Stuff I found in my log?

[Knute Johnson]

I found some interesting things in my 'messages' log today.  I'm not 
sure what they mean and would appreciate any information.

This one is the most bothersome.  It appears that 'useradd' was 
prevented from running this morning only I didn't run it.  Would any 
other programs run 'useradd' and what would cause it to be denied?

May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:  
denied  { write } for  pid=13906 comm="useradd" name="[1708464]" 
dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0 
tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file

There are a boatload of these messages.  I know that 'webalizer' is a 
statistics formatter for the web server but why would it be run 
dozens of times and be denied?

May 23 04:02:02 rabbitbrush kernel: audit(1148382121.861:514): avc:  
denied  { create } for  pid=12313 comm="webalizer" 
scontext=user_u:system_r:webalizer_t:s0 
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:515): avc:  
denied  { create } for  pid=12313 comm="webalizer" 
scontext=user_u:system_r:webalizer_t:s0 
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:516): avc:  
denied  { create } for  pid=12313 comm="webalizer" 
scontext=user_u:system_r:webalizer_t:s0 
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket

What would cause hundreds of these messages to appear in the log.  I 
know I played with setsebool but I only changed one item.

May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:286): avc:  
granted  { setbool } for  pid=2303 comm="setsebool" 
scontext=user_u:system_r:unconfined_t:s0 
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:287): avc:  
granted  { setbool } for  pid=2303 comm="setsebool" 
scontext=user_u:system_r:unconfined_t:s0 
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:288): avc:  
granted  { setbool } for  pid=2303 comm="setsebool" 
scontext=user_u:system_r:unconfined_t:s0 
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:289): avc:  
granted  { setbool } for  pid=2303 comm="setsebool" 
scontext=user_u:system_r:unconfined_t:s0 
tcontext=system_u:object_r:security_t:s0 tclass=security

Thanks very much,

-- 
Knute Johnson
Molon Labe...