Red Hat :: NISPOM Audit Requirement - Failed Access To Objects - Won't Work-RHEL5 Update1

May 14, 2009

The Defense Security Services' (DSS) National Industrial Security Program Operating Manual (NISPOM) require collection of specific audit events.

System Access: (This works)

Unauthorized File Access: (This does not work)

I need to be able to ausearch and find if any of the above failed attempts exist. However, upon testing any and all of the above, a failed audit does not appear in the /var/log/audit/audit.log file. Supposedly, the nispom.rules file that comes with Red Hat is designed to accomplish this requirement.

The nispom.rules file was copied from /usr/share/doc/audit-1.5.5/nispom.rules to /etc/audit/audit.rules and has NOT been modified.

Our audit version is: audit-1.5.5-7.el5. We verified that the audit.rules files is being read by placing a syntax error in the file. An error message was returned which confirms that the file is being read.

View 1 Replies


ADVERTISEMENT

Ubuntu Multimedia :: Random Flash/Shockwave Objects Refuse To Work In Firefox

Jan 6, 2010

i run ubuntu 9.10 64-bit, using firefox 3.5.6 (courtesy of ubuntuzilla) as my web browser. i've had a problem with some flash and/or shockwave objects simply refusing to work inside firefox, despite having 64-bit flash player and all necessary plugins/addons/extras etc. installed.

there is no pattern to the problems, other than all of them being flash or shockwave objects that won't play. the majority of videos videos do play, including hd ones. however, this morning i encountered a pair of videos clips that simply would not play. i could load the page they were on, but all i ever saw was a black box, with no audio, where the video should have been.

i also noticed that on some of the videos that do play, the flash player's built-in volume control does nothing. i can slide it up or down or mute it entirely, but the sound from the flash video is unaffected.

i'll post urls of the problem videos later, so others can try them.

meanwhile i was able to watch other videos videos without issue, on another tab, aside from the broken flash player volume control.

i've also had a problem with the [url] player for a radio station, which i believe uses shockwave. i like to listen to atlanta, ga's wsb 750 am radio in the mornings before work, but so far i have to do it on a virtual windows xp machine running firefox 3.5.6, under virtualbox. if i try to open the player in firefox 3.5.6 running in the host os (ubuntu 9.10), i get only a blank popup window. url is [url]; click the "listen live" box at upper left to try it.

both machines, the host ubuntu 9.10 install and the guest windows xp machine, use exactly the same ad-blocking hosts file. i use the noscript addon in the host os install of firefox, but i allow any and all scripts when visiting the radio station's website.

since the streaming radio works on the virtual xp machine, i'm pretty sure my network configuration, hosts file etc. have nothing to do with this.

has anyone else had this problem? the flash content really should be agnostic with respect to the host os and browser, shouldn't it?

i guess it could be some random problem with the 64-bit vs. the 32-bit version of the flash plugin, so i may try instaling 32-bit ubuntu on a virtual machine to find out whether there's a difference.

View 8 Replies View Related

General :: Failed To Mount NTFS In RHEL5 - Unknown Filesystem

Apr 6, 2010

I have download file from this site and have done these steps [URL].
tar -xvf ntfsprogs-2.0.0.tar.gz
chown root.root -R ntfsprogs-2.0.0
cd ntfsprogs-2.0.0
./configure
make && make install

Still I have failed to mount ntfs partition with this command..
mount -t ntfs /dev/hda1 /mnt
or
ntfs-3g /dev/hda1 /mnt

The error is .................
mount: unknown filesystem type 'ntfs'
I am using RHEL5.4 and kernel is 2.6.18-164.el5

View 3 Replies View Related

Hardware :: Access Internet Through RHEL5

May 26, 2009

I m very new to Linux. I am not knowing anything about it. Due to requirement I have installed on my system. And I m not able to access the Internet on my system.

View 4 Replies View Related

General :: How To Access Windows's Share From Rhel5

Apr 23, 2010

I want to access shared directory of windows xp from redhat linux. I share 'd:' drive from windows machine.

View 3 Replies View Related

Networking :: Want To Access RHEL5 Bu Remote Desktop From Winxp?

Jun 17, 2009

I want to access RHEL5 by remote desktop from windows XP.

View 1 Replies View Related

General :: Multiple Nic Cards Rhel5 Cannot Be Access Simultaneously?

Dec 18, 2010

I installed 2 nic cards in my pentium 4 computer running rhel5 to be used as a proxy server and connect 2 computers in each network card for testing . The problem is I cannot ping or use the 2 cards simultaneously . One must be deactivated for the other to be ping . The Network configuration panel indicate both card status as active but i can only ping the first to be activated . I have already set onboot=yes to both cards but still the same result after restarting . The nic cards are onboard - Realtek RTL8139 and pci -3com 3c905b.

View 4 Replies View Related

Red Hat / Fedora :: Fn Key Can't Work In Rhel5 With Hp Pavilion Dv2000 / Fix It?

Sep 23, 2010

I've hp laptop pavilion dv2000,
i want to control display light but fn key do not work.

View 1 Replies View Related

Networking :: RHEL5 - Can't Make ETH1 To Work Properly

May 24, 2010

I have a problem with new installed machine. i have installed RHEL5 2.6.18-92.el5xen kernel and configured 2 network cards.

DEVICE=eth0
BOOTPROTO=static
#HWADDR=xx:xx:xx:xx:xx:xx
ONBOOT=yes
NETWORK=192.168.6.0
NETMASK=255.255.255.0

[Code]...

View 3 Replies View Related

Software :: RHEL5 (Centos): Getting Gvim To Work With Mswin.vim?

May 10, 2011

in my vimrc I am sourcing the following: source $VIMRUNTIME/mswin.vim At first this file was missing, so I downloaded it from: http://ftp.twaren.net/vim/runtime/mswin.vim However when I try and open gvim I get: My first thoughts of the cause are: - version of mswin.vim incorrect? - version of vim incorrect?

Quote:
[09:12:05][root@host:/home]# gvim deploy.sh
Error detected while processing /usr/share/vim/mswin.vim:
line 46:
E121: Undefined variable: paste
E15: Invalid expression: paste#paste_cmd['i']

[Code]...

View 1 Replies View Related

Networking :: WISPr Doesn't Work \ Run FreeRadius1.17 In RHEL5 Using PEAP Authentication?

Sep 5, 2010

I tried to run FreeRadius1.17 in RHEL5 using PEAP authentication.#radiusd -X Run fine.authenticating only one user.if "user" is authenticated and second user "user2" just looping and will not authenticated. Again if "user2" authenticated "user" is looping?here the logWaking up in 4.5 seconds.rad_recv: Access-Request packet from host 192.168.0.3 port 1028, id=239, length=219

User-Name = "user"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488

[code]...

View 1 Replies View Related

General :: Access Files From Windows NT Files To The Box - RHEL5

Apr 1, 2009

how to access files from windows NT files to the linux box (RHEL5)

View 2 Replies View Related

Red Hat :: Generate Audit Log Every 6 Months

Mar 8, 2011

I'd like to know how do I rotate the audit logs under "/var/log/audit/audit.log" every 6 month. Currently I have set the parameter inside /etc/audit/auditd.conf to "KEEP_LOGS" (Previously "ROTATE" )and logs files are generated up to the size 5M and never deleted. Do I need to change inside "/etc/audit/audit.rules" file?

[root@RHEL5 ~]# more /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log

[Code].....

View 4 Replies View Related

Slackware :: How To Get The System Requirement

Jan 23, 2011

I want to switch from my windows xp computer from Slackware Linux for my home pc.I use world and excel software and videos as well to watch movies how can I open my Ms office files in it? Does Slackware support yahoo messenger with voice ? What is the system requirement for slackware,the Ram,Processor and hard disk space for its latest version?

View 14 Replies View Related

OpenSUSE :: Can't Audit Logout Events From Ssh Or Su In 11.0?

Feb 16, 2010

I am trying to setup auditing for NISPOM requirements using the built-in linux audit kernel which uses auditd and audit.rules for setup. I have been able to meet all other requirements, but I cannot find a way to audit user logout actions. My audit.rules file is listed below

Code:
#This file contains the a sample audit configuration intended to
# meet the NISPOM Chapter 8 rules.

[code]....

View 3 Replies View Related

Ubuntu :: Audit Trail Of Commands?

Jan 7, 2011

I would like to log all the commands executed (in full) by all the users or alteast myself.

package lastcomm, doesn't store full command.

View 2 Replies View Related

Security :: Audit DAEMON_START DAEMON_STOP?

Aug 24, 2010

When the audit daemon starts and stops, I see DAEMON_START DAEMON_STOP in the audit log. I don't see a rule in audit.rules about logging this event. So, I'm guessing that it's a rule that's built into the audit daemon. Can you confirm this?Also, I've been looking for a explanation of the event types that the audit daemon logs, such as: USER_AUTH, USER_ACCT, CRED_ACQ. If you know of any docs that explain this,

View 2 Replies View Related

General :: Os Requirement Info Red Hat 5,6,7 Version?

Mar 17, 2010

I did search everywhere and could not find the information I needed. I want to know :What is the system requirement (HD, RAM, CPU ) for

Linux Red Hat vs 5
HD,RAM ,CPU
Linux Red Hat vs 6
HD RAM CPU
Linux Red Hat vs 7
HD RAM CPU

View 4 Replies View Related

Security :: Getting Rid Of Certificate Requirement In MUTT

Apr 7, 2010

When running MUTT on a RHEL 5.4 box, I get the message:
------------------------------------------------------
Server certificate has expired

This certificate belongs to:

localhost.localdomain
Unknown
SomeOrganization
SomeOrganizationalUnit

[URL]

I choose "accept always", but the same message appears next time. I do not wish to have a certificate requirement for MUTT and did not intentionally set the program up to include this feature. How can I get rid of it? My second choice would be to get a new certificate, but then I have to go through this every year. I have MUTT working on two other servers and this does not happen.

View 3 Replies View Related

OpenSUSE :: Add / Setting -auth -audit In X Server

May 21, 2010

I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.

View 1 Replies View Related

Networking :: Do Enterprise Audit Of Server Environment?

Sep 27, 2010

One of our customers is looking at enterprise audit of their data center (primarily consists of Linux servers) We suggested them towards a SNMP based tool that has some limitations. Any other recommendation is welcome...

View 1 Replies View Related

Security :: Audit Compilation :audit_tty_status Missing?

Jun 7, 2010

Strange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux

View 2 Replies View Related

Server :: Kernel Audit Msg Flooding After Yum Update

Mar 14, 2011

selinux and psacct is disabled in this system (RHEL5.6 2.6.18-194.11.3.el5 SMP x86_64). After performing a yum update, the syslog is flooded with kernel audit messages (related to PAM), even though audit service is turned off. Is there a way to disable this verbosity?

[Code]....

View 2 Replies View Related

Red Hat :: Excluding Unlink To A Particular File In Audit.rules?

Apr 11, 2011

I am running RHEL 5.4 Server (32-bit) and have my audit.rules file set up per a template that I am required to use. There is one particular rule that audit is auditing the unlink of files. With this set, my log files are filling up very fast, as there is a particular app that constantly touches/ deletes a couple of files, which the unlink is catching. Here is the audit rule:-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k deleteI commented out the "-S unlink" and my logging returns to normal (as expected). For right now, I was wondering if there was a way to set this rule up to exclude these couple of files from what auditd is capturing?

View 1 Replies View Related

Fedora :: Requirement For Updated Software To A Reboot?

Feb 19, 2010

I am relatively new to Fedora and appreciate it is intended to be a bleeding/leading edge distribution but the continual requests to reboot the computer after updates is intrusive and seems rather odd for a unix operating system. It is often not clear to me why it is necessary when I look at the names of the items triggering the request.

View 10 Replies View Related

OpenSUSE Hardware :: Minimum RAM Requirement For 64Bit?

Jul 5, 2011

I recently installed openSUSE 11.4 64Bit on my desktop computer and it is running like a breeze! I have an Intel Dual Core 2.5 and 2GB of RAM and a NVIDIA 8400GS 256MB display card. I just want to know if 2GB of system RAM would be sufficient to run a Windows XP VirtualBox with 768MB of RAM assigned to it? PS - openSUSE is still the best of the best!

View 3 Replies View Related

General :: Compile The Kernel 2.6.35 As Per Project Requirement?

Dec 23, 2010

I have Debian 5 machine on which I want to compile the kernel 2.6.35 as per my project requirement.

View 6 Replies View Related

Slackware :: Option To Disable The Cookies Requirement?

May 11, 2011

I can manage my printer through the web browser interface in 12.2 without cookies but in 13.1 I need to allow cookies.

When did CUPS start requiring cookies to be enabled to use the web browser interface?

Is there an option to disable the cookies requirement?

View 4 Replies View Related

OpenSUSE Install :: Audit And Delete Unwanted Rpm Packages?

Jul 7, 2010

how to audit and delete unwanted rpm packages. how to back up repository list from YaST2.

View 5 Replies View Related

Red Hat / Fedora :: Excluding Unlink To A Particular File In Audit.rules?

Apr 11, 2011

I am running RHEL 5.4 Server (32-bit) and have my audit.rules file set up per a template that I am required to use. There is one particular rule that audit is auditing the unlink of files. With this set, my log files are filling up very fast, as there is a particular app that constantly touches/ deletes a couple of files, which the unlink is catching. Here is the audit rule:-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=500 -F auid!=4294967295 -k deleteI commented out the "-S unlink" and my logging returns to normal (as expected). For right now, I was wondering if there was a way to set this rule up to exclude these couple of files from what auditd is capturing?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved