Linux

Audit delete commands in Linux

Byetzion 22/10/2017

(This article is the essence of a post from this Redhat Archive and it goes as follows:

Problem: You need to detect what deletes files on your Linux

Solution: Using auditd, with the right flags, you could get a lot of information.

In Practice:

If the mount point/directory is /oracle, then:
(as root:) auditctl –w /oracle -k whodeletedit -p w
(Explanation: Monitor the directory /oracle, and log everything under the label “whodeleteit”. Monitor write operations)
To see, later, who deleted files, run (as root): ausearch -i -k whodeletedit -x /bin/rm
You would want to stop the logging as soon as you found the culprit, by running (as root): auditctl –W /oracle -k whodeletedit -p w

I hope it helps you just as it helps me.

Linux

Work around ISP QoS limitations

Byetzion 29/05/2009

ISPs which enforce QoS limitations suddenly, without alerting the customer, are abusing their force. QoS limitation is not a bad thing, from the ISP’s point of view, but changing the customer deal without notifying him seems to me to be unfair. This is a recipe for a QoS workaround. Ingredients: One fast Internet connection which…

Clusters | Disk Storage | Linux

Oracle ASM and EMC PowerPath

Byetzion 28/05/2008

Setting up an Oracle ASM disks is rather simple, and the procedure can be easily obtained from here, for example. This is nice and pretty, and works well for most environments. EMC PowerPath creates meta devices which utilize the underlying paths, as mod_scsi sees them in Linux, without hiding them (unlike IBM’s RDAC, for example)….

Linux

“Pinning” a package using “YUM”

Byetzion 06/01/2008

YUM is a nice (and useful, when used correctly) tool to manage packages, using RPM as its engine. APT, the Debian alternative, has this ability, and so does YUM. YUM does not pin a specific version of a package, but rather avoids upgrading it as soon as it was marked. It remains installed, but never…

Linux

Extracting/Recreating RHEL/Centos6 initrd.img and install.img

Byetzion 01/10/201319/01/2022

A quick note about extracting and recreating RHEL6 or Centos6 (and their derivations) installation media components: Initrd: Extract: Archive (after you applied your changes): /images/install.img: Extract: Archive (after you applied your changes): Additional note for Anaconda installation parameters: I did not test it, however there is a boot flag called stage2= which should lead to…

Linux | Scripting/Programming

RedHat / Centos Kickstart tweaks

Byetzion 01/07/2007

Kickstart is a great method of hands-free installation of RHEL/Centos (and other derived systems). Its power is in its easy interface and rather powerful %post scripting directives. Its weakness is in its lack of flexibility where it comes to package selection and various custom actions. On some cases, companies use web interface (usually home-made) which…

Linux | Virtualization

Combining Xen and VMware-Server on the same Physical server

Byetzion 23/02/2008

Doesn’t work. It will work fine up to the step where you actually try to active one of the VMware virtual machines. And then your kernel will panic. Works fine without Xen kernel (but without Xen, of course). Pity. Was tested on Centos5.1 64bit. Related posts: A note about VMware-Server machine security VMware experiance –…

Related posts:

Similar Posts

Leave a Reply Cancel reply