selinux and psacct is disabled in this system (RHEL5.6 2.6.18-194.11.3.el5 SMP x86_64). After performing a yum update, the syslog is flooded with kernel audit messages (related to PAM), even though audit service is turned off. Is there a way to disable this verbosity?
[Code]....
I want to know what are the ways to monitorize and control/stop flooding on my server, because I am heavily flooded. At this moment I am doing all this manually (when I see that my bandwidth is lowering or some applications are freezing), my main working tool being iptables.But I want something automated .
Another problem : if I am flooded with packets having real ip addresses , with a simple iptables command I cand resolve the problem easily. But, the problem is, in most of the cases, I am flooded with packets with spoofed ip adresses (e.g. 1.2.3.4 ), so the only thing I can do in this situation is to block all incoming packets (which ruins everything).Do you have a solution to this ? The flood monitorizing (and controlling) tool may be with/without interface, only to be effective.
I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
View 1 Replies View RelatedOne of our customers is looking at enterprise audit of their data center (primarily consists of Linux servers) We suggested them towards a SNMP based tool that has some limitations. Any other recommendation is welcome...
View 1 Replies View RelatedI have /var/log/audit and /var/log/audit.log owned by root and 600 permissions. I've also removed and made an empty /var/log/audit directory when that did not we work either. I can start the service after boot up, but it is not coming up automatically even when configured by chkconfig. I also get this after I attempt a restart...
Stopping auditd: [ OK ]
Error deleting rule (Operation not permitted)
Starting auditd: [ OK ]
The audit system is in immutable mode, no rules loaded
A tail of my /var/log/messages shows this...
Nov 23 16:45:18 hostname kernel: type=1302 audit(1290548718.524:73): item=1 name="/var/run/auditd.pid" inode=131143 dev=fd:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_run_t:s0
Nov 23 16:45:18 hostname kernel: type=1300 audit(1290548718.618:74): arch=c000003e syscall=87 success=no exit=-2 a0=7fff730b2f85 a1=7fff730b2f85 a2=2 a3=0 items=1 ppid=6243 pid=6248 auid=1111 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="rm" exe="/bin/rm" subj=user_u:system_r:unconfined_t:s0 key="delete"
Nov 23 16:45:18 hostname kernel: type=1307 audit(1290548718.618:74): cwd="/"
Nov 23 16:45:18 hostname kernel: type=1302 audit(1290548718.618:74): item=0 name="/var/run/auditd.pid" inode=131073 dev=fd:01 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_run_t:s0
Nov 23 16:45:18 hostname kernel: type=1300 audit(1290548718.620:75): arch=c000003e syscall=87 success=yes exit=0 a0=7fff9b776f81 a1=7fff9b776f81 a2=2 a3=0 items=2 ppid=6243 pid=6249 auid=1111 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="rm" exe="/bin/rm" subj=user_u:system_r:unconfined_t:s0 key="delete"
Nov 23 16:45:18 hostname kernel: type=1307 audit(1290548718.620:75): cwd="/"
Nov 23 16:45:18 hostname auditd[6260]: Started dispatcher: /sbin/audispd pid: 6262
Nov 23 16:45:18 hostname audispd: af_unix plugin initialized
Nov 23 16:45:18 hostname audispd: audispd initialized with q_depth=80 and 1 active plugins
Nov 23 16:45:18 hostname auditd[6260]: Init complete, auditd 1.7.17 listening for events (startup state enable)
i have a centos 5.5 server, 300GB sas harddiscs.
but serval days ago, my server always show:
only read file system and top,ps,vi all command is not usefull and show error -input output
i search it on google, and read many pages
i found it has 2 reason most like
1.harddisks broken
2.2.6.18 kennel'bug
i bought a new hardiscs and change it on my server
I've got a problem with my Ubuntu Server 11.04 amd64, I think the problem comes from GRUB 2. Here is my problem : I updated my server and I now have Linux 2.6.38-10-server (in addition to 2.6.38-8) and, when I try to boot on version "10", I think I have a Kernel Panic because the screen keeps black and there is no use of the HDD (I can ear it working with version "8"). I also looked at /boot/grub/grub.cfg and I didn't saw any diference between the lines for v10 and those for v8 (except for "8">"10" of course).
I tried with Recovery Mode too, with this result : Loading Linux 2.6.38-10-server... Loading initial ramdisk...
> No use of the HDD (I don't ear it), and it's "frozen", can't do anyting but reboot it by ACPI (nothing happend when hitting "Num Lock") Another question : can we have no submenus in Grub2?
I'm using Cpanel on my server, before upgrade to new kernel, i could see 8 cores on my i7 server, now i only see 4 cores, is there anything that i need to do to have another time the 8 cores?
View 2 Replies View RelatedI installed the Centos 5.5 with XEN and put 03 virtual machines (Centos 5.5 too). I did this correctly, but I have a problem. In the virtual machine, I need update the kernel. I used "yum update kernel" and this is downloaded correctly and the menu.lst file is updated too, but the kernel not ran. I ran "grub-install /dev/sda" or "grub-install /dev/xvda" and received a error return. I read the device.map file and i ran "grub-install /dev/sde" and received a error return too.
The errors:
[root@vm01 ~]# grub-install /dev/sda
/dev/sda: Not found or not a block device.
[root@vm01 ~]# grub-install /dev/sde
/dev/sda1 does not have any corresponding BIOS drive.
[root@vm01 ~]# grub-install /dev/xvda
/dev/xvda: Not found or not a block device.
I have got a nagios server running on my network, The configuration seems to be okay but each time there is a service alert notification, and an e-mail is sent to the contact group, Nagios continuously sends e-mail over and over again. Do anyone know of a way to set Nagios directives to only send one e-mail per alert without it flooding mail boxes.
View 3 Replies View RelatedI am using DEBIAN 6.0 and I wannna update my kernel from 2.6.32 to 2.6.38. Every time, I do it but after the installation & rebooting into the new kernel it gives me error "UNABLE TO BOOT INTO THE KERNEL".
View 1 Replies View RelatedI have the following strange thing with a RHEL4 installation. Since last week, the system did a reboot and now something is really fucked up. During boot we get the following messages (don't care about 'strange' typo's, my colleague typed it 'blind' from the screen)
Code:
The strange thing is that we never see a 'could not mount blabla' or similar messages. First we thought it was a failing kernel update by plesk, but even after manually updating the kernel with RHN RPM's, still the same message. Booting with rescue mode and then chroot the system works. After that we even can start things like plesk and so on.
We double checked things with another RHEL4 install, and at least two things were odd:
1: the working machine has /dev/dm-0 and /dev/dm-1, the broken one doesn't
2: some files on /dev didn't have group root, but 252
We tried to recreate the /dev/dm-X nodes with [vgmknodes -v], output:
Code:
A fdisk /dev/sda shows: /dev/sda2 XX XXX XXXXX Linux LVM (I removed the numbers because this line is from another machine, but rest was identical)
We have a copy of the boot partition so if one need more info please let me know.
grub.conf:
Code:
last part of init extracted from initrd-2.6.9-78.0.8.ELsmp.img:
Code:
Is there a way to get the matching Linux kernel headers automatic on a regular kernel update via the Ubuntu packed manager? Every time I get a new kernel I must do an aptitude install linux-headers-`uname -r`
View 1 Replies View RelatedA recent kernel update seems to have misplaced the Kernel Headers. VMWare needs these headers and cannot find them. Attempting to run VMWARE gets the message: Kernel headers for version 2.6.31.12-0.2-desktop were not found.
View 4 Replies View RelatedI'm running Virtualbox from the Sun website (need the USB support) and it breaks after each kernel update.The problem is that I installed a lot of Ubuntu systems for transitioning windows users with Windows in virtualbox to ease the migration but I have to rerun vboxdrv setup after each kernel patch.
View 2 Replies View RelatedAt the moment I am using kernel 2.6.31-14-generic. I'm not one of those people who needs to have the latest and greatest kernel to be happy, I just rely on the update manager. I swore that I saw an update for a new kernel, but my kernel version hasn't changed. I'm just curious if there was a new kernel that was released or if that was just an update to the kernel listed above.
View 2 Replies View Relatedafter update to kernel-2.6.18-164.el5 one of the 2 NIC's of my machine are only found at 1 of 4 reboots. Using the old one kernel-2.6.18-128.7.1.el5 all is fine. This are the to NIC's:
00:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
00:0b.0 Ethernet controller: Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 (rev 0c)
And the Intel one, makes the problems with the new kernel.
The server runs# uname -r2.6.18-128.4.1.el5However, today I executed yum update kernel*due to security advisory. I was just about to reboot the system when I realized that it runs VMWare Server Instance that will most likely fail to restart after kernel upgrade (I had a hard time fixing it after previous kernel update). Now I want to keep 2.6.18-128.4.1.el5 after reboot.I see that new kernel is scheduled for booting:
# cat /etc/grub.conf
default=0
timeout=20
[code]....
From F12 to F13. Is there anything I should remove before updating? I have few programs isntalled from source/binary installers in /usr for example. Would it cause problems?
And is there any chance to be able to switch from a 32 bit kernel to 64 bit kernel during the update? The hardware is capable of this.
9.04 this morning updated my kernel to I believe it is 2.6.28.18 and upon the reboot I had no desktop. It booted wanting to go into low graphics.
So I drop to shell and stop the gdm and try to run the latest nvidia run file I have and it hangs saying I have a x server running.
Otherwise I am needing assistance with getting my desktop back! I can boot into an older kernel and if need be I would like to roll back that latest update this morning, but once again I am forgetting the command line for that.
Ran the updater, went to boot to Win7 to use Photoshop and realized that the grub menu was gone. Ubuntu boots by default now. I tried running "sudo update-grub" at a virtual terminal and while it listed the various linux kernels ok, it then got caught in a loop spitting out some crazy looking errors. I rebooted and Ubuntu came up fine. I tried running "sudo update-grub" again from the gnome terminal and it hangs the whole computer for a few minutes and finally gives me this:
[Code]...
(after i update packages, it says error, and here's whats in the details tab)
Preconfiguring packages ...
(Reading database ... 197969 files and directories currently installed.)
Preparing to replace flashplugin-installer 10.3.181.34ubuntu0.11.04.1 (using .../flashplugin-installer_10.3.181.34ubuntu0.11.04.1_i386.deb) ...
code....
How to fix This? i haven't messed with Ubuntu much...Why am i getting an error about a kernel update?
My company support a client with an old Redhead server " Linux version 2.6.9-5.ELsmp [URL] (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 SMP Wed Jan 5 19:30:39 EST 2005" My IT department wants to move this old server to a VMware machine and I'm trying to check if this project can fly. Me my self never worked on an old Linux server there for my first question is can I upgrade the kernel with the command yum -y install kernel..... and when I'm done I'm still going to have the old kernel just in case?
View 1 Replies View RelatedI have centos 5.3 workin on mini itx atom 330. i have some problem with the network when i use Samba. when i move big files the network goes down. i wanna to install the new kernel on my centos to try to fix the network problem with the new drivers includes on the new kernel.
View 2 Replies View RelatedI received an update to my kernel through the update manager (updated from ****.32.14 to ****.32.19, or something like that) but grub still shows the old kernel and not the updated one. Was this not a full kernel update and only a patch or do I have to do something to use the new kernel? I'm new bear with me if this doesn't make any sense.
View 9 Replies View RelatedI'd like to know how do I rotate the audit logs under "/var/log/audit/audit.log" every 6 month. Currently I have set the parameter inside /etc/audit/auditd.conf to "KEEP_LOGS" (Previously "ROTATE" )and logs files are generated up to the size 5M and never deleted. Do I need to change inside "/etc/audit/audit.rules" file?
[root@RHEL5 ~]# more /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#
log_file = /var/log/audit/audit.log
[Code].....
I am trying to setup auditing for NISPOM requirements using the built-in linux audit kernel which uses auditd and audit.rules for setup. I have been able to meet all other requirements, but I cannot find a way to audit user logout actions. My audit.rules file is listed below
Code:
#This file contains the a sample audit configuration intended to
# meet the NISPOM Chapter 8 rules.
[code]....
I would like to log all the commands executed (in full) by all the users or alteast myself.
package lastcomm, doesn't store full command.
When the audit daemon starts and stops, I see DAEMON_START DAEMON_STOP in the audit log. I don't see a rule in audit.rules about logging this event. So, I'm guessing that it's a rule that's built into the audit daemon. Can you confirm this?Also, I've been looking for a explanation of the event types that the audit daemon logs, such as: USER_AUTH, USER_ACCT, CRED_ACQ. If you know of any docs that explain this,
View 2 Replies View RelatedStrange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies View Related