My system started running at 75 % CPU (its normally 20%), so I opened a terminal and looked at 'top', there are many processes running as root, the one thats sucking the CPU is this:'user'- root, 'pid'-2963, 'command'-X. below that there are a few processes of my user account, then alot more 'root' processes.
View 2 RepliesI have an auditing problem. I am required to be able to track user account modifications (creates, deletes, password changes, etc.) My team and I implemented auditd 1.7.17 and borrowed an existing rule set from /usr/share/doc/audit-1.7.17/nispom.rules. What we're seeing is that user account activity from the command line is retrievable by doing an 'aureport -m'. However, doing the same through the GUI, 'aureport -m' does not display the activity. So I have two questions:1. Is there another location I should be looking to find the user creation activities when using the GUI?2. Is there a way to make the activity using the GUI be captured in /var/log/audit/audit.log so 'aureport -m' can report it?Someone suggested a PAM configuration change, but was not able to tell me what change to make.
View 3 Replies View Relatedi am investigating on solutions to trace a file deletion on a computer( Linux O/S).i also need to determine weither after a file deletion or download on a computer, the computer clock had not been modified. In case a file has been downloaded on a computer and then transferred to a removable device, i need to find out the file activity. i mean i should be able to tell that the file was downloaded and transferred to a device with possible specifications.
View 2 Replies View Relatedi still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?
View 9 Replies View RelatedI'm getting a lot of mail messages with not really any information (that I get anyway) but things like:
@312>
W266>
I372=
[code]...
I was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.
password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass
[code]...
I am interested in making the root file system is read-only. I've moved /var and /tmp file systems to another partitions. There are two files in the /etc directory that need to be writable.
These are:
I've moved this files to /var and linked it. I've added command to the /etc/rc.d/rc.local file:
That's it. Are there other solutions to make the root file system is read-only?
For a month or so now, I have been enabling ssh and opening port 22. I cron'ed the start and stop commands to leave them open only a few hours a day. After a bit, I checked my logs to find that some IP or another was attempting to brute force my root account.
I took little real threat by the offense.
(1) my system does not allow root to login and
(2) it would cut them off sooner than later when my system issued the stop command.
fast forward
Today I log in to find that all of my log files, as viewed from the gnome log file viewer, were empty of entries from about noon yesterday and prior.
Though I haven't noticed anything at all out of the ordinary with my system, I would like to get more opinions on the matter. Would there be any conceivable way that this was an automatic system routine, a clean up action of something? Additionally, if I was indeed the victim of a hack, what can I do to further protect my system (keeping in mind that I do want to access my system via ssh from time to time)?
I'm going through the linux hardening checklist, and the only bit I'm having trouble with is how to configure syslogd to email daily reports to my email. my mta is postfix
How do I do this? Or should I ask... where is the HOWTO?
I'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
View 2 Replies View RelatedI have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
I recently ran a rkhunter check and in my log i have found some very odd (to me at least) reports.
/usr/bin/last [ Warning ]
Warning: The file properties have changed:
File: /usr/bin/last
[code]....
I see these activities logged on a fairly regular basis in /var/log/auth.log and was wondering if this is normal activity?
firefox: gethostby*.getanswer: asked for "ftp.cs.rose-hulman.edu IN A", got type "DNAME"
The format is always the same, though sometimes the address is a regular Internet site.
I got the following task from my boss. I have to find out if there is some alternative tool for create reports from Squid except SARG. Now, we use SARG, but my boss told to me, that the main problem of SARG is, that SARG generate huge amount files, which cause problems during migration our servers. He told to me the following condition for change of current tool (SARG):
* standard package of Debian
* generate less amount of files, optimal is to save reports to the database
So I would like to ask you if you know about some tool (I can not find some by google)... and the best would be if you told to me some practical experiences.
I have been trying to use my DS2490 USB to serial device with a Maxim .DG1921G thermocron with owfs. It is supposed to give me access to a virtual file system for the thermocrom without needing to launch owfs as root.
Code:
/var/log/messages gives:
Feb 8 16:22:45 norman-HP-G56-Notebook-PC kernel: [ 236.140141] usb 5-1: new full speed USB device using ohci_hcd and address 2[code]....
but if ds2490 module is loaded it works when run sudo.It seems from this that it is a lack of permissions to USB but I have tried all the methods on at http://owfs.org/index.php?page=udev etc. to overcome this and a few others but none work.I am running Ubuntu 10.10 kernel 2.6.35-22-generic #33-Ubuntu SMP
I have Karmic installed on three different computers (work, home and laptop), but on my home desktop there is a strange performance problem. During disk activity it sometimes becomes completely unresponsive. The mouse cursor doesn't even move. It actually seems fine when it first boots up, but it gradually gets worse as I use the computer for a while until it eventually becomes completely unusable. I'm only having trouble on the one system.The drive in the system is SATA, and I already checked to make sure DMA was on. It is a x86_64 kernel.I tried adding noapic to the kernel boot line after some googling, but it seemed to have no effect
View 4 Replies View RelatedI am working on a program lets say programX which must run when the computer is not in use. I want to develop a monitoring program to monitor if there is user activity on the system so that it can stop the programX from running when the user is using the system and start programX when there is no user activity. Is there a way to determine this in linux?
View 4 Replies View RelatedSystem activity monitoring tools - top, iotop, ntop, sar, collectl, etc - may be a good reference to judge the system activity when the system transitions to sleep state.But if I make the system transition to sleep state when i/o activity is zero during 15 minutes, for example, it won't sleep forever because slight i/o by daemons, etc occurs continuously even if no user i/o.So how can I judge the system activity to change the state by using those tools?
View 4 Replies View RelatedIve tested this on 2 different machines each running Fedora 15. If I try to install gnome-schedule the system reports nothing to do or that the software is already installed. If I try to remove it the system reports that gnome-schedule is available but not installed. Anyone know how to approach this?
View 2 Replies View RelatedCurrently and for the last half an hour System Monitor reports 31% in use by programs 68% in use by cache
So my 1GB of ram is maxed out. Things are kind of slow but not crawling (though at times, simple things like scrolling are stalled)
But it reports Swap: 0% in use.
Seems confirmed by the following:
Code:
$ free -m
total used free shared buffers cached
Mem: 993 967 26 0 82 560
-/+ buffers/cache: 323 669
[Code]....
I keep noticing disk activity every roughly 1 to 3 seconds even though there is "nothing" going on. Of course, I run a number of "system" and "user" application packages - Apache2, MySQL, Browsers (Opera, IceWeasel), an SMB client and server, OpenOffice 3.0RC8 being the most prominent ones. I wonder what might be the cause for this constant disk activity which happens even when none of the applications do any noticeable work at all. Is there a way to determine the process that does those disk read/writes?
View 6 Replies View RelatedJust after I boot up I get this wierd HDD activity that lasts for some time during which my system runs at snail Pace and or Hangs. After a while the activity stops and things are good and then randomly it all starts again. I have read some forum post on constant HDD activity but they do not seem to apply to my problem. I am Running 11.3 with a quad core AMD 64bit CPU and 4GB of memory.
View 9 Replies View RelatedI'm running Slackware 13 with a custom kernel based off of 2.6.32.3. I tend to leave my system on 24/7, as well as my web browser. Originally it was Firefox and now it is Google's Chrome. Usually about a day of leaving the web browser open my HD activity spikes so high that I can barely do anything on the system until I kill the web browser. This has been happening with both Firefox AND Chrome! As soon as the browser processes are killed, the system returns back to normal.
View 10 Replies View RelatedJust the last day or so, I've noticed a long pause when I boot my laptop, with lots of disk activity. dmesg says:
[Code]...
Why would there be a 15-second pause (during which the disk is slammed) between mounting root and mounting swap? During this time I see nothing but a blank purple screen, there are no cycling dots or text scroll. Is this normal and I'm just freaking out over nothing because there's no indicator of progress? GRUB default boot options: quiet splash nomodeset video=uvesafb:mode_option=1920x1200-24,mtrr=3,scroll=ywrap vt.handoff=7
I tried to do a scheduled software update several times today (8/20/11) and nothing seems to download, though I do get the "Downloading" PackageKit dialog message (the System Monitor shows practically no network activity). In between tries I downloaded some 600 MB .iso files (about 10 minutes each) so I know my internet is working properly. That leaves either PackageKit got hosed in my last update, or servers are down.
View 2 Replies View Relatedwant to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies View RelatedI run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies View RelatedHaving read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedWhenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies View RelatedI found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.