Re: F10 Logwatch and avc(s) long post

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Nov 22, 2008 at 01:10:44PM +0000, Frank Murphy wrote:
> Daniel J Walsh wrote:
> >
> > 
> > So you have logwatch execing netstat?  Do you know what script is doing
> > this?
> 
> /usr/share/logwatch/default.conf/logwatch.conf pasteed to:
> 
> The only real change is a #Service = "-zz-network", and Detail = Med

There are a few scripts that are disabled by default.  The 
"-zz-network" means "disable the zz-network script".  By commenting 
that out, you are reenabling the zz-network script.  Here are the 
services which are disabled by default which probably don't have 
SELinux rules for them yet:

Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.

The scripts that run when these are re-enabled are in 
/usr/share/logwatch/scripts/services/.  From my reading of the 
zz-network script, it calls the following programs:

/sbin/chkconfig
/usr/bin/vtysh
/usr/sbin/routeadm
/sbin/ip
netstat
ifconfig

and reads the following files:

/etc/sysctl.conf
/proc/sys/net/ipv4/ip_forward

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux