Security :: Use Of System-config-users Not Capturing Activity?
Dec 15, 2010
I have an auditing problem. I am required to be able to track user account modifications (creates, deletes, password changes, etc.) My team and I implemented auditd 1.7.17 and borrowed an existing rule set from /usr/share/doc/audit-1.7.17/nispom.rules. What we're seeing is that user account activity from the command line is retrievable by doing an 'aureport -m'. However, doing the same through the GUI, 'aureport -m' does not display the activity. So I have two questions:1. Is there another location I should be looking to find the user creation activities when using the GUI?2. Is there a way to make the activity using the GUI be captured in /var/log/audit/audit.log so 'aureport -m' can report it?Someone suggested a PAM configuration change, but was not able to tell me what change to make.
View 3 Replies
ADVERTISEMENT
Jan 17, 2010
My system started running at 75 % CPU (its normally 20%), so I opened a terminal and looked at 'top', there are many processes running as root, the one thats sucking the CPU is this:'user'- root, 'pid'-2963, 'command'-X. below that there are a few processes of my user account, then alot more 'root' processes.
View 2 Replies
View Related
Aug 9, 2009
I never upgrade from one release to the other but rather do a completely new install. How can I keep my Gnome settings from the current release and somehow impose them after a new install. I am not sure which files/hidden files I should carry, save, possibly to a USB stick or whatever and a reasonable procedure to copy/impose them after the new install is stable.
View 5 Replies
View Related
Jul 24, 2010
where are the "System Log Viewer" config files stored? I know most have been moved into /var/rsyslog.d/ folder but where are the users config file stored? I restored my local /home to a fresh install and the Log viewer is looking for log files from the OLD install.
So there must be a config file somewhere in /home/$user that the system log viewer is reading from as well as the rsyslog.d folder...
View 1 Replies
View Related
Nov 5, 2009
when I open this it opens up greyed out for a split second then closes.I started it in a console ,it did the same but the following was left in the terminal
Code:
[tytower@localhost ~]$ system-config-users
Traceback (most recent call last):
[code]...
View 2 Replies
View Related
Jul 14, 2009
I have a Samba File Server that can authenticate users in my Windows AD to log into the server. Anyways, I have a good amount of Windows Admins on staff but our org wants to cut budget so our first "slash" as it were is cutting down the actual Windows based File Servers.So my question is, now that I have this test server up and authenticating for logins using Windbind....is there a way I can get system-config-samba to "see" winbind users and groups so that file servers can still be "point and click" for my Windows Admins?
View 3 Replies
View Related
Oct 19, 2010
i am investigating on solutions to trace a file deletion on a computer( Linux O/S).i also need to determine weither after a file deletion or download on a computer, the computer clock had not been modified. In case a file has been downloaded on a computer and then transferred to a removable device, i need to find out the file activity. i mean i should be able to tell that the file was downloaded and transferred to a device with possible specifications.
View 2 Replies
View Related
Aug 16, 2011
I plan to use newsbeuter for console RSS reading.This program has a config text file where I need to store my Google account password,in order to access my Google reader.I don't feel easy at making my password readable to everyone.Is there anyway I can somehow encrypt this information ?
View 1 Replies
View Related
Sep 1, 2009
I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".
View 6 Replies
View Related
Mar 22, 2010
How to monitor web access activity in the lan without creating any inconvenience to the end users? Could any one say is there any software tool?
View 2 Replies
View Related
May 2, 2010
I wanted to know is there any way to monitor (I mean log)all of the activity of the users that logging in a server (as root) for example:
1.when do they logging in
2.what commands do they use at what time ( I know that history command do somehow the same but it does not save all of the activity of users exactly with the time of that activity)
3.which one of them installed which package on the server
4.what did they copy or move at what time and summery all the activity that each of them do on the server individually.
View 1 Replies
View Related
Jan 23, 2011
Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
[code]....
View 1 Replies
View Related
Nov 5, 2010
What methods exits to restrict which directories a user may browse on the filesystem. I want to prevent php scripts from being able to view system files. I've seen two solutions, but neither are satisfactory:Chrooting a directory that the script is in, but this requires that all the necessary php libraries/files are moved/copied into the right place relative to the chroot directory. I don't feel that I have the technical ability to achieve this.Putting php into safe mode and disabling *nasty* php functions. But this is ineffective if just one obscure *bad* php function is missed.
View 5 Replies
View Related
Jul 17, 2010
Is there any way to capture the "[OK]" or "[FAILED]" messages? I would like to know which daemons starts successfully and which ones fails. Any way to tell the system to save those messages in /var/log? I could do CTRL-Print Screen but I would rather not.
View 1 Replies
View Related
Jan 2, 2010
I recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies
View Related
May 19, 2010
I see these activities logged on a fairly regular basis in /var/log/auth.log and was wondering if this is normal activity?
firefox: gethostby*.getanswer: asked for "ftp.cs.rose-hulman.edu IN A", got type "DNAME"
The format is always the same, though sometimes the address is a regular Internet site.
View 9 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Mar 15, 2010
I have Karmic installed on three different computers (work, home and laptop), but on my home desktop there is a strange performance problem. During disk activity it sometimes becomes completely unresponsive. The mouse cursor doesn't even move. It actually seems fine when it first boots up, but it gradually gets worse as I use the computer for a while until it eventually becomes completely unusable. I'm only having trouble on the one system.The drive in the system is SATA, and I already checked to make sure DMA was on. It is a x86_64 kernel.I tried adding noapic to the kernel boot line after some googling, but it seemed to have no effect
View 4 Replies
View Related
Feb 22, 2010
I am working on a program lets say programX which must run when the computer is not in use. I want to develop a monitoring program to monitor if there is user activity on the system so that it can stop the programX from running when the user is using the system and start programX when there is no user activity. Is there a way to determine this in linux?
View 4 Replies
View Related
Feb 8, 2010
System activity monitoring tools - top, iotop, ntop, sar, collectl, etc - may be a good reference to judge the system activity when the system transitions to sleep state.But if I make the system transition to sleep state when i/o activity is zero during 15 minutes, for example, it won't sleep forever because slight i/o by daemons, etc occurs continuously even if no user i/o.So how can I judge the system activity to change the state by using those tools?
View 4 Replies
View Related
Jun 28, 2009
script which can add a secondary group to all existing users except system users in linux.
View 5 Replies
View Related
Jan 12, 2011
I keep noticing disk activity every roughly 1 to 3 seconds even though there is "nothing" going on. Of course, I run a number of "system" and "user" application packages - Apache2, MySQL, Browsers (Opera, IceWeasel), an SMB client and server, OpenOffice 3.0RC8 being the most prominent ones. I wonder what might be the cause for this constant disk activity which happens even when none of the applications do any noticeable work at all. Is there a way to determine the process that does those disk read/writes?
View 6 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
May 12, 2010
I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
View 12 Replies
View Related
Aug 8, 2010
Just after I boot up I get this wierd HDD activity that lasts for some time during which my system runs at snail Pace and or Hangs. After a while the activity stops and things are good and then randomly it all starts again. I have read some forum post on constant HDD activity but they do not seem to apply to my problem. I am Running 11.3 with a quad core AMD 64bit CPU and 4GB of memory.
View 9 Replies
View Related
Apr 24, 2010
I'm running Slackware 13 with a custom kernel based off of 2.6.32.3. I tend to leave my system on 24/7, as well as my web browser. Originally it was Firefox and now it is Google's Chrome. Usually about a day of leaving the web browser open my HD activity spikes so high that I can barely do anything on the system until I kill the web browser. This has been happening with both Firefox AND Chrome! As soon as the browser processes are killed, the system returns back to normal.
View 10 Replies
View Related
Jun 15, 2010
I'm looking for a manner to prevent users from changing the desktop background/wallpaper and all other gnome configuration with booth Ubuntu and Kubuntu. This too (Abraxis, some years ago, have same my problem) [URL] do not solve the problem, for example if I change whit chown (*) own and group of this file to root /.gconf/desktop/gnome/background/%gconf.xml, at the next reboot file return in the previous state. (I don't like Pessulus).
(*)
chown root:root %gconf.xml
chmod 644 %gconf.xml
At the reboot file change automatically owner to "student", I don't know why?
View 1 Replies
View Related
Apr 4, 2010
I'm establishing a server that runs DHCP server, NAT gateway and VPN server. It have two physical interfaces, one for intranet and one for internet. The NAT gateway will give internet access for intranet. Another site will connect to this server by VPN. I need the server to assign a different subnet for that site other than the local site. Do anyone know how to config the DHCP server? Should I config the client classing, and how to do it?
View 3 Replies
View Related
Jun 27, 2011
I have an ubuntu 11,04 samba domain server, I want to also configure this machine to work as a dhcp server, however this have give me some issues with te windows 7 workstations, my guest is that it have something to do with the iptables because those station do join the samba domain went both server and workstation are conected to a router.
This is the script I use at boot
Code:
#FOR SHARED INTERNET
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables --table nat -A POSTROUTING -o eth2 -j MASQUERADE
[code]....
I haven't test it with windows xp station but I have use the same code in the past with no problems, and since this is my first time joining windows 7 station i belive there must be some other port that need fowarding.
View 3 Replies
View Related
Mar 16, 2011
I'm comparing a RHEL4 samba server's config to a new RHEL install with a default samba config. On the old one I see that there is a line saying
invalid users = root bin daemon adm sync shutdown halt mail news operator
On the new default install I don't even see where it mentions the invalid users option in the notes. Does it do that by default now or something?
View 3 Replies
View Related
