Re: xinetd and selinux issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2006-06-29 at 17:13 -0400, Al Freundorfer wrote:
> I set up xinetd to allow certian sites to connect to the server
> thru /etc/xinetd.d/ssh.
>> It works perfectly when I set selinux to permissive, but doesn't work
when set
>> to enforcing even though I have the box checked in system-config-security
>> under selinux tab to allow ssh connection through inetd.
>>
>> Can anyone help me with this?
>
>Change back to permissive:
>
># setenforce 0
>
>Make a note of the exact time.
>
>Then try out a connection (which should work since you're in permissive
>mode).
>
>Then look in your /var/log/messages or /var/log/audit/audit.log (if you
>have one) for messages containing "type=AVC" after the time you did the
>"setenforce". Post back here any that you find.
>
>Paul.

Thanks for your help. This is what I got.

selinux set to permissive:
remote terminal attemped login:

password:
Authentication successful.
Last login: Fri Jun 30 12:58:06 2006 from xx.xx.xx.xx
[xxxxxxxx ~]$

/var/log/messages:
Jun 30 13:04:42 local kernel: audit(1151687082.023:7): enforcing=0
old_enforcing=1 auid=4294967295
Jun 30 13:04:59 local kernel: audit(1151687099.076:8): avc:  denied  {
entrypoint } for  pid=2884 comm="sshd" name="bash" dev=dm-0 ino=49053782
scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Jun 30 13:04:59 local kernel: audit(1151687099.080:9): avc:  denied  {
write } for  pid=2884 comm="bash" name="7" dev=devpts ino=9
scontext=user_u:system_r:amanda_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file
Jun 30 13:04:59 local kernel: audit(1151687099.080:10): avc:  denied  {
ioctl } for  pid=2884 comm="bash" name="7" dev=devpts ino=9
scontext=user_u:system_r:amanda_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file
Jun 30 13:04:59 local kernel: audit(1151687099.084:11): avc:  denied  {
execute } for  pid=2888 comm="bash" name="hostname" dev=dm-0 ino=49053725
scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
Jun 30 13:04:59 local kernel: audit(1151687099.084:12): avc:  denied  {
execute_no_trans } for  pid=2888 comm="bash" name="hostname" dev=dm-0
ino=49053725 scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
Jun 30 13:04:59 local kernel: audit(1151687099.084:13): avc:  denied  {
execute } for  pid=2884 comm="bash" name="colorls.sh" dev=dm-0
ino=39026988 scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
_________________________________
selinux set to enforcing:
remote terminal attemped login:
password:
Authentication successful.
Last login: Fri Jun 30 12:49:57 2006
/bin/bash: Permission denied
bash-2.03$

/var/log/messages:
Jun 30 12:57:28 local kernel: audit(1151686648.208:4): enforcing=1
old_enforcing=0 auid=4294967295
Jun 30 12:58:06 local kernel: audit(1151686686.350:5): avc:  denied  {
entrypoint } for  pid=2627 comm="sshd" name="bash" dev=dm-0 ino=49053782
scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

regards
al


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux