We have setup a separate partition to keep our audit files, but I am at a loss to figure out how to redirect the log files to be stored there instead of the default.
I am sure it is a simple matter but I have been unable to locate the information.
Quote:
alexander@osiris:~$ uname -a
Linux osiris 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux
I tried to change the sys_call_address to another location in memory. The result was an OOPS!
sys_call_address is of course not exported, so I found it using:
Quote:
grep sys_call_table /boot/System.map-2.6.31-14-generic
c0577150 R sys_call_table
My kernel prog looks like:
Code:
#include <linux/string.h>
#include <linux/smp_lock.h>
#include <linux/init.h>
#include <linux/module.h>
[Code].....
Is it possible to change the location that the journal files are created. By default, they are created in the same location that the zone files are.
View 4 Replies View RelatedWhen the audit daemon starts and stops, I see DAEMON_START DAEMON_STOP in the audit log. I don't see a rule in audit.rules about logging this event. So, I'm guessing that it's a rule that's built into the audit daemon. Can you confirm this?Also, I've been looking for a explanation of the event types that the audit daemon logs, such as: USER_AUTH, USER_ACCT, CRED_ACQ. If you know of any docs that explain this,
View 2 Replies View RelatedStrange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies View RelatedI ran a test where I filled up the /var partition. The disk_full_action in auditd.conf is SUSPEND. I was expecting to see a message in /var/log/messages to indicate that the audit daemon was suspended because it did not have any space left on the partition.Why didn't I get these messages? Also, how can I tell if the audit daemon is suspended?
View 4 Replies View RelatedI am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code:
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny
I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
[code]....
I'm using RHEL 5 with the Enhanced Security. Using the suggest NISPOM Red Hat documented settings (located on the system; copy - paste) I have managed to audit failed file open accesses however, this setting only retained if I enter it at the command line (/sbin/auditctl -a ). If I reboot the system or restart the service all my -a (not -w) located in the /etc/audit/audit.rules are not retained.
View 6 Replies View Relatedwhat files does firestarter change? I would like to know so I can look at the files so I can learn to do the same thing without firestarter.
View 3 Replies View RelatedI've been using Ubuntu for a few years and I am having issues trying to load .jar files and .exe files in Wine. I keep getting an error message that says my computer doesn't have permission to load these files. I've done some research and found people saying to enable the file as executable in the files properties, to enable executable in the permissions folder, and to allow source code on the Ubuntu Software screen, but whenever I try to check these boxes, they immediately revert to having a line through them instead. I remember when I was running Ubuntu a few years ago I was able to completely disable this restriction in terminal, but I can't remember what I did.
View 5 Replies View RelatedI'm playing around with iptables on Ubuntu 10.04 Beta2.
[Code]....
That's what I got so far. Accoring to iptables man pages: "/proc/net/ipt_recent/* are the current lists of addresses and information about each entry of each list." There's nothing like that there on my Ubuntu installation. There's a file that's called /proc/net/ip_tables_matches. However, it doesn't contain the information I'm looking for. It contains:
Code:
udplite
udp
tcp
recent
state
icmp
where I can find the file where iptables stores the matching IPs? Also, can anyone verify that I have put the rules in the right order for them to work?
how can I configure a new "stored secret" in Seahorse? Or System > Preferences > Passwords and encryption keys, in a free translation from Brazilian Portuguese "Senhas e chaves de criptografia"? For instance, let's say I want to add a stored secret to be used with Skype: in Seahorse (Ubuntu 10.10), I clicked on Files > New > Stored secret, select the "login" keyring, type "Skype" in the description field and my skype password in the "Password" field and finally click "Add". But when I right-click the new secret > Properties, I can't change or type anything in the "Details" or "Applications" tabs, So, how can I inform Seahorse how, when or with what should it use my secret?
View 2 Replies View RelatedAs I am a paranoid bastard, I made a bash screencap-script for my Ubuntu-computer, so I can check if anyone uses my computer for things I don't want them to do (eg. checking if anyone is viewing passwords stored in FireFox, looking at private files, or other things I find disturbing). There might be other people than me that is paranoid and want to monitor what's going on on their computers while they are away or letting someone else use their computer when going to the bathroom.
This is a small script, I'd like to hear if there is any improvements that can be done, so I can learn more and become better at such scripting.
The script requires Imagick (sudo apt-get install imagemagick) and a folder in the ~-directory (/home/username) called ".screen" (hidden, as this makes it more difficult to "intruders" to find it and it looks more like a system-folder than a monitoring-folder).
The script:
Code:
#!/bin/bash
i=1;
j=`date`;
user=`whoami`;
[Code]....
Add this script to /usr/local/bin and then go to keyboard-shortcuts in GNOME and add a shortcut-key-combination of your own choice for the script. Call it whatever you'd like, and the command you want to run is simply "screen". To add a shortcut for stopping the script, you add another shortcut-key-combination to the command "killall screen".
This enables you to monitor activity on your computer while you're away, saving png-screenshots of your desktop every three seconds in the folder /home/username/.screen/date.
NOTE: I'm not taking any responsibility for what you do with this script. Remember that monitoring someone's activities is never the right way to handle anything. Also, it's illegal many places. Take care and use it only for educational and testing purposes.
I run debian squeeze. I use apt-get install openjdk-6-jdk. But I do not understand how I can figure out where the files are stored?
View 1 Replies View RelatedWhere are temp files stored in SuSE 11.0? I am trying to find all of those videos and .jpgs and other miscellaneous files I've downloaded in the past, and which are now only taking up space on my hard drive. I'd like to clean out all of that. I have looked in both /tmp and in /.kde but don't see what I'm looking for.
View 9 Replies View RelatedIf anyone of you guys could tell me where does ubuntu saves user prefference/settings/application settings/menus/themes all that effect only user loged in so i can transfer all of this to another account and have them be the same. Or maybe there is an app for that ?
I setup my ubuntu to have no users and only root account, but i found that its not made to work correctly with being root at all times, so i created an account and want to export my root prefferences to newly created account, just like i could with windows by exporting files/registry keys etc.
I have machine that I used to VNC to on my network with Remote Desktop Viewer from my Fedora 12. When I first connected I checked the checkbox that I wanted to store the pw. Now the pw on the other machine has changed but Remote Desktop Viewer does not ask for a new password, it just gives me a black screen, like I am connected but I can't see anything. I'd like to know if anyone knows where this pw data is stored on the system so I can start fresh. I already tried uninstalling Remote Desktop Viewer and installing it again.
View 1 Replies View Relatedcan I change the ECC code for a block of a file stored on a flash drive by any means ? of a file stored on a HDD (though I don't think there would be a difference between the two)Maybe , through some hardware interrupts or anything like that?Also if possible I need the solution to be in C/C++.
View 4 Replies View RelatedDebian 8 faild to boot normally, thowing several screens of error messages. Then it suggested to enter root pw and do some maintenance, and upon accepting my root pw it booted me into command line.I guess, those screens of errors are saved to some log files - if this is the case, in which files shall find it?I tried:
/var/log/syslog - an endless file, yet the records end at 28/12/2015
/var/log/dmesg - same
/var/log/boot.log - not there
3.State what kinds of files are stored in the following directories. Give any ONE file that can be found in these directories.
a. /etc/
b. /proc/
c. /sbin/
Im gona install some ubuntu PCs, but the question is for dont update the N computers via web, what I need to copy from the first PC to the others for launch a program in the other N-1 PCs and have updated all (without run download on the N-1 PCs).
View 1 Replies View RelatedIn Karmic, where is the temporary file stored of a video like ..... after it is played?
View 1 Replies View RelatedI am trying to install Lubuntu 10.10 in a VirtualBox 3.0.14 guest on Mac OS X 10.4 with the hopes of getting Guest Additions installed and working.
From prior experience I tend to go through the install process more than once which involves downloading the updates and any necessary apt-get files multiple times.
So, where do these files get stored? I would like to then save them to a separate disk mount, so I can use them on a subsequent install...which is second question...how can do that?
I am new to Linux. I was running Ubuntu 10.04. While downloading software, one of my downloads changed changed my OS to Xubuntu. From browsing the available software, I surmised(wrongfully it turned out) that files starting were X files. In Synaptic, I deleted all files starting with X. This I found is a form of hari kari. When I boot up now, I have a choice of straight to Ubuntu or "Help" mode. If I boot up straight, I get to Ubuntu logo and it hangs up running the dots between red and green and I give a warm boot to restart. If I choose the "Help" route, I go thru what a windows user would call DOS commands or activity. At the end of whatever it is doing, it asks for user ID and password. I give it those and I am given a command line. I don't know what to do with this. I would like to access my stored files and save them. If nothing can be done to save them, I will just start over by reinstalling 10.04. BTW I am running 7.1 from an old boot disc. Is there some way that I can retrieve my files?
View 8 Replies View RelatedI would like to use a nas to store my web site files. Can Apache be configured to serve web files from the nas?
View 4 Replies View RelatedDoes anyone know where the files downloaded from the Ubuntu One Music Store are stored?They are not in the Music folder or anywhere else in my home folder that I can determine, yet Rhythmbox sees them. I noticed that in the Rhythmbox preferences I can no longer specify one specific folder as a watch folder (it defaults back to "Multiple Locations Set"). I'd like to transfer the files I bought to a flash drive, but cannot find them.
View 9 Replies View RelatedSyslog is used to store simple log files or we can manage them too? Well, the thing is, that I need to run a software (like syslog) to collect my logs and put them in order and organize them so it makes them "understandable". I have been told that syslog can do the job and that it doesn't need a complex configuration to work.
View 12 Replies View RelatedIs there a method at the command line to copy files from one location to another and retain the source files group and user?I'm migrating some MySQL files from one machine to another.I want to back-up the original files in the directory presently. They have owner:group of mysql, some have owner:group root:mysql and so on. To copy them under cli or Nautilus everything changes to root for I execute sudo cp or gksudo nautilus and copy via gui.
Since it is MySQL data I could simply do a dump of the database and restore it on the other machine. But there's about 20 db's and I want to do this via a copy for it will be faster - at least that is what I think.
I have an ubuntu (8.04.3) server where I use bacula to make backups of the files stored on the server. Ive been trying to find a solution (with no luck) trying to succesfully implement the following:-
A Backup tape for each day of the week besides Thurs which is resused on a weekly basis. For the thursday tapes we have a backup tape corresponding to the week number that the thursday falls so for the first thursday of the month it would be ThursOne For example. These tapes are resued on a monthly basis. We then have a monthly tape that is used on the last thursday of the month. These tapes will be resused on a yearly basis.
Another requirement is just in case a tape is accidently not changed a backup should still occur regardless of what tape is in the drive (so if its tuesday and mondays tape is still in the tape drive it should rewrite that tape).
I did have this successfully set up where the tape was appended after each use rather than being recycled after the nightly backup. But then after a few weeks I would have to manually purge tapes when they became full (which isnt ideal - as Im not always in the office so in my absence it may be that a backup may not take place), so have been playing around and have now got the tapes to be marked as used after a max of 2 jobs (so the backup of the files and the catalog of the night). I also added this line 'Recycle Current Volume = yes' so that it would hopefully recycle the volume in the drive.
However what I am finding is that the tape that should be recycled is not, but in yesterday case the Mondays tape was recycled rather than the Tuesday although Mondays was the last written so Im not even sure why it choose to recycle this tape.
Want know the location of the Clamd service database, and also know the extension of these database fies.
View 2 Replies View Related