Displaying 20 results from an estimated 900 matches similar to: "C-6.6 - sshd_config chroot SELinux issues"
2015 Jul 09
2
Openssl security patch
To wit:
OpenSSL Security Advisory [9 Jul 2015]
=======================================
Alternative chains certificate forgery (CVE-2015-1793)
======================================================
Severity: High
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain
2007 Aug 16
1
SELinux questions, upon restarting BIND
Hi all,
On my newly up-and-running nameserver (CentOS 5), I noticed the
following alerts in /var/log/messages after restarting BIND. (lines
inserted to aid in reading).
As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an
issue which simply *must* be addressed, or if it's something I should
live with, and 2) how to eliminate the warming messages without
sacrificing
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
I run a sshd host solely to allow employees to tunnel secure
connections to our internal hosts. Some of which do not support
encrypted protocols. These connections are chroot'ed via the
following in /etc/ssh/sshd_config
Match Group !wheel,!xxxxxx,yyyyy
AllowTcpForwarding yes
ChrootDirectory /home/yyyyy
X11Forwarding yes
Where external users belong to group yyyyy (primary).
We
2009 Nov 09
4
SELinux and KVM
I am trying to set up a test kvm virtual machine on a core2 quad
system. I have managed to thread my way through bridging eth0 and I
have a CentOS-5.4 dvd iso prepared.
Using virt-manager, when I try and add a new guest then I get the
error reproduced below. Now, I know that I can 'fix' this by
building a local mod via audit2allow and installing via semodule.
However, I cannot seem to
2015 Jul 09
0
Openssl security patch
On 09.07.2015 16:03, Robert Wolfe wrote:
> To wit:
>
> OpenSSL Security Advisory [9 Jul 2015]
> =======================================
>
> Alternative chains certificate forgery (CVE-2015-1793)
> ======================================================
>
> Severity: High
>
> During certificate verification, OpenSSL (starting from version 1.0.1n and
> 1.0.2b) will
2012 Jan 13
1
SELinux and rsh+xauth
Hello,
I have a strange (for me) problem with these two machines :
- Client, a CentOS-5.7 workstation ;
- Server, a CentOS-6.2 headless, up-to-date server.
From Client, I want to use xauth on Server with the help of rsh (yes, I
know, ssh and all this sort of things... another time.)
When SELinux is in permissive mode on Server, all these commands
perform as expected :
rsh Server
2014 Dec 11
0
CentOS-6 Another email related AVC
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
/var/log/maillog
Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl
from read access on the file online. For complete SELinux messages. run
sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a
Dec 11 16:52:10 inet18 setroubleshoot: SELinux is
2007 May 30
2
Centos 5 OpenVPN / SElinux
Hi,
I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from
Dag Wieers Repo. When OpenVPN is started during boot-up it just shows
an SElinux related error message. When I start OpenVPN manually after
the system has come up completely it works fine.
Here are all the messages from /var/log/messages that are SElinux related:
May 28 21:39:15 srsblnfw01 kernel:
2008 Jul 03
3
Running shell scripts from external media
OS=CentOS-5.2
media=Kingston 512Mb usb key
Problem:
As 'root', when running a script resident on the external drive mounted at
/media/disk I receive the following error:
/bin/sh: bad interpreter: Permission denied
The meduia is a 512Mb USB key formatted as ext2/3
# ll
-rwx------ 1 root root 28 Jul 2 17:30 hello.sh
# cat hello.sh
#!/bin/sh
echo Hello World!
# which sh
/bin/sh
I
2007 Sep 27
1
CentOS-5 - Suffering from LDAP experimentation
I was playing aeound with the GUI authentication configuration and was
called away from my desk after I had configured the LDAP DC entries but
before I had tried to start the ldap server or do much of anything else.
When I returned the terminal session was screen-saver locked and entering
my user password did not make it respond. I kept getting a time-out error.
Rebooting took forever and was
2014 Dec 02
0
SEtroubleshootd Crashing
Could you send me a copy of your audit.log.
You should not be getting hundreds of AVC's a day.
ausearch -m avc,user_avc -ts today
On 12/02/2014 05:08 AM, John Beranek wrote:
> I'll jump in here to say we'll try your suggestion, but I guess what's not
> been mentioned is that we get the setroubleshoot abrt's only a few times a
> day, but we're getting 10000s of
2014 Dec 03
0
SEtroubleshootd Crashing
Looks like turning on three booleans will solve most of the problem.
httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write
On 12/03/2014 03:55 AM, John Beranek wrote:
> Mark: Labels look OK, restorecon has nothing to do, and:
>
> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps
>
> dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc
>
> I'll
2013 Nov 25
2
ltsp & Selinux
Hello All,
I set up ltsp regulary, on Centos6 machines.
This morning I have a Selinux problem that usualy does not occur:
after setting everything up, the thinclients boot, but nobody can login.
It only works after the command :
# echo 0 > /selinux/enforce
I tried this semanage command:
# semanage fcontext -a -t bin_t /usr/bin/xauth
but it makes no difference.
The message I'm now
2012 May 28
0
Another odd SELinux message
Does anyone recognize this sort of message or have any idea what might
cause it?
May 28 11:00:06 inet09 setroubleshoot: [avc.ERROR] Plugin Exception
catchall #012Traceback (most recent call last):#012 File
"/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line
191, in analyze_avc#012 report = plugin.analyze(avc)#012 File
2014 Dec 09
1
CentOS-6.6 - Selinux and Postfix-2.11.1
Applied policy update. Now I see these occasionally. But by the time I try and
see what the matter is the file is gone:
/var/log/maillog
. . .
Dec 9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock
active/0A7EC60D8A: Resource temporarily unavailable
. . .
Dec 9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock
active/8DD5060F81: Resource temporarily unavailable
. . .
Dec 9 15:12:09
2014 May 05
2
Opendkim and SELinux
CentOS-6.5
OpenDKIM-2.9.0 (epel)
Postfix-2.6.6 (updates)
I am trying to get opendkim working with our mailing lists. In the course of
that endeavour I note that these messages are appearing in our syslog:
May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing
/usr/sbin/opendkim from using the signull access on a process. For complete
SELinux messages. run sealert -l
2014 Dec 03
1
SEtroubleshootd Crashing
Indeed, thanks Dan - it doesn't get us to a completely clean running that
would allow us to run our Node app as we are under Passenger with SELinux
enforcing, but it at least has stopped the excessive amount of AVCs we were
getting.
John
On 3 December 2014 at 10:01, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Looks like turning on three booleans will solve most of the problem.
2012 Sep 13
1
SELinux is preventing /bin/ps from search access
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of these, as in it's just
spitting them out when I tail -f /var/log/messages:
Sep 13 15:20:51 <server> setroubleshoot: SELinux is preventing /bin/ps
from search access on the directory @2. For complete SELinux messages. run
sealert -l d92ec78b-3897-4760-93c5-343a662fec67
2014 Dec 02
2
SEtroubleshootd Crashing
I'll jump in here to say we'll try your suggestion, but I guess what's not
been mentioned is that we get the setroubleshoot abrt's only a few times a
day, but we're getting 10000s of setroubleshoot messages in
/var/log/messages a day.
e.g.
Dec 2 10:03:55 server audispd: queue is full - dropping event
Dec 2 10:04:00 server audispd: last message repeated 199 times
Dec 2
2016 Dec 28
0
Help with httpd userdir recovery
Robert Moskowitz wrote:
>
>
> On 12/28/2016 03:32 PM, J Martin Rushton wrote:
>>
>> On 28/12/16 20:11, Robert Moskowitz wrote:
>>>
>>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote:
>>>> Robert Moskowitz wrote:
>>>>> On 12/28/2016 05:11 AM, Todor Petkov wrote:
>>>>>> On Wed, Dec 28, 2016 at 5:18 AM, Robert