Sending audit logs to remote syslog
by urgrue
Hi,
I'm trying to get audisp to forward logs to a remote syslog server,
using the au-remote plugin.
Is there any way to make this work directly, or is my only choice to go
through the local syslog and forward from there?
With the below settings I can indeed get the stop/start messages of
audit in my remote syslog, though slightly garbled, but nothig else.
Presumably it recognizes the failure and gives up?
And no, unfortunately I can't use auditd to listen on the remote host,
it has to be syslog.
au-remote.conf:
active = yes
direction = out
path = /sbin/audisp-remote
type = always
format = string
audisp-remote.conf:
remote_server = <remote server name>
port = 514
transport = tcp
mode = immediate
queue_depth = 200
format = managed
network_retry_time = 1
max_tries_per_record = 3
max_time_per_record = 5
heartbeat_timeout = 0
network_failure_action = stop
disk_low_action = ignore
disk_full_action = ignore
disk_error_action = syslog
remote_ending_action = suspend
generic_error_action = syslog
generic_warning_action = syslog
enable_krb5 = no
krb5_client_name = auditd
13 years, 6 months
Preupgrading headless remote systems
by Steve Berg
So far I've had very good luck with preupgrade for 12 to 14 and 13 to 14
systems. There's one annoyance that is causing me some headache. I have
a couple of systems that are headless and remote that I'd like to do a
preupgrade on but I can't seem to get things started without some local
keyboard interaction.
I need let preupgrade and/or anaconda know that it's supposed to use eth0
(some systems have more than one NIC). And I need to specify the language
and keyboard layouts from within preupgrade and or the grub entry that
launches the upgrade.
Currently I run preupgrade and then manually tweak /boot/grub/grub.conf to
load the 14 installer automatically with a vnc session waiting for a
connection. But this only happens after I locally tell the system to use
English, a US keyboard and (sometimes) eth0. It's causing me to hold off
on upgrading some systems until I can prove that I can get the 14
installer to launch all the way into the VNC session being ready with no
local interaction necessary.
--
* Stephen Berg *
* sberg(a)mississippi.com *
* Sinners can repent, *
* But stupid is forever. *
13 years, 6 months
OT ? I'm about this close to buying an iPad...
by linux guy
Hi people.
I need to vent... I'm getting frustrated with Linux. Well, not Linux
per se, and not Fedora, but the whole experience part of things.
I desperately need to do something about the audio system in my car.
Its got a head unit that doesn't have an aux in, nor does it support
mp3s, etc. It needs to be replaced ASAP.
I also need navigation, desperately.
Its been that way for a while. I considered doing a car PC. I didn't
like all the engineering required to do that, so I nixed it. I
considered embedding a HP Tablet in the dash. I took a close look at
them and nixed it due to display issues, heat, etc.
So I've been waiting and waiting. I considered buying a dedicated head
unit with nav but the screens are too small and they seem to go out of
date faster than bread on the counter.
Along comes the iPad. And it seems to do everything I want. Plays
MP3s. Does nav. Bright screen. Affordable. And if you check youtube,
lots of people have embedded them in cars.
But being an OS guy, I want a machine running Linux, not iOS or whatever
its called. Where is it ? I keep reading stories about dozens of
tablet devices running Linux/Android/Meego on Slashdot, but where are
they ?
While I have your attention, I also own a Nokia N900 phone. Right now
its running Maemo, which works, but is hardly what one would call
elegant. Actually, there are some things that don't work, but that is
another story. Nokia is saying they will be shipping Meego in October.
I have my fingers crossed.
Another thing I am waiting on is KDE 4.6. I am pretty disappointed by
KDE 4.5 I know it was a bug fix release, but I expected more.
At this point I REALLY have to applaud Apple. They really seem to have
their act together.
The various vendors in the Linux camp really need to get their butts in
gear and start delivering. Hardware companies need to get their
tablets OUT into the market. Nokia et al need to get Meego OUT and get
some nice apps written for it. (Have you looked at the iPad and iPhone
app store lately ?) And the KDE camp needs to finish delivering on
their vision for what KDE 4 is supposed to be.
I wait, growing more impatient day by day.
LG
13 years, 6 months
preupgrade from FC12 to FC14 issues?
by Michael D. Setzer II
I've just used preupgrade to upgrade some systems in my clasroom lab that
has XP and Fedora 12. I had earlier done a test with fedora 13, but it had
some issues the upgrade. The upgrade from 12 to 14 seems to have handled
the problem with the older Nvidia cards these machines have, but there are a
few issues.
I saw the same issue with system-config-display that has been mentioned,
and also found that vim-common and vim-enhanced where still the fc12
version? It also left the 3 fc12 kernels and kmods nvidias for the 3. I removed
those and then installed the fc14 versions of the vim rpms.
The one issue that I'm have trouble with is Flash and firefox. Google chrome
works fine, and I was able to it working with firefox after I did a number of
things. I then tried to figure out exactly what I did, and it didn't work on
another machine?
Even the machine I got it working on, I then logged in with another user, and
it didn't work for that user?
13 years, 6 months
using audit2allow
by Mickey
Fedora 14 /KDE
This is the real Raw Audit Message.
This location that has a bunch of FAQ's which one is for making
policies, http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385
Where is there a very good instructions on creating policies.
# audit2allow -w -a node=(removed) type=AVC
msg=audit(1288923096.835:99): avc: denied { write } for pid=16148
comm="kdm" name="root" dev=sda1 ino=798
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
bash: syntax error near unexpected token `('
This is the second Audit message of the same , SELinux is preventing
/usr/bin/kdm "write" access on /root
node=(removed) type=SYSCALL msg=audit(1288923096.835:99): arch=40000003
syscall=5 success=no exit=-13 a0=bfdb0c9b a1=c1 a2=180 a3=1 items=0
ppid=5003 pid=16148 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=7 comm="kdm" exe="/usr/bin/kdm"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
13 years, 6 months
sort wierdness
by Neil Bird
I am seeing sort treat '@' specially; in particular, it wanders around
the sort order depending upon the rest of the input line. Anyone have an
explanation? I guess it's something to do with locale, but the input
strings affecting it as well make no sense to me.
$ locale
LANG=en_GB.UTF-8
LC_CTYPE="en_GB.UTF-8"
LC_NUMERIC="en_GB.UTF-8"
LC_TIME="en_GB.UTF-8"
LC_COLLATE="en_GB.UTF-8"
LC_MONETARY="en_GB.UTF-8"
LC_MESSAGES="en_GB.UTF-8"
LC_PAPER="en_GB.UTF-8"
LC_NAME="en_GB.UTF-8"
LC_ADDRESS="en_GB.UTF-8"
LC_TELEPHONE="en_GB.UTF-8"
LC_MEASUREMENT="en_GB.UTF-8"
LC_IDENTIFICATION="en_GB.UTF-8"
LC_ALL=
sort input:
Abbot', 'COMP
CobraP', 'COMP
CobraU', 'COMP
@', 'COMP
CTM', 'COMP
Jobby', 'COMP
gives:
Abbot', 'COMP
CobraP', 'COMP
CobraU', 'COMP
@', 'COMP
CTM', 'COMP
Jobby', 'COMP
sort input:
Abbot', 'C
CobraP', 'C
CobraU', 'C
@', 'C
CTM', 'C
Jobby', 'C
gives:
Abbot', 'C
@', 'C
CobraP', 'C
CobraU', 'C
CTM', 'C
Jobby', 'C
sort input:
Abbot',
@',
CobraP',
CobraU',
CTM',
Jobby',
gives:
@',
Abbot',
CobraP',
CobraU',
CTM',
Jobby',
'LC_ALL=C sort' gives that last order, nomatter the input, as I'd expect.
--
[neil@fnx ~]# rm -f .signature
[neil@fnx ~]# ls -l .signature
ls: .signature: No such file or directory
[neil@fnx ~]# exit
13 years, 6 months
I have lost the ability to save music in MP3 format [SOLVED....sort of]
by Paul Otheim
I had written asking if anyone had experienced the loss of the ability to
save files in MP3 format. There were several helpful suggestions,
unfortunately none of them panned out. I was going to start checking
permissions as suggested but I could not swallow this as a
solution. It did not seem to make sense that the permissions had changed. I
had not changed them, if an update had been responsible
then others would have run into the problem as well. The other possibility
might have been that someone else had changed them but
no one else here would use my computer without asking and if they did I
would simply have created a separate account for them to use.
Perhaps a remote attacker but I keep my firewall as closed as possible, do
not allow ssh access to this machine and its not on when I am not here
anyway.
Someone might still have gained access but there is nothing of personal or
professional value here and modifying the culprit file seems an unlikely way
to cover
ones tracks if someone had accessed the machine. Admittedly I do not
entirely understand the purpose of this file....I am getting to the sort of
solution referenced
in the subject line. So following that line of reasoning I decided it had to
be related to this user profile.
I went into the ~/.gconf/system folder, since the problem was not
application specific it seemed like a good place to start. Inside this
folder I have
a directory, gstreamer, and another file named %gconf.xml. Assuming the
gstreamer directory was created by the gstreamer packages I had installed
I figured that would not be it as no one else reported the problem. So I
opened the only other file there %gconf.xml, its empty. On a whim I renamed
by adding .old
to the name. Logged out and back in and viola suddenly my apps now have the
option for mp3 again. I ripped a cd in mp3 format. The resulting files
played without
issue. So I went back, renamed the file to its original state, log out and
back in. Bang, no more mp3 options! I added the .old to the file name.
Logout/in , presto mp3
functionality restored.
So my question now is what is the purpose of this empty file? I went into
the ~/.gconf/system/gstreamer directory and in that directory and several
sub-directories there
are files named %gconf.xml, most empty when viewed with a text editor,
perhaps that is not the app to view the contents correctly but it did open
with gedit and if it couldn't
read the contents would expect an error or a file full of undecipherable
characters. The .gconf directories seem to be littered with files like this
most of them empty though
a few have what look mostly like bool values and formatting options to my
amateur eyes.
So I have my solution but I cannot explain this, since empty files with this
same name, %gconf.xml, appear all over the place. Presumably the apps go
into the ~/.gconf/system
directory looking for these files, apparently they would hit this
particular instance of it and use it for something but who knows what?
Writing values to it for one time use maybe.
Making the file disappear by renaming it fixes the issue but again I don't
know why this should be so. I am guessing that the apps should have been
looking in the gstreamer directory
instead, perhaps to figure out supported formats but that does not make
sense since I only lost the ability to save as mp3's and not .wav, ogg,
flac, mp2 or any others. I do not like to
guess.
Thanks
13 years, 6 months
Fedora 14 security spin minor issues
by Athmane Madjoudj
Hello all;
I've just installed Fedora 14 security spin (I already enjoyed Fedora 13
Sec Spin) into a VM and I've noticed that they are no background and no
install icon on desktop (I have launched installer from terminal)
$ liveinst
is this normal, or it's a bug (It may be related to LXDE spin which
Security Spin is based on)
PS.
The screenshot shown in [1] has a F14 background !
[1] http://spins.fedoraproject.org/security/
Best regards.
--
Athmane Madjoudj
13 years, 6 months