[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: setroubleshoot server listens out on inet

hello John,
more than fair, safety is priority
but what I said was that this is a bit of conf I cannot figure out
there are these two directive in client_connect_to; listen_for_client
fairly clear explanation how to use inet family
and this 69783 in fedoras default_port, it's not even a valid port! is it? anyhow, I change this directive like: address_list = {unix}%(path)s, hostname:8880 (hostname gets resolved)
but I still see no process binds/listens to that port
and by the way, sealert browser seems using only hard-coded port with no way of changing it
server logs:
2009-03-25 01:06:34,771 [communication.DEBUG] parse_socket_address_list: input='{unix}/var/run/setroubleshoot/setroubleshoot_server,' 2009-03-25 01:06:34,772 [communication.DEBUG] parse_socket_address_list: --> {inet} socket=None 2009-03-25 01:06:34,774 [communication.DEBUG] new_listening_socket: {unix}/var/run/setroubleshoot/setroubleshoot_server socket=None 2009-03-25 01:06:34,775 [communication.DEBUG] new_listening_socket: {inet} socket=None
but as I said, doesn't open that port,
ipc socket is working, sends emails with reports
I'll check those plug-ins Dominick mentions

John Dennis wrote:
lejeczek wrote:
dear all,
that really baffles me, I don't seem to be able to set it up :)
and that port by default in conf file??
setroubleshoot server should be able to listen on network so remote sealert could connect to it, right?
on my boxes(f9;f10) it does even look like binding to a port
please advise

By default the connection between the server and client is local and is implemented with a unix domain socket, not inet. This default is chosen for security reasons with the consequence the client (sealert) can only connect to the server (setroubleshootd) if they are running on the same host. However, it is possible to configure setroubleshootd to accept inet connections (see the comments in /etc/setroubleshoot/setroubleshoot.cfg) so that a remote sealert can connect to it. Be aware there is no authentication in this configuration and as such you must be comfortable with anyone being able to access your selinux denial information. For sealert to connect via inet to a remote host use the "connect to" menu item in the "File" menu (going from memory, the name might be slightly different). In the default local case you should not need to do anything special, the default configuration should just work.

___________________________________________________________ Inbox full of spam? Get leading spam protection and 1GB storage with All New Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]