similar to: Re: Need help with rsync. [solved]

CentOS-5.1 I need some help with setting up the SELinux context for a custom httpd directory so that I can write log files into it. This is what I have: In my virtual host config file: RewriteEngine on RewriteLog /etc/httpd/virtual.d/trac-rewrite.log # RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging RewriteLogLevel 0 If /etc/httpd/virtual.d/trac-rewrite.log does

Hi All, I have this following issue in SELinux. I did what instruction said but the security context has still never changed. Do I need to create local SELinux module? I hope anyone could help me out of this. Thank you. ------------------------------------------------------- # sealert -b ........................................ Summary: SELinux is preventing postmaster (postgresql_t)

CentUS 7.4 >From sealert: SELinux is preventing /usr/sbin/sshd from read access on the file /etc/ssh/moduli. ***** Plugin restorecon (94.8 confidence) suggests ************************ If you want to fix the label. /etc/ssh/moduli default label should be etc_t. Then you can run restorecon. Do # /sbin/restorecon -v /etc/ssh/moduli <...> Additional Information: Source Context

I am encountering an odd problem with su. Up until quite recently I was able to connect to one of my servers (CentOS-5.2) via ssh as an ordinary user and then, from the shell, perform an $ su -l to obtain root access. Now when I try to do this I see the following: $ su -l Password: su: incorrect password If, instead of I ssh to this machine as the root user ($ ssh -l root host) and enter

Received this SELinux warning: Summary: SELinux is preventing ld-linux.so.2 from loading /usr/lib/libGL.so.1.2.#prelink#.4GxqM1 which requires text relocation. Detailed Description: The ld-linux.so.2 application attempted to load /usr/lib/libGL.so.1.2.#prelink#.4GxqM1 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are

On 02/09/2015 11:14 AM, James B. Byrne wrote: > So, I decided to run restorecon -v to > presumably set the SELinux user correctly for the new keys: But that > is not what happened: > > restorecon -v * > > restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context > unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 > > restorecon reset

CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel) /var/log/maillog Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl from read access on the file online. For complete SELinux messages. run sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a Dec 11 16:52:10 inet18 setroubleshoot: SELinux is

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

Hi, I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from Dag Wieers Repo. When OpenVPN is started during boot-up it just shows an SElinux related error message. When I start OpenVPN manually after the system has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel:

Hey, I'm having problems with samba. It has never worked properly on my server since I've had it installed.. Its for a home server, running xbox-Linux Fedora Core 6. I've just uninstalled every trace of the old samba, and started a fresh. With the latest samba sources I found on the website. The nmbd starts fine, but smbd never starts, and in the kernel log, I get the following

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, Im trying to get the sealert browser to show up on my desktop, but I cant get it to work. I have installed all setroubleshoot packages, which provides sealert and im running sealert -b from the command line over a GUI session on gnome and nothing happens. Any ideas? Jeronimo Calvo jeronimocalvop at hush.com -----BEGIN PGP

Does anyone recognize this sort of message or have any idea what might cause it? May 28 11:00:06 inet09 setroubleshoot: [avc.ERROR] Plugin Exception catchall #012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 191, in analyze_avc#012 report = plugin.analyze(avc)#012 File

Could you send me a copy of your audit.log. You should not be getting hundreds of AVC's a day. ausearch -m avc,user_avc -ts today On 12/02/2014 05:08 AM, John Beranek wrote: > I'll jump in here to say we'll try your suggestion, but I guess what's not > been mentioned is that we get the setroubleshoot abrt's only a few times a > day, but we're getting 10000s of

CentOS-6.5 OpenDKIM-2.9.0 (epel) Postfix-2.6.6 (updates) I am trying to get opendkim working with our mailing lists. In the course of that endeavour I note that these messages are appearing in our syslog: May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing /usr/sbin/opendkim from using the signull access on a process. For complete SELinux messages. run sealert -l

Hi all, On my newly up-and-running nameserver (CentOS 5), I noticed the following alerts in /var/log/messages after restarting BIND. (lines inserted to aid in reading). As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an issue which simply *must* be addressed, or if it's something I should live with, and 2) how to eliminate the warming messages without sacrificing

Looks like turning on three booleans will solve most of the problem. httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write On 12/03/2014 03:55 AM, John Beranek wrote: > Mark: Labels look OK, restorecon has nothing to do, and: > > -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > > I'll

Robert Moskowitz wrote: > > > On 12/28/2016 03:32 PM, J Martin Rushton wrote: >> >> On 28/12/16 20:11, Robert Moskowitz wrote: >>> >>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote: >>>> Robert Moskowitz wrote: >>>>> On 12/28/2016 05:11 AM, Todor Petkov wrote: >>>>>> On Wed, Dec 28, 2016 at 5:18 AM, Robert

On 12/28/2016 06:05 PM, J Martin Rushton wrote: > > On 28/12/16 21:24, m.roth at 5-cent.us wrote: >> Robert Moskowitz wrote: >>> >>> On 12/28/2016 03:32 PM, J Martin Rushton wrote: >>>> On 28/12/16 20:11, Robert Moskowitz wrote: >>>>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote: >>>>>> Robert Moskowitz wrote:

CentOS 6.3. *Just* updated, including most current selinux-policy and selinux-policy-targeted. I'm getting tons of these, as in it's just spitting them out when I tail -f /var/log/messages: Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps from search access on the directory @2. For complete SELinux messages. run sealert -l d92ec78b-3897-4760-93c5-343a662fec67

OK, so setup CENTOS-5 on a laptop to learn about Xen stuff. KDE Desktop, wanted to print the virt.108.com xen howto. Needed to setup printer first. Open KDE control center, go to printers. Hear error sound, message says "Unable to retrieve the printer list.... Connection to CUPS server failed. ..." So I check to see that cups is running (it is). I check /var/log/messages