Displaying 20 results from an estimated 3000 matches similar to: "SELinux C7 audit"
2016 Jul 05
0
SELinux C7 audit
On 07/05/2016 08:21 AM, Alessandro Baggi wrote:
> What are the meaning of rules on pol.te
https://wiki.centos.org/HowTos/SELinux
The CentOS howto has some information, and links to additional resources.
The policy should be pretty easy to read, though. You have one rule,
"allow bacula_t systemd_systemctl_exec_t:file execute." Each word in
that rule, except for "allow"
2014 Oct 30
1
CentOS 6.6 Bacula-SELinux issue
I updated my backup server to CentOS 6.6 this morning. As usual, I
unmounted the current (nightly) tape from the changer before the
reboot. Now Bacula complains it cannot access the changer:
3301 Issuing autochanger "loaded? drive 0" command.
3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1.
Results=cannot open SCSI device '/dev/changer' -
2015 Apr 05
0
Selinux issues with 7.1 update
I am trying to update some local policies for bacula that allow a
series of clients with pre run scripts to su in order to perform some
preparatory work for a backup.
With selinux enforcing, the su is denied obviously execute as
bacula_t tries su_exec_t. You only see this with enforcing enabled?
So creating an initial policy for that (this is not the way to do this)
allows one more avc to appear
2015 Jun 20
2
puppet files denied by SELinux
Hey folks,
Ok so I'm having another issue with SELinux. However I think I'm pretty
close to a solution and just need a nudge in the right directtion.
I wrote a puppet module that gets systems into bacula backups. Part of the
formula is to distribute key/cert pairs with permissions that allow bacula
to read them so that bacula can talk to the host over TLS. It's pretty
slick, I must
2015 Jun 21
0
puppet files denied by SELinux
Hey guys,
Quick update. I grepped through the output of getsebool -a to see that
related to puppet. And I found this setting: puppetagent_manage_all_files.
So I tried running this command: setsebool -P puppetagent_manage_all_files
0
And did a restorecon on my modules directory: restorecon -R -v
environments/production/moudles
So there's good news and bad news to report! It seems that
2015 Jun 21
2
puppet files denied by SELinux
Hi all,
Thanks for all your suggestions. Here's where I'm at with this.
Can you give details about your puppetmasterd setup ? it seems that
> you're using Foreman as puppet ENC.
>
Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using
foreman, sorry I hadn't thought to mention it!
> Foreman works fine with selinux enabled : that's what
2015 Jun 29
1
puppet files denied by SELinux
I have no idea of the current dependency problem. I think your original
problem was caused by mv'ing files from an nfs share to /etc which
maintained the context. And SELinux prevented puppet from accessing
nfs_t type. If you had just run restorecon on the object it would have
set it back to the correct/default context.
You might want to setup an alias mv "mv -Z"
This changes
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
without SELinux, but this does not matter).
Host system installed on mirrors based on sda and sdb physical disks.
sd{c..f} disks attached to KVM guest (whole disks, not partitions;
needed to use zfs (zfsonlinux) benefit features). Problem is that
disks
2018 Dec 05
1
C7 Bacula and Selinux
Hi list,
I'm trying to understand SELinux on C7.
I encountered problem running bacula when system is enforced.
The problem is when bacula try to run BeforeJobScript. In this script
there is an occourrence to systemctl stop httpd and hostname command and
I got error on permission on this 2 commands.
Reading RHEL 7 SELinux Guide seems that I need a domain transaction but
I don't know how
2015 Apr 26
2
Broken Selinux Postfix Policy?
Trying to restart postfix installed from yum. Restart fails, I get:
type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for
pid=31624 comm="master" name="defer" dev="dm-0" ino=981632
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file
I guess it needs to remove the
2019 Jul 30
4
doveadm: Error: open(/proc/self/io) failed
On 30.07.2019 20:07, Tom Diehl via dovecot wrote:
>
> Does anyone have an Idea how to fix this?
>
> Regards,
>
Perhaps see if there are any denials in SELinux audit log:
sudo grep denied /var/log/audit/audit.log | grep dovecot | audit2allow -a
Good luck,
Reio
2009 Aug 14
0
[PATCH] xen/xsm/flask: Fix AVC audit message format
Fix formatting of Flask AVC audit messages so that existing
policy tools can parse them. After applying,
''xm dmesg | audit2allow'' yields the expected result.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>
---
xen/xsm/flask/avc.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
2015 Jan 19
0
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
On Mon, January 19, 2015 11:50, James B. Byrne wrote:
> I am seeing these in the log of one of our off-site NX hosts running
> CentOS-6.6.
>
> type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
> pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
> tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
> Was caused by:
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need
2018 Mar 09
3
SELinux breaks Squid's ssl_crtd helper
Hi,
I've setup a transparent HTTP+HTTPS proxy on my server running CentOS 7,
using Squid. Here's my configuration file.
--8<----------------------------------------------------------------
# /etc/squid/squid.conf
# D?finitions
acl localnet src 192.168.2.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port
2009 Jul 19
2
Bacula Instalation - Dependencies problems
Hi list,
I try to install bacula-client-3.0.1-3.el5.pp.x86_64.rpm but have
problems with some Dependencies, please if anyone know how fix that
I'll apreciate the info.
yum install bacula-client-3.0.1-3.el5.pp.x86_64.rpm
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: www.gtlib.gatech.edu
* rpmforge: ftp-stud.fht-esslingen.de
* base: centos.pop.com.br
*
2012 Nov 22
0
CEBA-2012:1469 CentOS 6 bacula FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1469
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1469.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7b52c666fc603f620e273dcbba5a43bad621826f9e2520cca6f064ecd5cef03c bacula-client-5.0.0-12.el6.i686.rpm
2015 Feb 19
0
CEBA-2015:0239 CentOS 6 bacula FASTTRACK BugFix Update
CentOS Errata and Bugfix Advisory 2015:0239
Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0239.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
de15a060812e939050e6d9672e167f81ed6474aba93d283dea0f07a176951407 bacula-client-5.0.0-13.el6.i686.rpm