similar to: find out who accessed a file

On Fri, January 23, 2015 3:13 pm, Jonathan Billings wrote: > On Fri, Jan 23, 2015 at 03:50:44PM -0500, Tim Dunphy wrote: >> Is there any way to find out the last user to access a file on a CentOS >> 6.5 system? > > Unless you're using auditd (or a similar service) to watch the file, > no. You could probably use the logs and `last` to see who was logged > in at the

On Sat, January 24, 2015 11:27 am, Tim Dunphy wrote: > Hey guys, > > Unless you're using auditd (or a similar service) to watch the file, > no. You could probably use the logs and `last` to see who was logged > in at the time and make a guess. > > > > Also, you can look into shell history files (though that might be cleaned > by users). Admin is allowed to do

Hey guys, Unless you're using auditd (or a similar service) to watch the file, no. You could probably use the logs and `last` to see who was logged in at the time and make a guess. Also, you can look into shell history files (though that might be cleaned by users). Admin is allowed to do that when investigates incident. One more thing: if "access" constitutes execution of that

Hey Jeremy, > Have you tried changing the folder where it's writing into with these > lables? httpd_sys_content_rw_t or httpd_user_content_rw_t Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip! Tim On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com> wrote: > Have you tried changing

> > The easiest answer is to edit the Selinux config file. By default it is > set to enforce, which really locks it down. > cd /etc/selinux > edit the config file and change SELUNIX=enforcing to SELUNIX=permissive > Save the file and restart httpd, you should be fine.. Yeah dude, exactly. Except I actually do want to start using it. I've been disabling SELINUX forever

Hi Ashish, Which CentOS version you using? > If it is CentOS 6 then instead of building it from source, you can use IUS > repo which has latest php packages. > Below is the link for the packages in IUS repo for CentOS 6. > <http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/repoview/> > I'm using CentOS 7. I'll check to see if I can get php version 5.6.7

Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root at ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host.

> > How about adding some swap into system? Not a bad idea, Eero! That worked. [root at ops3:~] #cat /proc/swaps Filename Type Size Used Priority /swapfile file 1048572 712 -1 [root at ops3:~] #semodule -i newrelic.pp [root at ops3:~] # Thanks! Tim On Thu, Oct 15, 2015 at 12:19 AM, Eero Volotinen

> This is strange... > Do you have SSL aktive on both systems? Run nrpr localy without parameters > (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root at monitor1:~] #find / -name "*nrpr" 2> /dev/null [root at monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell:

> > You may also need to restart sssd or nslcd, depending upon which one is > running the backed ldap connection service on the clients. Hmm.. I got a different result after restarting nclcd. Instead of logging me in and just complaining that it couldn't create the home directory, it still complains about not creating the home directory, but now it doesn't let me in: #ssh

Hey guys, Having a little gpg issue I was wondering if someone could help me with. A friend of mine sent me an encrypted message. So I searched online and found a a set of keys that correspond with his email address. And imported them. But when I go to decrypt the message, this is what I get: [root at ops:~] #gpg --decrypt roger-message gpg: encrypted with 2048-bit RSA key, ID 9617EA5C,

Hi Earl, >I think I found your problem, you do not have the correct package installed >[root at c7-db1 ~]# rpm -qa | grep maria >mariadb-libs-5.5.41-2.el7_0.x86_64 >mariadb-server-5.5.41-2.el7_0.x86_64 >mariadb-5.5.41-2.el7_0.x86_64 >[root at c7-db1 ~]# >Install the mariadb-x package and you should be able to start the service Thanks. While I could go with mariadb 5, the

Hi NRPE: Error receiving data from daemon Seems as this is not a SSL Problem. Do you have a nagios user account? Cat /etc/passwd Am 01.05.2015 18:45 schrieb "Tim Dunphy" <bluethundr at gmail.com>: > > > > Oh my mistake. I mean nrpe without parameters. It should say something > > about SSL/TLS aktiv or so. > > You could test nrpe without SSL. Use nrpe -n -

> > Check /var/log/secure for why the directory is not able to be created. > Might be selinux, is that enabled? (sestatus) Good catch! It was indeed SELinux preventing the directory from being created. Disabling it allows that to happen. For instance I just created a new test user in LDAP: #ssh odunphy at ops2.example.com odunphy at ops2.example.com's password: Creating

Hi Jeremy, An easy way to start troubleshooting these is to look at the audit logs and > see what SELInux is blocking. You have /McFrazier in the email.. if that's > off the root tree than unless you've set permissions to allow httpd to look > at tat folder, I bet that's one problem. > if you run ls -Z you can see the labels that are present on those folders, > that

Hi all, I need to restart a service on a few elasticsearch nodes. I'm trying to do it with pssh. I'm getting this error when I try to do that: pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" [1] 17:01:50 [FAILURE] bluethundr at es2.example.com Exited with error code 1 [2] 17:01:51 [FAILURE] bluethundr at es3.example.com Exited with error code 1 [3]

Hey all, I just unstalled MariaDB version 10 from the mariadb repositories under a CentOS 7 host. The install went fine! [root at nfsdb1 ~]# rpm -qa | grep -i mariadb MariaDB-common-10.0.19-1.el7.centos.x86_64 MariaDB-server-10.0.19-1.el7.centos.x86_64 MariaDB-client-10.0.19-1.el7.centos.x86_64 MariaDB-shared-10.0.19-1.el7.centos.x86_64 However, when I go to start up the service, I'm

> > What does the sudo log say? This is all the secure logs say about the ssh session: [root at logs:~] #tail -f /var/log/secure Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from 47.18.111.100 port 47469 ssh2: RSA ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened for user bluethundr by (uid=0)

Yeah Erro, ok you have a point. I'll do that. Thanks! On Fri, Oct 30, 2015 at 11:40 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > This is really wrong way to do this. Install yum-utils and use > yumdownloader --source package-name to get rhel version of package. Then > modify spec file and recompile. > > Eero > Hey guys, > > I'm trying to disable

Hello, On my centos boxes whenever I try to install packages I get a mix of packages from the repos that are both i386 and x86_64 in archictecture: =============================================================================================================================================================================================================== Package