One of the .beam files of one of my application deps is being deleted and I am not sure by what/how.
Is there a way to monitor or audit a file to see what happens when it is deleted?
I'm using RedHat distro.
Yes, you can use the audit daemon. You did't say which Linux distro. Red Hat based systems contain auditd, and you can use auditctl to add rules.
To watch a directory recursively for changes:
auditctl -w /usr/local/someapp/ -p wa
To watch system calls made by a program with pid of 2021:
auditctl -a exit,always -S all -F pid=2021
Check the man page for auditctl.
Results will be logged to /var/log/audit/audit.log
To ensure it's running.
/etc/init.d/auditd status
For a more thorough approach, you could use tripwire or OSSEC, but they're geared more toward intrusion detection.
You can monitor your Linux file system using aide. AIDE means Intrusion Detection Software to Monitor Changes.
Steps:
Install AIDE #yum install aide -y
Configuration AIDE // PERMS=p+i+u+g+acl+selinux
Initialize the AIDE database #aide –-init
Check the file system changes #aide –-check
To get more details you can visit below link
http://topicsfeedback.com/linux-system-monitoring-tools/
or you may download best android apps about advance Linux in your phone to get instant access
https://play.google.com/store/apps/details?id=com.topicsfeedback.advancelinux
Related
To start, I am entirely new to Linux and am doing this as part of my final year project at university, I have never used linux before a few weeks ago and I have been hitting roadblock after roadblock trying to get snort installed and working for 6-7 weeks now (1-4 hours a week) among my other modules.
I have a virtual machine running Ubuntu latest release. the VM has 2 network interfaces, one is for access to the internet and the other going to be used to feed pcap files into with tcpreplay, this is named intnet in VM settings, and enp0s8 in Linux. I used the command lines sudo apt install -y snort and snort -v -c /etc/snort/snort.conf which I found Here and Here respectively. I used the first link after resetting my VM for the 3rd time and could not get snort to find LUAJit. after this I ran wget https://www.snort.org/downloads/community/community-rules.tar.gz -O community-rules.tar.gz and finally tar -xvzf community.tar.gz -C /etc/snort/rules from the snort website, found Here under Step 3. note I had to change the last command to tar -xvzf community-rules.tar.gz -C /etc/snort/rules to get it to work, not sure if this is a mistake on the website or on my end.
When i run snort using snort -v , to run in verbose mode, there are no errors or warnings, but when I use snort -i enp0s8 for the specific network I want to use I get a warning that is something about no pre-processors for policy 0. This is an error I had a lot while trying to install snort at all let alone work with it. I have also noticed that there is a test using snort -t (possibly uppercase T, can't remember), I get an error regarding not using a rules file, but then when I use the snort -c to specify community-rules I can't seem to get it to accept the rules file although this is just because I'm assuming test is a general test of the program, might be wrong about that.
This is beginning to really stress me out, to the point of making this account just to see if anyone can help.
any help is much appreciated, it is almost midnight I will be back on tomorrow morning so sorry if I don't reply for a while
tl;dr snort monitoring wrong interface,, using -i gives pre-processor warning, -t says no rules file and -c will not recognise rules file
I'm new here, so apologies if this is the wrong forum, but I do need to debug this setup script so it seems appropriate enough.
I bought a USB WiFi chip on Amazon (the Ourlink AC600) which uses the Realtek 8811CU chipset and the installation script it comes with for Linux is giving me errors right off the bat.
I tried more or less to debug but I'm simply awful with shell scripts so I didn't make too much progress. Here's the output of running chmod +x install.sh && /install.sh:
##################################################
Realtek Wi-Fi driver Auto installation script
November, 21 2011 v1.1.0
##################################################
Decompress the driver source tar ball:
tar: Old option 'f' requires an argument.
Try 'tar --help' or 'tar --usage' for more information.
rtl8821CU_WiFi_linux_v5.2.5.1_22211.20170517_COEX20170310-1212.rar
./install.sh: line 25: cd:
rtl8821CU_WiFi_linux_v5.2.5.1_22211.20170517_COEX20170310-1212.rar: Not a
directory
Authentication requested [root] for make clean:
make: *** No rule to make target 'clean'. Stop.
Authentication requested [root] for make driver:
make: *** No targets specified and no makefile found. Stop.
##################################################
Compile make driver error: 2
Please check error Mesg
##################################################
After I figured it was trying to decompress an archive that wasn't there (as the only archive present is a .rar) I edited the script to search for rar files instead (by changing the variable to grep .rar instead of .tar.gz on line 18 and 23). I then changed the tar extraction command to "unrar e" as it was no longer trying to extract a tar ball. When I ran it I got this output. Pastebin as it's rather long.
And while I would go ahead and check the error message, the driver package includes no such references. Evidently next time I should buy from a name brand.
Here's pastebins of the contents of install.sh and the respective Makefile the script uses, as they seem important. If anyone has any ideas, is in need of more info, or has a working driver for the 8811CU, please let me know! As I'm a total newbie when it comes to debugging driver install scripts, any pointers would be appreciated. Thanks in advance.
And I'm on Ubuntu 18.04.1 for reference.
I bought the same thing (Ourlink AC600) from Amazon too two weeks ago. I did not try the Linux driver from the CD because it's dated 2015. I also tried ourlink.us website but the driver download link lead to a dead-end. However, I managed to just install it on my ubuntu box today after some web-digging. Here are my setup/steps:
Dell core duo desktop (wired only) with Ubuntu 18.04.1 (up-to-date via: sudo apt-get update)
Plugin the AC600, turn on desktop, login.
Make sure you have required build package (via: sudo apt-get install linux-headers-generic build-essential git)
git clone https://github.com/gnab/rtl8812au (download with your wired connection. Also, I did this in ~/Downloads dir to keep my home dir clean)
cd rtl8812au
sudo make (Only see one or two warnings saying that some code will never be executed, ignore them)
sudo make install (do this only after the driver is built in step 6)
Reboot, unplug your wired network line.
Log back in and click upper-right corner down-triangle, click wireless connection and set it up.
My Ubuntu box goes wireless now. That's how I did it. Hope this helps!
Currently I'm experimenting with the Cell/BE CPU under Linux. What I'm trying to do is running simulations in the near future, e.g. about the weather or black holes.
Problem is, Linux only discovers the main CPU of the Cell (the PPE), all other SPUs (7 should be available to Linux) are "sleeping". They just don't work out of the box.
What works is the PPE and it's recognized as a two-threaded CPU with one core by the OS. Also, the SPEs are shown at every boot (with small penguins showing a red "PPE" in them), but afterwards are shown nowhere.
Is it possible to "free" these specialised cores for use by the Linux OS? If so, how?
As noone seems to be interested or can answer this question I'll provide the details myself.
In fact there exists a workaround:
First, create an entry point for the SPUFS:
# sudo mkdir /spu
Create a mount point for the filesystem so you won’t have to manually mount after a reboot. Add this line to /etc/fstab
spufs /spu spufs defaults 0 0
Now reboot and test to make sure the SPUFS is mounted (in a terminal):
spu-top
You should see the 7 SPEs running with 0% load average.
Now Google for the following package to get the runtime library and headers you need for SPE development:
libspe2-2.3.0.135.tar.gz
You should find it on the first hit. Just unpack, build, and install it:
./configure
make
sudo make install
You can ignore the build warnings (or fix them if you have obsessive compulsive disorder).
You can use pkg-config to find the location of the runtime and headers though they are in /usr/local if I recall.
You of course need the gcc-spe compiler and the rest of the PPU and SPU toolchains but those you can install with apt-get as they are in the repos.
Source: comment by Exillis via redribbongnulinux.000webhostapp.com
While creating an rpm spec file I have created a new user and group in the %pre section. This new user does not however have permission to login from from shell for security purposes. Now when I install the rpm this new user is successfully created. However, I wish to start the installed rpm service with the newly created user. Currently I simply write; 'filePath/file.exe file.cfg' to execute the file.exe with its configuration file i.e. file.cfg in my 'init.d' file to start the service. How can I modify this command to start the same service but with the user that I created while installing the rpm? Basically I want to execute the program in my init.d file but through a different user, like I would have done with sudo if my required user was the super user. Any feedback will be highly appreciated.
Your initial starting point both for installing the rpm and for running the service is privileged. For instance, on my CentOS 6 machine, I see in /etc/passwd
games:x:12:100:games:/usr/games:/sbin/nologin
but running as root, I can do this:
$ sudo -u games /bin/sh
sh-4.1$ echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin
sh-4.1$ id
uid=12(games) gid=100(users) groups=100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh-4.1$ cd
sh-4.1$ pwd
/usr/games
In your service script, you can use sudo to run a given process as another user (though a quick check of the same machine does not show this being done).
#msuchy points out that runuser may be preferable. I see that this is relatively recent (according to Ubuntu runuser command?, appeared in util-linux 2.23 -- lacking a date makes release notes less than useful...). The oblique comments in its documentation about PAM make it sound as if this circumvents some of the security checks. Perhaps someone has a better comment about that.
I have encountered numerous problems in the installation of Wireshark, and the capture of USB traffic, especially due to user permissions.
How to install Wireshark on Linux and capture USB traffic?
Tested on Ubuntu 14.04, but probably works on other distributions since none of the steps are specific to Ubuntu.
The first time you follow the tutorial, do all the steps 1 -> 7.
When you restart your computer, you have to repeat steps 6 and 7 to see the USB interfaces in Wireshark.
Install Wireshark and libpcap:
sudo apt-get install wireshark libpcap0.8
For Debian, Ubuntu and other Debian derivatives, continue to step 3.
For other Linux based systems or other installation methods, see the Wireshark Wiki, then go to step 6.
Reconfigure wireshark to allow non-superusers to track packets:
sudo dpkg-reconfigure wireshark-common
Select <Yes> in the prompt
Add your username to the "wireshark" usergroup:
sudo usermod -a -G wireshark <your_username>
You can verify if it’s done correctly by displaying the groups your username is part of:
groups <your_username>
If not, you can add the group "wireshark" manually:
groupadd wireshark
And then add your username to the group (see above)
Important: Logout of your session, then log back in.
This step depends on the kernel version that is installed on your machine. To know the version of your kernel, type:
uname -r
For versions of the kernel prior to 2.6.21, if debugfs is not already mounted on /sys/kernel/debug, ensure that it is mounted there by issuing the following command:
sudo mount -t debugfs / /sys/kernel/debug
For kernel version 2.6.21 and later, load the loadable module usbmon in the Kernel:
`sudo modprobe usbmon`
See [Wireshark Wiki](https://wiki.wireshark.org/CaptureSetup/USB#Linux) for more information about this differentiation.
If the usbmon interfaces don't appear in Wireshark, look for interfaces using dumpcap (the command-line tool of Wireshark):
sudo dumpcap -D
You should see the usbmon* interfaces. Now display the permissions of the usbmon interfaces:
ls -l /dev/usbmon*
If the usbmon* files have 'crw-------', then it's normal that Wireshark cannot read them because it's not run as root. Do not execute wireshark in root mode, it may damage files. Instead, you can give it regular users privileges :
sudo setfacl -m u:$USER:r /dev/usbmon*
Now the usbmon interfaces should appear in Wireshark.
Sources:
https://wiki.wireshark.org/CaptureSetup/USB#Linux
https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Most_UNIXes
https://unix.stackexchange.com/questions/55722/wireshark-couldnt-run-usr-sbin-dumpcap-in-child-process
http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup