Problem with SELinux and rkhunter on Fedora 8
Pedro Jose
ercrokan at gmail.com
Wed Mar 26 20:20:37 UTC 2008
Forgiveness, not paste good warning. Here, have a more readable
Thanks.
Resúmen:
SELinux is preventing sendmail (system_mail_t) "append" to
/var/rkhunter/tmp/rkhcronlog.mFxQaF5049 (var_t).
Descripción Detallada:
SELinux denied access requested by sendmail. It is not expected that this access
is required by sendmail and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Permitiendo Acceso:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/rkhunter/tmp/rkhcronlog.mFxQaF5049,
restorecon -v '/var/rkhunter/tmp/rkhcronlog.mFxQaF5049'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Información Adicional:
Contexto Fuente system_u:system_r:system_mail_t:s0
Contexto Destino system_u:object_r:var_t:s0
Objetos Destino /var/rkhunter/tmp/rkhcronlog.mFxQaF5049 [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Desconocido>
Host localhost.localdomain
Source RPM Packages sendmail-8.14.2-1.fc8
Target RPM Packages
RPM de Políticas selinux-policy-3.0.8-93.fc8
SELinux Activado True
Tipo de Política targeted
MLS Activado True
Modo Obediente Enforcing
Nombre de Plugin catchall_file
Nombre de Equipo localhost.localdomain
Plataforma Linux localhost.localdomain 2.6.24.3-34.fc8 #1 SMP
Wed Mar 12 18:17:20 EDT 2008 i686 i686
Cantidad de Alertas 1
First Seen mié 26 mar 2008 18:47:43 CET
Last Seen mié 26 mar 2008 18:47:43 CET
Local ID 65abd64d-1a3f-4d68-a9b0-5ea5cf268d85
Números de Línea
Mensajes de Auditoría Crudos
host=localhost.localdomain type=AVC msg=audit(1206553663.4:30): avc:
denied { append } for pid=21759 comm="sendmail"
path="/var/rkhunter/tmp/rkhcronlog.mFxQaF5049" dev=sda6 ino=1766018
scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
host=localhost.localdomain type=SYSCALL msg=audit(1206553663.4:30):
arch=40000003 syscall=11 success=yes exit=0 a0=805848b a1=956760c
a2=bfc98a58 a3=956760c items=0 ppid=21758 pid=21759 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none)
comm="sendmail" exe="/usr/sbin/sendmail.sendmail"
subj=system_u:system_r:system_mail_t:s0 key=(null)
More information about the fedora-selinux-list
mailing list