search for: auid

How to resolve this SElinux problem? type=USER_AVC msg=audit(1513478641.700:1920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service exe=&quot...

...h audit2allow from the /var/log/message The modules seem to work fine, because old avc denied messages desappeard ... but some messages like the following appear at /var/log/messages when I do a semodule -i modulename or semodule -r modulename : Oct 5 20:16:11 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' Oct 5 20:16:11 orion kernel: audit(1223252171.572:8): policy loaded auid=4294967295 ses=4294967295 Oct 5 20:16:41 orion kernel: audit(1223252201.673:9): user pid=2172 uid=81 auid=4294967295 subj=system_u:system_r:system_dbus d_t:s0 msg='avc: received...

...failure; logname= uid=0 euid=0 tty= ruser= rhost= user=operator ./messages:Jun 15 23:32:11 lambdacenter dovecot(pam_unix)[17182]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=operator ./audit/audit.log:type=USER_AUTH msg=audit(1181971858.967:156312): user pid=15512 uid=0 auid=4294967295 msg='PAM authentication: user=operator exe="/usr/libexec/dovecot/dovecot-auth" (hostname=?, addr=?, terminal=? result=Authentication failure)' ./audit/audit.log:type=USER_AUTH msg=audit(1181971862.772:156382): user pid=15670 uid=0 auid=4294967295 msg='PAM authentic...

On 04/26/2017 04:22 AM, Gordon Messmer wrote: > On 04/25/2017 03:25 PM, Robert Moskowitz wrote: >> This made the same content as before that caused problems: > > I still don't understand, exactly. Are you seeing *new* problems > after installing a policy? What are the problems? > >> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

The recently-left programmer did *something*, and he didn't know what, and the guy who picked it up is working with me to find out why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5,pam_xauth acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11...

...ite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="...

...ville at edpnet.be Hi, Whit the current code in 6.6p1, the linux auditing code is generating multiples USER_LOGIN when either an unknown user or a wrong password of an existing user is used. With an unknown user, I get the following: type=USER_LOGIN msg=audit(1402608427.317:143): pid=6544 uid=0 auid=1000 ses=3 msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=192.168.122.1 terminal=sshd res=failed' type=USER_LOGIN msg=audit(1402608427.317:144): pid=6544 uid=0 auid=1000 ses=3 msg='op=login acct=28696E76616C6964207573657229 exe="/usr/...

...stemd[1]: Listening on Journal Socket (/dev/log). [ 152.045723] systemd[1]: Reached target Remote File Systems. [ 152.047281] systemd[1]: Created slice system-getty.slice. [ 152.047305] systemd[1]: Reached target Login Prompts. [ 152.592880] audit: type=1130 audit(1565977308.276:2): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-journald comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [ 152.607239] systemd-journald[305]: Received request to flush runtime journal from PID 1 [ 152.679482] audit: type=1130 audit(1...

..." dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name=""...

...hda1) in ext3_reserve_inode_write: Journal has aborted EXT3-fs error (device hda1) in ext3_delete_inode: Journal has aborted ext3_abort called. EXT3-fs error (device hda1): ext3_journal_start_sb: Detected aborted journal Remounting filesystem read-only audit(1204110895.260:2): audit_pid=0 old=0 by auid=4294967295 audit(1204110895.270:3): audit_backlog_limit=256 old=64 by auid=4294967295 NET: Registered protocol family 10 lo: Disabled Privacy Extensions IPv6 over IPv4 tunneling driver the configuration file is, kernel = "/boot/vmlinuz-2.6.18.8-xen" ramdisk = "/boot/initrd-2.6.18....

...::ffff:[server], TLS Aug 5 21:01:34 [hostname] dovecot: imap-login: Aborted login: user=<[me]>, method=PLAIN, rip=::ffff:[server], lip=::ffff:[server], TLS I'm getting the following messages in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1217984152.016:347): user pid=7669 uid=0 auid=10243 subj=user_u:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct="[me]" : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:[client], addr=::ffff:[client], terminal=dovecot res=success)' type=USER_ACCT msg=audit(1217984152.017:348): user pid=7669 uid=...

...bject_r:svirt_image_t:s0:c122,c658 vm1.img -rw-------. qemu qemu system_u:object_r:svirt_image_t:s0:c122,c658 vm2.img Trying to read/write on vm1 will generate AVC messages Seen following message in /var/log/audit/audit.log : type=VIRT_RESOURCE msg=audit(1332310867.790:10312): user pid=5114 uid=0 auid=0 ses=3 subj=unconfined_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=disk reason=attach vm="vm2" uuid=b07607f8-2d03-cc1f-272b-22863667d1a4 old-disk="?" new-disk="/var/lib/libvirt/images/vm1.img": exe=2F7573722F7362696E2F6C69627669727464202864656C6574656429...

Since updating to 4.2 my Opteron server has been flooded by messages like: audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)' to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server. Does anyone know how to turn th...

...de" ino=22694488368 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file type=SYSCALL msg=audit(1506168999.456:2350): arch=c000003e syscall=4 success=yes exit=0 a0=55eea817ec80 a1=7ffe668ef300 a2=7ffe668ef300 a3=7ffe668ef270 items=0 ppid=1 pid=28956 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1506168999.456:2351): avc: denied { open } for pid=28956 comm=...

...it(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pi...

...ful 2023-01-28T09:07:25+1100 nut-driver at ups[1259]: Network UPS Tools - UPS driver controller 2.8.0 2023-01-28T09:07:25+1100 systemd[1]: Started nut-driver at ups.service - Network UPS Tools - device driver for NUT device 'ups'. 2023-01-28T09:07:25+1100 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=nut-driver at ups comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 2023-01-28T09:07:25+1100 systemd[1]: Reached target nut-driver.target - Network UPS Tools - target for power device d...

...u:system_r:container_t:s0:c62,c364 > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > > > type=SYSCALL msg=audit(1679486264.987:145): arch=x86_64 > syscall=mprotect success=yes exit=0 a0=7f761e694000 a1=3000 a2=1 > a3=55744feb9c80 items=0 ppid=2749 pid=2752 auid=1000 uid=1000 gid=1000 > euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 > ses=2 comm=bash exe=/bin/bash > subj=system_u:system_r:container_t:s0:c62,c364 key=(null)ARCH=x86_64 > SYSCALL=mprotect AUID=lacos UID=lacos GID=lacos EUID=lacos SUID=lacos > FSUID=lacos...

On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal

...<mailadmin>, method=PLAIN, rip=10.0.77.80, lip=10.0.78.223, mpid=29696, TLS, session=<0C+M3A/9OwCsEQFQ> audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144473.421:46298): arch=c000003e syscall=2 success=no exit=-13 a0=7fff97f77ce0 a1=c2 a2=1a4 a3=0 items=1 ppid=29697 pid=29699 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="access" audispd: node=myhost.somewhere type=CWD msg=audit(1404144473.421:46298): cwd="/var/run/dovec...