Avc messages about awstats.pl and some mailmain commands
Ali Nebi
anebi at iguanait.com
Tue Oct 30 11:32:12 UTC 2007
Hi,
in one of the servers where is installed fedora 6, i get some avc
messages, that i don't know why they appear and how is the right wat to
fix them - don't audit, or to allow them.
The messages from the logs are related with awstats. It is installed on
the server and using for statistics for some web sites. Also some
messages are related to mailmain. What can i do to fix this kind of
messages?
The messages are these:
Oct 21 13:16:08 casamerica kernel: audit(1192965368.811:2780): avc:
denied { read write } for pid=32746 comm="listinfo" name="" dev=sockfs
ino=14911345 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket
Oct 21 17:30:59 casamerica kernel: audit(1192980659.987:2781): avc:
denied { read write } for pid=2111 comm="listinfo" name="" dev=sockfs
ino=15003495 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket
Oct 21 18:48:55 casamerica kernel: audit(1192985335.997:2782): avc:
denied { read write } for pid=2742 comm="admin" name="" dev=sockfs
ino=15037931 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket
Oct 21 20:29:59 casamerica kernel: audit(1192991399.010:2783): avc:
denied { read write } for pid=3539 comm="listinfo" name="" dev=sockfs
ino=15143224 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket
Oct 21 20:33:13 casamerica kernel: audit(1192991593.143:2784): avc:
denied { read write } for pid=3598 comm="confirm" name="" dev=sockfs
ino=15159312 scontext=user_u:system_r:mailman_cgi_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=unix_stream_socket
Oct 21 20:56:58 casamerica kernel: audit(1192993018.053:2785): avc:
denied { create } for pid=3721 comm="awstats.pl"
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
Oct 21 20:56:58 casamerica kernel: audit(1192993018.053:2786): avc:
denied { connect } for pid=3721 comm="awstats.pl"
scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=
user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2787): avc:
denied { write } for pid=3721 comm="awstats.pl" laddr=87.106.8.16
lport=52760 faddr=87.106.8.251 fport=53
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2788): avc:
denied { udp_send } for pid=3721 comm="awstats.pl" saddr=87.106.8.16
src=52760 daddr=87.106.8.251 dest=53
netif=eth0 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:netif_t:s0 tclass=netif
Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2789): avc:
denied { udp_send } for pid=3721 comm="awstats.pl" saddr=87.106.8.16
src=52760 daddr=87.106.8.251 dest=53
netif=eth0 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:node_t:s0 tclass=node
Oct 21 20:56:58 casamerica kernel: audit(1192993018.054:2790): avc:
denied { send_msg } for pid=3721 comm="awstats.pl" saddr=87.106.8.16
src=52760 daddr=87.106.8.251 dest=53
netif=eth0 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:dns_port_t:s0 tclass=udp_socket
Oct 28 17:29:00 hermod kernel: audit(1193588940.609:7): avc: denied
{ search } for pid=996 comm="python" name="log" dev=dm-0 ino=57212956
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir
Oct 28 17:45:38 hermod kernel: audit(1193589938.861:8): avc: denied
{ search } for pid=1774 comm="python" name="log" dev=dm-0 ino=57212956
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir
the last messages for python try to access /var/log, but i get these
messages.
What is the best decision to solve these audits? I'm trying to
understand selinux principles and try to moving the server to enforce
mode.
Thanks in advanced!
More information about the fedora-selinux-list
mailing list