On 5/23/06, Knute Johnson <knute@xxxxxxxxxxx> wrote:
I found some interesting things in my 'messages' log today. I'm not
sure what they mean and would appreciate any information.
This one is the most bothersome. It appears that 'useradd' was
prevented from running this morning only I didn't run it. Would any
other programs run 'useradd' and what would cause it to be denied?
May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:
denied { write } for pid=13906 comm="useradd" name="[1708464]"
dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file
Need some more information to help on this:
What is your OS and its version?
What is your selinux set to?
When was the last time you updated your system to?
There are a boatload of these messages. I know that 'webalizer' is a
statistics formatter for the web server but why would it be run
dozens of times and be denied?
May 23 04:02:02 rabbitbrush kernel: audit(1148382121.861:514): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
