I ran a test where I filled up the /var partition. The disk_full_action in auditd.conf is SUSPEND. I was expecting to see a message in /var/log/messages to indicate that the audit daemon was suspended because it did not have any space left on the partition.Why didn't I get these messages? Also, how can I tell if the audit daemon is suspended?
View 4 Replies
When the audit daemon starts and stops, I see DAEMON_START DAEMON_STOP in the audit log. I don't see a rule in audit.rules about logging this event. So, I'm guessing that it's a rule that's built into the audit daemon. Can you confirm this?Also, I've been looking for a explanation of the event types that the audit daemon logs, such as: USER_AUTH, USER_ACCT, CRED_ACQ. If you know of any docs that explain this,
View 2 Replies View RelatedStrange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies View RelatedWe have setup a separate partition to keep our audit files, but I am at a loss to figure out how to redirect the log files to be stored there instead of the default.
I am sure it is a simple matter but I have been unable to locate the information.
I am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code:
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny
I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
[code]....
I'm using RHEL 5 with the Enhanced Security. Using the suggest NISPOM Red Hat documented settings (located on the system; copy - paste) I have managed to audit failed file open accesses however, this setting only retained if I enter it at the command line (/sbin/auditctl -a ). If I reboot the system or restart the service all my -a (not -w) located in the /etc/audit/audit.rules are not retained.
View 6 Replies View RelatedTo create a daemon, you need to execute these 2 lines (among others):Code: init log
umask 0 What do each of these do?I didn't find anything on the 1st line. (The queries returned mostly "the log of the init (process)".)Google cast some light on the 2nd line: By setting the umask to 0, we will have full access to the files generated by the daemon. Even if you aren't planning on using any files, it is a good idea to set the umask here anyway, just in case you will be accessing files on the filesystem.
I have an Acer Aspire Netbook running a dual boot with Xp and Ubuntu Netbook Version (Lucid Lynx if I am not mistaken?) Anyway I plan on selling this netbook and I need to remove the Ubuntu Partition and go back to just a full Windows Xp partition with it's recovery partition also.
View 2 Replies View RelatedSo I tried adding a new, 2nd hard drive to my Ubuntu 9.04 desktop for some additional storage and only managed to kill my system so that it won't boot up anymore (I just get a blinking cursor after the BIOS does its thing).I could sure use a little help getting back to a functioning system, and then adding the second drive. I tried following the instructions from this link to add the 2nd drive:
(So the forum rules won't let me post the link, neato. Here it is with spaces added):
h t t p s : / / h e l p . u b u n t u . c o m / c o m m u n i t y / I n s t a l l i n g A N e w H a r d D r i v e
[code]....
Do you know guys are there any good reliable Internet security or Anti virus software for ubuntu OS? Don't tell me linux is virus free os. I have dual boot PC so i want some security suite for that?
View 11 Replies View RelatedI have Ubuntu 10.04 configured to login with Kerberos (as in [url]). Everything works fine, except gnome-keyring-daemon:
-If I login with a local user, gnome-keyring-daemon works right. Besides, the keyring is automatically unlocked with the login password.
-If I login with a Kerberos user:
- The session startup is considerably slower.
- /var/log/auth.log says something like:
Code:
- If I execute a program that needs the gnome-keyring (like Evolution), is desperately slow, and it says:
Code:
Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
- If I kill all gnome-keyring-daemon (killall gnome-keyring-daemon), start a new one (gnome-keyring-daemon), and restart the application that uses the gnome-keyring, it works fine, but it ask me for the password to unlock the keyring (I think that this is the normal behaviour if gnome-keyring-daemon did not start before).
I have seen the configurations in /etc/pam.d and everything looks fine (with pam_gnome_keyring.so). Indeed, I think that if something was wrong here, the local user would not have the keyring unlocked automatically.
I'm trying to modify an existing user so that any files they create can be at least read (although writing and execution would be nice) by any other user. The reason is because I need the daemon running my Apache server to be able to access files created by a daemon running under this user, files which will be created and accessed in real-time.
View 3 Replies View RelatedI have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
the rules file has the following lines
Code:
ACCEPT$FWnettcp60000:60035
ACCEPTnet$FWtcp60000:60035
ACCEPT$FWnetudp51413
ACCEPTnet$FWudp51413
[Code]...
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
So I reinstalled ubuntu on my laptop, but my partition is full while it isn't. I launch baobab, it says I got 4.48 GB free of 60GB while there are only 27GB files on my partition. Here is my partition set-up if it's useful:
-PQSERVICE 12GB free 3.52GB
-DRIVE 1 142GB free 25GB
-DRIVE 2 71GB free 28GB
-Ubuntu 63GB free 4.48GB ?????
-swap 1GB
-SWITCH 6.5GB free 6.3GB
I have a Acer Aspire 7730ZG laptop, I don't know what else I should give for information.
Got problems with apt. So I discovered if I remove some stuff from root partition apt works normally again.
So I tested to copy 1GB file to root, but in the middle says disk is full, but there should be 1.8GB free if I type df -h.
Code:
Select alldf -h
Filesystem Size Used Avail Use% Mounted on
rootfs 4.0G 2.2G 1.8G 56% /
tmpfs 10M 4.0K 10M 1% /dev
/dev/md0 4.0G 2.2G 1.8G 56% /
tmpfs 492M 0 492M 0% /dev/shm
[Code] ...
df -h reports that my /var partition is full..
Filesystem Size Used Avail Use% Mounted on
/dev/sda6 2.0G 1.4G 454M 76% /
/dev/sda1 99M 16M 79M 17% /boot
/dev/sda2 9.7G 2.2G 7.1G 24% /usr
/dev/sda3 7.7G 7.4G 0 100% /var
/dev/sda7 989M 17M 922M 2% /tmp
/dev/sda8 52G 9.0G 40G 19% /home
none 493M 0 493M 0% /dev/shm
[Code]....
Does anyone know of anything that might be on the /var partition and taking up space that I can't see, or just why df -h is reporting that it's full?
I have a total of four partitions on my Ubuntu 9.10 (Karmic) system:
sda1 = /boot
sda2 = /
sda3 = swap
sda4 = /home
My boot partition is 94 MiB which I was recommended would be more than enough space. Turns out my /boot partition is full and I now get a message every time I log into Ubuntu saying, 'The volume "boot" has only 0 bytes disk space remaining.' Also after installing GParted to check up on my partitions I got the following error in apt-get:
Code:
Setting up gparted (0.4.5-2ubuntu1) ...
Setting up kpartx (0.4.8-14ubuntu2) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for initramfs-tools ...
[Code]....
I have no experience messing around in my /boot partition besides modifying GRUB. I think most likely I just have too many kernel versions installed in the /boot partition?
I few months ago I was forced to do a fresh clean install of Karmic becasue my root partition (then 80 GB) was full. I shooulkd have used a LiveCD to resize partitions then but I didn't so when I installed Karmic this time I ended up with a 160GB partition for /.Color me surprised when last night I got a message that / was at less than 5% free space.
1. I routinely do a apt clean so the cache is not an issue.
2. I do not store backups on /. I use rsnapshot to same backup on an external hard drive.
3. I use Virtualbox but all my hard drives (VDI) are on /home.
ubuntu 10.04
kernel 2.6.36
Code:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 17301912 4858836 11564180 30% /
proc 0 0 0 - /proc
none 0 0 0 - /sys
[code]....
Code:
hb lost+found
"home" is partition with 8gb
"hb" is my space With baobab disk usage analyzer the size of "hb" folder = 1.8 gb
Why partition home is full
I am having trouble logging into my ubuntu 11.04 desktop. When I type my username and password to login my screen goes blue, as if it is going to next show my desktop wallpaper, but then it loops back to the login screen. I had no idea why and so I went to ALT-F1 and typed in "df" and it turns out that my root partition is full. This is strange since I set aside 40GB for it and I didn't install anything or that many programs that would fill it up. Anyhow, is this fixable by booting to a live cd and using gparted to make root bigger or is there a better way to fix this?
View 6 Replies View RelatedI have a 10gb partition I use for data. The /home is there, and I mount any other data partitions (like /music stuff) onto /data. These other mounted partitions add up to something like 60gb of diskspace, but since they're just mounted on /data, I believe they only take up 4096 bytes per mount point.
Some time ago, I found that the /data parition was full. There was only 330mb of data in /home, so I was perplexed. I found a cache dir under .opera that reported itself as having 132TB (yes, that is terrabytes) of files. I thought deleting the offending directory was the answer, so I deleted that cache dir and every file or subdirectory in it, but the /data partition is still like 99% full. I am a wee bit confused.
This very full /data partition is my only jfs partition. The other mounted filesystems are either ext3 or ntfs. Is it possible that the journal of this filesystem is corrupted? Or is hidden somewhere on the /data parition, taking up a bunch of space? (I obviously don't know enough about filesystem to know whether or not this is a likely scenario.) Is it possible to zero out (or delete and re-create) the journal, if so? The only other thing I can think of is to move all the /home data off, delete the partition, then re-create it and move /home back. I will do that if need be, but I'd rather learn something from the experience, weird as it is.
I do know about cold boot attacks. But I ran across a couple of posts/websites that had me wonder if it is possible, without the passphrase, to just remove the encryption?
View 4 Replies View RelatedI recently installed Lenny and used the "Guided - Use Entire Disk" option.I made separate partitions for root, /etc, /var, /home, /usr and swap.I trusted that the auto partitioner would choose sensible sizes but possibly that was a bad move, root is only 340Mb and is full.
View 8 Replies View RelatedI mount /home on its own partition that it is 20GB wide.I used 8GB in /home/b. /home contains just /home/federico & /home/lost+found (which appears to be empty).Strangely the partition appears to be full. I kept deleting files (and deleting also the Trash) but after I while my partition was full again.I do not use a swap file on this partition.
View 2 Replies View RelatedI have Ubuntu installed on my Macbook Pro but when I am mount my mac partition by clicking on it in Nautilus some of my user folders are not accessible unless I start Nautilus as root. Is there a simple way for me to make these folders accessible?
View 1 Replies View RelatedI am running Lucid server (for a Moodle install) and have sucessfully mounted a cifs partion that resides on a Win 2008 Server to be used for backup purposes.I fist tried using Webmin to backup files but have subsequently also tried using rsync.Whatever method I try to use to copy files across I am getting an error "No space left on device 28", yet the Windows partition has over 800Gb free. The root partition on my Ubuntu server also has over 25Gb free. I have also checked /tmp and /var/tmp and am unable to find anything that might cause the problem. The Windows share is mounted as follows:
//windowsserver/share$ /mnt/backup cifs credentials=/pathto/.smbcredentials,rw 0 0
Is it possible to write a script for getting an automatic alert when a particular partition is full ?
Should we use crontab for this ?
Is any template is available in net for above scenario ?
is it possible for malware to survive a full reformat (ie... dd /dev/zero,urandom,zero?I'm for some reason worried that my android based phone, PS3, XBox 360, Routers, and/or TV can somehow be infected with malware as they were hooked up to my network..Is this possible? And does Factory Resetting or Hard Resetting clear all data on the device and reset it entirely? If so, how does that work? Is there a specific storage chip on the device that cannot be written to and only read for when a hard reset is requested?
I'm aware that this sounds outlandish but I've got a severe paranoia for some reason and would like peer advice on how to resolve this and get some peace of mind.
Is it possible to encrypt the entire drive and not be prompted for the passphrase?
I have a request for a demo of our application and I am looking to create a virtual for VMware's player but need to make sure that the vmdk file cannot be mounted and files pulled from it to protect us from reverse engineering of the application.
For some reason I can't find any documentation re: the algorithm(s) used by Ubuntu to encrypt the filesystem... Anyone know what it is?? AES?
View 2 Replies View Related
