Problem with SELinux and rkhunter on Fedora 8

Pedro Jose ercrokan at gmail.com
Wed Mar 26 20:20:37 UTC 2008 

Forgiveness, not paste good warning. Here, have a more readable

Thanks.

Resúmen:

SELinux is preventing sendmail (system_mail_t) "append" to
/var/rkhunter/tmp/rkhcronlog.mFxQaF5049 (var_t).

Descripción Detallada:

SELinux denied access requested by sendmail. It is not expected that this access
is required by sendmail and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/rkhunter/tmp/rkhcronlog.mFxQaF5049,

restorecon -v '/var/rkhunter/tmp/rkhcronlog.mFxQaF5049'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Información Adicional:

Contexto Fuente               system_u:system_r:system_mail_t:s0
Contexto Destino              system_u:object_r:var_t:s0
Objetos Destino               /var/rkhunter/tmp/rkhcronlog.mFxQaF5049 [ file ]
Source                        sendmail
Source Path                   /usr/sbin/sendmail.sendmail
Port                          <Desconocido>
Host                          localhost.localdomain
Source RPM Packages           sendmail-8.14.2-1.fc8
Target RPM Packages
RPM de Políticas             selinux-policy-3.0.8-93.fc8
SELinux Activado              True
Tipo de Política             targeted
MLS Activado                  True
Modo Obediente                Enforcing
Nombre de Plugin              catchall_file
Nombre de Equipo              localhost.localdomain
Plataforma                    Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
                              Wed Mar 12 18:17:20 EDT 2008 i686 i686
Cantidad de Alertas           1
First Seen                    mié 26 mar 2008 18:47:43 CET
Last Seen                     mié 26 mar 2008 18:47:43 CET
Local ID                      65abd64d-1a3f-4d68-a9b0-5ea5cf268d85
Números de Línea

Mensajes de Auditoría Crudos

host=localhost.localdomain type=AVC msg=audit(1206553663.4:30): avc:
denied  { append } for  pid=21759 comm="sendmail"
path="/var/rkhunter/tmp/rkhcronlog.mFxQaF5049" dev=sda6 ino=1766018
scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1206553663.4:30):
arch=40000003 syscall=11 success=yes exit=0 a0=805848b a1=956760c
a2=bfc98a58 a3=956760c items=0 ppid=21758 pid=21759 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none)
comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:system_mail_t:s0 key=(null)

More information about the fedora-selinux-list mailing list