Displaying 20 results from an estimated 200 matches similar to: "Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 ."
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2007 Jul 19
1
semodule - global requirements not met
I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've
got it working well enough that I can switch selinux enforcing back on
again.
I've done the usual-
- grab a chunk of the audit.log that is relevant to all the actions
that would be denied.
- do 'cat audit.log | audit2allow -M amavis' to generate the module
- amavis.te looks like:
module amavis 1.0;
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Thanks Laurent. You obviously know a LOT more about SELinux than I. I
pretty much just use commands and not build policies. So I need some
more information here.
From what you provided below, how do I determine what is currently in
place and how do I add your stuff (changing postgresql with mysql, nat.)
thanks
On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote:
> Le mardi 25 avril 2017
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit :
> I thought I had this fixed, but I do not. I was away from this problem
> working on other matters, and came back (after a reboot) and it is still
> there, so I suspect when I thought I had it 'fixed' I was running with
> setenforce 0 from another problem (that is fixed).
>
> So anyone know how to get
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2006 Jun 07
1
Apache php and exim
Hello,
I'm using the targeted policy.
PHP's mail() function fails because of selinux.
audit(1149662369.454:2): avc: denied { setgid } for pid=18085
comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capability
When i turn to permisive mode:
audit(1149668677.105:12): avc: denied { setuid } for pid=29159
2016 Jul 06
0
How to have more than on SELinux context on a directory
I can access /depot/tftp from a tftp client but unable to do it from a
Windows client as long as SELinux is enforced. If SELinux is permissive I
can access it then I know Samba is properly configured.
# getenforce
Enforcing
# ls -dZ /depot/tftp/
drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/
And if I do it the other way around, give the directory a type
samba_share_t then
2009 Sep 09
1
SELinux Relabeling
Hello everyone,
If create a folder called "whatever" under /var, the context is:
root:object_r:var_t /var/whatever/
That's expected as it is under /var. If I then change its type:
chcont -t httpd_sys_content_t /var/whatever
The context looks like:
root:object_r:httpd_sys_content_t /var/whatever/
My question is...Shouldn't a relabeling of the filesystem change the type
2008 Aug 26
3
Amavisd Howto
Hello CentOS Docs People!
I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines.
My wiki username is WilliamFong.
2016 Jul 06
2
How to have more than on SELinux context on a directory
> If I understand well, I could add a type to another type?!?!?!
No.
The default targeted policy is mostly about Type Enforcement. Quote from
the manual:
"All files and processes are labeled with a type: types define a SELinux
domain for processes and a SELinux type for files. SELinux policy rules
define how types access each other, whether it be a domain accessing a
type, or a
2009 Mar 19
1
SELinux - different context on subdirectories
Hi all,
I have created a directory /srv with the following SELinux context:
system_u:object_r:var_t
Now I want to create a subdirectory within /srv which should get a
different context. So I tried to set e.g.:
semanage fcontext -a -t samba_share_t /srv/samba
/sbin/restorecon -v /srv/samba
but the context is always reset to:
system_u:object_r:var_t
What am I missing?
Best Regards
Marcus
2020 Jan 01
2
Nginx and SELinux on CentOS 7
Hi,
I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it
instead of Apache on some servers.
Apache works more or less out of the box with SELinux. My websites are all
stored under /var/www, and ls -Z shows me that all files created under /var/www
are correctly labeled httpd_sys_content_t.
On my sandbox server I don't have Apache (httpd) installed, only Nginx
2009 Sep 14
4
Contribution to wiki: nagios incompatibility with centos 5.2
Hi
I would like to contribute to the wiki.centos.org:
username: boel
subject: nagios incompatibility with centos 5.2
location: http://wiki.centos.org/HowTos/Nagios
content: A security feature of centos 5.2 SELinux prevents the access
from the apache httpd server to the needed /var/nagios files. The error
manifests itself in the /var/log/messages as "SELinux is preventing the
tac.cgi from
2013 Apr 07
0
Fitting distributions to financial data using volatility model to estimate VaR
Ok,
I try it again with plain text, with a simple R code example and just
sending it to the r list and you move it to sig finance if it is
necessary.
I try to be as detailed as possible.
I want to fit a distribution to my financial data using a volatility
model to estimate the VaR. So in case of a normal distribution, this
would be very easy, I assume the returns to follow a normal
distribution
2006 Jun 21
2
Apache problem
hi
I maintain 10 webservers which is used for add delivery using PHP.sometimes
when the load is high my apache process suddenly dies & i restart apache.
i find the following errors in my /var/log/messages/
server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for
pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317
2012 Jan 13
1
SELinux and rsh+xauth
Hello,
I have a strange (for me) problem with these two machines :
- Client, a CentOS-5.7 workstation ;
- Server, a CentOS-6.2 headless, up-to-date server.
From Client, I want to use xauth on Server with the help of rsh (yes, I
know, ssh and all this sort of things... another time.)
When SELinux is in permissive mode on Server, all these commands
perform as expected :
rsh Server
2009 Aug 27
1
SELinux messages after compiling new kernel
Hi,
I compiled a kernel from sources (2.6.30.5) and when system is booting
shows these errors:
SELinux: 61 classes, 69080 rules
SELinux: class peer not defined in policy
SELinux: class capability2 not defined in policy
SELinux: class kernel_service not defined in policy
SELinux: permission open in class dir not defined in policy
SELinux: permission open in class file not defined in policy
2020 Jan 01
0
Nginx and SELinux on CentOS 7
On 1/1/20 2:00 PM, Nicolas Kovacs wrote:
> Hi,
>
> I'm currently fiddling with Nginx on CentOS 7. Eventually I want to
> use it instead of Apache on some servers.
>
> Apache works more or less out of the box with SELinux. My websites are
> all stored under /var/www, and ls -Z shows me that all files created
> under /var/www are correctly labeled httpd_sys_content_t.
2009 Apr 14
3
Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
Hey guys,
I've been getting some strange selinux messages after the 5.3 upgrade.
It appears as though my mail system (postfix) is constantly trying to
access the rpm database? Here's the audit messages (I tend to look at
my selinux messages using audit2allow < /var/log/audit.log as I find
it easier to read quickly):
allow postfix_postdrop_t rpm_t:tcp_socket { read write };
allow
2018 Sep 10
1
Type enforcement / mechanism not clear
Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
>> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>>>> Any SElinux expert here - briefly:
>>>>
>>>> # getenforce