• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Archives for June 2018

How to use auditd to monitor a specific SYSCALL

by admin

A SYSCALL happens whenever a user executes a command that requests that the Linux kernel provide a service. There are several SYSCALL like mount, umount, kill, open etc. These SYSCALLs can be monitored with the auditd system. Let’s take “kill” SYSCALL as an example. The user wants to capture who has killed a certain process […]

Filed Under: CentOS/RHEL 5, CentOS/RHEL 6, CentOS/RHEL 7, Linux

Slow SSH login due to unreachable rsyslog server

by admin

The problem We faced this weired issue last week, where the SSH to the servers was too slow. SSH to the Linux servers was taking long time around 30 seconds to 1 minute. SSH got stuck at the below prompt and no option to enter password for 30 seconds and password prompt was displayed but […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

/etc/rsyslog.conf – Setup a Filter to Discard or Redirect Messages

by admin

The post outlines steps to create a Property-Based Filter to Discard( suppress ) a particular message or redirect program messages to a particular log file. The syntax The systax to write a Property-Based Filter is as shown below: :[Available Properties], [compare-operations], [customized expression] [path/log file] From the man page of rsyslog.conf The Discard Action (~) […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

How to monitor the Mounting/Umounting of Mount Points Using Auditd on CentOS/RHEL 6,7

by admin

So the ask here is that how do we determine which user or system process is umounting or mounting a particular mount point. The mounting and umounting of a mount point can be monitored with the help of auditd. auditd is a userspace component to the Linux auditing system. This means that system users will […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

How to enable SFTP Logging without chroot in CentOS/RHEL

by admin

Secure File Transfer Protocol (SFTP) is a great tool for performing secure file transfers. This is a short note to explain how to enable sftp logging without chroot. 1. To enable logging of sftp-server in /var/log/messages, add command-line arguments to the Subsystem sftp line in /etc/ssh/sshd_config # vi /etc/ssh/sshd_config Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE Restart […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

How to Change Default Permission of /var/log/messages in CentOS/RHEL

by admin

By default, /var/log/messages* are created with read-write permissions for ‘root’ user only. There might be a requirement to make the log files world readable for eg to allow an application to read and process the data in it. Changing the permissions on such files using ‘chmod’ might be a temporary solution as they will be […]

Filed Under: CentOS/RHEL 4, CentOS/RHEL 5, CentOS/RHEL 6, CentOS/RHEL 7, Linux

Rsyslog : How to Send log files to remote server in CentOS/RHEL 6,7

by admin

Need of a Centralized Rsyslog Server Every *NIX system has some sort of logging facility that will produce text logs that can be written into an arbitrary location on a storage device (normally, defaulting to a local disk partition). Now, this is essential but can also produce issues like: You need to have adequate storage […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

How to send Audit Logs to Remote Rsyslog Server in CentOS/RHEL 6,7

by admin

This short note explains steps to direct audit logs to remote rsyslog server on a CentOS/RHEL 6,7 Server. Server Side Configuration Perform these steps to set up the syslog server: 1. Uncomment the following lines in the ‘MODULES‘ section of /etc/rsyslog.conf: # vi /etc/rsyslog.conf $ModLoad imtcp $InputTCPServerRun 514 If you are using UDP then uncomment […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

How to monitor /etc/shadow and /etc/passwd file for changes with Auditd?

by admin

System auditing is a very important task that should be a part of every server. It allows us to audit minute details related to what exactly is happening within the system. Most system administrators might be aware of basic auditing functionalities such as looking into /var/log/secure file for login attempts, but when it comes to […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

How to Configure rsyslog to Filter/discard Specific IP Address in CentOS/RHEL 6,7

by admin

The post explains how to configure rsyslog to filter messages with a specific IP address and drop those messages. By default, syslog doesn’t consist of any advance filtering like rsyslog. Follow below steps to configure rsyslog to filter messages with specific IP address. 1. Install rsyslog if it is not already present on the system. […]

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

« Previous Page
Next Page »

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright