Small Issues... Bit Efforts...

Changing Time Format Linux Server

I had a problem in changing the Time Format from EDT to GMT

Here is the solution.

[root@unixlinux ~]# date
Fri Mar 28 01:46:40 EDT 2014

[root@unixlinux ~]# ls -l /etc/localtime
lrwxrwxrwx. 1 root root 36 Mar 27 11:36 /etc/localtime -> /usr/share/zoneinfo/America/New_York

[root@unixlinux ~]# cd /etc/
[root@unixlinux etc]# rm localtime
rm: remove symbolic link `localtime'? y

[root@unixlinux etc]# ln -s /usr/share/zoneinfo/GMT /etc/localtime
[root@ip-10-132-73-23 etc]# date
Fri Mar 28 06:17:21 GMT 2014

tar not found archive

I got this error while extracting a tar file into a directory.

[root@unixlinux ~]# tar -xvf mon.tar dir1/
tar: san: Not found in archive
tar: Exiting with failure status due to previous errors

Here I came up with a solution
Use option -C before specifying any Directory
This is for change directory. It worked fine for me.

[root@unixlinux ~]# tar -xvf mon.tar  -C dir1/
iostat.txt
sar.txt
[root@unixlinux ~]#

setfacl: Operation not supported  Error

While setting ACL's, sometimes you might get this error.

[root@subrat ~]# setfacl -m u:sonu:rwx /var/log/
setfacl: /var/log/: Operation not supported

So, here is the solution.

Make a entry in /etc/fstab with option 'acl', then remount as below
[root@subrat ~]# vim /etc/fstab
/dev/xvdn1 /var/log      ext4    defaults,acl        0 0

[root@subrat ~]# mount -o remount,acl /var/log/
[root@subrat ~]# setfacl -m u:sonu:rwx /var/log/
[root@subrat ~]#

It worked fine for me. Hope for you it will.
 

Configuration and setting-up of AIDE on RHEL6

The AIDE (Advanced Intrusion Detection Environment) software is included with the system to provide software integrity checking. It is designed to be a replacement for the well-known Tripwire integrity checker. Integrity checking cannot prevent intrusions into your system, but can detect that they have occurred. Any integrity checking software should be configured before the system is deployed and able to provides services to users. Ideally, the integrity checking database would be built before the system is connected to any network, though this may prove impractical due to registration and software updates.

Prerequisites: Just aide package.
Documentation for AIDE, including the quick-start on which this advice is based, is available in /usr/share/doc/aide-0.12.

Steps for Installing AIDE:

[root@unixlinux ~]# yum install aide -y 

The main configuration file for aide is /etc/aide.conf, which contains, default path of Database Directory, Log Directory, from where the DB needs to be read, where the new DB needs to be created, which directories you need to include when you run a check initialize a DB via aide, And  various other things.

Initialize the DB-
[root@unixlinux ~]# aide --init

Once your aide it initialized it will show you a message and the path of your new database.
=============================
AIDE, version 0.14
### AIDE database at /var/lib/aide/aide.db.new.gz initialized.
============================
So the database which is present on location /var/lib/aide/aide.db.new.gz, /usr/sbin/aide and /etc/aide.conf are very critical you need to save all these files to a safe location, Like as the conf. file contains everything and the DB which you just created created information about your machine before any changes have been made.
The expected name of the DB which aide can read from is aide.db.gz which should be there in /var/lib/aide/ directory, Like the full path would be: /var/lib/aide/aide.db.gz.
Now suppose that some changes are made in the machine in which aide was initialized, Like vsftpd was installed.
Now we need to check whether there is any inconsistency between the database and the machine or not ?
After running the check, you will get a output as below,

[root@unixlinux ~]# aide --check
File /etc/localtime in databases has different attributes, 340201bbd,300000bbf
File /var/log in databases has different attributes, 304200a1d,304000a1d

AIDE found differences between database and filesystem!!
Start timestamp: 2014-04-04 10:42:47

Summary:
  Total number of files:        295853
  Added files:                  242349
  Removed files:                1665
  Changed files:                20910

---------------------------------------------------
Added files:
--------------------------------------------------- 
added: /etc/cron.daily/freshclam
added: /etc/sysconfig/iptables
added: /etc/default/useradd
added: /usr/sbin/clamd

---------------------------------------------------
Removed files:
---------------------------------------------------

removed: /usr/share/man/man8/amanda_selinux.8.gz
removed: /usr/share/man/man8/quantum_selinux.8.gz
removed: /usr/share/man/man8/cfengine_execd_selinux.8.gz

---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /etc/host.conf
changed: /etc/DIR_COLORS
changed: /etc/rc1.d
changed: /etc/selinux/restorecond_user.conf
changed: /etc/selinux/targeted/setrans.conf

--------------------------------------------------
Detailed information about changes:
---------------------------------------------------

Directory: /etc/security
  Mtime    : 2013-12-22 18:00:52              , 2014-03-30 09:12:19
  Ctime    : 2013-12-22 18:00:52              , 2014-03-30 09:12:19

File: /etc/security/access.conf
  Mtime    : 2012-10-15 08:23:50              , 2013-10-07 12:06:06
  Ctime    : 2013-05-09 18:53:44              , 2013-12-23 22:01:59
  Inode    : 265386                           , 265382

File: /etc/security/pam_winbind.conf
  Mtime    : 2012-12-17 10:48:10              , 2013-11-25 14:20:38
  Ctime    : 2013-05-09 18:53:44              , 2013-12-23 22:01:59
  Inode    : 270794                           , 272706

You can check the differences in the DB in aide.log file like which files were changed, removed, total number of files etc.

If the changes are know then you can update your DB if not then you can take actions as required and again save that DB to a safe location.

[root@unixlinux ~]# aide --update