I have a selinux alert every time I print to cups_pdf after upgrading to Centos 5.3 from 5.2. This never happened before. This is the alert I get
SELinux is preventing sh (cups_pdf_t) "search" to ./sbin (sbin_t)
It tells me to allow the access I need to run the cmd
restorecon -v './sbin'
I have tried it but nothing happens.
I sue Fedora 13. Since a few times ago, every time when I start the computer, it appears a message of SELinux trouble shooter about a security alert. But most of times there are no errors to show.
View 9 Replies View RelatedEverytime I login the SELinux Troubleshooter panel applet alerts me that I have 1 alert to view, however when I click on the icon and bring up the Troubleshooter there are no alerts
View 2 Replies View RelatedI'd like to avoid normal users from getting alerts about upgrading to newer Ubuntu versions.
Mostly because they are not allowed to do any upgrades.
i am trying to install centos 5.5 x86_64 as a guest OS in vmware server 2.0.2 using netinstall iso. Installation runs fine until the point, when it tries to install selinux-policy-targeted-2.4.6-279.el5.noarch, the whole virtual pc hangs at this.any ideas? i tried to google few things about this, but i have found nothing. this has happened 3 times in row, whole virtual pc always hangs at the same package. i dont have any other problems with vmware, gentoo runs and installs fine in it.i would prefer to do installation using netinstall.iso, it would take a lot of time to download all cds or whole dvd and all i require is a very basic set of packages.
View 7 Replies View Relatedi have CentOS 5.2 based server running openssh, which gives sftp service to the outside users(from internet), the users from some public ip-addresses uploads and download files from sftp-server directories. I want that whenever a user uploads a new file in certain directory of server, the server should send me an email alert
View 1 Replies View RelatedYou can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedI turned on SELinux today on my laptop, but when I tried to reboot I found that I can't! The boot process stalls every time on "Starting system logger". A load of "permission denied" messages preceed that, including various items in /var/sys. Most flash by far too fast for me to note them down.
I have tried the backup kernel from the grub menu but get the same result. What has gone on here and what can I do to get around this?
I am running Postfix on my CentOS (latest) powered box with SELinux at Enforcing mode.
This is what I get each time Postfix tries to send e-mail:
Quote:SELinux is preventing postdrop (postfix_postdrop_t) "write" to pipe (initrc_t).
I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
Where is SELinux storing the booleans then?
This is on CentOS 5.4
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
Code:
$ ./configure --with-md5-passwords --with-selinux --with-pam
[snip]
Host: i686-pc-linux-gnu
Compiler: gcc
[Code]..
I don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
[code]....
Is there a reason why the selinux module for nagios just doesn't work? I'm running CentOS release 5.4 (Final) and did "yum install nagios" and now have nagios-3.2.0-1.el5.rf installed. I'm having to create policy after policy after policy, and still haven't reached the end of the rainbow.
I suppose after I run out of selinux violations, I could figure out how to combine all of these modules and post the result, but it seems really, really weird to think that I'm the only person who has ever installed nagios from the repo with SELinux enabled.
I have installed CentOS and Redhat5 on a LVM partition and selinux is enabled. Both OS's share the same /home partition with one user with the same login(gc) and same uid (1000). The problem I am having is that gc can login with all permissions etc on the OS that was installed first (CentOS). For the redhat OS gc can login but cannot write to the home directory (or startx since X needs to write to Xauthority)Here are outputs - 1st CentOS
[gc@shuttle ~]$ ll -Zd $HOME
drwx------ gc gc system_ubject_r:unlabeled_t /home/gc
[gc@shuttle ~]$ stat $HOME
[code]....
I'm running Apache on Centos 5.5, with active SELinux, and I'm having trouble getting my Perl script to write a file that doesn't yet exist to a folder which has the proper security context.
View 9 Replies View RelatedI am trying to use CentOS 5.4 to set up a secure laptop, largely because of it's SELinux functionality. Unfortunately I couldn't get wireless to work properly using the default NetworkManager so I installed wicd. Initially it buggered up my whole installation but after relabelling files using SEL I can now use my system again. but.. I can't use it with SELinux enabled, as it denies the required accesses for wicd to work. I also get similar SELinux denials for wpa_supplicant. A couple of snippets from /var/log/audit/audit.log -
[Code]....
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View RelatedI'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies View RelatedI have an intel DP35DP motherboard - ICH9 southbridge - set to AHCI mode. Working fine under 5.2. Yesterday I updated to centos 5.3, and got kernel 2.6.18-128.1.16 and now it can't boot. It hangs trying to read sata1 with DRDY errors and exceptions.So then I installed 5.3 from a DVD onto a new drive, and got kernel 2.6.18-128. This worked, most of the time, but occasionally gave me this error. I then updated my BIOS, and the error went away.Then I updated this new working drive to the latest kernel (yum update again) and got kernel 2.6.18-128.1.16, and now it wont boot again, with the same message.
ata1: failed to read log page 10h (errno=-5)
ata1.00 exception Emask 0x1 SAct 0x1 SErr 0x0 action 0x0
ata1.00: irq_stat 0x40000008
ata1.00: cmd 60/08:00:61:4b:38/00:00:3a:00:00/40 tag 0 ncq 4096 in
ata1.00: status: { DRDY }
ata1.00: revalidation failed (errno=-2)
ata1.00: revalidation failed (errno=-2)
[Code]....
have all ways been hiding in the background read not say a thinglets start well i look after 2 dell poweredge 2650 with 12 gig ram installed servers has been running fine onwell i though it was time to upgrade to 5 all went fine till reboot Memory for crash kernel (0x to 0x) not within permissible range ! well what i have been reading this is the norm for now What is mean by ignore it? LoLwell so i did the system keeps boot till i get to this linesbin/mingetty: /sbin/mingetty: cannot execute binary file alot, and it shows. INIT: Id "5" respawning too fast: disabled for 5 minutes ...so maybe its a memory issue so took 8 gig out left 4 in the system now it reboot alls good with only 4 gig of ram installed so is there a way to fix it to use all the ram can i get the system boot on 4 gig and then add the 8gig later on
View 7 Replies View RelatedI make upgrade from CentOS 5.4 to CentOS 5.5. Architecture is historical i386. On first boot my system was freezed by disabled earlier but not removed manualy writed xdm service. I disable it. But not found network. I see hardware address of card fe:ff:ff:ff:ff:ff. This address is not normal. But how to restore eeprom of this network adapter?
I don't think its trouble of new CentOS. I think this is random incident.Configuration of computer is Intel D510MO motherboard with integrated atom processor and realtek 8111dl nic. I know some trics about fix mac address in centos, but how to fix this address in bios?
I have installed CentOS 5.2, apache tomcat 5 already included, How can I upgrade tomcat to version 6 ?
View 1 Replies View RelatedI have encountered the same problem as indicated in this post: "udev hang after upgrade from 5.3 to 5.4"[URL]... I'm testing the upgrade path to centos 5.4 on several virtual machines prior to upgrading our production systems. I have upgraded centos 5.2 --> centos 5.4 and centos 5.3 to centos 5.4. In both cases udev hangs after the upgrade. The following message is displayed on the console: "Starting udev: Wait timeout. Will continue in the background [FAILED]"
I found another related post: "udev hangs on boot for a long time, suspect pam_console_apply"[URL]..So, I booted by VMs using the "udevdebug" option to grub and received the same error message - "udevd-event [###]: run_program: Waiting ## seconds for output of '/sbin/pam_console_apply /dev/..."
In my /etc/ldap.conf file "bind_policy hard" is commented out. I added a line "bind_policy soft" as described in the post and my VMs booted fine. NOTE: This problem is not encountered with a fresh install of CentOS 5.4 and the "bind_policy hard" option in the /etc/ldap.conf is commented out as in the upgraded systems. What is really causing this problem and how do I get it addressed? I have a couple hundred systems to update from various releases of CentOS 5 to the latest current version 5.4. It would be nice to get this bug squashed..
[Code]...
getting this bug report on starting fedora 13 in hp laptop
WARNING: at drivers/pci/dmar.c:647 check_zero_address+0x96/0x19b()
Hardware name: HP Pavilion dv6 Notebook PC
Your BIOS is broken; DMAR reported at address zero!
BIOS vendor: Hewlett-Packard; Ver: F.42; Product Version: Rev 1
Modules linked in:
[Code]...
I would get the message that the uuid file does not exist. I've been online looking for fixes since yesterday morning and nothing has helped at all. I've read online that I should run fdisk -l to obtain info to share with others, but that command doesn't work in any command prompt I open. I am running Ubuntu 9.10 with the latest patches and I'm sure you guys know that it runs Grub2 loader...if that helps at all.
View 9 Replies View RelatedI have noticed some possible security issues in my /var/log.messages log but i'm not sure how to read the messages.
I'm getting the following lines:
Code:
Can we create alert whenever a upload to ftp server happens. We have redhat 5
View 1 Replies View RelatedI was on funnyjunk.com yesterday, looking at funny pictures. I clicked the next button, and a page popped up displaying that the website had malware hosted by hit.d1.net, however when I had Windows XP the MacAffee Siteadvisor Displayed that there was no malware. Is this Real or Fake? Just wondering if it is one of those fake spyware alerts, like from windows.
View 2 Replies View Relatedlong story, I upgraded my system from maverick to natty, didn't like it so restored my system with a backup that I had done recently. after it rebooted I used gparted live CD to expand my partition, moving swap to the end of the HD, then when I rebooted grub didn't work so I booted with ubuntu live cd and reinstalled grub. then I booted normally but nautilus didn't work and had lots of problems. So I installed ubuntu again with ubuntu live cd, formating the partition and expanding it, no problems at all.But, I wanted my files back, so restored the system again, now the message that I get isQuote:
Gave up waiting for root device. Common problems:
-Boot args (cat /proc/cmdline)
-Check rootdelay= (did the system wait for the right device?)
[code]....