setroubleshoot server listens out on inet

lejeczek peljasz at yahoo.co.uk
Wed Mar 25 08:33:11 UTC 2009


hello John,
more than fair, safety is priority
but what I said was that this is a bit of conf I cannot figure out
there are these two directive in client_connect_to; listen_for_client
fairly clear explanation how to use inet family
and this 69783 in fedoras default_port, it's not even a valid port! is 
it? anyhow, I change
this directive like: address_list = {unix}%(path)s, hostname:8880 
(hostname gets resolved)
but I still see no process binds/listens to that port
and by the way, sealert browser seems using only hard-coded port with no 
way of changing it
server logs:
2009-03-25 01:06:34,771 [communication.DEBUG] parse_socket_address_list: 
input='{unix}/var/run/setroubleshoot/setroubleshoot_server,10.0.0.100:8880'
2009-03-25 01:06:34,772 [communication.DEBUG] parse_socket_address_list: 
10.0.0.100:8880 --> {inet}10.0.0.100:8880 socket=None
2009-03-25 01:06:34,774 [communication.DEBUG] new_listening_socket: 
{unix}/var/run/setroubleshoot/setroubleshoot_server socket=None
2009-03-25 01:06:34,775 [communication.DEBUG] new_listening_socket: 
{inet}10.0.0.100:8880 socket=None
but as I said, doesn't open that port,
ipc socket is working, sends emails with reports
I'll check those plug-ins Dominick mentions
cheers

John Dennis wrote:
> lejeczek wrote:
>> dear all,
>> that really baffles me, I don't seem to be able to set it up :)
>> and that port by default in conf file??
>> setroubleshoot server should be able to listen on network so remote 
>> sealert could connect to it, right?
>> on my boxes(f9;f10) it does even look like binding to a port
>> please advise
>> cheers
>>
> By default the connection between the server and client is local and 
> is implemented with a unix domain socket, not inet. This default is 
> chosen for security reasons with the consequence the client (sealert) 
> can only connect to the server (setroubleshootd) if they are running 
> on the same host. However, it is possible to configure setroubleshootd 
> to accept inet connections (see the comments in 
> /etc/setroubleshoot/setroubleshoot.cfg) so that a remote sealert can 
> connect to it. Be aware there is no authentication in this 
> configuration and as such you must be comfortable with anyone being 
> able to access your selinux denial information. For sealert to connect 
> via inet to a remote host use the "connect to" menu item in the "File" 
> menu (going from memory, the name might be slightly different). In the 
> default local case you should not need to do anything special, the 
> default configuration should just work.
>

		
___________________________________________________________ 
Inbox full of spam? Get leading spam protection and 1GB storage with All New Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html




More information about the fedora-selinux-list mailing list