SELinux detecting suspicious behavior on my system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All;

I've seen several of the below SELinux messages recently, I do have root 
logins disables in my  /etc/ssh/sshd_config file:

<snip>
PermitRootLogin no
</snip>



Any thoughts on this? Is it cause for concern?




======================================================
SELinux message:
======================================================

Summary:

SELinux is preventing /usr/libexec/polkit-1/polkitd "search" access on
/root/.config.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by polkitd. It is not expected that this 
access
is required by polkitd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:policykit_t:s0-s0:c0.c1023
Target Context                system_u:object_r:gnome_home_t:s0
Target Objects                /root/.config [ dir ]
Source                        polkitd
Source Path                   /usr/libexec/polkit-1/polkitd
Port                          <Unknown>
Host                          Issac.consistentstate.com
Source RPM Packages           polkit-0.95-0.git20090913.3.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-78.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     Issac.consistentstate.com
Platform                      Linux Issac.consistentstate.com
                              2.6.31.12-174.2.3.fc12.x86_64 #1 SMP Mon Jan 18
                              19:52:07 UTC 2010 x86_64 x86_64
Alert Count                   11
First Seen                    Wed 03 Feb 2010 05:13:02 PM MST
Last Seen                     Thu 04 Feb 2010 08:00:56 AM MST
Local ID                      69fff773-fb91-4b4f-b309-25e3e2455071
Line Numbers                  

Raw Audit Messages            

node=Issac.consistentstate.com type=AVC msg=audit(1265295656.734:13): avc:  
denied  { search } for  pid=1831 comm="polkitd" name=".config" dev=sda1 
ino=5283846 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:gnome_home_t:s0 tclass=dir

node=Issac.consistentstate.com type=SYSCALL msg=audit(1265295656.734:13): 
arch=c000003e syscall=2 success=no exit=-2 a0=100e640 a1=0 a2=0 a3=1d items=0 
ppid=1830 pid=1831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkitd" 
exe="/usr/libexec/polkit-1/polkitd" subj=system_u:system_r:policykit_t:s0-
s0:c0.c1023 key=(null)


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux