Question: How to log every user command executed with or without sudo and forwarding this logs to a central log file? To configure the auditd for logging all user commands please follow the below action plan. 1. Use yum to install the audit package: # yum install audit 2. To start automatically the auditd service at boot time: # chkconfig auditd on 3. add the following lines to /etc/audit/audit.rules. # vi /etc/audit/audit.rules -a exit,always -F arch=b64 -S execve -a … [Read more...] about How to audit all Commands run on OEL 5,6 using auditd
Archives for February 2019
How to change the default permissions on /var/log/audit/audit.log file in CentOS/RHEL
Question: How to configure auditd to change the default permissions on the /var/log/audit/audit.log from 0600 to 0640 and also changing the group ownership of the file? By default it's not possible to change permissions on the /var/log/audit/audit.log file using ACLs, instead "log_group" parameter can be set under the file /etc/audit/audit.conf. The Steps In this example, we would like to change default permissions on the /var/audit/audit.log from 600 to 640 and also changing group from … [Read more...] about How to change the default permissions on /var/log/audit/audit.log file in CentOS/RHEL
A File Is Claimed to Be Disappearing – How to monitor a file for deletion in Linux
Question: A file seems to be disappearing and no direct reason for its disappearance can be found. How can we monitor the file access, especially the deletion of a particular file in CentOS/RHEL system? A file can be monitored through its lifecycle by using the Linux auditd service. The Steps 1. To install it on CentOS or RHEL, run: # yum install audit 2. To enable the service at boot time, run: # chkconfig auditd on # For CentOS/RHEL 6 # systemctl enable auditd # For … [Read more...] about A File Is Claimed to Be Disappearing – How to monitor a file for deletion in Linux
How to Stop Audit Log Entries Written to System Logs in CentOS/RHEL 6
This post explains how to stop audit log entries written to system logs. 1. Check the file /etc/audisp/plugins.d/syslog.conf. By default, the file "/etc/audisp/plugins.d/syslog.conf will have the below line. args = LOG_INFO This will allow syslog to log audit logs into /var/log/messages. In addition audit.d will log all the audit events to /var/log/audit/audit.log too and this is the data normally we use to check audit events. 2. Duplicating the entries in /var/log/messages is not … [Read more...] about How to Stop Audit Log Entries Written to System Logs in CentOS/RHEL 6
GUDS – A Script for Gathering Solaris Performance Data
Whats is GUDS? The GUDS script is a ksh script designed to collect the data needed to analyze performance issues. The script collects a specific set of files and runs a series of operating system utilities, the selection of which are based on the specified level. The duration, number of iterations, and other variables are provided to the script either as a set of command line arguments or are prompted for input in interactive mode. The collected data is then packaged and compressed in a … [Read more...] about GUDS – A Script for Gathering Solaris Performance Data
TSPITR fails With RMAN-06553
The Problem TSPITR fails With RMAN-06553 when the tablespace (using OMF files) is dropped including contents and datafiles: RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: =========================================================== RMAN-03002: failure of recover command at 10/22/2015 16:43:08 RMAN-03015: error occurred in stored script Memory Script RMAN-06553: DB_CREATE_FILE_DEST … [Read more...] about TSPITR fails With RMAN-06553