auditd

hosts, including KVM and Red Hat Enterprise Linux virtualization hosts.Configuration file:/etc/tune-profiles/different profiles exist in directory form!Create a tuning solution for your application:Cd/etc/tune-profiles;Cp-r Enterprise-storage/my-server;CD my-server/Modify the response profile to add tuning parametersKdump is a kexec-based Linux kernel crash capture mechanism that saves kernel memory images before a crash, and the programmer analyzes the file to find out the cause of the kernel

In the Rhel7centos7 era, the default service is controlled by SYSTEMD and the Systemctl command completes the start and stop. But not all services can be perfectly controlled by systemctl, such as the AUDITD to be mentioned today.Edit audit.rules after adding rules, of course, through the restart service to restart the effect, but bySystemctl Restart AUDITDThe following error will be reported:[Email protected]]# systemctl Restart auditdfailed to resta

In the Rhel7centos7 era, the default service is controlled by SYSTEMD and the Systemctl command completes the start and stop. But not all services can be perfectly controlled by systemctl, such as the AUDITD to be mentioned today.Edit audit.rules after adding rules, of course, through the restart service to restart the effect, but bySystemctl Restart AUDITDThe following error will be reported:[Email protected]]# systemctl Restart auditdfailed to resta

is disabled in the kernel. However, when the auditd software is installed, running the software will start the audit Daemon (auditd ).When auditd is running, the audit information is sent to a user configuration log file (the default file is/var/log/audit. log ). If auditd is not running, the audit information will be

program proved to be excellent, so the author started writing drivers for the general sound card. Alsa and Oss/free and Oss/linux are compatible, but have their own interfaces, even better than OSS.ApmdSome notebooks and old hardware use APMD. If your computer supports ACPI, you should turn off APMD. If ACPI is supported, then APMD's work will be done by ACPI.Arptables_jfControls the filtering daemon for users of the Arptables network.ArpwatchLog and build an Ethernet address and IP address pai

protected] ~]# echo $a $b12 [[emailprotected]~]#w20:08:04up5min,1user, loadaverage:0.00,0.02,0.02USERTTY from[ emailprotected]idlejcpupcpuwhatroot pts/0192.168.65.115:28 6.00s0.40s0.03swrootpts/1 192.168.65.118:133.00s 0.04s0.04s-bash[[emailprotected]~]#echo $SSH _tty/dev/pts/0[[email protected]~]#bash[[emailprotected]~]#pstreesystemd─┬─networkmanager───2*[{ Networkmanager}]├─vgauthservice├─agetty├─auditd───{

Tags: server ABR BSP SSH background run client cron box ACPIAfter we use SSH to connect the server, if it takes a very long time to execute a command, when the terminal is broken, the command will stop automatically after the SSH client executes the command, the default of his parent process is ssh, so when the SSH terminal is turned off, the child process is automatically killed. The workaround is to change the command process's parent process to init, so that the command will still run after S

After we use SSH to connect to the server, if it takes a very long time to execute a command, the command stops automatically when the terminal is broken off.In general, after the SSH client executes the command, the default of his parent process is ssh, so the SSH terminal is turned off, the child process is automatically killed, the solution is to change the command process of the parent process is init, then SSH exit, the command will still runBy default:[[email protected] ~]# ping 127.0.0.1

The Pstree command is a command that looks at the process tree or structure[Email protected]~] #pstree [options] Note that the-P and-u cannot be used at the same time if the former is invalid but not an errorOptions:-P: Show PID of the process-U: Shows the user who owns the process1 [email protected] opt]# Pstree2 INIT─┬─ABRTD3 ├─acpid4 ├─atd5 ├─AUDITD───{AUDITD}6├─automount───4*[{automount}]7 ├─certmonger8

, processes with the same name are not merged, and command-line arguments are displayed, and if you have the-p parameter, the PID for each process is displayed.Because the Pstree output may be more informative, it is best to work with more/less.Using the example example one[Email protected] ~]# PstreeInit-+-acpid|-atd|-AUDITD-+-AUDISPD---{audispd}| '-{AUDITD}|-automount---4*[{automount}]|-avahi-daemon---Ava

Process command pstreeCentOS7 show process tree[[emailprotected] tmp]# pstreesystemd─┬─NetworkManager─┬─dhclient │ └─2*[{NetworkManager}] ├─abrt-watch-log ├─abrtd ├─atd ├─auditd───{auditd} ├─crond ├─dbus-daemon───{dbus-daemon} ├─dhclient ├─firewalld───{firewalld} ├─login───bash ├─lsmd ├─lvmetad ├─master

] ~]# Set | grep name; Set | grep age; Set | grep sexName=xiaolAge=18Sex=manUse env to view environment variables[Email protected] ~]# env | grep name; env | grep age; env | grep sexAge=18Sex=manTurn on the child shell[Email protected] ~]# bashView current shell status[Email protected] ~]# PstreeINIT─┬─AUDITD───{AUDITD}├─crond├─dhclient├─login───bash├─master─┬─pickup│└─qmgr├─5*[mingetty]├─RSYSLOGD───3*[{RSY

you can use the Exit command if you exit to the previous layer of bash. When you get back to the top level, you will be logged out.[[Email protected] ~]$ Bash[[email protected]~]$ Pstreeinit-+-networkmanager-+-dhclient| `-{NetworkManager}|-ABRTD|-Acpid|-ATD|-AUDITD---{AUDITD}|-automount---4*[{automount}]|-bonobo-activati---{bonobo-Activat}|-Certmonger|-clock-applets|-console-kit-dae--- the*[{console-kit-da

the following outputNote: If you do not have sesearch, you need to install Setools and install it using the command yum install Setools–y.In this way, you can determine that SELinux caused the file to not be Zabbix read.SolveUse Setroubleshoot to analyze the SELinux log, before analyzing it, make sure Setroubleshoot is installed, if not installed, install with yum install Setroubleshoot–y.1. Extracting Audit logsConfirm that the AUDITD service is ena

1. Enter (optional) in the command line) Mount | grep ''on /'' Obtain the root user's partition/dev/your_partition. 2. Enter Fsck-y/dev/root # Fsck-y/dev/your_partition # Check and fix the disk/dev/root. The-Y option specifies that "yes" is automatically entered for each file to be detected. 3 reboot 4. If the problem persists, enter the repair command in the command line. Fsck-y/dev/sda1 5. After restart, continue to report an errorStarting

:16:22 rm-f/etc/grub.conf; ln-s/boot/grub/grub.conf/etc/grub.conf4 2016-07-21 13:16:27 ll/etc/grub.conf5 2016-07-21 13:16:43 RZ6 2016-07-21 13:19:11 ll/etc/grub.conf7 2016-07-21 13:21:20 wget http://static.ucloud.cn/kernel/2.6.32-431.11.25.el6.ucloud.x86_64.tar.gz8 2016-07-21 13:22:53 TAR-ZXVF 2.6.32-431.11.25.el6.ucloud.x86_64.tar.gz9 2016-07-21 13:23:02 lsTen 2016-07-21 13:25:19 CD 2.6.32-431.11.25.el6.ucloud.x86_642016-07-21 13:25:28 ls2016-07-21 13:31:00/sbin/iptables-p INPUT ACCEPT /sbin/ip

Remove mount display device is busy This problem occurs when there is a process present on the current mount point [Root@zabbix ~]# umount/dev/mapper/vg_zabbix-logvol02 umount:/var:device is busy. (In some cases useful info about processes, use the device are found by lsof (8) or fuser (1))Solve: Use the following name to view the processes running above the mount point and then stop, as follows: [Root@zabbix ~]# fuser-m-v/dev/mapper/vg_zabbix-logvol02 USER

|translation} -lsemanage fcontext -{a|d|m} [-frst] file_specfcontext：主要用作安全性环境方面，-l为查询-a：增加-m：修改-d：删除Iv. rules in SELinux policy Boolean revision1. Policy reviewseinfo [-Atrub]-A：列出SELinux的状态-t：所有类别-r：所有角色种类-u：所有身份识别种类-b：所有规则的种类（布尔值）详细的规则：sesearch [--all] [-s 主体类别] [-t 目标类别] [-b 布尔值]2. Query and modification of Boolean value查阅：getsebool [-a] [布尔值条款]修改：getsebool [-P] 布尔值=[0|1]V. The required services for SELinux log file recordsUsing Setsebool, Chcon, Restorecon, and so on are some of the command

display the process number structure of all users in the system without any parameters[Email protected] ~]# PstreeInit─┬─acpid├─atd├─AUDITD─┬─AUDISPD───{AUDISPD}│└─{AUDITD}├─automount───4[{automount}]├─avahi-daemon───avahi-daemon├─bonobo-activati───{bonobo-activati}├─bt-applet├─clock-applet├─crond├─cupsd├─2[Dbus-daemon]├─dbus-launch├─eggcups├─ESCD───{ESCD}├─events/0├─gam_server├─gconfd-2├─gnome-keyring-dPs