similar to: Asterisk executable suddenly about 40KB larger - modules (Andres)

Hi guys Thanks for the pointers - I'll look into the possible compromise scenario though I've got no idea how I'll counter it -if- I manage to detect it...! I've disabled prelinking (thanks Tony!) and I'll see if that helps. Interesting thing I've now discovered (had this failure again at the head office this morning) is the "growth" in the file's size is

Hi all I have a strange issue with 1.8.11.0 on a production Asterisk machine at our head office, and the same issue with a production machine at a branch office. Every now and then, on the head office machine, ODBC CEL and CDR logging will stop working. On examination in the CLI, Asterisk behaves as if the config files for ODBC in the /etc directory are just gone. Repeated tests have then

>What you may want to consider is if you have a network management system such as Nagios is create a service that checks the size of the binary every >5 minutes. You're notified if the size goes over a certain threshold. You can also take the perf data and graph it using one of the many Nagios graphing tools available. You can even use something like Munin for a task like this. I

Is it possible to audit the Linux User Shell? I am trying to gather what commands a user is running no our systems. Can auditd handle this? TIA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070903/3d4d491d/attachment.html>

I've got a fully updated Fedora Core 4 server crashing hard every week or two. I use Samba via smbmount and autofs to read & delete log files on 17 XP boxs and 6 NT4SP6 boxes as well as a couple other Windows files servers every 5 minutes. The first indication of a problem I get is smbmount stops working, then the server becomes unresponsive to the point where only a power slam will fix

I've just encountered a problem starting tor. When I do 'systemctl start tor' it fails and I get selinux errors in the log. There was suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. Which I did and it gave the following type=PROCTITLE msg=audit(1539540150.692:60570): proctitle=2F7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002D2

I''m trying to use environments and seem to be failing. Right now I have 4 defined environments: production, cat, development, beta They are defined as follows on my puppetmaster: cat /etc/puppet/puppet.conf [main] pluginsync = true vardir = /var/lib/puppet manifest = /etc/puppet/environments/production/site.pp modulepath = /etc/puppet/environments/production/modules [master] reports =

Hi All. I currently use: Apache/2.2.21 on: 2.6.32-279.9.1.el6.centos.plus.x86_64 CentOS release 6.3 (Final) >From time to time (it happenes on different machines) I have a very high load up to 100, and I see that there are up to 300/s writes to /var at the same time. Apache restart solves the problem. I would like to know the reason so I decided to use auditd. I've used: auditctl -w /var

Hello -- I've done some searching but haven't come up with much yet, I was wondering if there was a way to track PID creation and what command was assigned to a PID? I am trying to track down a locking issue with NFS/NLM where the client PID that initiates the unlock request is not the same PID that initiates the lock request. Even with running "ps auxww" in a "while

I'm experimenting with tor hidden services and got it to work nicely on my Centos7, with tor from epel. That is, until I booted the machine. Then SELinux kicked in and in the logs there's? [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied The permissions are drwx------.??2 toranon toranon????4096 Jan 28 23:39 hidden_service And SELinux gives the following

Queridos R-usuarios!   Con mis colegas estamos creando un curso básico de nuestra espectacular herramienta R. Nos hemos dado cuenta que muchas personas usan software comercial y pensamos que sería una buena oportunidad para dar un curso gratis acerca de R. Por otro lado, puede ser una buena oportunidad para crear un grupo de usuarios activos de R aquí en Chile.   Actualmente, estamos invitando

(English version below) Queridos R-usuarios!   Con mis colegas estamos creando un curso básico de nuestra espectacular herramienta R. Nos hemos dado cuenta que muchas personas usan software comercial y pensamos que sería una buena oportunidad para dar un curso gratis acerca de R. Por otro lado, puede ser una buena oportunidad para crear un grupo de usuarios activos de R aquí en Chile.  

hello, I'm running apache 2.2.24 and php 5.2.17. The web site that it's service turns into a 403 Forbidden error every 5 minutes literally. I've found that doing a chmod -Rv 775 on the web root restores the site. However this is a band-aid and no real solution. I've combed through all the cron jobs in /var/spool/cron both on this machine and the one it was recently transferred

On Wed, Feb 26, 2014 at 05:24:03PM +0100, Dariusz Michaluk wrote: [. . .] > If all login attempts are rejected, please boot host machine with audit=0 > > # vi /etc/default/grub > GRUB_CMDLINE_LINUX=" [...] audit=0 [...]" IIUC, this is no longer needed with systemd 209 and above. I just did a quick test[1] with systemd-210-2.fc21.x86_64

Hi, I am using auditd to monitor files for changes (read and write actually). I found that when auditd is running, it will correctly report files that are read, but will not report changes to a file that is being monitored. But if I stop auditd and load audit rules using auditctl, it will work as expected. Here's the audit rule: -w /tmp/audit-test -p rw -k __monitored__ What am I missing

On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: > I've just encountered a problem starting tor. When I do 'systemctl > start tor' it fails and I get selinux errors in the log. There was > suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. > Which I did and it gave the following > > type=PROCTITLE msg=audit(1539540150.692:60570): >

Dear team The auditd log for NETFILTER_PKT event does not contain the src port , desination port , in and out interface . Has it been removed permanently ( https://patchwork.kernel.org/patch/9638183/) or can it be enabled by some configuration by auditctl ? centos version : CentOS Linux release 7.6.1810 (Core) out kernel version : Linux version 3.10.0-1127.8.2.el7.x86_64 (

On 10/23/18 2:49 PM, Robin Lee wrote: > On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: >> I've just encountered a problem starting tor. When I do 'systemctl >> start tor' it fails and I get selinux errors in the log. There was >> suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. >> Which I did and it gave the following >>

A few weeks back Robert Watson announced the merge of these features from 7 back into 6-STABLE. I hadn't seen any updates and was curious as to the status. Us 6-STABLE users are curious to test it out. Thanks. --A

Greetings, How does one monitor if a site is being accessed using browser? IOW, I just want to know if a user has launched a session thru Firefox. I basically want to know if a user has tried to access the webserver and unable to reach it and log such instances. I am using cron and curl to seperately monitor the link. Any clues? Centos 5.2/Gnome/Firefox 3.0.16 Regards Rajagopal