Hi Stephen,
Thanks alot for the help.
I got the issue. Its due to the problem in /etc/pam.d/sshd file.
After fixing this, now is working fine. Thanks alot once again.
On Mon, Dec 4, 2017 at 9:39 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Mon, 2017-12-04 at 21:31 +0530, Aman Sharma wrote:
> Hi Stephen,
>
> I got the below logs from the file .Can you please if these logs are
> fine or not :
>
> journalctl | grep selinux
> Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux
> Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain
> type=USER_START msg=audit(1512402970.129:107): pid=7145 uid=0 auid=0
> ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 Those are normal. Check journalctl and /var/log/secure for any errors
> msg='op=PAM:session_open
> grantors=pam_selinux,pam_loginuid,pam_selinux,pam_ namespace,pam_keyin
> it,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog
> acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209
> addr=10.97.7.209 terminal=ssh res=success'
> Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain
> type=USER_START msg=audit(1512402970.131:108): pid=7568 uid=0 auid=0
> ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
> msg='op=PAM:session_open
> grantors=pam_selinux,pam_loginuid,pam_selinux,pam_ namespace,pam_keyin
> it,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog
> acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209
> addr=10.97.7.209 terminal=ssh res=success'
>
> Please let me know if any comments are there.
from sshd.
Also try the selinuxdefcon command I mentioned.
>
> On Mon, Dec 4, 2017 at 9:10 PM, Stephen Smalley <sds@xxxxxxxxxxxxx>
> wrote:
> > On Sat, 2017-12-02 at 09:29 +0530, Aman Sharma wrote:
> > > Hi All,
> > >
> > > Thanks for the information.
> > >
> > > But after resetting the semanage User/login, and moving the
> > targeted
> > > folder to old one and then install the default target. then also
> > its
> > > still showing the
> > > Id context as context=system_u:system_r:unconfined_t:s0-
> > s0:c0.c1023.
> > >
> > > What I observed is after changing the permission using semanage
> > > command also, its still showing the system_u:system_r.
> > >
> > > Check the semanage login/User output :
> > >
> > > semanage login -l
> > >
> > > Login Name SELinux User MLS/MCS Range
> > > Service
> > >
> > > __default__ unconfined_u s0-s0:c0.c1023 *
> > > root unconfined_u s0-s0:c0.c1023 *
> > > system_u system_u s0-s0:c0.c1023 *
> > >
> > >
> > > semanage user -l
> > >
> > > Labeling MLS/ MLS/
> >
> > > SELinux User Prefix MCS Level MCS Range
> >
> > > SELinux Roles
> > >
> > > guest_u user s0 s0
> >
> > > guest_r
> > > root user s0 s0-s0:c0.c1023
> >
> > > staff_r sysadm_r system_r unconfined_r
> > > staff_u user s0 s0-s0:c0.c1023
> >
> > > staff_r sysadm_r system_r unconfined_r
> > > sysadm_u user s0 s0-s0:c0.c1023
> >
> > > sysadm_r
> > > system_u user s0 s0-s0:c0.c1023
> >
> > > system_r unconfined_r
> > > unconfined_u user s0 s0-s0:c0.c1023
> >
> > > system_r unconfined_r
> > > user_u user s0 s0
> >
> > > user_r
> > > xguest_u user s0 s0
> >
> > > xguest_r
> > >
> > >
> > > Looks like its related to some other issue. What you think about
> > > this.
> >
> > Do you have any relevant error messages in /var/log/secure or
> > journalctl -rb? Look for anything that refers to selinux or
> > context.
> >
> > I'm guessing that pam_selinux is unable to determine a valid
> > context
> > for your login for some reason, and this is causing it to fall back
> > to
> > this one. Or something like that.
> >
> > You could try to emulate this process via selinuxdefcon, although
> > I'm
> > not sure how closely it matches pam_selinux anymore. Sample usage:
> >
> > 1. See what context sshd is running in.
> >
> > ps -eZ | grep sshd
> >
> > It should be:
> > system_u:system_r:sshd_t:s0-s0:c0.c1023
> >
> > 2. Run selinuxdefcon to compute the default context for root when
> > logging in from sshd:
> >
> > # Second argument should be whatever was shown by ps -eZ | grep
> > sshd
> > above.
> > selinuxdefcon root system_u:system_r:sshd_t:s0-s0.c0123
> >
> > It should be:
> > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> >
> >
> >
>
>
>
> --
>
> Thanks
> Aman
> Cell: +91 9990296404 | Email ID : amansh.sharma5@xxxxxxxxx
