Server :: Debian File Access Monitoring
Sep 16, 2010
I'm running a Debian/Samba PDC on a Windows network. We desire to monitor a few network shares, so that whenever a change is made to a file in those, we have a log of who did it and when. Some capability of seeing what the change was, or a way of reverting it, would be nice luxuries. But username and timestamp are most important, if possible.
On the debian forums, someone advised using Tripwire for this purpose. didn't give much other advice about it so I kind of struck out on my own researching tripwire. got it installed, played wth it, and found it problematic, to say the least. It seems a bit much on the complexity and security side, and it seems more oriented towards maintaining system integrity, than monitoring documents. So far I've not managed to get a policy update working on account of a cascade of errors about a few hundred files under /proc disappearing, despite no changes to the system.so I'm wondering if anyone here has advice.
1. Does debian have this sort of functionality built in? is there a system log I can parse to get this information?
2. Is tripwire the right application for our purpose?
3. Is there anything better suited, more user-friendly or more parsimonious. I don't need something to monitor all system files, guard against intrusion, and make me cups of tea, just to monitor a few folders that I specify
View 4 Replies
ADVERTISEMENT
Oct 1, 2010
At our company we have a central server with client files. This server has a SSH server installed, and through Nautilus all employees can access the files. However, I have a few questions:
1. Most employees need access to all folders, because they might use them at some point in time. However, I want to make sure they are not accessing things they do not need. How can I do this? For instance, if somebody copies all of the folders to his/her computer, I want to be able to see this in some sort of log. Can this be done? Copying and accessing in general is what is of my concern.
2. Some employees only need access to specific folders. Can this be easily configured with SFTP?
3. Some also use SSH and type commands which I want to check every now and then (e.g. to make sure an intern is not again copying information or accessing folders they should not be in). What is a good way to do this?
View 7 Replies
View Related
Jun 25, 2011
I am looking for a file monitor to tell me when a file was attempted to be accessed, but was denied. A windows equivalent could be the auditing feature in server 2k3. I don't know which account or which file is attempting to access or be accessed, but I was hoping something built into Linux would support some sort of file auditing for security purposes.
View 2 Replies
View Related
Jun 28, 2010
I used to have a log file monitoring script on my server but after an auto update recently it seems to have disapperaed.Can anyone think of some log file analyzers that send outputs of ssh, amount of disk space used etc. as I cannot remember the name of the program at all.
View 1 Replies
View Related
Apr 19, 2011
I've spent days trying to setup access properly from a public address to a monitoring server that works fine locally. Everything works from public access until I try to link to a CVS repository. The rancid CVS repository is set up as a separate server (virtualhost). It appears the referring link causes a DNS error (105: Server Not Found) when the CVS repository server is accessed from the public address. Things work fine when accessing via localhost.
Localhost link:
[URL]
Public link: (this results in 105 error caused by redirection (bold portion of link))
[URL]
Code:
Virtualhost config:
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
[code]....
View 2 Replies
View Related
May 21, 2011
I have an application which generate logs like this
Code:
2011-05-17 13:21:27 - Msg 2402
File loading terminated.
File information: 3 records in input file found
3 records processed
0 records skipped
Load statistics: 3 messages loaded correctly
0 messages ignored
0 messages with errors
Details:
Destination OK ignored errors correct incorrect not sel. other
house Server (def 3 0 0 0 2 1 0
2011-05-17 13:21:27 - Msg 2410
Archiving information: File /path/to/xxx.txt
was archived as /path/to/xxx.txt.
Now I want to monitor this "house Server (def" and send alert based on 3 0 0 0 2 1 0
say if [ $5 -gt 0 || $6 -gt 0 ]; then
<send email>
View 6 Replies
View Related
Sep 2, 2011
I was looking for some software to run on my Debian vServer which monitors RAM, CPU and HDD usage. This tool should not require Gnome/KDE, so I guess I'll end up with a PHP tool. I did some search but came up with nothing. I'm using Parallels Power Panel (there might be a plugin or something like that?)
View 5 Replies
View Related
Oct 11, 2010
On our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there
- Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled
- I can see tons of records in tcpdump, but from the dump I'm not able to get PID
- In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker
- I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured
- checked the POST records from access log - nothing
- grepped all php files for keyword 'fsockopen' and 'torrent'
- from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
View 1 Replies
View Related
Sep 27, 2010
In one of our network we are using one firewall which works as gateway. All machines are able to access internet through this gateway. There is no filtering and any internet restriction. I would like to setup monitoring system which monitor and log bandwidth and sites access by client machine. Is there any tool which monitor internet access as well as sites which are access from client machines.
View 12 Replies
View Related
Aug 19, 2009
I installed Apache server with Debian 5.0.2 Lenny. I am trying to write a script which would analysis web log files. I found the log files on /var/log/apache2. There is an access log file, `access.log`. My question is what configuration file determines the location and the name of the access log file. How can I change them? I used CustomLog in /etc/apache2/apache2.conf like below.LogFormat ": %h %l %u %t "%r" %>s %b" common
CustomLog /home/test/my_log_file common Apache2 generated /home/test/my_log_file. But no logs were written in the file even after I run `/etc/init.d/apache2 restart`. Ichanged the log file location. It still didn't work. However, Apache2 still wrote logs in the file `/var/log/apache2/access.log`
View 1 Replies
View Related
Feb 13, 2011
I want to access files on my ubuntu server wireless. Is there a way I can do that? I'm sorry if this is a stupid question, but I'm kind of new at this whole server thing.
View 5 Replies
View Related
Aug 26, 2011
I'm trying to understand how file/io access works.
If I have this:
Filesystem Mounted on
/dev/sda1 /
/dev/sdc5 /backup
/dev/sdb1 /database
And I access a file in /database, does the system access the disk containing /database directly, or does it go to /dev/sda1 disk for access to /, then finds a pointer to /dev/sdb1 for /database and then moves on to the correct disk?
View 8 Replies
View Related
Sep 15, 2010
Is there a clever way to monitor the progress (as percentage or hash) of copying a large file (using pv could be an option)?Like monitoring the progress of a copy command such as this:Code:cp linux.iso /tmp/
View 2 Replies
View Related
Apr 5, 2011
Is there any way to make program in linux machine to make report when some files have been copy to another directory or machine and knows the users who copy the files, I am planning to make this program in c, honestly first time I want to make in python when I know about pyinotify and how easy to monitoring the file in machine, but the problem is I cannot integrate that script python to know the users who do that except for the one who create the file.
View 4 Replies
View Related
Mar 1, 2010
I have a dell precision m4300 laptop with a 360 wireless bluetooth dell adapter On my system there is a debian lenny with kde3 and backported enable(everythings is p to date except bluez-utils and bluetooth holded at version 3.36-3)
Nowadays bluetooth more less works fine, I can send and receive single file to/from my phone (nokia n70)
The hell begin when I try to browse my phone files from konqueror...with bluetooth:/ I can see the list of all the device near me with sdp://[address]/ i can see two icons (obex file transfer & obex object push)
but I cant see or access to any file or folder into the phone.
I also try to update my bluez-utils to 4.60-1~bpo50+1 but in this case kbluetooth totally fail and a see the contextual menu of the system tray icon all disaled.
View 1 Replies
View Related
May 27, 2011
I want to monitor RDS (mysql database of EC2) using Nagios. In command line ( I am able to do it but I dont know how to feed it in nagios . On nagios server if I execute the following command , I am able to fetch the information of database (RDS)
Nagios_server #/usr/local/nagios/libexec/check_mysqld.pl -p<password> -f -u <username> -A uptime,threads_connected,slow_queries,open_tables -H <hostname> -q 'SHOW STATUS'
output :- MYSQL 5.1.50 OK | uptime=344783 threads_connected=672 slow_queries=0 open_tables=64
Note :- Here the host name is public dns name (x.y.z.amazon.com) .We cant ping to this host.With mysql command , we can log in and work on databases.
View 5 Replies
View Related
Jan 20, 2011
i was install ubuntu server with desktop and when i try to open my ip adress in browse it show me this
Forbidden
You don't have permission to access this file on this server. Cheyenne/2.2.8 Server at localhost Port 80.how can i fix it.My IP address is 88.163.109.209, you can see the directory forbidden error if you type in my IP address.
View 3 Replies
View Related
Nov 19, 2010
I have a file 'my_file.txt' stored on 'myserver1.col.edu' Now, I am using a different server 'myserver2.col.edu' to do some work and I want to access 'my_file.txt' on 'myserver1.col.edu' to read (possibly edit) WITHOUT physically copying the entire file across. Is there a way to do this - perhaps through ssh?
View 2 Replies
View Related
May 9, 2011
I am new to linux and know some basics, no proper knowledge of servers. I want to know is that how can i access my companies "fileserver" from linux (gui as well as from cmd line). This file server i can access easily from windows machine but i don't know how to open/access file server from linux machine..If can tell what tools are needed and also but is the process from command line.File server is windows server and my machines is Redhat linux.
View 3 Replies
View Related
Aug 24, 2009
I am trying to access log file which located in /etc/log/apache2. I could get into the directory using `su`. I was able to run ls command under the directory and everything was file. I could run a command,
ls -d /var/log/apache2/*
However after I switched to my account, I got an error. sudo ls -d /var/log/apache2/* ls: cannot access /var/log/apache2/*: No such file or directory
I want to use this command in a bash script to get a list of log files. Should I write the script as root and run it as root?
View 3 Replies
View Related
Oct 15, 2010
I am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples:
/etc/myfile.txt is deleted. I need this to be reported.
/etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one...
/etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
View 2 Replies
View Related
Mar 24, 2011
I'm trying to find a file access honeypot for our Fedora server.That is, if a local file is accessed, it should notify someone. Plain and simple..
View 8 Replies
View Related
Sep 22, 2010
I am trying to set up an ampache server using apache as the webserver. The instructions have the following line as one of the requirments: Your webserver has read access to the /sql/ampache.sql file and the /config/ampache.cfg.php.dist file..I have essentially zero experience with apache, and I'm not sure how to grant read access to a file.
View 1 Replies
View Related
May 19, 2010
I have an Ubuntu server running with lighttpd.
The file, access.log has utilized 73GB at: logs/lighttpd/, which contains data since 3 to 4 years (approx.)
So, i need to have only last 6 months logs in the file and the rest to be cleared.
View 4 Replies
View Related
Jun 14, 2011
I'm unable to ftp from one server to another server.
Getting the below error:
put: Access failed: 553 Could not create file
ftp script :
USER="test"
PASSWD="test"
HOST="10.43.45.00"
echo "starting Secure FTP ..."
lftp -u ${USER},${PASSWD} ftp://${HOST} <<eof
cd /home
lcd /home
put /home/test3.csv
bye
eof
echo "I have get all csv files
View 2 Replies
View Related
Oct 17, 2009
I was searching for tool for monitoring Apache performance and utlization of Web Server? Any Idea..
View 3 Replies
View Related
Apr 6, 2010
Basically, I go through certain logs on my linux hosts checking for anything out of place. You know, the usual, /var/log/messages, lastlog, etc. What I've been using is just a simplistic grep statement that looks for keywords in certain log files, such as warn, crit, etc., with the -i flag to ensure no case searches. I thought, well, surely there are others out there doing the same thing, but more automated. Perhaps something that can check files for keywords and then notify, via email, if anything out of the ordinary is seen.
View 5 Replies
View Related
Mar 5, 2010
I am using CentOS 5.4 and did a yum install of cacti. I installed all the necessay packages, like net-snmp, php net snmp and all that. Everything else works but I can't for the life figure out how to monitor traffic on eth0. I do not have any SNMP Interface Statistics or alike in either the Associated Graph Templates or Associated Data Queries.
Heres the output of "snmpwalk localhost -c public -v2c" , SNMPv2-MIB::sysDescr.0 = STRING: Linux xxx.xxxx.net 2.6.18-164.6.1.el5xen #1 SMP Tue Nov 3 17:53:47 EST 2009 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7515443) 20:52:34.43
[Code]...
I am trying to monitor the interfaces on the local computer only.
View 4 Replies
View Related
Jul 12, 2011
I want to know which was the best networking monitoring tool in linux
wright now im using opennms . i like to try out with any other monitoring tool can somebody say which one is best one followed in linux industry
View 3 Replies
View Related
Jan 27, 2011
We are looking to monitor and log selected application file systems for file create/modify/delete changes that will also include, user account that changed/deleted the file, file name and date and time of event. Everything I have looked at does not seem to provide all of the information that we need.Inotify seems to monitor modify/create/delete but does not seem to provide the user account. Auditd seems to monitor modify/create/append with user account, but not deletes.We need to provide this information to auditing for Sarbane Oxley compliance.
View 3 Replies
View Related
