Recent Posts - Page 8

71

System / Re: Auditd: How do I set it up and use it?

Last post by tsedek1 - 01 April 2025, 12:31:57

Quote from: lotuskip – on 01 April 2025, 12:21:01

I don't personally use auditd, but
Quote from: man auditd
DESCRIPTION
auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit system or loading rules is done with the auditctl utility. During startup, the rules in /etc/audit/audit.rules are read by auditctl and loaded into the kernel. Alternately, there is also an augenrules program that reads rules located in /etc/audit/rules.d/ and compiles them into an audit.rules file. The audit daemon itself has some configuration options that the admin may wish to customize. They are found in the auditd.conf file.

I have moved the 'audit.rules' to /etc/audit/. I'll reboot and see what the effect will be.

72

System / Re: Auditd: How do I set it up and use it?

Last post by lotuskip - 01 April 2025, 12:21:01

I don't personally use auditd, but

Quote from: man auditd

DESCRIPTION
auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit system or loading rules is done with the auditctl utility. During startup, the rules in /etc/audit/audit.rules are read by auditctl and loaded into the kernel. Alternately, there is also an augenrules program that reads rules located in /etc/audit/rules.d/ and compiles them into an audit.rules file. The audit daemon itself has some configuration options that the admin may wish to customize. They are found in the auditd.conf file.

73

System / Re: Artix-xfce-openrc: How to use OpenRc?

Last post by tsedek1 - 01 April 2025, 12:16:54

Quote from: Ambie – on 31 March 2025, 22:33:44

Quote from: tsedek1 – on 31 March 2025, 11:13:36
When I 'sudo pacman -Sy nftables' are you saying nftables-openrc doesn't get downloaded with it?
There are different init systems in Artix. Selecting and installing corresponding init services mostly is a user's job.

When I download the Artix-XFCE-OpenRC.iso it should be understood that auditd-openrc will be included because it is an OpenRC platform. It isn't a genral iso, it is a specific iso.
nftables is the new standard for Linux firewalls, so including it is sensible.
The ability to have basic security enabled before connecting to the internet is important to me.

74

System / Re: Auditd: How do I set it up and use it?

Last post by tsedek1 - 01 April 2025, 11:59:24

Here is a sample of what is in the audit.log:

Code: [Select]

type=USER_LOGOUT msg=audit(1743492422.998:15): pid=2267 uid=0 auid=1000 ses=1 msg='op=logout id=1000 exe="/usr/bin/lightdm" hostname=talmudeem_sell_their_children_to_be_whores addr=? terminal=/dev/tty7 res=success'UID="root" AUID="WhatsMyName" ID="WhatsMyName"

Looks like it isn't reading the audit.rules file. There are no 'key=' entries.
I put the 'audit.rules' file in '/etc/audit/rules.d/audit.rules'

75

System / Auditd: How do I set it up and use it?

Last post by tsedek1 - 01 April 2025, 11:57:23

Maybe I'm misunderstanding how Audit should be setup and configured in Artix.

Code: [Select]

rc-service auditd start
rc-update add auditd
reboot

Code: [Select]

ausearch -i -k recon
<no matches>
ausearch -i -k shell
<no matches>
ausearch -i -k anon_file_creation
<no matches>

I'll cat the log file and see what's in it.

I've gone to the mirror site, in 'system' downloaded the 'audit-openrc' file. Now I'll have it for later.
In 'World', and downloaded the 'nftables' and 'nftables-openrc' files.
Do I need to save the .sig file also?

::I have taken this from a Feature Request Topic in Software Development. I think Auditd deserves it's own thread.::

76

Software development / Re: Feature Request:

Last post by tsedek1 - 01 April 2025, 11:09:33

Code: [Select]

type=USER_LOGOUT msg=audit(1743492422.998:15): pid=2267 uid=0 auid=1000 ses=1 msg='op=logout id=1000 exe="/usr/bin/lightdm" hostname=talmudeem_sell_their_children_to_be_whores addr=? terminal=/dev/tty7 res=success'UID="root" AUID="WhatsMyName" ID="WhatsMyName"

Looks like it isn't reading the audit.rules file. There are no 'key=' entries.
I put the 'audit.rules' file in '/etc/audit/rules.d/audit.rules'

77

Software development / Re: Feature Request:

Last post by tsedek1 - 01 April 2025, 10:48:35

Quote from: lotuskip – on 31 March 2025, 21:44:56

As for number 3, how would it not be already installed?
audit (the package for auditd) is required by shadow is required by base.

You need to download 'audit-openrc' for it to work. I'm testing it out right now.

Maybe I'm misunderstanding how Audit should be setup and configured in Artix.

Code: [Select]

rc-service auditd start
rc-update add auditd
reboot

Code: [Select]

ausearch -i -k recon
<no matches>
ausearch -i -k shell
<no matches>
ausearch -i -k anon_file_creation
<no matches>

I'll cat the log file and see what's in it.

I've gone to the mirror site, in 'system' downloaded the 'audit-openrc' file. Now I'll have it for later.
In 'World', and downloaded the 'nftables' and 'nftables-openrc' files.
Do I need to save the .sig file also?

78

Package management / Re: omniverse is up to date/or/failed retrieving file 'omniverse.db' url:404

Last post by tsedek1 - 01 April 2025, 10:03:09

Quote from: Shoun2137 – on 31 March 2025, 23:16:34

Spoiler (click to show/hide)
Quote from: gripped – on 31 March 2025, 20:13:08
All the cool kids use rate-mirrors 'cos it's rust, rust baby, has extra bloat, and only needs 187 dependencies compiled from Cargo.
https://github.com/westandskif/rate-mirrors/blob/master/Cargo.lock
I thought you're memeing, but at the closer look, what the fuck?
https://www.youtube.com/watch?v=jdogFKV31fg

If I click it, will it spawn an XSS exploit that lets them pivot to the router and cameras?
There was a parody of a Rick Ross song called 'I Eat Snacks.'
I could parody that with 'I Click Links'.

It is working. Updates like it should. "In the Omniverse, you keep what you download. It is the Pacman-monger way."
Do you think AI can generate an image combining Pacman and a Necromonger?
edit:
Installed pacman-contrib and ran rankmirrors, then put it at the top of the list.
Success.
That should clear up some of the speed management issues.
SOLVED
MethCafe - Coffee is the original energy drink...

79

System / Re: connman-gtk is not cycling IP addresses.

Last post by Shoun2137 - 01 April 2025, 04:56:33

Ehm? This entire thread just stinks of poorly configured sshd running 24/7 on your PC. Which should not be the case for clean Artix installation.

80

OpenRC / Re: I can't shutdown or reboot my PC.

Last post by ####### - 01 April 2025, 03:10:19

If this was due to an update and not because of something you configured or installed yourself, you might reinstall and things will work, but after you update they may not. Plus if you do a massive single update when you bring the iso to current versions, it will be harder to determine which package was the cause, providing you had been updating regularly before the problem emerged.
See the post from Nous here:
https://forum.artixlinux.org/index.php/topic,7614.msg47483/topicseen.html#msg47483
There are other ways to downgrade too. It's expected in a cutting edge rolling release distro you might need to downgrade selected packages occasionally, so it's worth learning about the methods involved.