Promiscuous mode or promisc mode is a feature that makes the ethernet card pass all traffic it received to the kernel. It is usually used by a packet sniffing program like Wireshark, and tcpdump. If there was such program intentionally running or bridged networking for hardware virtualization, the “promiscuous mode” message might be simply ignored. Otherwise, deep investigation on that system will be required due to a security issue.

When there is no audit daemon running on the system, the “audit” message will be logged into /var/log/messages file instead of /var/log/audit/audit.log file. They are informational messages for kernel auditing.

The option PROMISC has been fully deprecated from initscripts in RHEL 7.

# grep PROMISC -B 1 /usr/share/doc/initscripts-9.49.41/sysconfig.txt
        No longer supported:
         PROMISC=yes|no (enable or disable promiscuous mode)

 

So, in order to configure interface(s) in promiscuous mode permanently, follow the steps given below.

 

Configuring Promiscuous mode on Interface in CentOS/RHEL 7

 

1. Create a custom systemd unit file using an editor such as vi or vim.

# vi /etc/systemd/system/promisc.service

 

2. A oneshot using a oneline command can be used.

 

Single Interface Example

In the example below only one interface is being placed into promiscuous mode:

# cat /etc/systemd/system/promisc.service 
[Unit]
Description=Bring up an interface in promiscuous mode during boot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link set dev ens9 promisc on
TimeoutStartSec=0
RemainAfterExit=yes

[Install]
WantedBy=default.target

 

Multiple Interfaces Example

Below example is setting more than one interface into promiscuous mode:

# cat /etc/systemd/system/promisc.service 
[Unit]
Description=Makes an interface run in promiscuous mode at boot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link set dev ens9 promisc on
ExecStart=/usr/sbin/ip link set dev ens12 promisc on
TimeoutStartSec=0
RemainAfterExit=yes

[Install]
WantedBy=default.target

 

3. Ensure that systemd is now aware of the new service:

# systemctl daemon-reload

 

Verification

Reboot the server and check to see if the interface is in promiscuous mode:

# reboot
# ip addr
1: lo: [LOOPBACK,UP,LOWER_UP] mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens9: [BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:fe:7d:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.203/24 brd 192.168.122.255 scope global dynamic ens9
       valid_lft 3398sec preferred_lft 3398sec
3: ens12: [BROADCAST,MULTICAST] mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:54:00:9f:37:9e brd ff:ff:ff:ff:ff:ff
4: ens10: [BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether 52:54:00:30:ef:19 brd ff:ff:ff:ff:ff:ff
5: ens11: [BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP] mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
    link/ether 52:54:00:30:ef:19 brd ff:ff:ff:ff:ff:ff
6: bond0: [BROADCAST,MULTICAST,MASTER,UP,LOWER_UP] mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:30:ef:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.95/24 brd 192.168.122.255 scope global dynamic bond0
       valid_lft 3396sec preferred_lft 3396sec

 

The interface ens9 is now in promiscuous mode upon boot.

Hasznosnak találta ezt a választ? 0 A felhasználók hasznosnak találták ezt (0 Szavazat)