F10 Logwatch and avc(s) long post
Chuck Anderson
cra at WPI.EDU
Sat Nov 22 16:20:07 UTC 2008
On Sat, Nov 22, 2008 at 01:10:44PM +0000, Frank Murphy wrote:
> Daniel J Walsh wrote:
> >
> >
> > So you have logwatch execing netstat? Do you know what script is doing
> > this?
>
> /usr/share/logwatch/default.conf/logwatch.conf pasteed to:
>
> The only real change is a #Service = "-zz-network", and Detail = Med
There are a few scripts that are disabled by default. The
"-zz-network" means "disable the zz-network script". By commenting
that out, you are reenabling the zz-network script. Here are the
services which are disabled by default which probably don't have
SELinux rules for them yet:
Service = "-zz-network" # Prevents execution of zz-network service, which
# prints useful network configuration info.
Service = "-zz-sys" # Prevents execution of zz-sys service, which
# prints useful system configuration info.
Service = "-eximstats" # Prevents execution of eximstats service, which
# is a wrapper for the eximstats program.
The scripts that run when these are re-enabled are in
/usr/share/logwatch/scripts/services/. From my reading of the
zz-network script, it calls the following programs:
/sbin/chkconfig
/usr/bin/vtysh
/usr/sbin/routeadm
/sbin/ip
netstat
ifconfig
and reads the following files:
/etc/sysctl.conf
/proc/sys/net/ipv4/ip_forward
More information about the fedora-selinux-list
mailing list