RHEL 5.3 and sealert -b
ESGLinux
esggrupos at gmail.com
Tue Mar 3 12:06:45 UTC 2009
Hello,
I have updated with RHN using pup
here is the info you have requested:
# getenforce
Enforcing
#yum list installed | grep selinux
libselinux.i386 1.33.4-5.1.el5
installed
libselinux-devel.i386 1.33.4-5.1.el5
installed
libselinux-python.i386 1.33.4-5.1.el5
installed
libselinux-utils.i386 1.33.4-5.1.el5
installed
selinux-policy.noarch 2.4.6-203.el5
installed
selinux-policy-devel.noarch 2.4.6-203.el5
installed
selinux-policy-targeted.noarch 2.4.6-203.el5
installed
#service setroubleshoot status
Se esta ejecutando setroubleshootd (pid 2425)...
in /var/log/audit/audit.log there are a lot of logs with AVC
...
u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1236072678.050:68): avc: denied { write } for pid=2130
comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1236072738.057:69): avc: denied { write } for pid=2130
comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1236085050.837:8): avc: denied { write } for pid=2123
comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
type=USER_TTY msg=audit(1236085103.658:21): user pid=2940 uid=0 auid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='grep AVC audit.log '
type=AVC msg=audit(1236085110.848:22): avc: denied { write } for pid=2123
comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
type=USE
...
But in the browser I dont see anything, I also think I used to log in the
/var/log/messages with the explanation of the alert but I dont see anything
Thanks
ESG
2009/3/3 George Magklaras <georgios at biotek.uio.no>
> Trusting that your getenforce shows Enforcing, I have upgraded a bunch of
> 5.2 to 5.3 and sealert is active for me, so I do not think the problem is
> specific to RHEL 5.3, maybe something peculiar with your configuration. What
> does
>
> yum list installed | grep selinux
>
> says to your upgraded systems? Is the setroubleshootd process running?
> Finally, what's the frequency of AVC messages in /var/log/audit/audit.log
> (cat /var/log/audit/audit.log | grep AVC) ?
>
> --
> --
> George Magklaras BSc Hons MPhil
> RHCE:805008309135525
>
> Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
> EMBnet Technical Management Board
> The Biotechnology Centre of Oslo,
> University of Oslo
> http://folk.uio.no/georgios
>
>
>
>
> a bv wrote:
>
>> what method have you used for upgrading the system version?
>>
>> Regards
>>
>>
More information about the redhat-list
mailing list