "+%Y"`
mm=`date "+%m"`
[code]...
View 6 Replies
ADVERTISEMENT
May 26, 2010
I want to get system info like up time, no of process etc. for up time i got the got from net but it is giving me error. i.e.
error:
Following is the code i m using
Code:
Whats wrong with the code?
View 2 Replies
View Related
Oct 19, 2010
As part of server hardening process i would like to know the Best way of System Logging and Auditing.Following pointould be taken into consideration.Logging of critical eventsLogging access to critical accountsSecure storage and availability of logsReview of logsSecurity of logs
View 2 Replies
View Related
Jun 28, 2009
I have a PHP script written that is checking a string to see if it contains a link in it (i.e. a URL). I have the following if statement, that uses 3 possible regular expressions to determine if there is a link or not.
Code:
// check if we found a link
// links are denoted by strings that:
// - contain http://
// - contain www.*.*
[Code]....
I'm not convinced yet that writing a shell script to do this is the best course of action. If someone is capable of doing this with a Perl or a Python script that's fine too. If you want to make it super high performance and write it in assembly
View 1 Replies
View Related
Jun 9, 2010
Say I have a text file with10 columns. I need to reorder them based on a list of column numbers that will reorder them.
My problem is this:
If I want to cut out 5 columns (columns 1,2,3,9,10) in the order 1,10,2,9,3 then I have tried using:
Code: cut -f1,10,2,9,3 my_file.txt > reordered_file.txt But this just extracts the columns in order as if I used:
Code: cut -f1,2,3,9,10 my_file.txt > reordered_file.txt How can I cut these columns and place them into the new file in the order I specify?
While this might seem quite trivial, I will actually need to do this for a file containing ~14000 columns with ~12000 columns that I need to extract in a particular order.
View 2 Replies
View Related
Feb 8, 2011
Code for insertion of data:
Code:
#include <map>
#include <iostream>
int main ()
[code]....
I don't know how to fetch the data from the nested map here.
View 5 Replies
View Related
Nov 8, 2010
I have a string, like file223a3b5. How can I extract the number beginning after "file" and ending before "a"?
View 3 Replies
View Related
Nov 22, 2010
I have a log file and want to extract all blocks of text that start with START and ends with END. Each block is 5 lines.
Code:
--- START
blah blah blah
[code]...
View 1 Replies
View Related
Feb 22, 2011
I have a file which looks something like this:
##########
some
text
text also includes empty lines
##########
some
more
text
##########
Basically all sections are separated by 10 hashes and I need to somehow only print all lines in the last section (the "some more text" part in the example above"). I tried all kind of things with sed and awk but I didn't find any way to identify the last "section".
View 8 Replies
View Related
Jun 8, 2010
I have a load of emails in my Thunderbird trash folder and some of them (all with a similar subject) I want to extract the email address for them and put in a text file. I have located the trash file but it seems that it is just a big flat file with a concatenation of all my emails in it, varying number of header lines etc etc - ie, something which really doesn't seem to suit awk, sed, grep etc.Does anyone know of any way this might be accomplished, or any third party tools which may help?
View 1 Replies
View Related
Aug 23, 2010
I am trying to develop a method of reading files generated by other programs. I am trying to find the most versatile approach. I have been trying bash, and have been making good progress with sed, however I was wondering if there was a "standard" approach to this sort of thing. The main features I would like to implement concern reading finding strings based on various forms of context and storing them to variables and/or arrays. Here are the most general tasks:
a) Read the first word(or floating point) that comes after a given string (solved in another thread)
b) Read the nth line after a given string
c) Read all text between two given strings
d) Save the output of task a), task b) or task c) (above) into an array if the "given string(s)" is/are not unique.
e)Read text between two non-unique strings i.e. text between the nth occurrence of string1 and the mth occurrence of string2
As far as I can tell, those five scripts should be able to parse just about any text pattern. I am by no means fluent in these languages. But I could use a starting point. My main concern is speed. I intend to use these scripts in a program that reads and writes hundreds of input and output files--each with a different value of some parameter(s).
The files will most likely be no more than a few dozen lines, but I can think of some applications that could generate a few hundred lines. I have the input file generator down pretty well. Parsing the output is quite a bit trickier. And, of course, the option for parallelization will be very desirable for many practical applications.
View 14 Replies
View Related
Jan 6, 2011
how do i get system info on desktop
View 1 Replies
View Related
Feb 23, 2011
I installed ARB in my pc...while running arb below error is occur...
- arb_ntree: error while loading shared libraries: libXm.so.4: cannot open shared object file: No such file or directory
ARB done
This type error also occur while running phylip programs
- drawtree: error while loading shared libraries: libXm.so.4: cannot open shared object file: No such file or directory
I dont know that my system contains this library or not...how I find that? My system is Fedora....
View 4 Replies
View Related
Dec 27, 2010
I have two 10.04.1LTS command line servers running different overall jobs. One is an upgrade that started as 9.10 and was upgraded to 10.04LTS when it came out. It has since been upgraded to a 10.04.1LTS server. It's ssh login displays the following:
Code:
bob@b-desktp:~$ ssh admin@192.168.0.153
admin@192.168.0.153's password:
Linux server.nnbob.net 2.6.32-27-generic #49-Ubuntu SMP Wed Dec 1 23:52:12 UTC 2010 i686 GNU/Linux
Ubuntu 10.04.1 LTS
code....
No mail.Last login: Mon Dec 27 17:00:10 2010 from b-desktp.nnbob.net.Notice the nice system information presented there. How do I get the other (upgraded) server to do that too?
View 6 Replies
View Related
Aug 14, 2010
I have a rhel5 as my file server with active directory intergeration and using samba for folder sharing ,webmin to manage the shares.We haveany folders and subfolders and files.We are facing the following issue.We had given a folder called yardworklist which is shared by 8 people with full access.The yardworklist will have more than 80 folders which represents each ship.The problem we are facing is some user copy a folder or file from a specific ship folder say SEA HERON to another ship's folder say BOW CLIPPER.The next day the person who wants to work on SEA HERON found the file or folder was missing and use his search tool to get the folder or file. I dont know who is the person did this.Basically a event log will also be enough like which file has been copied by whom to which place.
View 2 Replies
View Related
Jul 22, 2011
I am very new to Linux and am taking a class on Introduction to Linux, but I am not familiar with Command Script. Can anyone direct me to a place where I can find more info (for a two year old) on command script programming? I want to be able to understand what it all means.
View 7 Replies
View Related
Jan 16, 2011
how to work properly on the windows forms application in c++.
the thing is that i was able to produce in the windows forms application a web browser and I added a save button. So know I am able to navigate predeclared webpages such as [URL]and then I entered google's search box such as "spread of H1N1". and I surf a page such as [URL] I later save the page as text file on my computer.
I wanted to know how to organize the words in the text file ? i mean how can i just get the number of infected people in USA , number of infected in CANADA (if they exist) from all the text file and change it to a file with precise data.that is to eliminate the unneeded information such as the the characteristics and the useless ideas? and what if i also wanted to know the characteristics of the virus in a country+the number of infected?. How can i do it?
View 3 Replies
View Related
Jun 23, 2010
I want to get info about network interfaces in C , is there any library for this purpose ?
View 1 Replies
View Related
Dec 30, 2008
I want to implement a cross layer approach. I want to pass the network information such as delay from the MAC layer to Network layer. Can you tell me the way I am new to this. I am using linux (fedora). I think some system call will do the trick. Correct me if I am wrong. (I want to implement QoS matrices)
View 1 Replies
View Related
Jan 11, 2011
I'm doing this manually, as I'm at work, and if I spent 2 days trying to figure out a script to do this they'd maybe take it as me not working and instead messing around. However what I want to do is pull the:
Contact name, Company Name, Address, City, County, Postcode and email from the whois info for a list of about 400 domains we own.
I think I need some kind of combination of dig, sed and awk to pull the info, then filter out the parts I need, however I've never done anything like this before so I need some advice on where to start.
I'm not looking for a full bolown solution, I already have the list of domains so I think it will be something like:
Code:
for x in {list of domains}{
dig x;
somehow grab name, company name, address,
write to file in csv
}
Am I looking at this in the right way, can someone get me started? Is it sed/awk I need or is there another too.
View 2 Replies
View Related
Jan 18, 2016
I am running Wheezy 7.9 and recently created a file, in xorg.conf.d, to set the monitor configuration because the EDID is not always read from the monitor. Everything works great but when the EDID is not read the monitor name, as shown in System Settings>Displays, shows as Unknown. I have the vendor info and modelname in the config file but they do not show in the Display GUI. Is there some variable that I can set in order to get a good monitor name displayed?
Probably should include some more information. I am using the Gnome Classic desktop and gdm manager. Here is the monitor conf file that I put in /etc/X11/xorg,conf.d
Code: Select allSection "Monitor"
Identifier "Monitor0"
VendorName "VSC"
ModelName "VA912b"
DisplaySize 376 301
HorizSync 30.0 - 82.0
VertRefresh 50.0 - 85.0
[Code] ....
View 2 Replies
View Related
May 31, 2011
I just setup an EC2 instance running Linux. Is there a way to get the version/distribution of Linux that is running on the instance via the terminal?
View 3 Replies
View Related
Oct 1, 2010
I've been trying to figure this out... What command does the system use to display this at login:
Quote:
System information as of Fri Oct 1 08:35:54 CDT 2010
System load: 0.28
Usage of /: 10.8% of 17.89GB
Memory usage: 51%
Swap usage: 3%
Processes: 112
Users logged in: 1
IP address for eth0: <ip.address>
It's not uname, free, top, df, uptime, etc... Also doesn't appear to be anything in /proc that I've found. Anyone know what it is? I want to grab its output as part of a script. I could use other commands I suppose, but this system info output is neat and concise.
View 7 Replies
View Related
Mar 17, 2011
I am a new user of Linux and it was just my luck that my Windows partition along with my WD 350GB external HDD got infected with a virus. My computer science buddies suspect that the virus in my HDD was in a folder called System Volume Information. Right now, my Windows partition's been removed so my netbook is 100% Linux. I also deleted said folder from my HDD. However, the System Volume Information folder in my HDD still keeps on appearing.
I read that the System Volume Information folder is a Windows folder so I'm wondering why it still keeps on appearing? Is this still the virus? I'm skeptical but right now, I really don't know.
View 1 Replies
View Related
Mar 7, 2011
I remember screenshots in which a cli window is opened and in it kernel version, processor type, and other information is displayed along witnice little ascii art of the distribution logo. I have seen it for gentoo and debian, but forget the name.
View 6 Replies
View Related
Jan 4, 2010
I have been out of the UNIX world for some time preoccupied with real life problems. I'm interested in getting a home system up and running, but having difficulties deciding on a base platform.I am leaning towards a Linux, versus a BSD due to the tremendous amount of employers seeking people with that technology. However, I am attracted to the auditing performed on packages on the BSD end, particularly NetBSD/OpenBSD.Is there a Linux distribution that performs auditing of third party packages? I understand there are some commercial distributions, but wonder if they are more reactive than proactive
View 5 Replies
View Related
Dec 28, 2010
In 2 weeks, I will be handed over 8 servers, each one hosts around ~3 virtual machines, which will make them a total of around ~24 servers. And part of my initial responsibility is to make sure that these servers are secured and ready for me to look after.My question is, what are the best procedures (or as I will call it "checklist") to assess and audit each server, and be 100% sure that the server doesn't have a rootkit and everything is secured.
View 1 Replies
View Related
Mar 18, 2011
I have in my hands a bunch of samba logs, about 24 different files and I was wondering if there was a tool that would go through them and organize them into something readable.I had a gander at Sawmill
View 2 Replies
View Related
Feb 2, 2010
I am trying to initilaize auditing on a Red Hat 5.2 enterprise server. Things like:
/sbin/chkconfig audit on
/etc/audit/audit.rules
/var/log/audit/audit.log
are what I am looking at, but I need to know where things go to start the audit service. A simple example with all of the pieces set to audit, then I can add rules to match requirements.
View 3 Replies
View Related
Aug 6, 2010
so i cannot install anything because update-info-dir file is missing from /var/lib/dpkg/info/ .. I've searched for the last day and a half for a way to fix this, but nothing. can't even update dpkg because of this. so how do I bypass or fix this so I can install stuff (this is a fresh install of ubuntu 10.04 lts Lucid Lynx).
View 9 Replies
View Related
