P.S. - RE: [redhat-list] updates pending question

Tony Fondo tony_fondo at nwrdc.fsu.edu
Fri May 10 20:16:33 UTC 2013 

Unsubscribe 





On May 10, 2013, at 4:16 PM, "Constance  Morris" <cmorris at daltonstate.edu> wrote:

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
> Sent: Friday, May 10, 2013 3:20 PM
> To: General Red Hat Linux discussion list
> Subject: RE: P.S. - RE: [redhat-list] updates pending question
> 
> Constance   Morris wrote:
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
> 
>> Constance   Morris wrote:
>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
>>> Constance   Morris wrote:
>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
>>>> Constance   Morris wrote:
>>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
>>>>> Constance   Morris wrote:
>>>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Alfred 
>>>>>> Hovdestad On 09/05/13 02:15 PM, Constance Morris wrote:
>>> <snip>
>>>>>> Oh, two other things: first, is selinux enabled (enter getenforce)?
>>>>> 
>>>>> Checked and it is enforced
>>>> <snip>
>>>> AAAARRRRGHGHGHGHGHGHGHH!!!!!!!!!!!!
>>>> 
>>>> Ok, a *whole* new problem, which maybe throws everything else out 
>>>> the window.
>>>> 
>>>> Look at their home directories again, but this time do ll -Z 
>>>> /var/www/whatever. Betcha they're something like unconfined_t, or 
>>>> default_t, or maybe even not labeled. Check /var/log/messages for 
>>>> sealert messages. And if you *don't* have any, then you need to see 
>>>> if
>>>> setroubleshoot\* is installed. If not, install them (server and 
>>>> plugins), and make sure auditd is on. Then you'll see complaints. 
>>>> Run what's in messages, which will be of the form "setroubleshoot:
>>>> SELinux is preventing /usr/bin/updatedb from read access on the 
>>>> directory /public/apps/.gem. For complete SELinux messages. run 
>>>> sealert -l 20085a91-0ea5-4794-a7c8-b6e975c27ed4". Run the sealert, 
>>>> and *maybe* the message will be helpful. It's sometimes only barely, 
>>>> to me, and I've been fighting to shut selinux up in the logs for 
>>>> years now.
>>>> 
>>>> If you thought *Nix sysadmin was complicated, wait till you begin to 
>>>> look at selinux (which, btw, was written by the NSA, for real).
>>>> 
>>>> It shows the following:
>>>> user_u:object_r:httpd_sys_content_t:s0
>>> 
>>> Ok, that *should* work.
>>>> 
>>>> so no unconfined_t or default_t
>>>> 
>>>> There is no 'sealert' messages inside the message log.
>>>> 
>>>> 'setroubleshoot' is not installed. It says there are 23 packages to 
>>>> install if I install it....if that okay?
>>>> I don't want to cause any additional problems on the system right now.
>>> 
>>> Install it, last week if not sooner. If you've got selinux enabled, 
>>> and you don't have that, you're asking for a world of hurt, things 
>>> like random denials or failures with no idea why.
>>> 
>>> Are there entries in /var/log/audit/audit.log? Is auditd running?
>> 
>>> P.S. I went back over what you said and ran the:  run sealert -l
>>> 20085a91-0ea5-4794-a7c8-b6e975c27ed4
>>> And got " failed to connect to server: No such file or directory"
>>> If I run just 'sealert' - I get: could not attach to desktop process
>> 
>> Ok... several questions: first, you didn't copy *mine*, did you? You 
>> got one out of your /var/log/messages? Second, you ran it from a 
>> command line, on the machine, correct? <looks at the manpage> Ok, I 
>> guess you can run it from the GUI, but if you're not on the console, 
>> you have to have X forwarding enabled in sshd, and then log in from a 
>> system running X with ssh -X or ssh -Y.
>> 
>> I do most of what I do, as do most sysadmins I know, from the command 
>> line.
>> 
>> Mark,
>> You want a good laugh.....I did copy yours. Oops.
>> I do not see any sealert info in the messages log. Do I need to run or 
>> rather start sealer?
> 
> Nope. If auditd is running, that's all you need. If you see no sealerts in /var/log/messages, or AVCs in /var/log/audit/audit.log, be happy. The messages are for specific AVCs on *your* system, they're not generic.
> 
>> There is no GUI for this server - it's all command line.
>> X11Forwarding is showing 'yes' in the sshd_config file.
>> What is ssh -X or ssh -Y......would a system running X be like putty?
> I don't think so. I think you need something like Citrix, or the mks toolkit, or something like that, if you're on WinDoze.
> 
>     mark
> --------------
> 
> Mark,
> 
> I do get AVC messages in the audit.log file  :
> type=AVC msg=audit(1368211292.794:1593): avc:  denied  { search } for  pid=13587 comm="procmail" name="www" dev=dm-0 ino=3440923 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list