Question: How to log every user command executed with or without sudo and forwarding this logs to a central log file? To configure the auditd for logging all user commands please follow the below action plan. 1. Use yum to install the audit package: # yum install audit 2. To start automatically the auditd service at boot time: # chkconfig auditd on 3. add the following lines to /etc/audit/audit.rules. # vi /etc/audit/audit.rules -a exit,always -F arch=b64 -S execve -a … [Read more...] about How to audit all Commands run on OEL 5,6 using auditd
Archives for February 2019
How to change the default permissions on /var/log/audit/audit.log file in CentOS/RHEL
Question: How to configure auditd to change the default permissions on the /var/log/audit/audit.log from 0600 to 0640 and also changing the group ownership of the file? By default it's not possible to change permissions on the /var/log/audit/audit.log file using ACLs, instead "log_group" parameter can be set under the file /etc/audit/audit.conf. The Steps In this example, we would like to change default permissions on the /var/audit/audit.log from 600 to 640 and also changing group from … [Read more...] about How to change the default permissions on /var/log/audit/audit.log file in CentOS/RHEL
A File Is Claimed to Be Disappearing – How to monitor a file for deletion in Linux
Question: A file seems to be disappearing and no direct reason for its disappearance can be found. How can we monitor the file access, especially the deletion of a particular file in CentOS/RHEL system? A file can be monitored through its lifecycle by using the Linux auditd service. The Steps 1. To install it on CentOS or RHEL, run: # yum install audit 2. To enable the service at boot time, run: # chkconfig auditd on # For CentOS/RHEL 6 # systemctl enable auditd # For … [Read more...] about A File Is Claimed to Be Disappearing – How to monitor a file for deletion in Linux
How to Stop Audit Log Entries Written to System Logs in CentOS/RHEL 6
This post explains how to stop audit log entries written to system logs. 1. Check the file /etc/audisp/plugins.d/syslog.conf. By default, the file "/etc/audisp/plugins.d/syslog.conf will have the below line. args = LOG_INFO This will allow syslog to log audit logs into /var/log/messages. In addition audit.d will log all the audit events to /var/log/audit/audit.log too and this is the data normally we use to check audit events. 2. Duplicating the entries in /var/log/messages is not … [Read more...] about How to Stop Audit Log Entries Written to System Logs in CentOS/RHEL 6
GUDS – A Script for Gathering Solaris Performance Data
Whats is GUDS? The GUDS script is a ksh script designed to collect the data needed to analyze performance issues. The script collects a specific set of files and runs a series of operating system utilities, the selection of which are based on the specified level. The duration, number of iterations, and other variables are provided to the script either as a set of command line arguments or are prompted for input in interactive mode. The collected data is then packaged and compressed in a … [Read more...] about GUDS – A Script for Gathering Solaris Performance Data
TSPITR fails With RMAN-06553
The Problem TSPITR fails With RMAN-06553 when the tablespace (using OMF files) is dropped including contents and datafiles: RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: =========================================================== RMAN-03002: failure of recover command at 10/22/2015 16:43:08 RMAN-03015: error occurred in stored script Memory Script RMAN-06553: DB_CREATE_FILE_DEST … [Read more...] about TSPITR fails With RMAN-06553
How to Recover A Dropped Tablespace Using TSPITR
The Basics RMAN automatic Tablespace Point-In-Time Recovery ( TSPITR) enables you to quickly recover one or more tablespaces in an Oracle database to an earlier time, without affecting the state of the rest of the tablespaces and other objects in the database. Prior to the 11.2 version, the TSPITR had a restriction of not being able to recover the dropped tablespace. From 11.2 this limitation no longer exists. We can recover the dropped tablespace using TSPITR. Example The below example … [Read more...] about How to Recover A Dropped Tablespace Using TSPITR
Oracle Tablespace Transport for a Single Partition
Prior to 11g, there is a restriction on transporting tablespaces for a single partition. Starting in RDBMS version 11g, transport of a tablespace for a single partition and plugging it into another database is now supported. This note shows the process to follow in order to achieve this. Steps 1. Create the partitioned table: SQL> CREATE TABLE rptg_pd 2 ( 3 a varchar2(5), 4 period_dt date, 5 b number) 6 PARTITION BY RANGE (period_dt) 7 ( 8 PARTITION mv_period_dt_1994 VALUES … [Read more...] about Oracle Tablespace Transport for a Single Partition
How To Convert A Partitioned Table To A Non-Partitioned Table Using DataPump In Oracle 11g and 12c
The Basics A new import DataPump parameter PARTITION_OPTIONS has been introduced with 11g. The allowed values are: NONE - Creates tables as they existed on the system from which the export operation was performed. This is the default value. DEPARTITION - Promotes each partition or subpartition to a new individual table. The default name of the new table will be the concatenation of the table and partition name or the table and subpartition name, as appropriate. MERGE - Combines all … [Read more...] about How To Convert A Partitioned Table To A Non-Partitioned Table Using DataPump In Oracle 11g and 12c
Step By Step Guide To Create Physical Standby On Normal File System For ASM Primary using RMAN
This post covers the detailed steps for creating a physical standby database on a normal file system using RMAN for a primary database in ASM. Overview Here the Standby database can be created using the following 2 methods: Normal Restore and Recovery using RMAN. Creating a Duplicate database for Standby using RMAN. Method 1 Perform the backup of the ASM primary database ( Datafiles, Controlfile for standby and Archivelogs ) Make the backup pieces available on the Standby … [Read more...] about Step By Step Guide To Create Physical Standby On Normal File System For ASM Primary using RMAN