Hello:
I'm a spanish user of Fedora 8, a great distribution. I send this mail
because I see a alert of SElinux troubleshooter with rkhunter. I have
received two alerts:
ResúmenSELinux is preventing sendmail (system_mail_t) "append" to
/var/rkhunter/tmp/rkhcronlog.mFxQaF5049 (var_t). Descripción
DetalladaSELinux denied access requested by sendmail. It is not
expected that this access is required by sendmail and this access may
signal an intrusion attempt. It is also possible that the specific
version or configuration of the application is causing it to require
additional access. Permitiendo AccesoSometimes labeling problems can
cause SELinux denials. You could try to restore the default system
file context for /var/rkhunter/tmp/rkhcronlog.mFxQaF5049, restorecon
-v '/var/rkhunter/tmp/rkhcronlog.mFxQaF5049' If this does not work,
there is currently no automatic way to allow this access. Instead, you
can generate a local policy module to allow this access - see FAQ Or
you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a bug report against this
package. Información AdicionalContexto Fuente:
system_u:system_r:system_mail_t:s0Contexto Destino:
system_u:object_r:var_t:s0Objetos Destino:
/var/rkhunter/tmp/rkhcronlog.mFxQaF5049 [ file ]Source:
sendmailSource Path: /usr/sbin/sendmail.sendmailPort:
<Desconocido>Host: localhost.localdomainSource RPM Packages:
sendmail-8.14.2-1.fc8Target RPM Packages: RPM de Políticas:
selinux-policy-3.0.8-93.fc8SELinux Activado: TrueTipo de Política:
targetedMLS Activado: TrueModo Obediente: EnforcingNombre de Plugin:
catchall_fileNombre de Equipo: localhost.localdomainPlataforma:
Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP Wed Mar 12 18:17:20
EDT 2008 i686 i686Cantidad de Alertas: 1First Seen: mié 26 mar 2008
18:47:43 CETLast Seen: mié 26 mar 2008 18:47:43 CETLocal ID:
65abd64d-1a3f-4d68-a9b0-5ea5cf268d85Números de Línea: Mensajes de
Auditoría Crudos :host=localhost.localdomain type=AVC
msg=audit(1206553663.4:30): avc: denied { append } for pid=21759
comm="sendmail" path="/var/rkhunter/tmp/rkhcronlog.mFxQaF5049"
dev=sda6 ino=1766018 scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
host=localhost.localdomain type=SYSCALL msg=audit(1206553663.4:30):
arch=40000003 syscall=11 success=yes exit=0 a0=805848b a1=956760c
a2=bfc98a58 a3=956760c items=0 ppid=21758 pid=21759 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none)
comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:system_mail_t:s0 key=(null)
The second alert it's same, because change the destiny file.
How do I solve it?
Sorry, because my english is very bad.
--
Saludos,
Pedro
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
