P.S. - RE: [redhat-list] updates pending question

Constance Morris cmorris at daltonstate.edu
Fri May 10 18:16:14 UTC 2013 

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
Sent: Friday, May 10, 2013 1:43 PM
To: General Red Hat Linux discussion list
Subject: RE: P.S. - RE: [redhat-list] updates pending question

Constance   Morris wrote:
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
> Constance   Morris wrote:
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
>> Constance   Morris wrote:
>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Alfred 
>>> Hovdestad On 09/05/13 02:15 PM, Constance Morris wrote:
>>>
<snip>
>>>Oh, two other things: first, is selinux enabled (enter getenforce)?
>>
>> Checked and it is enforced
> <snip>
> AAAARRRRGHGHGHGHGHGHGHH!!!!!!!!!!!!
>
> Ok, a *whole* new problem, which maybe throws everything else out the 
> window.
>
> Look at their home directories again, but this time do ll -Z 
> /var/www/whatever. Betcha they're something like unconfined_t, or 
> default_t, or maybe even not labeled. Check /var/log/messages for 
> sealert messages. And if you *don't* have any, then you need to see if
> setroubleshoot\* is installed. If not, install them (server and 
> plugins), and make sure auditd is on. Then you'll see complaints. Run 
> what's in messages, which will be of the form "setroubleshoot: SELinux 
> is preventing /usr/bin/updatedb from read access on the directory 
> /public/apps/.gem. For complete SELinux messages. run sealert -l 
> 20085a91-0ea5-4794-a7c8-b6e975c27ed4". Run the sealert, and *maybe* 
> the message will be helpful. It's sometimes only barely, to me, and 
> I've been fighting to shut selinux up in the logs for years now.
>
> If you thought *Nix sysadmin was complicated, wait till you begin to 
> look at selinux (which, btw, was written by the NSA, for real).
>
> It shows the following:
> user_u:object_r:httpd_sys_content_t:s0

Ok, that *should* work.
>
> so no unconfined_t or default_t
>
> There is no 'sealert' messages inside the message log.
>
> 'setroubleshoot' is not installed. It says there are 23 packages to 
> install if I install it....if that okay?
> I don't want to cause any additional problems on the system right now.

Install it, last week if not sooner. If you've got selinux enabled, and you don't have that, you're asking for a world of hurt, things like random denials or failures with no idea why.

Are there entries in /var/log/audit/audit.log? Is auditd running?

      mark
--------------

Okay - installing it now.......complete.
Yes, looks like this in /var/log/audit/audit.log  :

type=CRYPTO_SESSION msg=audit(1368206600.135:1549): user pid=12527 uid=0 auid=618 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 rport=53503 laddr=168.30.232.48 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=168.30.169.40, terminal=? res=success)'


?
Constance

More information about the redhat-list mailing list