similar to: X11 connection rejected because of wrong authentication

CentOS 6.3. *Just* updated, including most current selinux-policy and selinux-policy-targeted. I'm getting tons of these, as in it's just spitting them out when I tail -f /var/log/messages: Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps from search access on the directory @2. For complete SELinux messages. run sealert -l d92ec78b-3897-4760-93c5-343a662fec67

CentOS-6.1 KVM guest on CentOS-6.1 host. I am seeing this SEAlert in the /var/log/audit/audit.log file a new guest immediately after startup. Can someone tell me what it means and what I should do about it? A Google search reveals a number of Fedora issues with similar errors dating back a few years; most of which seem to have something to do with package ownership. This guest starts without

There is a setroubleshoot package that runs under X, that really makes it a lot easier to troubleshoot selinux, but I really don't want to run X on all my vms. Does anyone here know of an equivalent that doesn't require X? -- Drew Einhorn -------------- next part -------------- An HTML attachment was scrubbed... URL:

https://bugzilla.mindrot.org/show_bug.cgi?id=1718 Summary: Spurious messages "X11 connection rejected because of wrong authentication." Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

CentOS-5.1 I need some help with setting up the SELinux context for a custom httpd directory so that I can write log files into it. This is what I have: In my virtual host config file: RewriteEngine on RewriteLog /etc/httpd/virtual.d/trac-rewrite.log # RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging RewriteLogLevel 0 If /etc/httpd/virtual.d/trac-rewrite.log does

CentOS-6.5 OpenDKIM-2.9.0 (epel) Postfix-2.6.6 (updates) I am trying to get opendkim working with our mailing lists. In the course of that endeavour I note that these messages are appearing in our syslog: May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing /usr/sbin/opendkim from using the signull access on a process. For complete SELinux messages. run sealert -l

OS CentOS-6.2 with updates to present. I use git on this host to manage configuration changes and to monitor package alterations. This is not meant to be a security check. It is simply a way for me to easily recover from fumble fingered configuration changes. Yesterday git status reported that the following files had changed since the previous commit: # modified: ../usr/bin/gdb #

Hi, if I do the following: ssh -X localhost su - another_user xterm I get: X connection to ming:10.0 broken (explicit kill or server shutdown). Where what is really wanted was something like: Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server xterm Xt error: Can't open display: :0.0 'tis easy to reproduce the bug, but the debug

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and they are disabled because of that by default. I

Following a hard drive corruption I have reinstalled the latest version of CentOS and all current patch files. For most applications I selected the default options. By doing this I expected that the packages would play nice with one another and I could customize as necessary. Setting SELinux to enforce I encountered all sorts of problems - but most were resolvable, save for Dovecot,

The following message is a courtesy copy of an article that has been posted to comp.emacs.xemacs as well. [This message has been CC'ed to the OpenSSH list in a plea to at least consider supporting more advanced usages of Xauth] Chris Green <sprout at dok.org> writes: > Its not configurable behavior. It always generates a new random file > in /tmp. Then they should probably

http://bugzilla.mindrot.org/show_bug.cgi?id=803 Summary: Security Bug: X11 Forwarding is more powerful than it needs to be. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=2440 Bug ID: 2440 Summary: X11 connection will fail if user's home directory is read-only Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: sshd

So I'm working from home today, and for the first time I've tried running Evolution over a forwarded X11 connection. Even though work has a T1 and I have 640k at home, and ssh is compressing, it's ... rather slow. So I fire off lbxproxy and try to run an xterm to see if it works. No dice, authentication denied. Does anybody have any experience with this? Is it possible to run

Indeed, thanks Dan - it doesn't get us to a completely clean running that would allow us to run our Node app as we are under Passenger with SELinux enforcing, but it at least has stopped the excessive amount of AVCs we were getting. John On 3 December 2014 at 10:01, Daniel J Walsh <dwalsh at redhat.com> wrote: > Looks like turning on three booleans will solve most of the problem.

Applied policy update. Now I see these occasionally. But by the time I try and see what the matter is the file is gone: /var/log/maillog . . . Dec 9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock active/0A7EC60D8A: Resource temporarily unavailable . . . Dec 9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock active/8DD5060F81: Resource temporarily unavailable . . . Dec 9 15:12:09

Le 23/05/2018 ? 16:58, m.roth at 5-cent.us a ?crit?: > A suggestion: once you've got the firewall issue dealt with, set selinux > into permissive mode; *then* you can figure out what it's complaining > about, while at the same time, your system will be available. Once you've > fixed those issues, then you can make it enforcing. This is always my approach. Turns out the

OK, so setup CENTOS-5 on a laptop to learn about Xen stuff. KDE Desktop, wanted to print the virt.108.com xen howto. Needed to setup printer first. Open KDE control center, go to printers. Hear error sound, message says "Unable to retrieve the printer list.... Connection to CUPS server failed. ..." So I check to see that cups is running (it is). I check /var/log/messages

Mark: Labels look OK, restorecon has nothing to do, and: -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > Could you send me a copy of your audit.log. > > You should not be

Not sure if there is an app like this yet. I want to keep tabs on my web applications and thought of using a 'page checker'/ I was thinking either running a sum on the directory or each file...but thinking a simple date check would be fine. The idea is web application, except the uploads area for photos, never has changes to its files except when I change it. However, if it gets