• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Configure Interface(s) in promiscuous mode on CentOS/RHEL 7 (persistently)

by admin

What is Promiscuous mode

Promiscuous mode or promisc mode is a feature that makes the ethernet card pass all traffic it received to the kernel. It is usually used by a packet sniffing program like Wireshark, and tcpdump. If there was such program intentionally running or bridged networking for hardware virtualization, the “promiscuous mode” message might be simply ignored. Otherwise, deep investigation on that system will be required due to a security issue.
When there is no audit daemon running on the system, the “audit” message will be logged into /var/log/messages file instead of /var/log/audit/audit.log file. They are informational messages for kernel auditing.

The option PROMISC has been fully deprecated from initscripts in RHEL 7.

# grep PROMISC -B 1 /usr/share/doc/initscripts-9.49.41/sysconfig.txt
        No longer supported:
         PROMISC=yes|no (enable or disable promiscuous mode)

So, in order to configure interface(s) in promiscuous mode permanently, follow the steps given below.

Configuring Promiscuous mode on Interface in CentOS/RHEL 7

1. Create a custom systemd unit file using an editor such as vi or vim.

# vi /etc/systemd/system/promisc.service

2. A oneshot using a oneline command can be used.

Single Interface Example

In the example below only one interface is being placed into promiscuous mode:

# cat /etc/systemd/system/promisc.service 
[Unit]
Description=Bring up an interface in promiscuous mode during boot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link set dev ens9 promisc on
TimeoutStartSec=0
RemainAfterExit=yes

[Install]
WantedBy=default.target

Multiple Interfaces Example

Below example is setting more than one interface into promiscuous mode:

# cat /etc/systemd/system/promisc.service 
[Unit]
Description=Makes an interface run in promiscuous mode at boot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link set dev ens9 promisc on
ExecStart=/usr/sbin/ip link set dev ens12 promisc on
TimeoutStartSec=0
RemainAfterExit=yes

[Install]
WantedBy=default.target

3. Ensure that systemd is now aware of the new service:

# systemctl daemon-reload

Verification

Reboot the server and check to see if the interface is in promiscuous mode:

# reboot
# ip addr
1: lo: [LOOPBACK,UP,LOWER_UP] mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens9: [BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:fe:7d:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.203/24 brd 192.168.122.255 scope global dynamic ens9
       valid_lft 3398sec preferred_lft 3398sec
3: ens12: [BROADCAST,MULTICAST] mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:54:00:9f:37:9e brd ff:ff:ff:ff:ff:ff
4: ens10: [BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether 52:54:00:30:ef:19 brd ff:ff:ff:ff:ff:ff
5: ens11: [BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether 52:54:00:30:ef:19 brd ff:ff:ff:ff:ff:ff
6: bond0: [BROADCAST,MULTICAST,MASTER,UP,LOWER_UP] mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:30:ef:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.95/24 brd 192.168.122.255 scope global dynamic bond0
       valid_lft 3396sec preferred_lft 3396sec

The interface ens9 is now in promiscuous mode upon boot.

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. How To Add New Disk to An Existing Diskgroup on RAC Cluster or Standalone ASM Configuration
  2. tune2fs: command not found
  3. passwd Command Examples in Linux
  4. pinky Command Examples in Linux
  5. id: command not found
  6. How to Rebuild GRUB on MSDOS Partition Type in CentOS/RHEL/OEL 7
  7. mpstat: command not found
  8. Repairing filesystem issues at Boot in CentOS/RHEL 7 and 8
  9. Understanding multipath Utility to Configure DM-Multipath
  10. chrt : command not found

You May Also Like

Primary Sidebar

Recent Posts

  • nixos-rebuild Command Examples in Linux
  • nixos-option: Command Examples in Linux
  • nixos-container : Command Examples in Linux
  • nitrogen Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright