I want to learn & understand all abt LINUX Post: 302079482

9 More Discussions You Might Find Interesting

1. Linux

How and where to learn Linux?

I'd like to pass some exames to get certificates for Linux. Can someone advice me how to do it "on distance" and self studie? thanks! d.

2. Red Hat

I want to Learn Linux ?

dear friends I am new in linux and i want to learn linux in dos-mode (note in gui mode). Plz if you have any valuable link plz send me . i will really thankful for this anticipation. irfan ahmad

3. Fedora

Is it better to learn Linux before unix?

I want to learn (unix solaris), but someone advised me to learn (Linux fedora) before trying (unix solaris) and that they are almost the same.. So shall I go with his advise or is it better to start learning unix directly?

4. Programming

Learn C on Linux

i am a newbie of linux, and not good at C, now i want to learn C again, i have installed the linux system debian, but i don't know which text editor i should use. when i use the default nano, the sad thing is i can't exit the editor using the command ctrl+x. any tips would be appreciated

5. Ubuntu

i am new to linux. and i want to learn linux eagerly.

hey guys, i am hoping some hope. I am using linux very late. i am a pc user since last 6 years. but now , i found that its interesting. i want to learn it from the bottom of my heart, i am kind of addicted to it. can you guys tell me how to make it more interesting and more easy?

6. Shell Programming and Scripting

Learning abt Linux OS

hi guys, i got job recently in a company which provide a product for data backup and data recovery... as dis product is wrriten in c++ am workin in c++.. now am under training and i want to learn abt Operating System concepts and OS programming using c and c++. i know basic c and c++ programming...

7. Fedora

Which is the better platform to learn UNIX/Linux (Kali Linux Vs. Red Hat or other)?

I just started a new semester and I started my UNIX class yesterday. I've already decided to use python along with my learning process but what I really want to use with it is Kali as my UNIX/Linux platform to learn off of since I already wanted to learn Cyber Sec. anyways. I just wanted to know if...

8. UNIX for Dummies Questions & Answers

Best way to learn Linux

I have some familiarity with Linux, but I want to start learning it, in more detail, now. I will install something like VirtualBox from Oracle, with Centos, as distro, I think. I've been already testing something like this, end I ended up picking Centos for this. I have some time that I can...

9. UNIX and Linux Applications

Xalan & Xerces issues for Oracle Linux 6.6 & Solarisstudio12.3 C++ compiler for Linux

Hi Team, I am facing issue while using Xalan & Xerces for my application. Below are my environment details i am using :- Platform:- Oracle Linux 6.6 Compiler :- solarisstudio12.3 C++ compiler for Linux Below are the versions of Xalan & Xerces source code used to build the shared object...

LEARN ABOUT CENTOS

audispd-zos-remote

AUDISP-RACF(8)						  System Administration Utilities					    AUDISP-RACF(8)

NAME

       audispd-zos-remote - z/OS Remote-services Audit dispatcher plugin

SYNOPSIS

       audispd-zos-remote [ config-file ]

DESCRIPTION

       audispd-zos-remote  is a remote-auditing plugin for the Audit subsystem. It should be started by the audispd(8) daemon and will forward all
       incoming audit events, as they happen, to a configured z/OS SMF (Service Management Facility) database, through	an  IBM  Tivoli  Directory
       Server (ITDS) set for Remote Audit service.  See SMF MAPPING section below for more information about the resulting SMF record format.

       audispd(8)  must  be  configured  to  start  the plugin. This is done by a configuration file usually located at /etc/audisp/plugins.d/aud-
       ispd-zos-remote.conf, but multiple instances can be spawned by having multiple configuration files in /etc/audisp/plugins.d  for  the  same
       plugin executable (see audispd(8)).

       Each  instance  needs  a configuration file, located by default at /etc/audisp/zos-remote.conf.	Check zos-remote.conf(5) for details about
       the plugin configuration.

OPTIONS

       config-file
	      Use an alternate configuration file instead of /etc/audisp/zos-remote.conf.

SIGNALS

       audispd-zos-remote reacts to SIGTERM and SIGHUP signals (according to the audispd(8) specification):

       SIGHUP Instructs the audispd-zos-remote plugin to re-read it's configuration and flush existing network connections.

       SIGTERM
	      Performs a clean exit.  audispd-zos-remote will wait up to 10 seconds if there are queued  events  to  be  delivered,  dropping  any
	      remaining queued events after that time.

IBM z/OS ITDS Server and RACF configuration
       In  order  to  use  this  plugin,  you must have an IBM z/OS v1R8 (or higher) server with IBM Tivoli Directory Server (ITDS) configured for
       Remote Audit service. For more detailed information about how to configure the z/OS server for Remote Auditing, refer  to  z/OS	V1R8.0-9.0
       Intergrated Security Services Enterprise Identity Mapping (EIM) Guide and Reference
       (http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/FRAMESET/EIMA1140/CCONTENTS?DT=20070827115119),
       chapter "2.0 - Working with remote services".

   Enable ITDS to process Remote Audit requests
       To  enable  ITSD  to process Remote Audit requests, the user ID associated with ITDS must be granted READ access to the IRR.AUDITX FACILITY
       Class profile (the profile used to protect the R_Auditx service). This user ID can usually be found in the STARTED Class  profile  for  the
       ITDS  started  procedure.  If  the identity associated with ITDS is ITDSUSER, the administrator can configure RACF to grant Remote Auditing
       processing to ITDS with the following TSO commands:

       TSO Commands: Grant ITDSUSER READ access to IRR.AUDITX FACILITY Class profile
	      rdefine FACILITY IRR.RAUDITX uacc(none)
	      permit IRR.RAUDITX class(FACILITY) id(ITDSUSER) access(READ)

   Create/enable RACF user ID to perform Remote Audit requests
       A z/OS RACF user ID is needed by the plugin - Every Audit request performed by the plugin will use a RACF user ID,  as  configured  in  the
       plugin  configuration  zos-remote.conf(5).  This user ID needs READ access to FACILITY Class resource IRR.LDAP.REMOTE.AUDIT. If the user ID
       is BINDUSER, the administrator can configure RACF to enable this user to perform Remote Auditing requests with the following TSO commands:

       TSO Commands: Enable BINDUSER to perform Remote Audit requests
	      rdefine FACILITY IRR.LDAP.REMOTE.AUDIT uacc(none)
	      permit IRR.LDAP.REMOTE.AUDIT class(FACILITY) id(BINDUSER) access(READ)

   Add @LINUX Class to RACF
       When performing remote auditing requests, the audispd-zos-remote plugin will use the special @LINUX CDT Class and  the  audit  record  type
       (eg.:  SYSCALL, AVC, PATH...)  as the CDT Resource Class for all events processed.  To make sure events are logged, the RACF server must be
       configured with a Dynamic CDT Class named @LINUX with correct sizes and attributes. The following TSO commands can  be  used  to  add  this
       class:

       TSO Commands: Add @LINUX CDT Class
	      rdefine cdt @LINUX cdtinfo(posit(493) FIRST(alpha,national,numeric,special) OTHER(alpha,national,numeric,special) RACLIST(REQUIRED) case(asis) generic(allowed) defaultuacc(none) maxlength(246))
	      setr classact(cdt)
	      setr raclist(cdt)
	      setr raclist(cdt) refresh
	      setr classact(@LINUX)
	      setr raclist(@LINUX)
	      setr generic(@LINUX)

   Add profiles to the @LINUX Class
       Once  the  CDT Class has been defined, you can add profiles to it, specifying resources (wildcards allowed) to log or ignore. The following
       are examples:

       TSO Commands: Log only AVC records (One generic and one discrete profile):
	      rdefine @LINUX * uacc(none) audit(none(read))
	      rdefine @LINUX AVC uacc(none) audit(all(read))
	      setr raclist(@LINUX) refresh

       TSO Commands: Log everything (One generic profile):
	      rdefine @LINUX * uacc(none) audit(all(read))
	      setr raclist(@LINUX) refresh

       Resources always match the single profile with the best match.

       There are many other ways to define logging in RACF. Please refer to the server documentation for more details.

SMF Mapping
       The ITDS Remote Audit service will cut SMF records of type 83 subtype 4 everytime it processes a request. This plugin will issue  a  remote
       audit  request  for  every  incoming  Linux  Audit  record (meaning that one Linux record will map to one SMF record), and fill this type's
       records with the following:

   Link Value
       The Linux event serial number, encoded in network-byte order hexadecimal representation. Records within the same Event share the same  Link
       Value.

   Violation
       Always zero(0) - False

   Event Code
       Always two(2) - Authorization event

   Event Qualifier
       Zero(0) - Success, if the event reported success=yes or res=success, Three(3) - Fail, if the event reported success=no or res=failed, or
       One(1) - Info otherwise.

   Class
       Always @LINUX

   Resource
       The Linux record type for the processed record. e.g.: SYSCALL,AVC,PATH,CWD etc.

   Log String
       Textual message bringing the RACF user ID used to perform the request, plus the Linux hostname and the record type for the first record	in
       the processed event. e.g.: Remote audit request from RACFUSER. Linux (hostname.localdomain):USER_AUTH

   Data Field List
       Also  known  as	relocates, this list will bring all the field names and values in a fieldname=value format, as a type 114 (Appication spe-
       cific Data) relocate. The plug-in will try to interpret those fields (i.e.: use human-readable username root instead of numeric	userid	0)
       whenever  possible.  Currently,	this plugin will also add a relocate type 113 (Date And Time Security Event Occurred) with the Event Time-
       stamp in the format as returned by ctime(3).

ERRORS

       Errors and warnings are reported to syslog (under DAEMON facility). In situations where	the  event  was  submitted  but  the  z/OS  server
       returned an error condition, the logged message brings a name followed by a human-readable description. Below are some common errors condi-
       tions:

       NOTREQ - No logging required
	      Resource (audit record type) is not set to be logged in the RACF server - The @LINUX Class profile governing this audit record  type
	      is set to ignore. See IBM z/OS RACF Server configuration

       UNDETERMINED - Undetermined result
	      No  profile  found for specified resource. There is no @LINUX Class configured or no @LINUX Class profile associated with this audit
	      record type. See IBM z/OS RACF Server configuration

       UNAUTHORIZED - The user does not have authority the R_auditx service
	      The user ID associated with the ITDS doesn't have READ access to the IRR.AUDITX FACILITY Class profile. See  IBM	z/OS  RACF  Server
	      configuration

       UNSUF_AUTH - The user has unsuficient authority for the requested function
	      The  RACF  user  ID  used  to  perform  Remote  Audit  requests  (as  configured	in  zos-remote.conf(5))  don't	have access to the
	      IRR.LDAP.REMOTE.AUDIT FACILITY Class profile. See IBM z/OS RACF Server configuration

BUGS

       The plugin currently does remote auditing in a best-effort basis, and will dischard events in case the  z/OS  server  cannot  be  contacted
       (network failures) or in any other case that event submission fails.

FILES

       /etc/audisp/plugins.d/audispd-zos-remote.conf /etc/audisp/zos-remote.conf

SEE ALSO

       auditd(8), zos-remote.conf(5).

AUTHOR

       Klaus Heinrich Kiwi <klausk@br.ibm.com>

IBM
								     Oct 2007							    AUDISP-RACF(8)