search for: danwalsh

> > > If you're on a RedHat system with selinux (RHEL, CentOS, fedora), then > > it looks like > > <https://danwalsh.livejournal.com/69837.html> pam_oddjob_mkhomedir > > will create the home directories for you and also ensure that the > > correct selinux labels are applied. I have this on my todo list, as > > I'm currently using the ADUC method, which is labour intensive. > > This...

If you're on a RedHat system with selinux (RHEL, CentOS, fedora), then it looks like <https://danwalsh.livejournal.com/69837.html> pam_oddjob_mkhomedir will create the home directories for you and also ensure that the correct selinux labels are applied. I have this on my todo list, as I'm currently using the ADUC method, which is labour intensive. -- Mason On Thu, 10 Oct 2019 at 03:27, R...

Kevin Korb wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > rsync not needed: cp -al dir1 dir2 > Right now, neither is 'cp' (as of V8.21 - V10 inclusive) -- "apparently" (?) in response to this article: http://danwalsh.livejournal.com/64493.html. Right now, 'cp' tries to 'hardlink' to symlinks, which AFAIR has never been an option -- any more than hardlinking to directories. I was trying to see if rsync was a viable alternative until the bug is fixed, and had abilities cp used to (bug currently...

...reported bugs. One of them is a problem when "deliver" writes of temporary files into /tmp are blocked by SELinux policy (https://bugzilla.redhat.com/show_bug.cgi?id=424091). From the SELinux's point of view it is bad when system services try to write into /tmp (for detail see http://danwalsh.livejournal.com/11467.html). The solution looks simple - just to switch from /tmp to PKG_RUNDIR (line 472 in deliver.c for dovecot 1.0) for writing the temp files. But this raises two questions - will it really work and when yes, is it acceptable for the author? Thanks, Dan -- Fedora and Red...

When does echo 0 > /selinux/inforce need to be used? I.e., where is selinux enforcing itself on the system to protect it? When I do yum install of some package, it seems to work (not being blocked). When would doing something not work because selinux is watching it (or whatever that process is doing)? Thanks, -wes

...ing is how effective would SELinux be in preventing an initial remote exploit, or preventing an attacker gaining further escalation of privileges once they have gained access to the system. In answer to your question, you will find lots of good real life examples in Dans' blog here: http://danwalsh.livejournal.com/

On 10/10/2019 13:05, Mason Schmitt wrote: > > > If you're on a RedHat system with selinux (RHEL, CentOS, > fedora), then > > it looks like > > <https://danwalsh.livejournal.com/69837.html>?pam_oddjob_mkhomedir > > will create the home directories for you and also ensure that the > > correct selinux labels are applied.? I have this on my todo > list, as > > I'm currently using the ADUC method, which is labour inte...

...ting, you may ask all kind of libvirt usage questions if you want, the following is some reference: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/chap-Security-Enhanced_Linux-sVirt.html http://libvirt.org/drvqemu.html#securitysvirt http://danwalsh.livejournal.com/30565.html > > thanks > > > > > -- > libvir-list mailing list > libvir-list at redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.co...

Hi Guys, My google foo is failing me this afternoon. Just configuring a new C6 install. I know there are SELinux alerts happening, eg: I know I need to enable named to write to the local .jnl file as part of dynamic DNS, but sealert -b is not listing any alerts. I can see raw audit messages. Is there some daemon I have forgotten to start or install? Thanks Ken -- This message has been

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

...een changed by kirkbocek: > http://wiki.centos.org/HowTos/SELinux?action=diff&rev2=29&rev1=28 > > The comment on the change is: > Added the User Notes and Gotchas Section > > ------------------------------------------------------------------------------ > > http://danwalsh.livejournal.com/ > > + == User Notes and Gotchas == > + > + This section is provided by a user who learned most of what he knows of SELinux from this document. This document is a wonderful and detailed resource. However, it is somewhat dry. It misses a couple of practical points I found...

On Tue, December 30, 2014 03:18, Digimer wrote: > What possible reason could they have for that? > > On 30/12/14 02:17 AM, Laurent Dumont wrote: >> By any change, is it a VPS? I know that my CloudAtCost (very cheap but >> extremely unreliable provider) prevents you from using SeLinux on their >> Centos image. No mysterious breakages == lower support costs. The same

Hello, I've read on several howtos that one way to make ssh more secure, or at least reduce the damage if somebody breaks in, is to NOT allow direct ssh login from root, but allow logins from another user. So you have to know two passwords in order to do any real damage. Does this make sense? IF yes, what is the right way to create an user only for this purpose, that is one that can only

Customer asks why [home] doesn't work for a new AD user, turns out the linux directory doesn't exist on the DM server How to let that directory be created? GPO? I find this: https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers but the GPO seems only to create the network drive ... but not the directory on the samba server itself. hints?

Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand

Getting module_request errors from SELinux. Errors being thrown by metacity sendmail.postfix cleanup trivial-rewarite local postdrop pickup All errors are essentially the same System was working well until I began to apply some basic security hardening configuration. Postfix started complaining when I made /tmp noexec, nodev, nosuid, and then did a mount --bind of /var/tmp under

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

Hi, total newbie on CentOS. Just firing up an install of 5.5 on a development webserver. Installed Webmin, Awstats, PHPMyAdmin and Drupal successfully. Yet to work on Sendmail and Samba. SELinux in enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t) "read write" to /var/webminsessiondb.pag (var_t)". Googled the error message without real success in finding fix