|Lesson 2||System accounting in RedHat Linux|
|Objective||The objective of this lesson is to describe system accounting.|
System accounting involves the creation and maintenance of logs that keep track of processes executed, user activity, and network connections.
These logs will provide you with valuable information to aid with troubleshooting and attack analysis.
The standard Linux remote access facilities, for example
ftp, maintain logs about who is connecting
to what, from where, and when.
There are also utilities that maintain logs of local network connections. The network connection logs are always maintained.
Whereas network connection logs are always maintained, process accounting logs, which track all executed process, are not.
You must explicitly configure these logs into your machine. Fortunately, the Linux kernel provides these facilities so you can simply install them on your machine.
The downfall of system accounting is the huge size of the logfiles that are produced.
Therefore, you will need to enable log rotation and archival procedures.
An archival procedure is important because you may not detect an attack until months later; so, if possible, back up all your logs for reference.
The next lesson describes process accounting.
Using the mkfs command to create a file system
It is possible to create a file system, for any supported file system type, on a disk or partition that you choose.
This is done with the mkfs command. While this is most useful for creating file systems on hard disk partitions, you can create file systems on floppy disks or re-writable
CDs as well.
Here is an example of using mkfs to create a file system on a floppy disk:
You can see the statistics that are output with the formatting done by the mkfs command.
The number of inodes and blocks created are output. Likewise, the number of blocks per group and fragments per group are also output.
You could now mount this file system (mount /mnt/floppy), change to it as your current directory (cd /mnt/floppy), and create files
on it as you please.
# mkfs -t ext3 /dev/fd0
mke2fs 1.41.4 (27-Jan-2009)
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
184 inodes, 1440 blocks
72 blocks (5.00%) reserved for the super user
First data block=1
1 block group
8192 blocks per group, 8192 fragments per group
184 inodes per group
Writing inode tables: done
Filesystem too small for a journal
Writing superblocks and filesystem accounting information: done
The filesystem will be automatically checked every 23 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.