User Accounting   «Prev  Next»

Lesson 2System accounting in RedHat Linux
ObjectiveThe objective of this lesson is to describe system accounting.

Systems Accounting in RedHat Linux

System accounting involves the creation and maintenance of logs that
  1. keep track of processes executed,
  2. user activity, and
  3. network connections.
These logs will provide you with valuable information to aid with troubleshooting and attack analysis.
The standard Linux remote access facilities, for example telnet and ftp, maintain logs about who is connecting to what, from where, and when.
There are also utilities that maintain logs of local network connections. The network connection logs are always maintained.
Whereas network connection logs are always maintained, process accounting logs, which track all executed process, are not. You must explicitly configure these logs into your machine. Fortunately, the Linux kernel provides these facilities so you can simply install them on your machine.
The downfall of system accounting is the huge size of the logfiles that are produced. Therefore, you will need to enable log rotation and archival procedures. An archival procedure is important because you may not detect an attack until months later; so, if possible, back up all your logs for reference.
The next lesson describes process accounting.

Using the mkfs command to create a file system

It is possible to create a file system, for any supported file system type, on a disk or partition that you choose. This is done with the mkfs command. While this is most useful for creating file systems on hard disk partitions, you can create file systems on floppy disks or re-writable CDs as well. Here is an example of using mkfs to create a file system on a floppy disk: 

# mkfs -t ext3 /dev/fd0
mke2fs 1.41.4 (27-Jan-2009)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
184 inodes, 1440 blocks
72 blocks (5.00%) reserved for the super user
First data block=1
1 block group
8192 blocks per group, 8192 fragments per group
184 inodes per group
Writing inode tables: done
Filesystem too small for a journal
Writing superblocks and filesystem accounting information: done
The filesystem will be automatically checked every 23 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

You can see the statistics that are output with the formatting done by the mkfs command. The number of inodes and blocks created are output. Likewise, the number of blocks per group and fragments per group are also output. You could now mount this file system (mount /mnt/floppy), change to it as your current directory (cd /mnt/floppy), and create files on it as you please.