similar to: dovecot under attack

Hi folks, I can't seem to log into my system via vsftpd. All other services using PAM are fine...Am I missing something simple? ftp> user (username) user 331 Please specify the password. Password: 530 Login incorrect. # getenforce Permissive here is the event in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0

I am configuring a new mail server on RHEL 5 x64. I have configured dovecot as follows: ... protocols = imaps ... ssl_cert_file = /etc/pki/dovecot/certs/mailserver.cer ssl_key_file = /etc/pki/dovecot/private/mailserver.pem ... login_process_size = 64 ... mail_location = maildir:~/Maildir ... passdb pam { args = "session=yes cache_key=%u%s dovecot" } ... I'm getting the following

I'm trying to configure PAM authentication and I'm having some issues. I'm using RHEL 5 and included below are excerpts from my relevant configuration and log files: */var/log/maillog* Jan 19 10:55:39 flacpmail dovecot: imap-login: Aborted login: user=<test>, method=PLAIN, rip=::ffff:128.8.244.15, lip=::ffff:128.8.244.161, TLS */etc/dovecot.conf* passdb pam { args =

I would like to send the CDR records from all our machines around the world to a single database. But I need the hostname included with each record for monitoring purposes. Is there a better way than using the userfield and adding SetCDRUserfield for every call to set the userfield to the name of the host? Thanks...

I think someone else mentioned this problem earlier on the list, and I've recently started seeing the following error show up: file index-transaction.c: line 54 (index_transaction_finish_rollback): assertion failed: (t->mail_ref_count == 0) Raw backtrace: /usr/lib/dovecot/deliver(i_syslog_fatal_handler+0x2b) [0x80bff0b] -> /usr/lib/dovecot/deliver [0x80bfd1a] ->

Hi - I'm hitting a crash in dovecot, I get this logged followed by a terse stack trace and systemd-coredump details not included here - full gdb stack trace and more details are further down: Mar 12 10:32:26 goffin dovecot[8269]: imap-login: Login: user=<patman>, method=PLAIN, rip=192.168.1.4, lip=192.168.1.1, mpid=8477, TLS, session=<5RvGYLf2RrDAqAEE> Mar 12 10:32:26 goffin

Helloo, We are using dovectot lda with qmail-ldap, dovecot 1.2.10, sieve 0.1.15 lda is executed as exec /var/qmail/bin/preline -f /usr/local/dovecot/libexec/dovecot/deliver -s preline adds Delivered-To: header, everything works fine except vacation Feb 9 16:07:16 thebe dovecot: deliver(lazy): sieve: msgid=unspecified: discarding vacation response for message implicitly delivered to <lazy

i'm facing a pretty hard to debug problem when trying to use dovecot LDA (deliver) from postfix. After having all configured, mail deliver fails. This is from my maillog: Feb 12 21:27:54 correio postfix/pipe[12484]: 930F9F6105: to=<solutti at domain.com.br>, relay=dovecot, delay=0.21, delays=0.03/0.01/0/0.18, dsn=4.3.0, status=SOFTBOUNCE (Command died with signal 11:

How to resolve this SElinux problem? type=USER_AVC msg=audit(1513478641.700:1920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service

Hi Guys, After some moths the server has been running in SELinux Permesive mode ... Some avc: denied messages has been recored ... I thought it was time to go to the next step and set SELinux Enforcing mode in the server ... it is a mail(postfix+cyrus+sasl), web, snmp with mrtg, squid sever with a local TLS configured for webmail access ... I took a look to the Deployment Guide about how to do

On 04/26/2017 04:22 AM, Gordon Messmer wrote: > On 04/25/2017 03:25 PM, Robert Moskowitz wrote: >> This made the same content as before that caused problems: > > I still don't understand, exactly. Are you seeing *new* problems > after installing a policy? What are the problems? > >> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

The recently-left programmer did *something*, and he didn't know what, and the guy who picked it up is working with me to find out why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_open

What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it. From your Asterisk console, |CLI> core show help database| should give you a list of commands that you

https://bugzilla.mindrot.org/show_bug.cgi?id=2245 Bug ID: 2245 Summary: Multiple USER_LOGIN messages when linux audit support is enabled on bad login Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Hi all, I'm getting frequent system crashes (every few hours or so) and it seems that the nouveau driver is causing the issue (dmesg output below). I see it with both v5.2.8 and the v4.19 LTS kernel. Sometimes the system completely freezes and sometimes seemingly just the nouveau driver goes down. The screen freezes and colours stream across it. Often after I reboot the BIOS logo is mangled

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

hi all, I installed v3.2 from source and now dom0 is booting well. But when I tried to start domU it shows the following error message and seems hanging. EXT3-fs: mounted filesystem with ordered data mode. EXT3-fs warning: mounting unchecked fs, running e2fsck is recommended EXT3 FS on hda1, internal journal device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised: dm-devel@redhat.com

Libvirt doesn't care about security during hot add disk images. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'>

Since updating to 4.2 my Opteron server has been flooded by messages like: audit(1129565701.837:155): user pid=4700 uid=0 auid=4294967295 msg='PAM session open: user=root exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron result=Success)' to both /var/log/messages and the kernel ring buffer. Looks like they are being generated by cron jobs being run on the server. Does