Fedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?

Apr 13, 2011

this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:

Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]

[code]....

View 5 Replies


ADVERTISEMENT

Red Hat / Fedora :: Selinux Security Alerts - Change File Context?

Apr 26, 2010

I receive messages such as the below:

SELinux is preventing /usr/sbin/httpd from using potentially mislabeled filesjk-runtime-status. SELinux has denied the httpd access to potentially mislabeled filesjk-runtime-status. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, httpd_tmp_t,

I know how to change the owner of a file and the permissions but what does it mean to change the file context?

View 3 Replies View Related

Security :: Fedora System Compromised But No Changes Made?

Jan 25, 2011

The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure.

The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said.

View 2 Replies View Related

Fedora Security :: "Your System May Be Seriously Compromised"

Feb 21, 2010

I just found these in my setroubleshoot logs and what the hell is going on:

Quote:

Summary:

Your system may be seriously compromised!

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux has prevented semodule from modifying $TARGET. This denial indicates semodule was trying to modify the selinux policy configuration. All applications that need this access should have already had policy written for them. If a compromised application tries to modify the SELinux policy this AVC will be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context staff_u:staff_r:staff_t:s0
Target Context system_u:object_r:semanage_store_t:s0
Target Objects modules [ dir ]

[code]....

This isn't even the half of it either, there are other warnings in between them about netfilter_contexts unlink operations and /usr/sbin/semodule "rmdir" operations on modules.

All I can remember doing earlier was switching into permissive mode to change the type of a WINE application, the legitimacy of which - for system security purposes - I don't doubt. That, and generating policy for it which I tried running the install script for after changing the type didn't work. Neither of those actions seem like they'd try to remove the modules directory.

View 3 Replies View Related

Fedora Security :: SE Attack Alerts - Root Out The Source?

Oct 20, 2009

I have been receiving attack alerts. And I would like to root out the source of the problem. I'll give you the messages. If you could help me prevent this hacker from even being able to attempt these things please any advice is helpful. There have been memory stack attempts, failed sys_admin conversion attempts, password file write attempts etc.....

[Code]...

View 5 Replies View Related

Security :: Signs Of Getting Compromised

Jan 25, 2010

Today any web browser I use has randomly been brining me to URL... at random intervals.I've run chkrootkit from a live cd, and rkhunter, clamav, f-prot, and bitdefender, nothing's unusual.All the definitions were up to date.I'm wondering if its possible that my router got hacked. I'm not sure this is even possible, but it's acting weird. Tried reflashing its firmware, didn't fix it.

View 5 Replies View Related

Security :: Disable SELinux Security On Httpd

Jul 13, 2010

I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.

View 1 Replies View Related

Ubuntu Security :: Chkrootkit Log, Compromised Box?

Mar 28, 2011

Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected

[code]....

View 6 Replies View Related

Security :: Savannah GNU Site Compromised

Dec 1, 2010

A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material.The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings.

View 4 Replies View Related

Ubuntu Security :: Replacing A Possibly Compromised OpenSSH Key?

Sep 22, 2010

I have an OpenSSH server running on Ubuntu 10.04, and it works fine.

I'm concerned that my SSH key may have been compromised and would like to replace it.

I tried replacing keys before and reinstalling OpenSSH and SSH before but ran into terrible trouble so I'm asking for instruction before touching anything this time.

Code:
laeg@skyrocket:~/.ssh$ ls
authorized_keys id_rsa id_rsa.ppk id_rsa.pub known_hosts
Code:
laeg@skyrocket:/etc/ssh$ ls

[Code]....

So can I just synpaptic 'fully' uninstall SHH (although probably even less necessary than..) and OpenSHH, backup sshd_config, delete the two dirs referenced above, reinstall both packages, insert my sshd_config backup, and then start from scratch following the guides linked below?

View 9 Replies View Related

Security :: Compromised Systems Notify Hacker They Are Infected

Dec 4, 2010

I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?

View 4 Replies View Related

Fedora Security :: SELinux Context For Cgi-bin?

Oct 20, 2010

I'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:

SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.

How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?

View 3 Replies View Related

Fedora Security :: Selinux Not Enabled?

Nov 10, 2010

Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then

View 10 Replies View Related

Fedora Security :: How To Enable The SELinux

Jan 17, 2011

My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?

View 11 Replies View Related

Fedora Security :: SELinux Not Enforcing?

Apr 30, 2011

I tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.

View 2 Replies View Related

Security :: Gmail And Winnow.compromised.ts.jsexploit.5.UNOFFICIAL Malware?

Apr 26, 2010

second time clamav detects the malware on laptop underubuntu:winnow.compromised.ts.jsexploit.5.UNOFFICIALwinnow.spam.ts.domains.158.UNOFFICIALgspace.js: winnow.malware.cm.miscspam.387929.UNOFFICIALwhat does this mean, is it serious and what is the origin of this infection?

View 9 Replies View Related

Fedora Security :: Prevent Firefox With SELinux?

May 11, 2009

I am new to Fedora 10, and to SELinux too.

I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.

View 2 Replies View Related

Fedora Security :: SELinux Is Blocking Ipod?

Jul 8, 2009

I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.

View 2 Replies View Related

Fedora Security :: SELinux Relabel Every 3 Boot?

Mar 29, 2010

I get a SELinux relabel often even without changing stuff. SELinux troubleshoot doesn't show any error nor are there any messages in /log/messages that give any clue. Where should I look to see whats happening ?

2.6.31.12-174.2.22.fc12.x86_64
selinux-policy-3.6.32-103.fc12

View 2 Replies View Related

Fedora Security :: SELinux Really Necessary For Home Desktop?

Jul 11, 2010

I wonder if SELinux really are necessary for a home desktop ?
It only makes my computer use more problematic than it already is.
What can happend if I uninstall it on my Fedora 13 dist ?
Is the hole Internet going to come in to my computer and destroy it ?

If I uninstall SELinux, is the firewall uninstalled also ?

View 14 Replies View Related

Fedora Security :: SELinux Has Broken Bugzilla

Jul 19, 2010

I have recently upgraded from FC12 to FC13, and last week I updated all packages using YUM. The system is running as a VM inside CentOS 5.5 using KVM. SELinux is enforcing, using the targeted policy. Bugzilla is version 3.6.1 and was NOT installed using RPM or YUM.

Bugzilla was working OK on this machine until SELinux was upgraded last week from 3.7.19-28 to 3.7.19-33, and is still broken after testing 3.7.19-37 from the testing repo. With SELinux in enforcing mode, apache returns error 500 when I browse to the main bugzilla page. The apache error log shows this:-

Code:
[Mon Jul 19 13:15:08 2010] [error] [client 192.168.40.1] (13)Permission denied: exec of '/var/www/html/bugzilla/index.cgi' failed
Nothing, and I mean absolutely nothing, is recorded in /var/log/audit/audit.log, /var/log/messages or /var/log/secure.

[Code]....

View 5 Replies View Related

Fedora Security :: SELinux Warning On Rkhunter?

Mar 17, 2011

i get this warning from selinux :

"SELinux is preventing /bin/mailx from append access on the file /var/lib/rkhunter/rkhcronlog.OmRFCZOynG."

I tried to fix it by "# /sbin/restorecon -v /var/lib/rkhunter/rkhcronlog.OmRFCZOynG" as suggested by SELinux but it comes back with another warning, but with a different /rkhcronlog.xxxxxxxxx...

i think its just a way of rkhunter logging issue -. attached here is the actual error message by selinux.

View 6 Replies View Related

Fedora Security :: SELinux Troubleshooter Missing

Jul 20, 2011

I just install Fedora 15 and I see the SELinux Policy Genertation Tool and the SELinux Administration application in the app launcher but I do not see the SELinux Troubleshooter app. I seems to be missing. How do I get it on my system?

View 2 Replies View Related

Fedora Security :: SELinux Policy Changing In 15

Jul 24, 2011

I need to change SELinux policy to permissive and then back to enforced for an installation. I understand that I should be able to do that through the SELinux Administration window accessed through System -> Administration ->SELinux Management. But I do not have any real sysadmin tools available in my Fedora 15 Gnome Gui interface. Am I missing something, or should I use some sort of similar command line tool to do this?

View 2 Replies View Related

Security :: Honeynet Challenge Results: Forensic Analysis Of A Compromised Server

May 7, 2011

I just noticed the results of the Honeynet Project's Challenge 7: Forensic Analysis of a Compromised Server have finally been posted today. Just got done reading one of the submissions and it's pretty good if anyone is interested in how to analyze a Linux incident involving evidence from memory and the file system.

View 2 Replies View Related

Fedora Security :: SELinux - Update Stopped Printing

Mar 6, 2009

I know very little about SE Linux and I've heard that in some situations it's better to disable it. For a home user, is it important? Does it improve your life ? or does it get in the way ?

Last week some update stopped my printing and I had to install the new hplip from HP because it wasn't in the Fedora repos to correct the problem. I don't know if SELinux had anything to do with it, but today when I disabled SELinux a few minutes later I get a star up on the toolbar and when I clicked on it it mentioned something about hplip. It wouldn't make any sense to me but maybe this has happened to others.

View 9 Replies View Related

Fedora Security :: SElinux Is Blocking My Internet Connection

Mar 15, 2009

SElinux is blocking my internet connection and every time when I connect t the internet (pppoe connection) I ge message.

View 2 Replies View Related

Fedora Security :: How To Create A Totally New SELinux User

Jun 4, 2009

Currently working on the targeted policy, I need a help in doing the following things as quick as possible:

1- How to create a totally new SELinux user (not mapping new linux user to SELinux user) I want a new user with no roles or with a maximum of 1 role. I also need how to compile the new user so I can used it for mapping users. At the time, I've tried creating a new file inside /etc/selinux/targeted/contexts/users similar to the other users inside this directory, but it did not actually seem to appear when using the command semanage to list SELinux users : semanage user -l
2- How to create a totally new SELinux role (empty for now) ? and how to make the relation between this new role and domains or types.
3- How to create new domain, actually following some old instructions I created the .fc and .te files, but not the .if file, which is more complicated than the other 2 file.

View 10 Replies View Related

Fedora Security :: Restricting Xattr Flags With Selinux ?

Jul 12, 2009

I've got a question about chattr command. is it possible to restrict a root access for this command. what i want is something similar to freebsd behaviour aka the kernel secure level. setting a particular security level results in limiting some operations (i.e changing immutable flags on files) by root. well, if someone gained an access to a machine in some way, nothing would stop him changing the file's flags. so the question is if it can be achieved with selinux?

View 2 Replies View Related

Fedora Security :: SELinux Stopping Dial Up Connection?

Aug 6, 2009

well after spending most of the morning getting help with my internet connection hanging when I dial up we discover that SELinux is causing it so when I set it to passive I can connect so how can I get it to allow me to connect while being set to enforcing?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved