When I run god without sudo then god is not able to find event system . However when I run with sudo god able to find event system.
$ god -V
Version: 0.13.2
Polls: enabled
Events: none
$ sudo god -V
Version: 0.13.2
Polls: enabled
Events: netlink
about My M/c .. I'm using "Linux 3.2.0-38-virtual #61-Ubuntu SMP Tue Feb 19 12:37:47 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux"
Please help me
Reading the God website:
you need to sudo if you're using events on Linux or want to use the setuid/setgid functionality
System event listening require root permissions, so sudo is required. Also, if you want god to spawn processes under different user ID from your own, sudo is equally required. This is the basic permission requirement in UNIX.
Related
I'm investigating about kernel security using Docker. I'm testing seccomp and it works very well on Debian and Ubuntu, but It's not working on Kali Linux.
Example:
I created a simple json file called sec.json with this content:
{
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": [
{
"name": "mkdir",
"action": "SCMP_ACT_ERRNO"
}
]
}
It' suppossed that running a container using seccomp and this file will produce that you are not able to use mkdir command inside the container. This is the docker run command:
docker run --rm -ti --security-opt seccomp=/path/to/sec.json ubuntu:xenial sh
As I said it works very well on Debian and Ubuntu, but on Kali Linux I got this error:
docker: Error response from daemon: linux seccomp: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile.
My docker-engine version is 17.05.0-ce and my Kernel is 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux. I googled about this and is quite strange. It is suppossed that seccomp is supported if you can check this:
cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
I got as a result:
CONFIG_SECCOMP=y
So it's suppossed that it's supported. What am I missing or what is the explanation about this is not working on Kali? Thanks.
Ok I found this post. I'll try to answer myself:
https://github.com/moby/moby/issues/26497
Is quite similar. I checked my docker info output and on Ubuntu and Debian I have the Security Options: seccomp and I have nothing on Kali.
The possible explanation is the libseccomp2 package which contains the needed library is too old. Maybe if the Kali staff update the library it could be supported.
Use
echo 'apt::sandbox::seccomp "false";' > /etc/apt/apt.conf.d/999seccomp
That should work.
I had an upstart service which worked fine in trusty by simply storing my conf at /etc/init/test.conf. Now that I've upgraded to Xenial 16.04.2 LTS I'm having problems where the service isn't found.
Is a systemd script required now? If you can still have a upstart with just the conf file, what must I do to resolve this?
Here's an example from digital ocean which demonstrates the problem:
ubuntu#vagrant:~$ sudo ls -la /etc/init/test.conf
-rw-r--r-- 1 root root 126 Mar 24 10:54 /etc/init/test.conf
ubuntu#vagrant:~$ sudo cat /etc/init/test.conf
description "Job that runs the foo daemon"
start on runlevel [2345]
exec echo Test Job ran at `date` >> /var/log/testjob.log
ubuntu#vagrant:~$ sudo service test status
● test.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
ubuntu#vagrant:~$ sudo service test start
Failed to start test.service: Unit test.service not found.
Xenial Xerus uses systemd instead of upstart. From the release notes for Xenial:
Users of Ubuntu 15.10 or Debian Jessie may already be familiar with systemd, which is now the default init system for the majority of mainstream GNU/Linux distributions. On Ubuntu, systemd supplants Canonical's Upstart.
If you make use of custom init scripts, or routinely configure long-running services, you will need to know the basics of systemd. For an overview, read Systemd Essentials: Working with Services, Units, and the Journal.
This guide may also be useful, from when Vivid came out.
I have a LAMP configurated server AMD64 with Ubuntu 14.04 and Apache2 on an EC2 instance.
I followed the official guide here, so first
I downloaded the sitemap_linux-x86_64-beta1-20091231.tar.gz and unpacked it
Then I typed sudo sitemap-install/install.sh –-apache-bin=/usr/sbin/apache2 and here comes my problem:
What is the location of the Apache binary or control script?
[/usr/sbin/apache2] should support -V option.
/usr/sbin/apache2 is not a supported Apache binary or control script.
I'm sure about the location, infact if I restart Apache from the log file I can see AH00094: Command line: '/usr/sbin/apache2'. I have also tried using this as location /usr/sbin/apache2ctl but no way.
I tried searching on Google for days without find anything.
Why I cannot install the Google Sitemap Generator using /usr/sbin/apache2 as location of my Apache?
UPDATE
if I type apache2 -V the output is a list of warning Invalid Mutex directory in argument file:${APACHE_LOCK_DIR} but it's because the request output from the /usr/sbin/apache2 binary directly and so the /etc/apache2/envvars file isn’t sourced as explained here
Doesn't the documentation say to use -a and not --apache-bin, so you should be doing:
sudo sitemap-install/install.sh –a /usr/sbin/apache2
Both my apache2 binary and my apache2ctl control script understand the -V argument:
root#:~# apache2 -V
Server version: Apache/2.2.22 (Ubuntu)
Server built: Jul 24 2015 17:25:42
root#:~# apache2ctl -V
Server version: Apache/2.2.22 (Ubuntu)
Server built: Jul 24 2015 17:25:42
Looks to me like you should be doing this:
sudo sitemap-install/install.sh –-apache-bin=/usr/sbin/apachectl
Also the /usr/sbin/apachectl is likely a soft link so just run an ls -la on that if you want to know the real location.
I am running Centos 6.5 (Kernel Linux jspring 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux) and I was wondering if someone could assist - Im installing Fail2Ban through yum however when I go to run it I am getting the following error;
service fail2ban start
Starting fail2ban: ERROR Directory /var/run/fail2ban exists but not accessible for writing
[FAILED]
If anyone could advise me how to fix this that would be great.
Thanks!
There are several things that could be causing this.
First make sure the permissions and ownership are correct as the other answers state. The directory permissions should be drwxr-xr-x (a.k.a. 644) and it should be owned by root:root.
Now make sure you are attempting to run the start command with the proper authority. If service fail2ban start does not work, try sudo service fail2ban start. Using sudo is recommended but you could also switch to or login as the root user.
You may also want to reboot after you get it running and then run sudo service fail2ban status to make sure it successfully started up again.
You need to set the appropriate rights on the mentioned directory:
drwxr-xr-x root:root
You should set the permissions like this: chmod -R 644 /var/run/fail2ban/
As people have mentioned, this is clearly a permissions issue. I'm not sure if this applies to your version but fail2ban in 2018 has a client, run as:
sudo fail2ban-client start
(or restart or status). It must be run as sudo though.
As is documented in the official commands list here the command fail2ban start <jail> is clearly used to start jails and not to start fail2ban. So you completely missunderstood it's usage.
Try to first stop and then quickly start again the jail sshd that is enabled by default:
fail2ban-client stop sshd
fail2ban-client start sshd
Hey! It works!
So, I need to run this command:
vnstat -tr
But as a user I just created, not as root, as root it works fine, but as a regular user I get this:
Error: Unable to get interface "eth0" statistics.
Error: Interface "eth0" not available, exiting.
Operating system: Debian Linux 6.0.6
The problem was grsecurity locking /proc/net/dev from viewing it by users. The solution was to downgrade from ovhs linux core from 3.10.X to 3.8.13.