I am looking for a file monitor to tell me when a file was attempted to be accessed, but was denied. A windows equivalent could be the auditing feature in server 2k3. I don't know which account or which file is attempting to access or be accessed, but I was hoping something built into Linux would support some sort of file auditing for security purposes.
View 2 RepliesAt our company we have a central server with client files. This server has a SSH server installed, and through Nautilus all employees can access the files. However, I have a few questions:
1. Most employees need access to all folders, because they might use them at some point in time. However, I want to make sure they are not accessing things they do not need. How can I do this? For instance, if somebody copies all of the folders to his/her computer, I want to be able to see this in some sort of log. Can this be done? Copying and accessing in general is what is of my concern.
2. Some employees only need access to specific folders. Can this be easily configured with SFTP?
3. Some also use SSH and type commands which I want to check every now and then (e.g. to make sure an intern is not again copying information or accessing folders they should not be in). What is a good way to do this?
I'm running a Debian/Samba PDC on a Windows network. We desire to monitor a few network shares, so that whenever a change is made to a file in those, we have a log of who did it and when. Some capability of seeing what the change was, or a way of reverting it, would be nice luxuries. But username and timestamp are most important, if possible.
On the debian forums, someone advised using Tripwire for this purpose. didn't give much other advice about it so I kind of struck out on my own researching tripwire. got it installed, played wth it, and found it problematic, to say the least. It seems a bit much on the complexity and security side, and it seems more oriented towards maintaining system integrity, than monitoring documents. So far I've not managed to get a policy update working on account of a cascade of errors about a few hundred files under /proc disappearing, despite no changes to the system.so I'm wondering if anyone here has advice.
1. Does debian have this sort of functionality built in? is there a system log I can parse to get this information?
2. Is tripwire the right application for our purpose?
3. Is there anything better suited, more user-friendly or more parsimonious. I don't need something to monitor all system files, guard against intrusion, and make me cups of tea, just to monitor a few folders that I specify
I mount a partition to a directory and ls -liah tells me that everyone has read/write/execute permissions on the whole thing, but I try to save a file into the partition and I get an access denied error. First of all this doesn't make sense because ls is telling me I do have access.
Then it gets weirder. I run sudo chown -R me:me directory. The command exits without error, but then when I go and look at the directory again with ls, it still shows up as owned by root and I still have the same problem. This is particularly strange because I am still able to change permissions normally in the operating system filesystem. It just won't work on the mounted partition.
I am new to opensuse 11.4. I am trying to copy the flash 11 beta file (libflashplayer.so) into the lib64/browser-plugins folder but i get 'Access Denied. Could not write to (destination).
View 4 Replies View RelatedWhile investigating my localhost access logs during an investigation to resolve locking myself out of my own server(!) I noticed this recent access attempt from a proxy referrer. I wouldn't expect this on a local server - currently set to listen on 127.0.01. The request was 403 forbidden, but surely the request should not have even reached this far? Is this an example of an unauthorised access attempt? I don't think it is me because all of my usual access requests are in moz 5 and im logged in to linux currently.
Note please do not click this link as I do not know where it leads ^^^^! (and i dont know how to disable it on this forum)
I have a LVM snapshot that triggers these kernel errors when any LVM-related commands run:
Jul 6 10:31:38 itmanager kernel: attempt to access beyond end of device
Jul 6 10:31:38 itmanager kernel: dm-28: rw=0, want=66156996183394672, limit=25165824
dm-28 is the snapshot volume in device mapper. I think this error is generated because most LVM commands will check the first 4K of various drives and volumes for LVM metadata and labels, but attempts to read any of the first eight sectors (ie: 4K) of this particular snapshot logical volume trigger this error.The most interesting thing is that the snapshot is 25165824 sectors long (12G), but attempts to access the first eight sectors result in an attempt to access sector 66156996183394672!I've obtained an info dump from getinfo.sh disk, and added the output from lvs. You can find the results here:URL.. It's not as if the sectors that back the first 4K of the volume are corrupt, either: the read request never hits any hardware because the read request is attempting to read a non-sensical sector, instead of the correct sector. Perhaps the COW metadata for the snapshot is corrupt?
How do I find the cause of this problem?Is this a critical error that I should file a bug report for?I first noticed this some time after turning the machine on Sunday afternoon.As far as I can tell from the logs, the shutdown the previous evening was normal.I use LVM fairly heavily on this machine, and this is the first time I've ever seen this kind of problem..I've worked around the problem by copying the first eight sectors from the Origin volume, and the rest from the Snapshot volume, to a new normal logical volume.However, I'm still concerned about how this error occurred in the first place.
I'm having a problem with my webdav share. I have a secure webdav folder that gets accessed via a non-standard port and requires basic authentication. I can connect and interact with it fine via cadaver. However, when I try to connect from nautilus, it says "Access was denied." To make it even stranger, sometimes I can click on the folder in nautilus (it still mounts) and access it. Sometimes not (just repeats the error message and won't show me the contents). I may not even un-mount it, but just look at other folder, then click it again and be able to access it, but again - only rarely.
I asked a friend to try connecting from his windows vista computer and it would not work. It would not work from my windows XP virtual computer either. However, it mounts and works just find from my work computer (also Windows XP).
So it seems to be a 50/50 chance that the drive will mount on any given computer/system and work. Do anyone know what the problem may be? I'm guessing user permissions, but I can't figure out what.
I've made sure the webdav folder is owned by www-data and www-data has read access to the password file as well.
When I try connecting from nautilus, I get this in the log file:
Code:
Here is one of the (many) sites I've tried looking at: [url]
I'm experiencing some strange issues with a C5 installation on a Dell server with a QLA2460 HBA. When it boots up, I got a lot of these messages on dmesg:
[Code]...
i put a windows program on my ubuntu pc and it's a portable program so i had to add a shortcut to the menu myself, well, i got the shortcut added but when i click it, it says that it cannot access it and it also says Permission Denied.
View 7 Replies View RelatedI learned that, even while on Linux, using Iceweasel/Firefox 3.0.6 is not safe. So I tried to update the browser for my PPC G4 iMac (256 MB RAM, 800 MHz processor).
1. I downloaded a backported Iceweasel .deb from URL...
2. I then tried to install it with dpkg -i PathToIceweasel.deb
3. There was an error. I remember seeing xulrunner-1.9.1 is not installed. I tried to install that with apt-get but it was not available.
4. Now when I click on web browser I get the error "Failed to execute default Web Browser: Input/Output error".
5. What can I do without having to reinstall?
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View RelatedI want to filter and block failed attempt to access my proftp server. Here are few line from the /var/log/secure file:Quote:
Jan 2 18:38:25 server1 proftpd[17847]: server1.XYZ.com (93.218.93.95[93.218.93.95]) - Maximum login attempts (3) exceeded
Jan 2 18:38:27 server1 proftpd[17864]: server1.XYZ.com (93.218.93.95[93.218.93.95]) -
[code]....
I have two external hard drives. One is a 2.5" 80GB USB HDD and the other is a Seagate 3.5" USB 500GB HDD. Both hard drives are mounted properly and I can access the data on both hard drives. I can access the small 80GB HDD via ssh from another computer and delete files, but when I try to access the 500GB drive via ssh it says access denied. When I try to access it with root, I can access it but I cannot see any files listed.
View 5 Replies View RelatedI have a linux domain (FEDORA CORE 1) and two laptop's which are part of my domain with windows xp pro service pack 2.I have given two ip's to both the laptop's being primary as global and secondary as local.I have configured printer in one laptop and shared.Till last week i was accessing that shared printer from my other laptop and every thing was working fine.Last week i formatted one laptop,(which dose not have shared printer) from then onwards i am not able to access my other laptop. I get the following message when i try to accessmy other Laptop,"you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permission there are currently no logon servers available to service the logon request"P.S : If i have only local IP i am able to see both the systems and i am able to access my printer, this problem comes only when i add global IP to both the machines.And also i have stopped the firewall and other things.
View 1 Replies View RelatedOn our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there
- Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled
- I can see tons of records in tcpdump, but from the dump I'm not able to get PID
- In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker
- I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured
- checked the POST records from access log - nothing
- grepped all php files for keyword 'fsockopen' and 'torrent'
- from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
i got some mail starting in the last days with this content:
Code:
/etc/cron.daily/logrotate:
error: bad top line in state file /var/lib/logrotate/status
error: could not read state file, will not attempt to write into it
run-parts: /etc/cron.daily/logrotate exited with return code 1
/var/lib/logrotate/status
Code:
Package: binutils-static
Auto-Installed: 1
Package: linux-restricted-modules-common
Auto-Installed: 1
[code]...
i only installed packages via aptitude and did not modify anything logrotate related.
In one of our network we are using one firewall which works as gateway. All machines are able to access internet through this gateway. There is no filtering and any internet restriction. I would like to setup monitoring system which monitor and log bandwidth and sites access by client machine. Is there any tool which monitor internet access as well as sites which are access from client machines.
View 12 Replies View RelatedToday I tried to move an amsn skin into the right folder but the following message appears:
Access denied to /usr/share/amsn/skins/aMSN Live-1.0.
I am the only user on this computer so I think I have all rights?
permissions of the destination folder > owner: can view & modify content.
I've spent days trying to setup access properly from a public address to a monitoring server that works fine locally. Everything works from public access until I try to link to a CVS repository. The rancid CVS repository is set up as a separate server (virtualhost). It appears the referring link causes a DNS error (105: Server Not Found) when the CVS repository server is accessed from the public address. Things work fine when accessing via localhost.
Localhost link:
[URL]
Public link: (this results in 105 error caused by redirection (bold portion of link))
[URL]
Code:
Virtualhost config:
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
[code]....
I grabbed the new lubuntu 10.10 from [URL] but it turns out I'm having a problem installing it on my netbook (Asus Eee PC 1015PED). While installing, this error pops up:
Quote:
The attempt to mount a file system with type ext4 in SCSI2 (0,0,0), partition #1 (sda) at / failed.You may resume partitioning from the partitioning menu.I'm installing via USB and have selected the option to erase everything and use the full HDD.
Edit: I had Xubuntu installed before.
Just got a new one, using 64 bit 10.04(LTS), firefox, also got on other computer using 32 bit 10.10
This one is for CNN, also have for Foxnews and a couple of others
Access Denied (policy_denied)
Your system policy has denied access to the requested URL.
For assistance, contact your network support team. [/COLOR]
Unable to install Ubuntu 9.10 on a new internal harddrive. The hardrive contains no operating system. This hardrive is the only drive present in the system.
Whenever the installation trys to mount the ext4 partition the following error appears: The attempt to mount a file system with type ext4 in SCSI1 (0,0,0), partition #1 (sda) at /failed
Iv'e tried over and over to get past this error to no avail.
When attempting to check my postfix install by using telnet to send an email to an address outside my local network, I get a relay access denied error.
This is how I attempted to send an email
Code:
telnet my_server 25
helo my_server
mail from: me@my_server
rcpt to: me@gmail.com
[Code].....
Setup an Ubuntu LAMP server to house a Wordpress site. Everything is gravy but I am having some troubles getting emails to route outside my local network. I have setup Internet and also added my ISP SMTP as a smarthost - either way I get the dreaded Relay Access Denied 5.7.1.
I am using DynDns as I do not have a static IP - not sure if this makes a difference?
telnet my_dyn_dns.org 25
ehlo localhost
250-my_dyn_dns.org
250-PIPELINING
250-SIZE 10240000
[Code]....
I have also tried the above with my ISP smtp IP in relayhost - same error.
Using Ubuntu 10.04
I am trying to use the network printers shared within my University's AD domain. In Windows XP, I simply went to 'run' and typed "\[domain]", then it asked for my ID and passwords and list of printers came up from which I could just pick and add to my printer list. How can this be achieved in Ubuntu 10.04?
What I tried:
System->Administration->printing->Add->Network Printer -> Windows printer via Samba -> Browse, then I see the domain but when I input my id, domain name and password, access is denied...
I have been trying to run the following commands several times in the last coupl weeks, to no avail."su" to get to root...then while root "apt-get update" for updatesalso"sudo apt-get update"BOTH areenied even with root or user-admin pwd.States that either permission is denied and/or frequently states that the command "apt-get" does not exist
View 4 Replies View RelatedI recently installed 64-bit Ubuntu Maverick. This was a clean install as opposed to an upgrade. Since the install I have been having a heck of a time getting a remote filesystem mounted via nfs. The file system I have been trying to mount is located on my HDX-1000 media server. This machine is running a flavor a linux as it's operating system, and I have been using it for about 2 years now. I have been able to mount it's filesystem on all other machine in my house which include Windows 7, and a couple of earlier versions of Ubuntu linux. But I just could not get it to mount using Maverick. I kept getting the "mount.nfs access denied by server while mounting ..." message. Finally, I found a list of all the different parameters that can be specified on an entry in the fstab. The one that worked for me was simply to change the fstab entry from this:
Code:
HDX-Server1:/share/media/HDX-Server1 nfs rw,rsize=8192,wsize=8192,intr
to this:
Code:
HDX-Server1:/share/media/HDX-Server1 nfs rw,rsize=8192,wsize=8192,intr,nfsvers=3
That is one more little gremlin down. Just 34,689 to go.
I've set up Ubuntu Server 10.04 LTS 64-bit. I've set up zfs-fuse and created a zpool named 'data' which contains two 2TB WDC Green HDD's in raid1 (mirror). I've set up an NFS server to share the pool. So far so good. But now, I want to write to the pool. It has occurred to me that I need to be root to do that. On the server, this is not a problem (sudo cp...) but on my laptop I can not copy anything to the pool because I'm not a superuser.
View 1 Replies View RelatedI am using ubuntu 10.10. when I am using Codeblocks IDE it says that, permission :access is denied. When I try to run e .cpp code it occures. I think permission is denied on my HDD. How to make all of my HDD permitted when in Ubuntu....
View 4 Replies View Related