Red Hat :: NISPOM Audit Requirement - Failed Access To Objects - Won't Work-RHEL5 Update1
May 14, 2009
The Defense Security Services' (DSS) National Industrial Security Program Operating Manual (NISPOM) require collection of specific audit events.
System Access: (This works)
Unauthorized File Access: (This does not work)
I need to be able to ausearch and find if any of the above failed attempts exist. However, upon testing any and all of the above, a failed audit does not appear in the /var/log/audit/audit.log file. Supposedly, the nispom.rules file that comes with Red Hat is designed to accomplish this requirement.
The nispom.rules file was copied from /usr/share/doc/audit-1.5.5/nispom.rules to /etc/audit/audit.rules and has NOT been modified.
Our audit version is: audit-1.5.5-7.el5. We verified that the audit.rules files is being read by placing a syntax error in the file. An error message was returned which confirms that the file is being read.
View 1 Replies
ADVERTISEMENT
Jan 6, 2010
i run ubuntu 9.10 64-bit, using firefox 3.5.6 (courtesy of ubuntuzilla) as my web browser. i've had a problem with some flash and/or shockwave objects simply refusing to work inside firefox, despite having 64-bit flash player and all necessary plugins/addons/extras etc. installed.
there is no pattern to the problems, other than all of them being flash or shockwave objects that won't play. the majority of videos videos do play, including hd ones. however, this morning i encountered a pair of videos clips that simply would not play. i could load the page they were on, but all i ever saw was a black box, with no audio, where the video should have been.
i also noticed that on some of the videos that do play, the flash player's built-in volume control does nothing. i can slide it up or down or mute it entirely, but the sound from the flash video is unaffected.
i'll post urls of the problem videos later, so others can try them.
meanwhile i was able to watch other videos videos without issue, on another tab, aside from the broken flash player volume control.
i've also had a problem with the [url] player for a radio station, which i believe uses shockwave. i like to listen to atlanta, ga's wsb 750 am radio in the mornings before work, but so far i have to do it on a virtual windows xp machine running firefox 3.5.6, under virtualbox. if i try to open the player in firefox 3.5.6 running in the host os (ubuntu 9.10), i get only a blank popup window. url is [url]; click the "listen live" box at upper left to try it.
both machines, the host ubuntu 9.10 install and the guest windows xp machine, use exactly the same ad-blocking hosts file. i use the noscript addon in the host os install of firefox, but i allow any and all scripts when visiting the radio station's website.
since the streaming radio works on the virtual xp machine, i'm pretty sure my network configuration, hosts file etc. have nothing to do with this.
has anyone else had this problem? the flash content really should be agnostic with respect to the host os and browser, shouldn't it?
i guess it could be some random problem with the 64-bit vs. the 32-bit version of the flash plugin, so i may try instaling 32-bit ubuntu on a virtual machine to find out whether there's a difference.
View 8 Replies
View Related
Apr 6, 2010
I have download file from this site and have done these steps [URL].
tar -xvf ntfsprogs-2.0.0.tar.gz
chown root.root -R ntfsprogs-2.0.0
cd ntfsprogs-2.0.0
./configure
make && make install
Still I have failed to mount ntfs partition with this command..
mount -t ntfs /dev/hda1 /mnt
or
ntfs-3g /dev/hda1 /mnt
The error is .................
mount: unknown filesystem type 'ntfs'
I am using RHEL5.4 and kernel is 2.6.18-164.el5
View 3 Replies
View Related
May 26, 2009
I m very new to Linux. I am not knowing anything about it. Due to requirement I have installed on my system. And I m not able to access the Internet on my system.
View 4 Replies
View Related
Apr 23, 2010
I want to access shared directory of windows xp from redhat linux. I share 'd:' drive from windows machine.
View 3 Replies
View Related
Jun 17, 2009
I want to access RHEL5 by remote desktop from windows XP.
View 1 Replies
View Related
Dec 18, 2010
I installed 2 nic cards in my pentium 4 computer running rhel5 to be used as a proxy server and connect 2 computers in each network card for testing . The problem is I cannot ping or use the 2 cards simultaneously . One must be deactivated for the other to be ping . The Network configuration panel indicate both card status as active but i can only ping the first to be activated . I have already set onboot=yes to both cards but still the same result after restarting . The nic cards are onboard - Realtek RTL8139 and pci -3com 3c905b.
View 4 Replies
View Related
Sep 23, 2010
I've hp laptop pavilion dv2000,
i want to control display light but fn key do not work.
View 1 Replies
View Related
May 24, 2010
I have a problem with new installed machine. i have installed RHEL5 2.6.18-92.el5xen kernel and configured 2 network cards.
DEVICE=eth0
BOOTPROTO=static
#HWADDR=xx:xx:xx:xx:xx:xx
ONBOOT=yes
NETWORK=192.168.6.0
NETMASK=255.255.255.0
[Code]...
View 3 Replies
View Related
May 10, 2011
in my vimrc I am sourcing the following: source $VIMRUNTIME/mswin.vim At first this file was missing, so I downloaded it from: http://ftp.twaren.net/vim/runtime/mswin.vim However when I try and open gvim I get: My first thoughts of the cause are: - version of mswin.vim incorrect? - version of vim incorrect?
Quote:
[09:12:05][root@host:/home]# gvim deploy.sh
Error detected while processing /usr/share/vim/mswin.vim:
line 46:
E121: Undefined variable: paste
E15: Invalid expression: paste#paste_cmd['i']
[Code]...
View 1 Replies
View Related
Sep 5, 2010
I tried to run FreeRadius1.17 in RHEL5 using PEAP authentication.#radiusd -X Run fine.authenticating only one user.if "user" is authenticated and second user "user2" just looping and will not authenticated. Again if "user2" authenticated "user" is looping?here the logWaking up in 4.5 seconds.rad_recv: Access-Request packet from host 192.168.0.3 port 1028, id=239, length=219
User-Name = "user"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
[code]...
View 1 Replies
View Related
Apr 1, 2009
how to access files from windows NT files to the linux box (RHEL5)
View 2 Replies
View Related
Mar 8, 2011
I'd like to know how do I rotate the audit logs under "/var/log/audit/audit.log" every 6 month. Currently I have set the parameter inside /etc/audit/auditd.conf to "KEEP_LOGS" (Previously "ROTATE" )and logs files are generated up to the size 5M and never deleted. Do I need to change inside "/etc/audit/audit.rules" file?
[root@RHEL5 ~]# more /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
[Code].....
View 4 Replies
View Related
Jan 23, 2011
I want to switch from my windows xp computer from Slackware Linux for my home pc.I use world and excel software and videos as well to watch movies how can I open my Ms office files in it? Does Slackware support yahoo messenger with voice ? What is the system requirement for slackware,the Ram,Processor and hard disk space for its latest version?
View 14 Replies
View Related
Feb 16, 2010
I am trying to setup auditing for NISPOM requirements using the built-in linux audit kernel which uses auditd and audit.rules for setup. I have been able to meet all other requirements, but I cannot find a way to audit user logout actions. My audit.rules file is listed below
Code:
#This file contains the a sample audit configuration intended to
# meet the NISPOM Chapter 8 rules.
[code]....
View 3 Replies
View Related
Jan 7, 2011
I would like to log all the commands executed (in full) by all the users or alteast myself.
package lastcomm, doesn't store full command.
View 2 Replies
View Related
Aug 24, 2010
When the audit daemon starts and stops, I see DAEMON_START DAEMON_STOP in the audit log. I don't see a rule in audit.rules about logging this event. So, I'm guessing that it's a rule that's built into the audit daemon. Can you confirm this?Also, I've been looking for a explanation of the event types that the audit daemon logs, such as: USER_AUTH, USER_ACCT, CRED_ACQ. If you know of any docs that explain this,
View 2 Replies
View Related
Mar 17, 2010
I did search everywhere and could not find the information I needed. I want to know :What is the system requirement (HD, RAM, CPU ) for
Linux Red Hat vs 5
HD,RAM ,CPU
Linux Red Hat vs 6
HD RAM CPU
Linux Red Hat vs 7
HD RAM CPU
View 4 Replies
View Related
Apr 7, 2010
When running MUTT on a RHEL 5.4 box, I get the message:
------------------------------------------------------
Server certificate has expired
This certificate belongs to:
localhost.localdomain
Unknown
SomeOrganization
SomeOrganizationalUnit
[URL]
I choose "accept always", but the same message appears next time. I do not wish to have a certificate requirement for MUTT and did not intentionally set the program up to include this feature. How can I get rid of it? My second choice would be to get a new certificate, but then I have to go through this every year. I have MUTT working on two other servers and this does not happen.
View 3 Replies
View Related
May 21, 2010
I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
View 1 Replies
View Related
Sep 27, 2010
One of our customers is looking at enterprise audit of their data center (primarily consists of Linux servers) We suggested them towards a SNMP based tool that has some limitations. Any other recommendation is welcome...
View 1 Replies
View Related
Jun 7, 2010
Strange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies
View Related
Mar 14, 2011
selinux and psacct is disabled in this system (RHEL5.6 2.6.18-194.11.3.el5 SMP x86_64). After performing a yum update, the syslog is flooded with kernel audit messages (related to PAM), even though audit service is turned off. Is there a way to disable this verbosity?
[Code]....
View 2 Replies
View Related
Apr 11, 2011
I am running RHEL 5.4 Server (32-bit) and have my audit.rules file set up per a template that I am required to use. There is one particular rule that audit is auditing the unlink of files. With this set, my log files are filling up very fast, as there is a particular app that constantly touches/ deletes a couple of files, which the unlink is catching. Here is the audit rule:-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k deleteI commented out the "-S unlink" and my logging returns to normal (as expected). For right now, I was wondering if there was a way to set this rule up to exclude these couple of files from what auditd is capturing?
View 1 Replies
View Related
Feb 19, 2010
I am relatively new to Fedora and appreciate it is intended to be a bleeding/leading edge distribution but the continual requests to reboot the computer after updates is intrusive and seems rather odd for a unix operating system. It is often not clear to me why it is necessary when I look at the names of the items triggering the request.
View 10 Replies
View Related
Jul 5, 2011
I recently installed openSUSE 11.4 64Bit on my desktop computer and it is running like a breeze! I have an Intel Dual Core 2.5 and 2GB of RAM and a NVIDIA 8400GS 256MB display card. I just want to know if 2GB of system RAM would be sufficient to run a Windows XP VirtualBox with 768MB of RAM assigned to it? PS - openSUSE is still the best of the best!
View 3 Replies
View Related
Dec 23, 2010
I have Debian 5 machine on which I want to compile the kernel 2.6.35 as per my project requirement.
View 6 Replies
View Related
May 11, 2011
I can manage my printer through the web browser interface in 12.2 without cookies but in 13.1 I need to allow cookies.
When did CUPS start requiring cookies to be enabled to use the web browser interface?
Is there an option to disable the cookies requirement?
View 4 Replies
View Related
Jul 7, 2010
how to audit and delete unwanted rpm packages. how to back up repository list from YaST2.
View 5 Replies
View Related
Apr 11, 2011
I am running RHEL 5.4 Server (32-bit) and have my audit.rules file set up per a template that I am required to use. There is one particular rule that audit is auditing the unlink of files. With this set, my log files are filling up very fast, as there is a particular app that constantly touches/ deletes a couple of files, which the unlink is catching. Here is the audit rule:-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k deleteI commented out the "-S unlink" and my logging returns to normal (as expected). For right now, I was wondering if there was a way to set this rule up to exclude these couple of files from what auditd is capturing?
View 1 Replies
View Related
