Fedora Networking :: 13 - How To Enable "SELinux Named Policy"

Jun 17, 2010

I am trying to configure my live install of fedora so a PC on the same intranet can access it by hostname instead of by IP address.After I installed bind, I realized the man pages recommended against bind and said instead to enable SELinux named. I tried to guess what variables to set after googling and studying the documentation and coming up empty. I used getsebool -a, and tried turning one and all on.I test using:nslookup myhostname on the linux box, since if that is working it isnt surprising that the windows box cant see it. what buttons to push to enable SELinux named, as described in fedora 13 man page for bin slight correction, the man page is for named. It says to remove the bind-chroot and use SElinux to enable named. I think I also have to create a new zone. This seems akin to proving fermats last theorem but less rewarding. anyone know what keys to push for either. I did get system-config-selinux running. I thought it was in an infinite loop but it does *eventually* load a gui. Also if you set a boolean it will grab all CPU for a couple of minutes. (used top in another terminal).

View 5 Replies


ADVERTISEMENT

Fedora Security :: SELinux Policy Changing In 15

Jul 24, 2011

I need to change SELinux policy to permissive and then back to enforced for an installation. I understand that I should be able to do that through the SELinux Administration window accessed through System -> Administration ->SELinux Management. But I do not have any real sysadmin tools available in my Fedora 15 Gnome Gui interface. Am I missing something, or should I use some sort of similar command line tool to do this?

View 2 Replies View Related

Fedora :: Odd Output After Selinux-policy-targeted Package Finished Updating?

Feb 20, 2010

I just updated my system via yum and got an odd output after selinux-policy-targeted package finished updating.

Code:
Updating : selinux-policy-3.6.32-89.fc12.noarch 14/80
Updating : selinux-policy-targeted-3.6.32-89.fc12.noarch 15/80
/etc/mock/koji* /etc/rc.d/init.d/dirsrv* /srv/git* /usr/autodesk/maya2010-x64/lib /usr/lib{64,}/nagios/plugins/check_mailq /usr/sbin/ns-slapd /usr/share/e16/misc* /usr/share/shorewall/compiler.pl /var/cache/cgit* /var/lib/git* /var/lib/koji* /var/www/git/gitweb.cgi /var/www/git/gitweb.cgi

Does anyone knows what that means?

View 2 Replies View Related

Fedora Security :: Selinux Policy Blocking Outbound Ports For Sshd

May 25, 2011

Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.

While I did manage to allow this happen by creating a permissive domain for sshd with this command:

Code:

The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:

Code:

Is this the correct way of allowing an outbound port connection for the sshd daemon?

View 2 Replies View Related

Fedora Security :: Create An SELinux Policy To Automatically Grant Apps Execstack While They Use Glxinfo

Nov 20, 2009

I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'

However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.

View 2 Replies View Related

Fedora Security :: How To Enable MLS Policy

Feb 1, 2010

I have in /etc/selinux/config:

Code:

SELINUX=enforcing
SELINUXTYPE=mls

Do I have MLS enabled? I can't use Selinux commands. I thought MLS is sort of package to Selinux. I fallowed this:

Code:

[code].....

View 3 Replies View Related

Fedora Security :: How To Enable The SELinux

Jan 17, 2011

My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?

View 11 Replies View Related

CentOS 5 :: Centos Installation In Vmware Hangs At Selinux-policy-targeted?

Jun 14, 2010

i am trying to install centos 5.5 x86_64 as a guest OS in vmware server 2.0.2 using netinstall iso. Installation runs fine until the point, when it tries to install selinux-policy-targeted-2.4.6-279.el5.noarch, the whole virtual pc hangs at this.any ideas? i tried to google few things about this, but i have found nothing. this has happened 3 times in row, whole virtual pc always hangs at the same package. i dont have any other problems with vmware, gentoo runs and installs fine in it.i would prefer to do installation using netinstall.iso, it would take a lot of time to download all cds or whole dvd and all i require is a very basic set of packages.

View 7 Replies View Related

Server :: Enable A Password Policy For Squirrelmail?

Jul 29, 2011

My organisation is running squirrelmail on a redhat server. When users are created , at that time the admin sets a password. Thereafter the user can login to his account using the password. But he can't change it as is the case with gmail or yahoo mail. Also the password for any account is known to the admin in addition to the user himself - a weak security arrangement !So what I wish to do is provide a way for users to change his password anytime he wants and also during the first login - as is normally done in banking sites, etc

View 14 Replies View Related

CentOS 5 Server :: Named And Access Rights / SELinux - Access Denied

Aug 24, 2010

I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.

View 1 Replies View Related

Fedora Servers :: SELinux - Find A List Of All The Booleans For SELinux (10) Using Getsebool -a

Feb 23, 2009

You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).

View 5 Replies View Related

Fedora Networking :: Can't Stop Named Service

Nov 30, 2009

I am new in configuring named.I want to set my firewall (Fedora 11) as a name server. The local domain is a Windows domain. I'd like internal users translate domain name into IP on this server when they go to the internet. After reading some posts on the web, I set up named as below. It seems the named does the job but with some problems.

1) When I start the server, I couldn't find the named process even if the file "named" is in /etc/init.d. I can browse Internet on the server with domain name (DNS works locally). But internal users couldn't get the domain name translated. If I shutdown the server at this stage, it will shutdown within 1 minute.

2) If I run "service named start" after the server boot up, I see process "named" and named work okay. Both internal user and local host can browse Internet with domain name. However, any command starting with "service named" has no response after this, such as "service named status" or "service named stop". I can see it shows "stopping named" and this last forever. I have to kill the process then restart named server so that named may run again.

3) If I shutdown the server now, it will take 4-5 minute instead of 1 minute in 1). The shutdown stuck at "shutdown named" for 4 minutes. Even if I kill process named before the shutdown, it will take 4-5 minutes.

It took me a week on this issue. I appreciate if you could take a look my configure files and guide me through this.

View 14 Replies View Related

Fedora Networking :: Named Forwarders Not Working

May 27, 2011

I'm trying to setup a DNS name server using fedora14. Everything is working in the LAN, I've no errors in log/messages, but cannot ping outside world. Can ping IP addresses but not domain names.

View 4 Replies View Related

Networking :: Copying /var/named Files From Fedora 7 To Fedora 11 Does Not Configure Bind?

Aug 12, 2009

host A: Fedora 7 has bind 9.4.2
host B: Fedora 11 has bind 9.6.1

I want to migrate my bind configuration from A to B I've read the release notes and man pages and I can't see why copying

/etc/named*
and
/var/named/*

I checked /etc/sysconfig/named too... Seems to have no effect on my brand new install on Fedora 11. Host B stays basically un-configured.

View 2 Replies View Related

Software :: File /var/lib/named/var/named/reverse/named.zero Failed: File Not Found

Mar 14, 2009

Mandriva 2009, BIND 9.5.0-P2. Named will start however I'm getting the above error as well as these:

14-Mar-2009 15:45:37.084 general: error: zone 0.in-addr.arpa/IN: loading from master file /var/lib/named/var/named/reverse/named.zero failed: file not found
14-Mar-2009 15:45:37.084 general: error: zone 0.0.127.in-addr.arpa/IN: loading from master file /var/lib/named/var/named/reverse/named.local failed: file not found

[code].....

Named shows to be running but with the errors above I know it's not running correctly. I also copied the above dir's over to /var/lib/named/var/lib/named which is where I 'believe' it's chroot'd at, though I could be wrong since I'm unfamiliar with chroot.

View 14 Replies View Related

Fedora Networking :: NetworkManager Blocked By SELinux?

Feb 15, 2011

Fedora 13 64. NetworkManager tries to unlink /etc/hosts and is blocked:

Code:
SELinux is preventing /usr/sbin/NetworkManager from unlink access on the file /etc/hosts.
Additional Information:

[code]....

View 2 Replies View Related

Fedora Networking :: SELinux Is Blocking Internet Access?

Mar 12, 2009

when I try to connect to internet SELinux give my a preventing NetworkManager here is what its say:

Code:
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "getattr" to /dev/ppp
(ppp_device_t).

[Code]....

View 2 Replies View Related

Fedora Networking :: Ethernet Connection Sabotaged By SELinux - AVC Denial ?

May 26, 2009

I installed Fedora to a desktop with a hardwire ethernet connection to my router. When I ran the live CD it connected fine. When I boot now I have no connection, and when I try to connect I get this "AVC Denial" message and some mumbojumbo about SELinux is preventing nm-dhcp-client to read libdbus-glib blah blah blah. The troubleshooter app is no help to me at all. This is extremely frustrating. A couple of weeks ago I did an install to this same computer and had no problem at all. The only difference is that this time I wiped all of my old distros from the HD, and made separate /, /var, /boot, /tmp, and /usr partitions (in addition to the old /home partition which I kept.) I don't know how that could be causing this problem, but it's the only thing different about this install. Should I just go back to putting everything but /home on one partition?

View 5 Replies View Related

Fedora Networking :: SELinux Denied Samba Access To /proc/fs/nfsd

Sep 5, 2009

i have problem with samba share everytime when i want to browse shared folders on fedora machine from windows i always get this msg (SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).)here is my selinuxlog

Summary:

SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).
%

View 6 Replies View Related

Fedora Networking :: Can Not Stablish PPTP VPN Because SELinux Blocking Network Manager

Dec 1, 2009

I can not stablish PPTP VPN because SELinux blocking Network Manager.

I get the following:

Summary: SELinux is preventing NetworkManager (NetworkManager_t) "unlink" to ./reso

Code:

I'm attaching complete alert.

View 1 Replies View Related

Server :: /etc/named.conf:57: Open: /etc/named.root.hints: File Not Found

Apr 1, 2011

I am using Cent OS 5.5 and i want configure DNS, but while configuring bind i am getting below error.

#/etc/init.d/named restart Stopping named: [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:57: open: /etc/named.root.hints: file not found[FAILED]

View 2 Replies View Related

Networking :: Filter Chain And Policy For Iptables -L?

Mar 26, 2010

Is it possible to only view certain chains and more specifically certain chain policies with options when doing:

iptables -L

I would like for example view FORWARD ACCEPT rules instead of waiting for all of the drop rules to load when viewing a firewalled iptables.

View 3 Replies View Related

Ubuntu Networking :: Iptables Sets Itself To A Policy Of Dropping Everything

Mar 3, 2010

When I reboot my computer, my iptables sets itself to a policy of dropping everything, adds a bunch of rules, and a bunch of extra chains, to the effect that (due to everything being set to drop) I can't do anything. I know how to fix this from the terminal to the extent of just clearing most of it and changing the policies back. However, what I don't know is how to make it stay that way. I have a file with the iptables rules I want, so every time I start up I just run iptables-restore, but I don't want to have to do this every time, particularly since others use this computer who do not have admin privileges.

I've tried changing /etc/network/interfaces with the added code pre-up iptables-restore < (etc) But that never does anything, or if it does it just makes stuff work even less. I've tried changing init.d before based on similar info elsewhere, still no luck. I don't know how to get it to stick, and I don't know why it is defaulting to the rules it is, other than that I used a firewall app a while ago and afterwards this was the result, for which I uninstalled that app after no success using it to reverse the damage.

View 2 Replies View Related

Ubuntu Networking :: Where Should Policy Based Routing Rules Live?

Mar 25, 2010

Seems like this should be a simple question, but I've looked around and have not found an obvious location to keep custom policy based routing rules in Ubuntu./etc/network/if-up.d comes to mind, but I was wondering is that was a "standard" spot. Also it doesn't seem like these rules really need to run each time an interface is up'ed or down'ed.

View 4 Replies View Related

Networking :: Tcpdump Shows Packages Even IPTables Policy Set To Drop

Feb 19, 2010

I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?

View 7 Replies View Related

Networking :: Implement Bandwidth Shaping Policy In A Virtual Environment

Nov 27, 2010

I want to implement bandwidth shaping policy in a virtual environment. So i have 2mbps link, which i want to distribute it among Email,http(s),ssh,... and some other traffic. I want to do this in a virtual environment, for testing purpose. I want to run this script on a virtualbox virtual machine, which has ubuntu installed on it. and then use that as the router.

(a) is there any software that could simulate email,http,... traffic so that i could test it?

(b) my second question is (though not related to networking) how do i set a (virtual) machine as a router? or is it even possible?

View 1 Replies View Related

Fedora :: Vnc Policy Authorization Failure When Trying To Add Packages

Aug 24, 2009

It took me a while to get VNC going. It was easier with FC8-10. Once I got finished and was actually able to log in and see my remote desktop I tried to add some software... virtualbox.When I double click on the RPM I get popup that states."The action could not be completed. Failed to install file. You do not have the necessary privileges to perform this action" When I close that dialogue another one pops up that states" "The action could not be completed." When I click on more details the dialogue states. "Policykit authorization failure" How can I make this work?

View 1 Replies View Related

Fedora Security :: Policy Changes Get Posted To The Repositories?

Jan 5, 2010

FC12 with recent updates The bugzilla I reported is fixed in selinux 3.6.32-66 and I have 3.6.32-56. I refreshed the repositories and looked for 66 and it is not listed. Question - how often does the policy changes get posted to the repositories ? And are the repositories the normal place to get the latest and greatest ?

View 2 Replies View Related

Fedora Networking :: Enable Wireless Networking Does Not Work In Windows?

Jun 20, 2009

I've been experiencing a problem with Fedora in which when I enable Wireless in Fedora, Wireless networking does not work in windows. HOwever, when disabled, it works correctly. Windows claims it is "not able to find any networks to connect to"

EDIT: It seems that when wireless is disabled manually on fedora before shutdown, there are no problems in windows.

View 14 Replies View Related

Fedora Networking :: How To Use / Enable Wireless

May 20, 2010

I am new to Linux world. I want to configure wireless on my laptop to use ADSL.

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved