search for: ausearch

Displaying 20 results from an estimated 78 matches for "ausearch".

2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
...s ***** >> If you believe that python2.7 should be allowed read access on the disable file by default. >> Then you should report this as a bug. >> You can generate a local policy module to allow this access. >> Do >> allow this access for now by executing: >> # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver >> # semodule -i my-f2bserver.pp >> Weirdly enough, when I follow this suggestion and then empty audit.log and restart my server, I still get the exact same error again. > > I reinstalled this server from scratch and too...
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
...e. ***** Plugin catchall (100. confidence) suggests ***** If you believe that python2.7 should be allowed read access on the disable file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver # semodule -i my-f2bserver.pp Weirdly enough, when I follow this suggestion and then empty audit.log and restart my server, I still get the exact same error again. Which makes Fail2ban unusable with SELinux in enforcing mode in the curr...
2020 Feb 13
3
CentOS 7, Fail2ban and SELinux
...e. ***** Plugin catchall (100. confidence) suggests ***** If you believe that python2.7 should be allowed read access on the disable file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'f2b/f.sshd' --raw | audit2allow -M my-f2bfsshd # semodule -i my-f2bfsshd.pp ... As far as I can tell - and please correct me if I'm wrong - if a package doesn't play well with SELinux in the default configuration, this should be considered as a bug. In that case, the appropri...
2018 Mar 09
3
SELinux breaks Squid's ssl_crtd helper
...dit.log ***** Plugin catchall (17.1 confidence) suggests ***** If you believe that ssl_crtd should be allowed read access on the index.txt file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ssl_crtd' --raw | audit2allow -M my-sslcrtd # semodule -i my-sslcrtd.pp Unfortunately the suggested solution doesn't work, because the problem reappears, and I get all sorts of errors in /var/log/squid/cache.log, all due to ssl_crtd not being able to access stuff under /var/lib/ssl...
2014 Aug 21
1
CentOS Digest, Vol 115, Issue 21
...0:03 centos-request at centos.org wrote: > Re: [CentOS] SELinux vs. logwatch and virsh > From: Daniel J Walsh <dwalsh at redhat.com> > To: CentOS mailing list <centos at centos.org> > > On 08/18/2014 02:13 PM, Bill Gee wrote: > > Hi Dan - > > > > "ausearch -m avc -ts recent" produces no output. If I run it as "ausearch > > -f virsh" then it produces output similar to this. Each day's run of > > logwatch produces three of these audit log entries. The a1 and a2 values > > are different for each entry, but everyt...
2017 Oct 06
1
SpamAssassin vs. SELinux
...Plugin catchall (100. confidence) suggests ********* If you believe that perl should be allowed create access on the .spamassassin directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '7370616D64206368696C64' --raw | audit2allow -M my-7370616D64206368696C64 # semodule -i my-7370616D64206368696C64.pp ... --8<------------------------------------------------------ Usually sealert's suggestions are to the point and work perfectly. Except in this case it doesn'...
2020 Feb 26
0
CentOS 7 : SELinux trouble with Fail2ban
...nce) suggests?? ***** > > If you believe that python2.7 should be allowed read access on the disable file > by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver > # semodule -i my-f2bserver.pp > > Weirdly enough, when I follow this suggestion and then empty audit.log and > restart my server, I still get the exact same error again. I reinstalled this server from scratch and took some...
2020 Feb 26
0
CentOS 7 : SELinux trouble with Fail2ban
...eve that python2.7 should be allowed read access on the > disable file by default. > >> Then you should report this as a bug. > >> You can generate a local policy module to allow this access. > >> Do > >> allow this access for now by executing: > >> # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver > >> # semodule -i my-f2bserver.pp > >> Weirdly enough, when I follow this suggestion and then empty audit.log > and restart my server, I still get the exact same error again. > > > > I reinstalled this ser...
2020 Feb 21
2
preexec with win 10
Il 21/02/20 13:02, Rowland penny via samba ha scritto: > On 21/02/2020 11:39, Roberto Tagliaferri - Tosnet srl via samba wrote: >> This is an extract of smbstatus >> root at robytnuovo~# smbstatus |grep 246 >> 1877????? emissionefatture? emissionefatture? 192.168.0.246 >> (ipv4:192.168.0.246:49701) SMB3_00 > root preexec is running the /usr/bin/log_access.php
2020 Jun 18
2
Can't access Squirrelmail on Centos 8
...est file, Turning off the firewall resulted in same issue. > > Frank was hinting to SELinux preventing access. A valid guess, > especially as you have installed the webapp in a very uncommon path > where default SELinux does know nothing about. So check the audit.log > for AVC or use ausearch. > > And of course check the webserver's logfile. Always the logs! They have > the neccessary information your need to debug your situation. > > Alexander I enabled both those options. tried to access again, same issue. Log file: [Thu Jun 18 17:08:31.160897 2020] [authz_core:er...
2017 Sep 20
2
selinux prevents lighttpd from printing
On 09/20/2017 07:19 AM, hw wrote: > hw wrote: >> >> Hi, >> >> how do I allow CGI programs to print (using 'lpr -P some-printer >> some-file.pdf') when >> lighttpd is being used for a web server? >> >> When selinux is permissive, the printer prints; when it?s enforcing, >> the printer >> does not print, and I?m getting the log
2017 Sep 22
2
selinux prevents lighttpd from printing
...gt;> >> >> Look in your audit logs while in permissive mode and you should see the >> issue in there, the wiki has details: >> >> https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b > > Thanks! I?m guessing I?m supposed to use ausearch to search for something, and > I don?t know what to search for. > > So far, lighttpd can not print and can not send emails (using MIME::Lite) unless > selinux is permissive. Using > > 'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i' > &gt...
2018 Sep 09
2
Type enforcement / mechanism not clear
...<no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:system_conf_t:s0 /etc/sysctl.conf # ausearch -m avc --start recent type=SYSCALL msg=audit(1536457230.922:85): arch=c000003e syscall=6 success=no exit=-13 a0=7fff6460dcf0 a1=7fff6460dbe0 a2=7fff6460dbe0 a3=11 items=0 ppid=1362 pid=1364 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 com...
2019 Jan 18
1
SElinux AVC signull
Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing with selinux policy packages...
2017 Sep 22
1
selinux prevents lighttpd from printing
...udit logs while in permissive mode and you should see the >>>> issue in there, the wiki has details: >>>> >>>> https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b >>> >>> Thanks! I?m guessing I?m supposed to use ausearch to search for something, and >>> I don?t know what to search for. >>> >>> So far, lighttpd can not print and can not send emails (using MIME::Lite) unless >>> selinux is permissive. Using >>> >>> 'ausearch -c "httpd" -m AVC,USER_A...
2017 Sep 22
0
selinux prevents lighttpd from printing
...>> >> Nobody knows? > > > Look in your audit logs while in permissive mode and you should see the > issue in there, the wiki has details: > > https://wiki.centos.org/HowTos/SELinux#head-798c98ef37cb8a00425a048152113b7a7dc14f1b Thanks! I?m guessing I?m supposed to use ausearch to search for something, and I don?t know what to search for. So far, lighttpd can not print and can not send emails (using MIME::Lite) unless selinux is permissive. Using 'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i' , I only get type=PROCTITLE msg=a...
2018 Mar 10
0
SELinux breaks Squid's ssl_crtd helper
On 03/09/2018 05:18 AM, Nicolas Kovacs wrote: > Do allow this > access for now by executing: > # ausearch -c 'ssl_crtd' --raw | audit2allow -M my-sslcrtd > # semodule -i my-sslcrtd.pp > > Unfortunately the suggested solution doesn't work Start by running "ausearch -c 'ssl_crtd' --raw" by itself.? Try to determine whether or not all of the affected files are men...
2007 Oct 28
1
Interpreting audit logs?
Whenever I review audit logs, it is difficult for me to determine if an account was logged in at an usual day/time because there is no timestamp next to any entry, at least as I interpret the format. How, then do I properly and successfully review the audit log entries based on a date/time stamp? Also, how can I filter out root and sudo account entries, displaying everyone else in audit?
2013 Apr 30
0
httpd writes much to /var? How to audit it properly?
...time (it happenes on different machines) I have a very high load up to 100, and I see that there are up to 300/s writes to /var at the same time. Apache restart solves the problem. I would like to know the reason so I decided to use auditd. I've used: auditctl -w /var -p warx And for example: ausearch -f /var -i -ts 04/29/2013 23:00:00 -te 04/29/2013 23:01:00 -ua 11111 | grep 'syscall=open' | wc -l gives me "5" but in my monitoring I see that there were up to 300 writes per second to /var at the same moment (id 11111 - httpd) (I have verified the writes with command line tools...
2014 Oct 30
1
CentOS 6.6 Bacula-SELinux issue
...nux is denying source context bacula_t from accessing target context tape_device_t. I took a look at the various SELinux boolean values but see none that applies. Has anyone else observed this symptom since upgrading? Is there a fix other than building a local policy by going through the "ausearch | audit2allow" iteration(s)? -- Paul Heinlein heinlein at madboa.com 45?38' N, 122?6' W