pam_abl selinux problem
Alexander Dalloz
ad+lists at uni-x.org
Sun Nov 6 03:33:10 UTC 2005
Am Sa, den 05.11.2005 schrieb Nicolas Mailhot um 10:41:
> Hi,
>
> Following a thread on the fedora-extra list about which tool in FE
> should be used to protect against sshd brute-force attacks I installed
> pam_abl on my fedora devel box. Pam_abl is a security module that checks
> every login attempt against user and host blacklists, and automatically
> fill these lists after too frequent login failures.
>
> Unfortunately it seems the devel security policies are not nice to
> pam_abl, so it doesn't work :
>
> Nov 5 10:27:02 rousalka pam_abl[3917]: Permission denied (13) while
> opening or creating database
>
> I've posted the relevant details (full audit logs...) in
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172496
>
> Could someone more qualified than me take a peek at them ?
Sorry that I am not helpful at this stage. Just want to show I am
following both the bugzilla ticket as well hopefully upcoming qualified
discussion by the SELinux gurus, as being the FE package maintainer of
pam_abl.
What I would like to know - besides resolving the ticketed problem - is
whether such kind of packages from Fedora Extras will have to carry
policy modifications / adds themselves or whether approved FE packages
should come up with Core policy package adjustments.
Regards
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 04:20:26 up 8 days, 2:20, load average: 1.82, 1.53, 1.24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20051106/4783080f/attachment.sig>
More information about the fedora-selinux-list
mailing list