General :: SElinux Security Context Type & Booleans In FTP/vsftpd?
Sep 13, 2010What are the SElinux security context type & booleans in FTP/vsftpd
View 3 Replies
ADVERTISEMENT
General :: Error: Security Context Requested, Bu No Selinux Support! Aborting
Apr 19, 2010I try to install IPsec-Tools on Slackware 13, but I get an configure error: configure: error: Security Context requested, bu no selinux support! Aborting. I'm linux newbie and I'm following a slackware-basics tutorial, I did as in the tutorial, but the configure stops and aborts:
Code:
# CFLAGS="-O2 -march=i486 -mcpu=i686"
./configure --prefix=/usr
--sysconfdir=/etc
--localstatedir=/var
[Code]...
What can I do? How can I enable/install selinux support? I guess it's related with AH and ESP protocols, which in my kernel are defined as modules (m). If so, how can I enable them?
Fedora Servers :: SELinux - Find A List Of All The Booleans For SELinux (10) Using Getsebool -a
Feb 23, 2009You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedFedora Security :: SELinux Context For Cgi-bin?
Oct 20, 2010I'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:
SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.
How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?
Fedora Security :: Wrong SELinux Context On /etc/sudoers?
Nov 21, 2010I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers
[code]....
Red Hat / Fedora :: Selinux Security Alerts - Change File Context?
Apr 26, 2010I receive messages such as the below:
SELinux is preventing /usr/sbin/httpd from using potentially mislabeled filesjk-runtime-status. SELinux has denied the httpd access to potentially mislabeled filesjk-runtime-status. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, httpd_tmp_t,
I know how to change the owner of a file and the permissions but what does it mean to change the file context?
Server :: Where Are The Booleans For SELinux Stored
Sep 23, 2010I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
[Code]....
CentOS 5 Server :: Where Are The Booleans For SELinux Stored
Sep 24, 2010I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
Where is SELinux storing the booleans then?
This is on CentOS 5.4
CentOS 5 :: VSFTPD & CHCON - Returns The Error: /usr/bin/chcon : Couldn't Compute Security Context From Unlabeled?
Apr 8, 2011The script "vsftpd_virtualuser_add.sh" from the guide here:
http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
executes the following line: /usr/bin/chcon -t public_content_rw_t $HOMEDIR/$USERNAME
which returns the error: /usr/bin/chcon: couldn't compute security context from unlabeled
Login attempts are unsuccessful on the given username.I followed the instructions on that page verbatim.I can't find anything useful on that error anywhere - even outside of vsftpd context.This is a new CentOS 5.5 server - updated everything with yum.VSFTP worked fine on the last server, which was a CentOS 5.x.
General :: Accidently Reset SELINUX Context For /var Folder Permissions?
Jan 30, 2011I accidently reset the SELINUX context on the /var folder from "var_t" to user data. Now I cant go back and set it to "var_t" and i cant access my website anymore
View 3 Replies View RelatedFedora :: SELinux Context - Allow Apache's Http Daemon To Use Arp (for Getting Some Mac Addresses)
Apr 13, 2010I'm working with Fedora and SELinux and am having a problem. I need to allow apache's http daemon to use arp (for getting some mac addresses). I have changed the type of the arp executable to httpd_sys_context_t but am still having an issue. Here is the messages log: Detailed Description:
[Code]...
Fedora :: 12 SELinux Context Not Updated When Changing User's Home Directory
Feb 15, 2010I was setting up a Samba server and I ran into some problems with SELinux related to the context of the home directories. I made a user account, say "UserAccount", with a default home directory "home/UserAccount". Afterwards I realized that I needed to move the home directory of this particular user to another location, say "/home2/UserAccount". So I created the new directory, changed the permissions, and used Gnome's system-config-user to change the user's home directory.
I then set-up the Samba server, activated samba_run_unconfined and samba_enable_home_dirs in SELinux, and made an account for UserAccount. When testing the Samba account for UserAccount SELinux denied read access. I checked the context and the new home directory did not appeared to have been updated. I had to manually run:
restorecon -R -v /home2/UserAccount
to set the context on the new home directory. I'm not very familiar with SELinux, so my question is this: is this normal security policy or is a bug in the system-config-user tool? If it's normal policy can someone explain why? I'm always ready to learn Distro: Fedora 12 (kernel: 2.6.31.5-127.fc12.i686) System: Dual Intel Xeon @ 3.2 GHz, 1 GB RAM
CentOS 5 Server :: Can't Set Vsftpd With SElinux Properly / Sort It?
Apr 8, 2010I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
General :: Change Security Context Of Only Directories?
Jul 4, 2011Is there a way I can change the security context of only the directories, & only files, recursively, in bash?
View 11 Replies View RelatedSecurity :: Server Hacked When Try To Log In Type Root But Won't Let Type A Password?
Jun 22, 2010I have a server hacked when i try to log in i type root but won't let me type a passwdthere are no services up, can't see page mail nothing
View 11 Replies View RelatedFedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?
Apr 13, 2011this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
Fedora Servers :: SELinux Is Preventing /usr/sbin/vsftpd "net_raw" Access
Dec 31, 2009I receive the message "SELinux is preventing /usr/sbin/vsftpd "net_raw" access" many times. Found this bug at redhat but really do not understand what i should do about it ((( Kindly let me know how to change this to normal. Shut down Selinux is not the way out.
View 14 Replies View RelatedSecurity :: Disable SELinux Security On Httpd
Jul 13, 2010I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
View 1 Replies View RelatedFedora :: Security Context During Login While Entering GDM
May 3, 2011After entering the gdm I'm being asked "Would you like to enter a Security Context [N]?" during login. I've had a look around online but can find nothing final about this.
View 1 Replies View RelatedServer :: Reset Security Context For Cgi-bin By Mistake?
Feb 9, 2011I reset the security context for my cgi-bin to httpd_sys_content_t.How do I set it back to the proper context?
View 1 Replies View RelatedFedora Security :: Selinux Not Enabled?
Nov 10, 2010Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then
View 10 Replies View RelatedFedora Security :: How To Enable The SELinux
Jan 17, 2011My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
View 11 Replies View RelatedFedora Security :: SELinux Not Enforcing?
Apr 30, 2011I tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.
View 2 Replies View RelatedSecurity :: Clarification On SELinux Catorgories?
Jan 12, 2011having trouble understanding selinux. the domain is cluster containing permissions. a type is nothing more than a label applied to something like a file,right? so instead of applying the permission set of foo domain to the /etc/shadow file it would be apply label shadow_t to /etc/shadow and make the shadow_t apart of the foo domain?
View 1 Replies View RelatedSecurity :: Enabling SELinux On RHEL 5.4
Feb 25, 2011We have installed RHEL 5.4 on our servers and everything is running fine. Now I have gone through various server hardening checklist and most of them suggest to enable SELinux. We have several services running on Linux box. Now my question is, do we have to make any chagnes to the existing configurations if we enable SELinux. Or we just enable SELinux and leave it as it is. Because I have had prior experiences where SElinux will stop many services and restrict access to many libraries when enabled.
View 1 Replies View RelatedSecurity :: Red Hat SeLinux Is Blocking Ssh And Http?
Feb 3, 2011When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.
I went into the SeLinux GUI and enabled things in there but still it wont work.
Any thoughts on what to check?
permissive mode and disabled they work
I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working
ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd
[Code].....
Fedora Security :: Prevent Firefox With SELinux?
May 11, 2009I am new to Fedora 10, and to SELinux too.
I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.
Fedora Security :: SELinux Is Blocking Ipod?
Jul 8, 2009I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.
View 2 Replies View RelatedFedora Security :: SELinux Relabel Every 3 Boot?
Mar 29, 2010I get a SELinux relabel often even without changing stuff. SELinux troubleshoot doesn't show any error nor are there any messages in /log/messages that give any clue. Where should I look to see whats happening ?
2.6.31.12-174.2.22.fc12.x86_64
selinux-policy-3.6.32-103.fc12
Fedora Security :: SELinux Really Necessary For Home Desktop?
Jul 11, 2010I wonder if SELinux really are necessary for a home desktop ?
It only makes my computer use more problematic than it already is.
What can happend if I uninstall it on my Fedora 13 dist ?
Is the hole Internet going to come in to my computer and destroy it ?
If I uninstall SELinux, is the firewall uninstalled also ?