Stuff I found in my log?
Stephen John Smoogen
smooge at gmail.com
Wed May 24 02:00:33 UTC 2006
On 5/23/06, Knute Johnson <knute at frazmtn.com> wrote:
> I found some interesting things in my 'messages' log today. I'm not
> sure what they mean and would appreciate any information.
>
> This one is the most bothersome. It appears that 'useradd' was
> prevented from running this morning only I didn't run it. Would any
> other programs run 'useradd' and what would cause it to be denied?
>
> May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:
> denied { write } for pid=13906 comm="useradd" name="[1708464]"
> dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file
>
Need some more information to help on this:
What is your OS and its version?
What is your selinux set to?
When was the last time you updated your system to?
> There are a boatload of these messages. I know that 'webalizer' is a
> statistics formatter for the web server but why would it be run
> dozens of times and be denied?
>
> May 23 04:02:02 rabbitbrush kernel: audit(1148382121.861:514): avc:
> denied { create } for pid=12313 comm="webalizer"
> scontext=user_u:system_r:webalizer_t:s0
> tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the fedora-selinux-list
mailing list