Displaying 20 results from an estimated 1000 matches similar to: "Learning SELINUX management, help?"
2009 Apr 14
3
Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
Hey guys,
I've been getting some strange selinux messages after the 5.3 upgrade.
It appears as though my mail system (postfix) is constantly trying to
access the rpm database? Here's the audit messages (I tend to look at
my selinux messages using audit2allow < /var/log/audit.log as I find
it easier to read quickly):
allow postfix_postdrop_t rpm_t:tcp_socket { read write };
allow
2007 Aug 16
1
SELinux questions, upon restarting BIND
Hi all,
On my newly up-and-running nameserver (CentOS 5), I noticed the
following alerts in /var/log/messages after restarting BIND. (lines
inserted to aid in reading).
As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an
issue which simply *must* be addressed, or if it's something I should
live with, and 2) how to eliminate the warming messages without
sacrificing
2011 Oct 25
1
Centos6 sealert browser doesnt appears
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
Im trying to get the sealert browser to show up on my desktop, but I cant get it to work.
I have installed all setroubleshoot packages, which provides sealert
and im running sealert -b from the command line over a GUI session on gnome and nothing happens.
Any ideas?
Jeronimo Calvo
jeronimocalvop at hush.com
-----BEGIN PGP
2014 May 05
2
Opendkim and SELinux
CentOS-6.5
OpenDKIM-2.9.0 (epel)
Postfix-2.6.6 (updates)
I am trying to get opendkim working with our mailing lists. In the course of
that endeavour I note that these messages are appearing in our syslog:
May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing
/usr/sbin/opendkim from using the signull access on a process. For complete
SELinux messages. run sealert -l
2012 Sep 13
1
SELinux is preventing /bin/ps from search access
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of these, as in it's just
spitting them out when I tail -f /var/log/messages:
Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps
from search access on the directory @2. For complete SELinux messages. run
sealert -l d92ec78b-3897-4760-93c5-343a662fec67
2012 May 31
2
Add another one: the same sealert problem
I hadn't paid attention when one or two folks recently posted this, but
it's hit us, also:
$ sealert -l d1655210-f43c-4737-98dc-86b6aac82bb6
Entity: line 53: parser error : Input is not proper UTF-8, indicate
encoding !
Bytes: 0x99 0x3C 0x2F 0x74
<tpath>`</tpath>
^
failed to connect to server: xmlParseDoc() failed
I tried reinstalling
2016 Dec 28
2
Help with httpd userdir recovery
On 28/12/16 21:24, m.roth at 5-cent.us wrote:
> Robert Moskowitz wrote:
>>
>>
>> On 12/28/2016 03:32 PM, J Martin Rushton wrote:
>>>
>>> On 28/12/16 20:11, Robert Moskowitz wrote:
>>>>
>>>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote:
>>>>> Robert Moskowitz wrote:
>>>>>> On 12/28/2016 05:11 AM,
2014 Dec 02
2
SEtroubleshootd Crashing
I'll jump in here to say we'll try your suggestion, but I guess what's not
been mentioned is that we get the setroubleshoot abrt's only a few times a
day, but we're getting 10000s of setroubleshoot messages in
/var/log/messages a day.
e.g.
Dec 2 10:03:55 server audispd: queue is full - dropping event
Dec 2 10:04:00 server audispd: last message repeated 199 times
Dec 2
2014 Dec 03
1
SEtroubleshootd Crashing
Indeed, thanks Dan - it doesn't get us to a completely clean running that
would allow us to run our Node app as we are under Passenger with SELinux
enforcing, but it at least has stopped the excessive amount of AVCs we were
getting.
John
On 3 December 2014 at 10:01, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Looks like turning on three booleans will solve most of the problem.
2016 Dec 28
4
Help with httpd userdir recovery
On 12/28/2016 03:32 PM, J Martin Rushton wrote:
>
> On 28/12/16 20:11, Robert Moskowitz wrote:
>>
>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote:
>>> Robert Moskowitz wrote:
>>>> On 12/28/2016 05:11 AM, Todor Petkov wrote:
>>>>> On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com>
>>>>> wrote:
2014 Dec 03
2
SEtroubleshootd Crashing
Mark: Labels look OK, restorecon has nothing to do, and:
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps
dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc
I'll send the audit log on to Dan.
Cheers,
John
On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Could you send me a copy of your audit.log.
>
> You should not be
2016 Dec 28
2
Help with httpd userdir recovery
On 12/28/16, 3:09 PM, "CentOS on behalf of Robert Moskowitz" <centos-bounces at centos.org on behalf of rgm at htt-consult.com> wrote:
On 12/28/2016 06:05 PM, J Martin Rushton wrote:
>
> On 28/12/16 21:24, m.roth at 5-cent.us wrote:
>> Robert Moskowitz wrote:
>>>
>>> On 12/28/2016 03:32 PM, J Martin Rushton wrote:
>>>> On 28/12/16 20:11,
2016 Dec 28
1
Help with httpd userdir recovery
On 12/28/16, 3:28 PM, "CentOS on behalf of Robert Moskowitz" <centos-bounces at centos.org on behalf of rgm at htt-consult.com> wrote:
On 12/28/2016 06:13 PM, Greg Cornell wrote:
> On 12/28/16, 3:09 PM, "CentOS on behalf of Robert Moskowitz" <centos-bounces at centos.org on behalf of rgm at htt-consult.com> wrote:
>
>
>
> On 12/28/2016 06:05 PM, J
2012 Feb 24
0
SELinux killed my qemu-kvm
All of a sudden, Virtual Machine Manager (VMM) on a CentOS 5.7 load will
no longer run any VMs.
The VM worked A-OK on the morning of 23 Feb, when I brought it up,
applied the Microsoft updates, rebooted it, installed an application,
rebooted again and ran several tests. Later that day, it wouldn't run.
I didn't have time to diagnose, so I did some investigation a few
minutes ago.
Working
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module
2009 Apr 30
2
Defaults of CentOS Install not working with SELinux
Following a hard drive corruption I have reinstalled the latest
version of CentOS and all current patch files.
For most applications I selected the default options. By doing this I
expected that the packages would play nice with one another and I
could customize as necessary.
Setting SELinux to enforce I encountered all sorts of problems - but
most were resolvable, save for Dovecot,
2020 Feb 13
3
CentOS 7, Fail2ban and SELinux
Hi,
I'm running CentOS 7 on an Internet-facing server. SELinux is in permissive
mode for debugging. I've removed FirewallD and replaced it with a custom-made
Iptables script. I've also installed and configured Fail2ban (fail2ban-server
package) to protect the server from brute force attacks.
Out of the box, Fail2ban doesn't seem to play well with SELinux. Here's what I
2007 Aug 17
2
repost: SELinux questions, upon restarting BIND
As this remains an issue for me, I'm reposting. Please forgive the redundancy, but I've been unable to find the answer and am hoping for some guidance.
Thanks in advance,
~Ray
==========Original Posts follow==========
(full output is in the original thread)
Ray Leventhal wrote:
> > Hi all,
> >
> > On my newly up-and-running nameserver (CentOS 5), I noticed the
>
2014 Dec 11
0
CentOS-6 Another email related AVC
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
/var/log/maillog
Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl
from read access on the file online. For complete SELinux messages. run
sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a
Dec 11 16:52:10 inet18 setroubleshoot: SELinux is
2007 May 30
2
Centos 5 OpenVPN / SElinux
Hi,
I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from
Dag Wieers Repo. When OpenVPN is started during boot-up it just shows
an SElinux related error message. When I start OpenVPN manually after
the system has come up completely it works fine.
Here are all the messages from /var/log/messages that are SElinux related:
May 28 21:39:15 srsblnfw01 kernel: