hello John,
more than fair, safety is priority
but what I said was that this is a bit of conf I cannot figure out
there are these two directive in client_connect_to; listen_for_client
fairly clear explanation how to use inet family
and this 69783 in fedoras default_port, it's not even a valid port! is
it? anyhow, I change
this directive like: address_list = {unix}%(path)s, hostname:8880
(hostname gets resolved)
but I still see no process binds/listens to that port
and by the way, sealert browser seems using only hard-coded port with no
way of changing it
server logs:
2009-03-25 01:06:34,771 [communication.DEBUG] parse_socket_address_list:
input='{unix}/var/run/setroubleshoot/setroubleshoot_server,10.0.0.100:8880'
2009-03-25 01:06:34,772 [communication.DEBUG] parse_socket_address_list:
10.0.0.100:8880 --> {inet}10.0.0.100:8880 socket=None
2009-03-25 01:06:34,774 [communication.DEBUG] new_listening_socket:
{unix}/var/run/setroubleshoot/setroubleshoot_server socket=None
2009-03-25 01:06:34,775 [communication.DEBUG] new_listening_socket:
{inet}10.0.0.100:8880 socket=None
but as I said, doesn't open that port,
ipc socket is working, sends emails with reports
I'll check those plug-ins Dominick mentions
cheers
John Dennis wrote:
lejeczek wrote:
dear all,
that really baffles me, I don't seem to be able to set it up :)
and that port by default in conf file??
setroubleshoot server should be able to listen on network so remote
sealert could connect to it, right?
on my boxes(f9;f10) it does even look like binding to a port
please advise
cheers
By default the connection between the server and client is local and
is implemented with a unix domain socket, not inet. This default is
chosen for security reasons with the consequence the client (sealert)
can only connect to the server (setroubleshootd) if they are running
on the same host. However, it is possible to configure setroubleshootd
to accept inet connections (see the comments in
/etc/setroubleshoot/setroubleshoot.cfg) so that a remote sealert can
connect to it. Be aware there is no authentication in this
configuration and as such you must be comfortable with anyone being
able to access your selinux denial information. For sealert to connect
via inet to a remote host use the "connect to" menu item in the "File"
menu (going from memory, the name might be slightly different). In the
default local case you should not need to do anything special, the
default configuration should just work.
___________________________________________________________
Inbox full of spam? Get leading spam protection and 1GB storage with All New Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
