Software :: Knows For What Use Is The Service 'auditd'?
Jan 28, 2011I've heard this is a monitoring service. I want to turn it on by production machines. But I am not sure what negative influence will cause.
View 2 Replies
ADVERTISEMENT
Security :: Auditd Missing Syscalls?
Jun 11, 2010I want to monitor a part of my filesystem for changes, including file opening and attempts to open files/dirs without necessary permissions.Since every read/write/open is run by syscalls i figured that running the auditd would be the simplest way to do this. I installed auditd and added a rule:
Code:
auditctl -w /srv -p warx
However I do not get any writes reported via ausearch -i. As a simple example, if I run
[code]....
Fedora Security :: Run Auditd As Non-root User?
Nov 2, 2009Can the audit daemon (auditd) be run by a non-root user? I'd like to create a special user who only run the audit daemon. Is that possible?
View 1 Replies View RelatedSecurity :: How To Enable And Config Auditd In Kernel 2.6.9-5.EL
Mar 14, 2010Anyone can tell me how to enable and config auditd in linux kernel 2.6.9-5.EL. I have only found command auditd and auditctl in server that run kernel 2.6.9-5.EL. I ran auditd & and can saw auditd ran in my server. But I couldn't do anything with auditctl, no status, no rules, nothing :| . I tried to find audit.rules or auditd.conf but that nothing I can find.
View 1 Replies View RelatedFedora Security :: Redirect Auditd Log To Remote Host?
Sep 17, 2009way to redirect the audit daemon message to a remote host I checked the auditd.conf and it's man page and find that the log location is specified by the line log_file = file_path and in the man page
Quote:
"log_file: This keyword specifies the full path name to the log file where audit records will be stored. It must be a regular file."
does this mean that the auditd does not have the function to redirect the logs to a remote hosts.
General :: RHEL 4.6 - Cannot Boot Pass Starting Auditd
Apr 15, 2011I'm using RHEL 4.6. auditd was set on for run levels 1-5. I changed something (?), now my system won't boot. It hangs on "Starting auditd:". I tried adding "enforcing=0" to GRUB. I tried adding "selinux=0" to GRUB. I tried adding "auditd=0" to GRUB. I've tried them separatly, as well as, in various combinations. I've tried entering "I" to go into interactive mode but, I'm not fast enough to hit that millisecond window. How can I skip/get pass the "Starting auditd:"?
View 5 Replies View RelatedDebian Configuration :: Unable To Create Stat Exclude Rule For Auditd
Apr 25, 2016I'm trying to configure auditd to monitor "strange" events with apache2 weberver on Wheezy (though same problem occurs on Jessie), tried both with "vanilla" 3.2 and backports 3.16 kernel I am actually using.
Here's auditd rules I have problem with:
Code: Select all-a exit,never -F arch=b64 -S stat -F path=/var/www/server-status -k web
-a exit,always -F arch=b64 -S stat -F uid=www-data -F success=0 -k web
So to recap, I want to log stat syscall failures for www-data user, but excluding some "known" issues, such as that "/var/www/server-status" (after a2enmod status, /server-status path can be accessed for statistics, though apache2 still tries to find physical file for that path and fails).
But the problem is.. excluding does not work.
Here's "auditctl -l" output:
Code: Select all# auditctl -l
LIST_RULES: exit,never arch=3221225534 (0xc000003e) watch=/var/www/server-status key=web syscall=stat
LIST_RULES: exit,always arch=3221225534 (0xc000003e) uid=33 (0x21) success=0 key=web syscall=stat
But when I execute:
Code: Select all# wget -O - http://localhost/server-status
audit.log appears:
Code: Select alltype=SYSCALL msg=audit(1461591557.077:365): arch=c000003e syscall=4 success=no exit=-2 a0=7f1bedab9358 a1=7ffef316ac20 a2=7ffef316ac20 a3=7f1bedab91f8 items=1 ppid=2398 pid=2451 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/lib/apache2/mpm-prefork/apache2" key="web"
type=CWD msg=audit(1461591557.077:365): cwd="/"
type=PATH msg=audit(1461591557.077:365): item=0 name="/var/www/server-status" nametype=UNKNOWN
type=UNKNOWN[1327] msg=audit(1461591557.077:365): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
So, syscall=4 (stat) is still captured. Looks like "path" is known for auditd, but not excluded.
I've tried various rule combinations, for example simpler, more generic one:
Code: Select all-a exit,never -F path=/var/www/server-status
But it's the same.
Sadly man audit.rules and man auditctl does not have "exit,never" examples, only some (sometimes also similarly unsuccessfull) google results.
Could it be that Debian kernel does not support some audit features?
Ubuntu Servers :: Perform An Action Before A Service Starts And After A Service Stops
Sep 10, 2010I am running Server 10. I have a requirement to perform an action before the MySQL service starts, and perform another action after MySQL service stops.
I found the init script for MySQL under /etc/init/mysql.conf. I added my thing to the pre-start script there and works fine.
I am having trouble finding the script that stops the server so I can modify.
General :: Will Command Service Httpd Restart Apache Service?
Dec 25, 2009will the command service httpd restart the apache service if i enable httpsd service in graphical mode
View 12 Replies View RelatedRed Hat / Fedora :: Shows Unrecognized Service After Restart Service Smb
Feb 28, 2010i can smb in centos 5 and i run service smb restart, it shows :smb: unrecognized service..... i run rpm -qa |grep samba,it shows
samba-common-3.0.33-3.7.el5
samba-client-3.0.33-3.7.el5
.....
Fedora :: Start A Service Before Network Service?
Nov 6, 2010I need to start a service before network service How to?
View 1 Replies View RelatedOpenSUSE :: Get A Message That Says 'Search Service Not Running' With A Button That Says 'Start Search Service'?
Jun 12, 2010The desktop search has stopped working in Gnome.I get a message that says 'Search Service not running' with a button that says 'Start Search Service'.When I click the button nothing happens
View 1 Replies View RelatedFedora :: 13 - Can't Make Service Pack Using Gpk-service-pack
Jun 29, 2010I have little problem with gpk servce pack (from gpk-package-extra package). When im trying to make list of my packages in system i have:
Quote:
Can't write the file, no permissions. OK, but when i run gpk service package as root, program freeze, i click create packages list option but application never create this file, status is always on 0%, even after 1 hour. I saw video tutorial, where base are created by normal user i /home - why i can't Console says nothing about this.
Ubuntu Installation :: OpenLDAP Slapd / Can't Stop The Service With Service Slapd Stop?
Oct 20, 2010I am trying to setup LDAP server on Ubuntu 10.04 and am sticking to the old /etc/ldap/slapd.conf file configuration.
I had to comment ldapi:/// from /etc/default/slapd since it was giving 'Address already in use error'. Also had to juggle with pid directory and file issues
After that I was able to start the slapd daemon (service slapd start) but now I am running into multiple issues:
1. Can't stop the service with service slapd stop
Code:
## Service stop returns 0, maybe because start-stop-daemon is not giving error
#service slapd stop
Stopping OpenLDAP: slapd.
# echo $?
0
Will switching to BDB database resolve this ?Also can't I slapcat at non-root user ??
General :: Add An Application To Run As A Service?
Mar 2, 2010How to add an application to start automatically on system startup in Linux? My distro: Mandriva 2009.1
View 3 Replies View RelatedGeneral :: How To Add Application To Run As Service
Sep 2, 2010How to add an application to run as a service in Linux?is there a script in /etc i should edit? What is recommended. Right now im running something in .profile but that's kind of not what i want.
View 3 Replies View RelatedUbuntu :: How To Run Process As Service
Feb 11, 2011I am having a native c process which should be run as service in background. So that it should be started while bootup as a service again.
View 3 Replies View RelatedUbuntu :: How Can I Log Start Up Service
Mar 7, 2011how can I log the start up service. to figure out why cups always starts up.
View 4 Replies View RelatedRed Hat / Fedora :: How To Run A Program As A Service
Mar 13, 2011I have this script, called zope, which I am trying to register as a service. When I type "chkconfig --add zope", it says "service zope does not support chkconfig" yet when I type "service zope start", it starts zope server alright.
When I type "chkconfig --list", no zope is in sight. If I run, "chkconfig --del zope", it complains with same "does not support" error.
After registering zope, even while it was complaining, I set the run level ("chkconfig --levels 2345 zope on").
Also, when I run: su -l $ZOPE_USER -c "${INSTANCE_HOME}/bin/instance start" > /dev/null 2>&1 with appropriate substitution for ZOPE_USER and INSTANCE_HOME, zope starts alright.
Or some hidden edict that I am not following?
The file is in /etc/init.d.
.//------------------------------
#!/bin/sh
# chkconfig: 2345 84 16
#
[Code]....
Debian :: How To Automate A Service
Apr 6, 2011i am trying to automate a service but i dont know how to do it. I am automating a library system and there are services that have to start at the startup (during boot). How will i make this service to run at the startup in debian?
View 1 Replies View RelatedGeneral :: Name Service Is Configured?
Apr 4, 2011i wanted to know how can i configure name service.
View 2 Replies View RelatedGeneral :: Service At 100% CPU Usage
Mar 12, 2010my linux bos red hat Ent 5.0 is reporting CPU usage 100% for the service/agent cimserver.basically is slows down my system and I have to kill it so my system is OK again.my question is Can I set the CPU usage for this service? I mean can I set it to use only 4% or 10% of my CPU? or any other way to troubleshoot this 100% CPU usage. Since I've uninstalled and reinstall the agent and same issue.is it possible to set the CPU Usage?
View 5 Replies View RelatedServer :: Add New Service On Rhel 5?
Jul 21, 2010I'm using java socket server program for transaction routing on rhel5. So I make a jar file of server to be run.
Now I need to add my application as a service. I just search in google how to do that, And i found some way and it is bellow,
#!/bin/bash
#
# chkconfig: 2345 85 15
# description: epic tle
# processname: epictle
[Code].....
I have written simple script (sh) to run jar file and I'm using bellow code for putting it as background
sh /opt/EpicTle/tle/run.sh >/root/.epicline/logs/debug/console.out 2>&1 &
I want to change 'console.out' file per day with date name rather than going with one file
Server :: Add New Service On RHEL5.4
Aug 30, 2010I'm developing simple transaction switch using java socket programming and running operating system RHEL5.4 . Now it is completely done and working fine. So I have written the simple shell script to run it on background.
[Code]...
Server :: Chkconfig: Cannot Add New Service
Mar 8, 2010I've just created a new chkready script. but on trying to add it will the following command I get an error:
Code:
$ chkconfig --add languagetool
service languagetool does not support chkconfig
PS: Just learned how to write a chkconfig script.
Server :: Restart The CVS Service In The 6.2?
Feb 17, 2010I have linux server which 6.2 very old which was installed long back. CVS is running there . problem is sometime the port doesnot listen sometimes listen if i do netstat -an.It is weired. not sure how to restart the CVS service in the 6.2 server
View 1 Replies View RelatedSoftware :: How To Add Service In Nagios
Sep 23, 2010i have one service configured in windows, now want to monitor that service in nagios. in which configuration file do i need to make an entry of that particular service. and what are the steps .
View 3 Replies View RelatedSoftware :: Run Different Version Of Service?
Jun 21, 2010I would like to ask if the server RHEL 3 support to run two different of same daemon , for example , the server have rsh-server-0.17-17.6 installed , and running as a server , can I install different version to it , and run at the same time ?
View 3 Replies View RelatedSoftware :: Set Up Tor With A Proxy Service Before?
Mar 17, 2010set up tor with a proxy service before? wondering how well things will work.
View 10 Replies View RelatedCentOS 5 :: How To Install RPM Service
Jan 29, 2011How to install rpm service? I performed command
# yum remove sqlite
and it removed rpm and yum services, as well as many others. How to reverse changes?
