similar to: FC4 xen guest question audit blah looging

Displaying 20 results from an estimated 2000 matches similar to: "FC4 xen guest question audit blah looging"

2013 Apr 30
0
httpd writes much to /var? How to audit it properly?
Hi All. I currently use: Apache/2.2.21 on: 2.6.32-279.9.1.el6.centos.plus.x86_64 CentOS release 6.3 (Final) >From time to time (it happenes on different machines) I have a very high load up to 100, and I see that there are up to 300/s writes to /var at the same time. Apache restart solves the problem. I would like to know the reason so I decided to use auditd. I've used: auditctl -w /var
2007 Sep 15
1
Cron set_loginuid failed opening loginuid errors.
Hi all, I've had this error rear it's ugly head again and I'm not exactly sure why. The output in /var/log/message is: crond[14764]: pam_loginuid(crond:session): set_loginuid failed opening loginuid crond[14765]: pam_loginuid(crond:session): set_loginuid failed opening loginuid crond[14811]: pam_loginuid(crond:session): set_loginuid failed opening loginuid
2007 Sep 29
0
Why are most audit events apparently non-attributable?
So I'm exploring AUDIT and have this in /etc/security/audit_control: dir:/var/audit flags:lo,fd minfree:20 naflags:lo policy:cnt filesz:0 I tell auditd to reread the config file with audit -s but no file deletion events are logged. I change the config file to: dir:/var/audit flags:lo minfree:20 naflags:lo,fd policy:cnt filesz:0 I type audit -s and am immediately flooded with 20 kilobytes
2007 Sep 29
0
Why are audit events apparently non-attributable?
So I'm exploring AUDIT and have this in /etc/security/audit_control: dir:/var/audit flags:lo,fd minfree:20 naflags:lo policy:cnt filesz:0 I tell auditd to reread the config file with audit -s but no file deletion events are logged. I change the config file to: dir:/var/audit flags:lo minfree:20 naflags:lo,fd policy:cnt filesz:0 I type audit -s and am immediately flooded with 20 kilobytes
2006 Oct 02
0
Audit handbook chapter review, call for general testing
Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested
2017 Oct 23
0
libvirtd audit log
Hi I according to libvirt.org Audit log guide ,I install auditd in my system(ubuntu 16.04.2), but when I operate guest running in host, I can't not find guest audit log in /var/log/audit/audit.log, audit_level=1. when I change audit_level=2, I restart libvirtd, libvirtd start failed. Thanks
2013 Apr 08
1
Audit logs source of account triggering it.
Hi. The auditd logs are full of lines referencing 28756E6B6E6F776E207573657229 , but I can't identify this account type=USER_LOGIN msg=audit(1364926580.306:249814): user pid=22565 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=failed' What would typically cause this ?
2005 Nov 12
0
mysqld and selinux
CentOS 4 - updated to current, rebooted to new kernel and now I can't get mysqld to start... # service mysqld start Timeout error occurred trying to start MySQL Daemon #tail -n 4 /var/log/messages Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied { write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t
2005 Nov 30
0
SELinux niggle
Hi, I am not very experienced with SELinux and I have a problem which I can't track down. Any help would be really appreciated. I have an 'install everything' Centos 4.2 system which I am using as a workstation. Before anyone tells me off for installing everything, I have done this in order to get used to CentOS before using it on live servers. Anyway when I log into X (gnome, gdm)
2004 Nov 29
1
Re: CentOS digest, Vol 1 #201 - 1 msg
thanks for the head up. what os are you running on the blades?? Phillip James System Administrator The Garden City Group, Inc. 105 Maxess Road Melville, NY 11747-3836 Phone: (631) 470-5044 Fax: (631) 940-6561 E-mail: Phillip.James at GardenCityGroup.com ==================================================== This communication (including any attachments) is intended for the use of the intended
2002 Dec 20
1
Strange behavior with samba mountpoint
I have a Redhat 8.0 box with many external connections. Several nfs and 3 samba. Today I tried to reattach to one on my mounts and I am geting "Could not resolve mount point /mnt/dir". If I do an ls -a I can see the dir, but when adding the l option to ls it does not show up. fuser returns for the dir, Input/output error I apologize if this has nothing to do with Samba, but I am
2006 Feb 02
0
HEADS UP: Audit integration into CVS in progress, some tree disruption (fwd)
FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org
2015 Jul 13
3
rsync --link-dest and --files-from lead by a "change list" from some file system audit tool (Was: Re: cut-off time for rsync ?)
On Mon, 13 Jul 2015 02:19:23 +0000, Andrew Gideon wrote: > Look at tools like inotifywait, auditd, or kfsmd to see what's easily > available to you and what best fits your needs. > > [Though I'd also be surprised if nobody has fed audit information into > rsync before; your need doesn't seem all that unusual given ever-growing > disk storage.] I wanted to take this
2009 Jun 02
1
how to disable lots of auditd messages?
hello all. My system is centos 5.x and there is no module related auditd there is no process(daemon) related auditd and selinux definately disabled. But I can see lots of auditd messages like below. Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064:65210): user pid=25860 uid=0 auid=0 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?,
2004 Jul 22
2
Potential Patch
Hey folks, Here at USC we have a few changes we make to the source code for various reasons -- and we have to make them for each new version. I always shrugged off sending a patch in because the changes felt very internal, but the more I think about it, the more I think perhaps they would be good for the main tree. Additionally, the more of this that gets into the main tree the easier upgrades
2007 Sep 03
1
Linux User Auditing
Is it possible to audit the Linux User Shell? I am trying to gather what commands a user is running no our systems. Can auditd handle this? TIA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070903/3d4d491d/attachment.html>
2009 Dec 11
1
Auditd fails to start : Connection refused
Greetings: i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end: config_manager init complete Error setting audit daemon pid (Connection refused) type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed Unable to set audit pid, exiting The audit daemon is exiting. Error setting
2006 Jun 05
0
Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS (fwd)
FYI for those working with audit and intrusion detection on FreeBSD. Robert N M Watson ---------- Forwarded message ---------- Date: Mon, 5 Jun 2006 17:01:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: trustedbsd-audit@TrustedBSD.org Subject: Heads up: OpenBSM 1.0a6, per-auditpipe preselection imported to CVS This is a heads up to current@ users
2010 Apr 02
0
Watching a file using auditd
Hi, I am using auditd to monitor files for changes (read and write actually). I found that when auditd is running, it will correctly report files that are read, but will not report changes to a file that is being monitored. But if I stop auditd and load audit rules using auditctl, it will work as expected. Here's the audit rule: -w /tmp/audit-test -p rw -k __monitored__ What am I missing
2007 Jun 07
3
SSH suddenly started failing :(
All of a sudden I can no longer ssh into my server running CentOS 4.5 This is what happens: [john at lt-131-jdl-f7 ~]$ ssh -Y -p 2222 192.168.0.1 john at 192.168.0.1's password: Connection to 192.168.0.1 closed by remote host. Connection to 192.168.0.1 closed. And yes, the account does exist and the password is correct! Looking at the logs, I see this: Jun 7 18:51:37 moray1