On 09/29/2009 04:01 PM, Orion Poplawski wrote: > On 09/29/2009 01:06 PM, Daniel J Walsh wrote: >> On 09/29/2009 10:32 AM, Orion Poplawski wrote: >>> On 09/29/2009 05:59 AM, Stephen Smalley wrote: >>>> Do you get any avc denial in /var/log/audit/audit.log >>>> or /var/log/messages? If so, what does audit2why say about it? >>> >>> No denial messages. >>> >> Any chance you have an acl set on this directory or Immutable >> >> lsattr /etc/ssh > > That was it: > > # lsattr /etc/ssh > s---ia------- /etc/ssh/ssh_host_rsa_key.pub > s---ia------- /etc/ssh/ssh_host_dsa_key.pub > s---ia------- /etc/ssh/ssh_config > s---ia------- /etc/ssh/ssh_host_key > s---ia------- /etc/ssh/sshd_config > s---ia------- /etc/ssh/moduli > s---ia------- /etc/ssh/ssh_host_key.pub > s---ia------- /etc/ssh/ssh_known_hosts > s---ia------- /etc/ssh/ssh_host_rsa_key > s---ia------- /etc/ssh/ssh_host_dsa_key > > no idea how these got set as this was the first time I've heard of these > attributes. > > Thanks! > > -- > Orion Poplawski > Technical Manager 303-415-9701 x222 > NWRA/CoRA Division FAX: 303-415-9702 > 3380 Mitchell Lane orion@xxxxxxxxxxxxx > Boulder, CO 80301 http://www.cora.nwra.com And it wasn't even caused by SELinux. (I hope). -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
