Security :: CentOS 5 - SELinux Denial Of Wicd / Wpa_supplicant - Get Wireless To Work Properly Using Default NetworkManager
May 11, 2010
I am trying to use CentOS 5.4 to set up a secure laptop, largely because of it's SELinux functionality. Unfortunately I couldn't get wireless to work properly using the default NetworkManager so I installed wicd. Initially it buggered up my whole installation but after relabelling files using SEL I can now use my system again. but.. I can't use it with SELinux enabled, as it denies the required accesses for wicd to work. I also get similar SELinux denials for wpa_supplicant. A couple of snippets from /var/log/audit/audit.log -
[Code]....
View 4 Replies
ADVERTISEMENT
Dec 17, 2010
I'v just installed wicd. I can't get it to sart, I get errors saying that wicd couldn't connect to it's dbus interface and the wicd deamon has shut down. Then there's a report from SELinux saying that it's preventing /usr/bin/python "write" access on /etc/dhcp/manager-settings.conf and that access is denied to wicd. I can get wicd to start if I su to root, but I'd like to not have to do that every time I boot. Is there a fix?
View 1 Replies
View Related
May 26, 2009
I installed Fedora to a desktop with a hardwire ethernet connection to my router. When I ran the live CD it connected fine. When I boot now I have no connection, and when I try to connect I get this "AVC Denial" message and some mumbojumbo about SELinux is preventing nm-dhcp-client to read libdbus-glib blah blah blah. The troubleshooter app is no help to me at all. This is extremely frustrating. A couple of weeks ago I did an install to this same computer and had no problem at all. The only difference is that this time I wiped all of my old distros from the HD, and made separate /, /var, /boot, /tmp, and /usr partitions (in addition to the old /home partition which I kept.) I don't know how that could be causing this problem, but it's the only thing different about this install. Should I just go back to putting everything but /home on one partition?
View 5 Replies
View Related
Apr 8, 2010
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
View 7 Replies
View Related
Feb 20, 2011
if the NetworkManager uses wpa_supplicant? I normally dont use NetworkManager and decided to try it. I started it and tried it out and it works with WEP and WPA! I cant figure out why using the iwconfig command is not working by itself for WEP. WPA working with NetworkManager is just a bonus though.
View 4 Replies
View Related
Mar 13, 2009
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
View 3 Replies
View Related
Jul 9, 2010
I have just installed Fedora 13 on my Lenovo Ideapad S12 (company laptop, evaluating Fedora for companywide use on all laptops) and a facing a weird problem with KDE4 and NetworkManager / knetworkmanager. The laptops wifi card is a Broadcom BCM4312 and I have successfully extracted the necessary b43 firmware. The b43 module loads on boot and the wireless card is activated and ready to use. However, NetworkManager doesn't seem to agree and has wireless disabled by default every time I reboot or even logout / login. I have to check the box manually after which it automatically connects to my wifi network at home.
Any idea where I can check that box automatically on boot?
View 3 Replies
View Related
Nov 20, 2015
I tried to install wicd so I can connect to my wireless internet, but it gives me the following output:
/usr/share/wicd/gtk/gui.py:458: Warning: Source ID 54 was not found when attempting to remove it
gobject.source_remove(self.update_cb)
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/dbus/connection.py", line 230, in maybe_handle_message
self._handler(*args, **kwargs)
File "/usr/share/wicd/gtk/gui.py", line 253, in handle_connection_results
error(self.window, language[results], block=False)
KeyError: dbus.String(u'bad_pass')
I have checked that the pasword is correct. I had network-manager installed but it has been uninstalled. I am trying to connect to a WPA2PSK router. I might be a firmware problem, since I get a 'message' on the start screen that there are some problems with my firmware, but I can't figure out how to check if it is broken, or how to configure it so it is correct.
I have the qualcomm atheros ar9485 wireless card. As far as I can tell, the driver for that is either ath3k or ath9k, both are installed. The message I get when I start the computer is: usb 1-1.1: firmware: failed to load ar3k/AthrBT_0x01020200.dfu (-2).
View 14 Replies
View Related
Mar 10, 2010
My area does not have broadband, but I am able to get 3G on my cell phone. So, I've been tethering it to my laptop when needed, but what I'd like to do is set up my Slackware 13.0 box (which is configured to run as firewall/router/dhcp server so that I can just turn on my phone's wireless router program, and then share it out over the whole network in my house. I'm using a Gigabyte b/g wireless card, which has the RT61 chipset in it. I have NO problems at all getting the wireless card to work with just setting up rc.inet1.conf. The only problem here is when I need to take my cell phone with me, I will not be able to simply turn it back into a WAP, and have my Slackware box auto reconnect to it.
This is why I started looking into using WICD. I do NOT run X, so that's why WICD fits the bill, since it has a cli version. First I tried installing the version that came on the CD. No dice there. I removed that package, and tried the 1.7 package that's on the mirrors under current. I used slackpkg to install it. WICD will run, see wlan0, sees my WAP and a few others, but it fails to connect. It attempts to up the interface, and use dhcp to get an ip, but it fails everytime. My phone's WAP program only does WEP, but I can't get WICD to get an IP with our without WEP enabled. I made sure that my rc.inet1.conf file does not reference any interfaces.
View 14 Replies
View Related
Nov 15, 2009
yesterday I installed openSUSE 11.2 on my laptop. But I'm having problem getting the wifi configured properly. During the installation I got the message "No network running" (which I also saw after the installation when using the network configuration module of YaST after switching from ifup to NetworkManager). After installation NetworkManager seemed to work fine, it detected my wifi card, found the network, and I could even connect to it. Then the problems began, no Internet connection. The first thing I tried was pinging Google which yielded an "unknown host" message. So I checked /etc/resolv.conf, to look for the DNS servers, which where missing.
I added them manually and tried again. Still no luck, so I started pinging my router, which worked, tried again pinging Google using one of there IP addresses, which failed. So I ran route to find out which routes where being used, this one gave an unexpected result, because it only showed the route to the local network (I'm not sure about the loopback one, because this was also a lot of times missing when testing):
[Code]...
View 9 Replies
View Related
Jan 25, 2011
I have a "bad password" reply using wicd 1.7.0 with WPA and a preshared key within Ubuntu 10.10, i.e., I am unable to make automatic/repeatable wireless connections using wicd without a workaround.
I believe this may be a problem interaction between wicd and the way wpa_supllicant is passing the (preshared) key to the network authority (the router). In my case, I use a Linksys WRT54GL running DD-WRT v24-sp2 (10/10/09) std - build 13064 OpenSource firmware, configured as an Access Point in Mixed mode (b/g).
I have no problem authenticating WPA Personal TKIP or AES from Windows or Mac OS X clients with a variety of wireless adapters (Linksys, D-Link, Lucent, Airport (Mac)) (No intervention is required to produce the secure connections).
With wicd 1.7.0 and wpasupplicant 0.6.10-2 (wext as wpa_supplicant driver selected in wicd by default) on Linux 2.6.35.-24-generic (Ubuntu "Maverick Meerkat") and a Lucent Orinoco Gold 802.11b wireless adapter I am able to connect to the network initialy (one time) without the "bad password" error.
After the initial successful connection, reconnection is not possible (the "bad password" error) ***unless the wireless security settings on the router are re-applied. Once reapplied/resaved, a subsequent attempt to create a wireless connection from the Linux client will succeed without any changes having been made on the client side.
The psk data being sent to the router (with respect to the Wireless security settings) is being cached in such a way the connection is initially possible but defeats subsequent attempts at connection. Perhaps the passkey is cached/stored on the client side (after it is used to make the first connection) in such a way that it will be sent incorrectly upon subequent attempts at connection? Of course, I'm simply guessing, here ... it is by luck that I found the workaround to establish this wireless connection.
**********
BTW, FYI, I was unable to use the Gnome Network-Manager to establish any wireless connections at all. Thus, Network-Manager was uninstalled (sudo apt-get purge network-manager) during the installation of wicd (Ubuntu Software centre). wpa_supplicant was re-installed (Synaptic) after wicd was installed.
View 7 Replies
View Related
Sep 20, 2010
I'm trying to configure my new school wireless network (eduroam). Though it *should* work in wicd just fine, it doesn't, it fails with an error saying "failed to authentize". However it works with plain wpa_supplicant. Here's the working wpa_supplicant.conf:
[code].....
I don't see any option in the GUI configuration of wicd that is specified in wpa_supplicant.conf and not in the GUI, so it should generate a proper wpa_supplicant.conf.
Are there some more detailed wicd logs? Is there a way to give wicd the wpa_supplicant.conf part for this single essid and let it use the GUI generated one for the others? Where can I see the wpa_supplicant.conf it has generated for a connection?
View 1 Replies
View Related
Oct 18, 2010
I have installed CentOS and Redhat5 on a LVM partition and selinux is enabled. Both OS's share the same /home partition with one user with the same login(gc) and same uid (1000). The problem I am having is that gc can login with all permissions etc on the OS that was installed first (CentOS). For the redhat OS gc can login but cannot write to the home directory (or startx since X needs to write to Xauthority)Here are outputs - 1st CentOS
[gc@shuttle ~]$ ll -Zd $HOME
drwx------ gc gc system_ubject_r:unlabeled_t /home/gc
[gc@shuttle ~]$ stat $HOME
[code]....
View 1 Replies
View Related
Jul 20, 2010
I'm finding the NetworkManager applet very confusing.When I start up at a new location I can use the "Connect to Other Network..." menu item to bring up the list of available networks, and I'd expect that by selecting one of these and clicking "Connect", then configuring and clicking OK, I'd get a connection. Instead the dialog just goes away and nothing else happens. Is something broken with NetworkManager, or am I misunderstanding how this is supposed to work?
By switching back and forth between NetworkManager and ifup I'm eventually able to establish a connection to a new access point, but it's been a painful process.I've also encountered a problem reported by others, where when my system fails to suspend/resume properly the /var/lib/NetworkManager/NetworkManager.state has NetworkingEnabled=false and I need to manually edit this before restarting networking... but that's a separate issue, and I can work around it with the manual edit (or just add a startup script to do this automatically).
View 4 Replies
View Related
Aug 23, 2010
I just loaded Suse 11.3 on my laptop. I can't get my wireless network to work. I tried via Yast and then switched back to Network Manager but nothing works.NM says that it is running, however I have no way to access it. No icon and I don't know where it is located or how to add to desktop panel.
View 6 Replies
View Related
Jul 14, 2011
i'm trying to replace default F15 NetworkManager with wicd. i installed wicd and used "chkconfig NetworkManager off" to disable NM but the problem i'm getting is
1. after each reboot i have to start wicd manually from su. any solution to get it loaded automatically?
2. also as i stopped nm, i have no network shortcut in taskbar, anyway wicd icon can be integrated in taskbar?
View 1 Replies
View Related
Apr 22, 2010
This is an excerpt from the Linux man page for mktemp command: "mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition. It creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead."
- How can a denial-of-service attack be carried out if a directory name is known?
- Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files?
View 1 Replies
View Related
Dec 8, 2009
Is there a reason why the selinux module for nagios just doesn't work? I'm running CentOS release 5.4 (Final) and did "yum install nagios" and now have nagios-3.2.0-1.el5.rf installed. I'm having to create policy after policy after policy, and still haven't reached the end of the rainbow.
I suppose after I run out of selinux violations, I could figure out how to combine all of these modules and post the result, but it seems really, really weird to think that I'm the only person who has ever installed nagios from the repo with SELinux enabled.
View 1 Replies
View Related
Oct 12, 2009
I've been running CentOS on my laptop for a few weeks now. I don't know what happened today, but when I boot up, the NetworkManager wont show up on the panel, and I don't have access to wireless networks or Internet. I tried booting my Windows partition and the wireless works fine. I can't seem to remember any latest change I've made aside from the wallpaper =) Any ideas where I should start debugging? I could see the module "iwl3945" still loaded. Here's a manual type of my lsmod | grep iwl3945
iwl3945 90177 0
mac80211 137929 1 iwl3945
cfg80211 30793 2 iwl3945,mac80211
View 13 Replies
View Related
Feb 15, 2011
Fedora 13 64. NetworkManager tries to unlink /etc/hosts and is blocked:
Code:
SELinux is preventing /usr/sbin/NetworkManager from unlink access on the file /etc/hosts.
Additional Information:
[code]....
View 2 Replies
View Related
Apr 4, 2011
I am trying to use nm-applet with Arch/Openbox/tint2. I can't use wicd-gtk because wicd won't work with ad-hoc networks. I have tested nm-applet in Ubuntu/Openbox/tint2 and it works fine.
The error message is:
Code:
[esteeven@piccolo ~]$ nm-applet
** Message: applet now removed from the notification area
[Code]...
View 1 Replies
View Related
Nov 1, 2009
I had originally followed the advice at Mauriat Miranda's Fedora Nvidia Driver Install Guide [URL] for installing nvidia's display driver on my HP Pavilion system 64 bit running Fedora 11. I had used his first method which just installs the relevant kernel module kmod-nvidia from RPMFusion. He also suggested an alternate method: obtaining Nvidia's installer NVIDIA-Linux-x86_64-185.18.36-pkg2.run and using that. I downloaded it from Nvidia, but I didn't run it.
I recently lost X. This had happened previously after a kernel upgrade, and I just used grub to boot an earlier kernel to recover X, and then installed the upgraded kernel module to fix the problem. But this time, being deeply involved in something else, I panicked slightly, and, using dumb terminal mode I ran the Nvidia installer. It asked me to make various choices and in response to my answers, it decided to compile a new kernel module. This recovered X, but I then compounded things by installing the updated kmod-nvidia.
I realized afterwards that using both methods might create some conflicts, but X seemed to run properly. (I can tell because graphics in the program Maple doesn't work properly with the default drivers provided by Fedora 11.) Since then, when I restart nvidia, I get.
[Code]....
View 3 Replies
View Related
Feb 7, 2010
So I installed pam-script
made this script:
Code:
#!/bin/bash
RFID_AUTH_SUCCESS=0
#Read the card
tag=`'/etc/rfid/RFID-login'`
code....
Code:
sudo test
It doesn't ask for my password and instantly authenticates as root!
if I run the above posted script manually, (cd into the dir and execute it), it works fine and produces the result 1 if positive and 0 if negative.
View 1 Replies
View Related
Sep 8, 2009
After reading and trying tons of tutorials and several OS reinstalls, I'm stuck trying to load wireless on my Dell Vostro 1400 laptop. Before you say search forums! I hurry to tell I did. No solution seems to work. WLAN chipset - Broadcom's BCM4311 / BCM 2050. 1st scenario - native CentOS 5.3 drivers Although CentOS recognize WLAN card and displays it's name correctly, neither network or NetworkManager sees any of wireless networks.
2nd scenario - Broadcom's drivers Most know Broadcom has released Linux drivers. I had some more luck with them than in 1st scenario although problems occur. After successfully compiling Kernel module, wireless networks are discovered and can be successfully connected but no pages load. It seems like DNS is not resolving at all and page loading timeouts instantly. Tested on TKIP-encrypted network.
View 15 Replies
View Related
Feb 3, 2010
I have been trying to get my Broadcom BCM4328 to work properly on openSUSE 11.2 (kernel 2.6.31.5). Finally, after installing the wl kernel module, I managed to get it working when a run the following commands after a reboot:
sudo /sbin/modprobe -r b43 b44 ssb wl
sudo /sbin/modprobe wl
sudo /sbin/modprobe b44
sudo /etc/init.d/network restart
My question is how can I automate the above commands, i.e. create a startup script to initialise the wireless adapter properly without the need to manually reload the kernel modules?
View 3 Replies
View Related
Apr 11, 2011
On fresh install of 11.4 everything worked fine, but after some updates networkmanager stopped working properly on my netbook (intel atom n270 based).When I log in, network manager shows that networking is disabled and I can't connect. Checking/unchecking the checkbox does nothing. All settings in Yast are OK.To make it work, run "/etc/init.d/network restart" and then plug in the wire OR (in case of wireless connection) I restart network from console, unchecck and check the checkbox in networkmanager and only then it starts to work as it should.
View 9 Replies
View Related
Dec 10, 2010
We have a Blade server connected to a two internal ESM Cisco switch. We want to have a active-backup configuration with bonding. We follow the documentation and we hace configured the next:
Centos 5.5
ETH0:
[root etc]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Broadcom Corporation NetXtreme II BCM5709S Gigabit Ethernet
DEVICE=eth0
[Code].....
View 1 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Feb 17, 2010
right now im using the nm-applet but i dont like it. it produces lags. i think the periodical ssid/broadcast check might be the cause :/it lags every minute or so...in games and skype it is very annoying! if there is a possibily to disable these scans in nm-applet it would be fine too.for the moment im "using" this wpa_supplicant config:
Code:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
[code]....
View 1 Replies
View Related
Mar 20, 2010
I am running a quad core centos 5.4 box that is having a strange problem with dovecot. The administration panel is able to send emails through dovecot but not any of the user accounts (ie with webmail). I've done a bit of research with what could be wrong but haven't had any luck so far I am also having a weird problem with apache: on a c++/php bittorrent application I was going to be running on a subdomain of my main site I get a 500 error every time I try to log in. The only way to get rid of the 500 error is to clear the chache (so its horribly broken somehow). The error generated in the log whenever I try to log in is that "ffmpeg is already loaded" (which I am running on the main site and is critical). Is there a way of either repairing my apache install or excluding ffmpeg on the subdomain in the conf or something?
View 2 Replies
View Related
