8 More Discussions You Might Find Interesting
1. Solaris
Solaris terminal responding very slow .. we have recently put a T3 hardware in to production , the applications running are it are perfectly and no complaints from user ..but when i ssh to the server ... the terminal response is very very slow .. it takes 3 seconds to show the character i type ..... (3 Replies)
Discussion started by: skamal4u
3 Replies
2. Post Here to Contact Site Administrators and Moderators
Hi,
I am experiencing slow response of unix.com from past 3-4 days.
like-
- most of the time the page does not reload instantly (when I do a manual reload from browser)
- not able to view graphics. ( displays only text).
- when posting into forum, the page gets stuck for considerably long... (6 Replies)
Discussion started by: clx
6 Replies
3. AIX
Hi All.
We are using AIX 5.3 ML9. There is 1 Gig NIC installed on two servers (Primary and Secondary) with Full Duplex Mode. We have scheduled a cronjob to copy the backup from primary to secondary thru FTP on WAN. The total data size is 15 GB and it took 9 Hours and 18 Mins with transfer rate... (6 Replies)
Discussion started by: lodhi1978
6 Replies
4. IP Networking
I have 20 servers I installed an application to that is returning message " wrong dispatcher or port " when starting agents. They all have the same dispatcher ip and going through the same port number. After verifying there are no application issues, we figured it was firewall related. The Firewall... (1 Reply)
Discussion started by: HFJ
1 Replies
5. Emergency UNIX and Linux Support
Hi,
My application runs on AIX, and clients complain of 3am slowdowns. This seems to have increased in the recent past.
Can someone guide me what are the various things that I need to be looking at on he AIX box, that could be causing slowdowns.
Thanks in Advance. (4 Replies)
Discussion started by: ggayathri
4 Replies
6. IP Networking
My company has a private network, including a Apache web server (Linux) and some WinXP machines. The web server had been configured to use mod_proxy to connect to window update site via another company proxy server. It works for few years.
Recently, some parties had setup a DNS server on the... (2 Replies)
Discussion started by: donaldfung
2 Replies
7. UNIX for Dummies Questions & Answers
Dear guys,
I don't know the response of a for loop in this situation:
suppose that file1 is an empty file.
and i make a for loop as :
for i in `cat file1`
What will be the response of the for loop:
1- will an error message apear
2- or the for loop simply will not run,and it will escape... (2 Replies)
Discussion started by: marwan
2 Replies
8. UNIX for Advanced & Expert Users
Hi all,
If I give ls , it lists files in 1 second.
It I give ls -l , it takes 8 seconds
There are only 55 files in the directory.
Any explanation?
Thanks
Wilson (4 Replies)
Discussion started by: geraldwilson
4 Replies
AUDISP-PRELUDE.CONF:(5) System Administration Utilities AUDISP-PRELUDE.CONF:(5)
NAME
audisp-prelude.conf - the audisp-prelude configuration file
DESCRIPTION
audisp-prelude.conf is the file that controls the configuration of the audit based intrusion detection system. There are 2 general kinds of
configuration option types, enablers and actions. The enablers simply have yes/no as the only valid choices.
The action options currently allow ignore, and idmef as its choices. The ignore option means that the IDS still detects events, but only
logs the detection in response. The idmef option means that the IDS will send an IDMEF alert to the prelude manager upon detection.
The configuration options that are available are as follows:
profile
This is a one word character string that is used to identify the profile name in the prelude reporting tools. The default is auditd.
detect_avc
This an enabler that determines if the IDS should be examining SE Linux AVC events. The default is yes.
avc_action
This is an action that determines what response should be taken whenever a SE Linux AVC is detected. The default is idmef.
detect_login
This is an enabler that determines if the IDS should be examining login events. The default is yes.
login_action
This is an action that determines what response should be taken whenever a login event is detected. The default is idmef.
detect_login_fail_max
This is an enabler that determines if the IDS should be looking for maximum number of failed logins for an account. The default is
yes.
login_fail_max_action
This is an action that determines what response should be taken whenever the maximum number of failed logins for an account is
detected. The default is idmef.
detect_login_session_max
This is an enabler that determines if the IDS should be looking for maximum concurrent sessions limit for an account. The default is
yes.
login_session_max_action
This is an action that determines what response should be taken whenever the maximum concurrent sessions limit for an account is
detected. The default is idmef.
detect_login_location
This is an enabler that determines if the IDS should be looking for logins being attempted from a forbidden location. The default is
yes.
login_location_action
This is an action that determines what response should be taken whenever logins are attempted from a forbidden location. The default
is idmef.
detect_login_time_alerts
This is an enabler that determines if the IDS should be looking for logins attempted during a forbidden time. The default is yes.
login_time_action
This is an action that determines what response should be taken whenever logins are attempted during a forbidden time. The default
is idmef.
detect_abend
This is an enabler that determines if the IDS should be looking for programs terminating for an abnormal reason. The default is yes.
abend_action
This is an action that determines what response should be taken whenever programs terminate for an abnormal reason. The default is
idmef.
detect_promiscuous
This is an enabler that determines if the IDS should be looking for promiscuous sockets being opened. The default is yes.
promiscuous_action
This is an action that determines what response should be taken whenever promiscuous sockets are detected open. The default is
idmef.
detect_mac_status
This is an enabler that determines if the IDS should be detecting changes made to the SE Linux MAC enforcement. The default is yes.
mac_status_action
This is an action that determines what response should be taken whenever changes are made to the SE Linux MAC enforcement. The
default is idmef.
detect_group_auth
This is an enabler that determines if the IDS should be detecting whenever a user fails in changing their default group. The default
is yes.
group_auth_act
This is an action that determines what response should be taken whenever a user fails in changing their default group. The default
is idmef.
detect_watched_acct
This is an enabler that determines if the IDS should be detecting a user attempting to login on an account that is being watched.
The accounts to watch is set by the watched_accounts option. The default is yes.
watched_acct_act
This is an action that determines what response should be taken whenever a user attempts to login on an account that is being
watched. The default is idmef.
watched_accounts
This option is a whitespace and comma separated list of accounts to watch. The accounts may be numeric or alphanumeric. If you want
to include a range of accounts, separate them with a dash but no spaces. For example, to watch logins from bin to lp, use "bin-lp".
Only successful logins logins are recorded.
detect_watched_syscall
This is an enabler that determines if the IDS should be detecting whenever a user runs a command that issues a syscall that is being
watched. The default is yes.
watched_syscall_act
This is an action that determines what response should be taken whenever a user runs a command that issues a syscall that is being
watched. The default is idmef.
detect_watched_file
This is an enabler that determines if the IDS should be detecting whenever a user accesses a file that is being watched. The default
is yes.
watched_file_act
This is an action that determines what response should be taken whenever a user accesses a file that is being watched. The default
is idmef.
detect_watched_exec
This is an enabler that determines if the IDS should be detecting whenever a user executes a program that is being watched. The
default is yes.
watched_exec_act
This is an action that determines what response should be taken whenever a user executes a program that is being watched. The
default is idmef.
detect_watched_mk_exe
This is an enabler that determines if the IDS should be detecting whenever a user creates a file that is executable. The default is
yes.
watched_mk_exe_act
This is an action that determines what response should be taken whenever a user creates a file that is executable. The default is
idmef.
SEE ALSO
audispd(8), audisp-prelude(8), prelude-manager(1).
AUTHOR
Steve Grubb
Red Hat Mar 2008 AUDISP-PRELUDE.CONF:(5)