Here is a simple way to bind a proc to a cpu. The taskset command is part of the util-linux package.
Bind process 2225 to processor 0:
taskset -p -c 0 2225
Bind process 2225 to processor 1:
taskset -p -c 1 2225
Bind process 2225 to processor 0 and 1:
taskset -p -c 0,1 2225
You can also bind a process at execution:
taskset -c 0 sshd
Retrieving the pids current affinity:
[root@localhost ~]# taskset -p 2225
pid 2225’s current affinity mask: 3
I was having some trouble creating a kickstart file with lvm partitions so I finally got it working, i dont know what i did, but I think it had something to do with sizing. I set the pv to grow over the entire disk and then sliced up the lv’s.
install
url –url=http://192.163.43.101/kickstart/rhel51/x86-64/base
bootloader –location=mbr
zerombr
clearpart –all
text
firewall –disabled
firstboot –disable
reboot
selinux –disabledkey –skip
lang en_US.UTF-8
keyboard us
network –device eth0 –bootproto dhcp –onboot=on
rootpw –iscrypted $1$O9sasdfe$fdadsfdsadqW4CMdO0jk0
firewall –disabled
authconfig –enableshadow –enablemd5
timezone –utc America/Los_Angelespart /boot –fstype ext3 –size=100
part pv.01 –size=1 –grow
volgroup rootvg01 pv.01
logvol / –fstype ext3 –name=lv01 –vgname=rootvg01 –size=1000
logvol /tmp –fstype ext3 –name=lv03 –vgname=rootvg01 –size=1000
logvol swap –fstype swap –name=lv00 –vgname=rootvg01 –size=1000
logvol /home –fstype ext3 –name=lv02 –vgname=rootvg01 –size=1000
logvol /usr –fstype ext3 –name=lv04 –vgname=rootvg01 –size=5000
logvol /var –fstype ext3 –name=lv05 –vgname=rootvg01 –size=1000%packages
@base%post
Obviously you would need the audit package installed…
Lets say I wanted to audit "test.file" for read, write, execute, and access:
auditctl -w /root/test.file -k test-file -p rwxa
-w: adds the "watch" rule
-k: is the key that you can use to filter the audit logs on
-p: is the permissions that you would like to audit
If you would like this to be a permanent rule .. then you must add it to /etc/audit/audit.rules in the following format:
-w /root/test.file -k test-file -p rwxa
Now we can take a look at the rules:
auditctl -l
LIST_RULES: exit,always watch=/root/test.file perm=rwxa key=test-file
Now i am going to add some text to test.file and see what the audit says.. I run the ausearch tool to find this out:
ausearch -k test-file
or
ausearch -f test.file
Here are the results:
—-
time->Thu May 1 15:04:33 2008
type=PATH msg=audit(1209679473.817:1252): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679473.817:1252): cwd="/root"
type=SYSCALL msg=audit(1209679473.817:1252): arch=c000003e syscall=191 success=no exit=-61 a0=7fff2baf6ba0 a1=3872404d67 a2=0 a3=0 items=1 ppid=16271 pid=16881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ls" exe="/bin/ls" key="test-file"
—-
time->Thu May 1 15:04:33 2008
type=PATH msg=audit(1209679473.817:1253): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679473.817:1253): cwd="/root"
type=SYSCALL msg=audit(1209679473.817:1253): arch=c000003e syscall=191 success=no exit=-61 a0=7fff2baf6ba0 a1=3872404d38 a2=0 a3=0 items=1 ppid=16271 pid=16881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ls" exe="/bin/ls" key="test-file"
—-
time->Thu May 1 15:04:39 2008
type=PATH msg=audit(1209679479.812:1254): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679479.812:1254): cwd="/root"
type=SYSCALL msg=audit(1209679479.812:1254): arch=c000003e syscall=2 success=yes exit=3 a0=1d6cb910 a1=0 a2=0 a3=0 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
—-
time->Thu May 1 15:04:39 2008
type=PATH msg=audit(1209679479.813:1255): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679479.813:1255): cwd="/root"
type=SYSCALL msg=audit(1209679479.813:1255): arch=c000003e syscall=89 success=no exit=-22 a0=7fff0814a7f0 a1=7fff0814abf0 a2=3ff a3=1 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
—-
time->Thu May 1 15:04:45 2008
type=PATH msg=audit(1209679485.992:1256): item=0 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.992:1256): cwd="/root"
type=SYSCALL msg=audit(1209679485.992:1256): arch=c000003e syscall=191 success=no exit=-61 a0=1d6cb910 a1=3872404d67 a2=7fff0814aff0 a3=84 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
—-
time->Thu May 1 15:04:45 2008
type=PATH msg=audit(1209679485.992:1258): item=3 name="test.file~" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1258): item=2 name="test.file" inode=84869203 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1258): item=1 name="/root" inode=84869121 dev=fd:00 mode=040750 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1258): item=0 name="/root" inode=84869121 dev=fd:00 mode=040750 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.992:1258): cwd="/root"
type=SYSCALL msg=audit(1209679485.992:1258): arch=c000003e syscall=82 success=yes exit=0 a0=1d6cb910 a1=1d6f6d80 a2=2 a3=1 items=4 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
—-
time->Thu May 1 15:04:45 2008
type=PATH msg=audit(1209679485.992:1260): item=1 name="test.file" inode=84869202 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1209679485.992:1260): item=0 name="/root" inode=84869121 dev=fd:00 mode=040750 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.992:1260): cwd="/root"
type=SYSCALL msg=audit(1209679485.992:1260): arch=c000003e syscall=2 success=yes exit=3 a0=1d6cb910 a1=241 a2=1a4 a3=0 items=2 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
—-
time->Thu May 1 15:04:45 2008
type=PATH msg=audit(1209679485.996:1261): item=0 name="test.file" inode=84869202 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.996:1261): cwd="/root"
type=SYSCALL msg=audit(1209679485.996:1261): arch=c000003e syscall=90 success=yes exit=0 a0=1d6cb910 a1=81a4 a2=0 a3=0 items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
—-
time->Thu May 1 15:04:45 2008
type=PATH msg=audit(1209679485.997:1262): item=0 name="test.file" inode=84869202 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1209679485.997:1262): cwd="/root"
type=SYSCALL msg=audit(1209679485.997:1262): arch=c000003e syscall=188 success=yes exit=0 a0=1d6cb910 a1=3872404d67 a2=1d6f6da0 a3=1c items=1 ppid=16271 pid=16882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="vi" exe="/bin/vi" key="test-file"
Also aureport will give us a report of activity:
Summary Report
======================
Range of time in logs: 05/01/2008 15:04:33.817 – 05/01/2008 15:04:45.997
Selected time for report: 05/01/2008 15:04:33 – 05/01/2008 15:04:45.997
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 0
Number of failed logins: 0
Number of authentications: 0
Number of failed authentications: 0
Number of users: 1
Number of terminals: 1
Number of host names: 0
Number of executables: 2
Number of files: 3
Number of AVC’s: 0
Number of MAC events: 0
Number of failed syscalls: 4
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 2
Number of events: 9