FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-06-2008, 01:13 AM
"Alain Reguera Delgado"
 
Default Customizing SELinux Policy

Hi Guys,

After some moths the server has been running in SELinux Permesive mode
... Some avc: denied messages has been recored ... I thought it was
time to go to the next step and set SELinux Enforcing mode in the
server ... it is a mail(postfix+cyrus+sasl), web, snmp with mrtg,
squid sever with a local TLS configured for webmail access ... I took
a look to the Deployment Guide about how to do it ... and tried to
build modules with audit2allow from the /var/log/message

The modules seem to work fine, because old avc denied messages
desappeard ... but some messages like the following appear at
/var/log/messages when I do a semodule -i modulename or semodule -r
modulename :

Oct 5 20:16:11 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
terminal=?)'
Oct 5 20:16:11 orion kernel: audit(1223252171.572:8): policy loaded
auid=4294967295 ses=4294967295
Oct 5 20:16:41 orion kernel: audit(1223252201.673:9): user pid=2172
uid=81 auid=4294967295 subj=system_u:system_r:system_dbus
d_t:s0 msg='avc: received policyload notice (seqno=3)
Oct 5 20:16:41 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
terminal=?)'
Oct 5 20:16:41 orion kernel: audit(1223252201.676:10): policy loaded
auid=4294967295 ses=4294967295
Oct 5 20:17:51 orion kernel: audit(1223252271.462:11): user pid=2172
uid=81 auid=4294967295 subj=system_u:system_r:system_dbu
sd_t:s0 msg='avc: received policyload notice (seqno=4)
Oct 5 20:17:51 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
terminal=?)'
Oct 5 20:17:51 orion kernel: audit(1223252271.464:12): policy loaded
auid=4294967295 ses=4294967295
Oct 5 20:19:06 orion kernel: audit(1223252346.208:13): user pid=2172
uid=81 auid=4294967295 subj=system_u:system_r:system_dbu
sd_t:s0 msg='avc: received policyload notice (seqno=5)
Oct 5 20:19:06 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
terminal=?)'
Oct 5 20:19:06 orion kernel: audit(1223252346.211:14): policy loaded
auid=4294967295 ses=4294967295
Oct 5 20:19:11 orion kernel: audit(1223252351.331:15): user pid=2172
uid=81 auid=4294967295 subj=system_u:system_r:system_dbu
sd_t:s0 msg='avc: received policyload notice (seqno=6)

Also, in the /var/log/httpd/ssl_error_log the following messages appear too:

[Sun Oct 05 19:58:19 2008] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Oct 05 19:58:19 2008] [warn] RSA server certificate CommonName
(CN) `orion.ciget.cienfuegos.cu' does NOT match server nam
e!?

Really rare to me because that name `orion.ciget.cienfuegos.cu' is the
actual server hostname. When try to connect to the webmail through
https:// can't connect to it, the browser reports connection failed
after a waiting of a few seconds. http:// works as expected.

This machine is fully updated in CentOS-5.2.

Linux orion.ciget.cienfuegos.cu 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24
19:33:52 EDT 2008 i686 i686 i386 GNU/Linux

Could you suggest something ? ...

Thank you very much guys,
al.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-07-2008, 01:20 PM
"Alain Reguera Delgado"
 
Default Customizing SELinux Policy

On 10/5/08, Alain Reguera Delgado <alain.reguera@gmail.com> wrote:
> Hi Guys,
...
>
> Oct 5 20:16:11 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
> terminal=?)'
> Oct 5 20:16:11 orion kernel: audit(1223252171.572:8): policy loaded
> auid=4294967295 ses=4294967295
> Oct 5 20:16:41 orion kernel: audit(1223252201.673:9): user pid=2172
> uid=81 auid=4294967295 subj=system_u:system_r:system_dbus
> d_t:s0 msg='avc: received policyload notice (seqno=3)
> Oct 5 20:16:41 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
> terminal=?)'
> Oct 5 20:16:41 orion kernel: audit(1223252201.676:10): policy loaded
> auid=4294967295 ses=4294967295
> Oct 5 20:17:51 orion kernel: audit(1223252271.462:11): user pid=2172
> uid=81 auid=4294967295 subj=system_u:system_r:system_dbu
> sd_t:s0 msg='avc: received policyload notice (seqno=4)
> Oct 5 20:17:51 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
> terminal=?)'
> Oct 5 20:17:51 orion kernel: audit(1223252271.464:12): policy loaded
> auid=4294967295 ses=4294967295
> Oct 5 20:19:06 orion kernel: audit(1223252346.208:13): user pid=2172
> uid=81 auid=4294967295 subj=system_u:system_r:system_dbu
> sd_t:s0 msg='avc: received policyload notice (seqno=5)
> Oct 5 20:19:06 orion kernel: : exe="?" (sauid=81, hostname=?, addr=?,
> terminal=?)'
> Oct 5 20:19:06 orion kernel: audit(1223252346.211:14): policy loaded
> auid=4294967295 ses=4294967295
> Oct 5 20:19:11 orion kernel: audit(1223252351.331:15): user pid=2172
> uid=81 auid=4294967295 subj=system_u:system_r:system_dbu
> sd_t:s0 msg='avc: received policyload notice (seqno=6)

Still looking for the meaning of this ...

> Also, in the /var/log/httpd/ssl_error_log the following messages appear too:
>
> [Sun Oct 05 19:58:19 2008] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Sun Oct 05 19:58:19 2008] [warn] RSA server certificate CommonName
> (CN) `orion.ciget.cienfuegos.cu' does NOT match server nam
> e!?
>
> Really rare to me because that name `orion.ciget.cienfuegos.cu' is the
> actual server hostname. When try to connect to the webmail through
> https:// can't connect to it, the browser reports connection failed
> after a waiting of a few seconds. http:// works as expected.

Not too rare now :-) ... That happend when I used
system-config-securitylevel-tui tool. I opened 443 manually in
/etc/sysconfig/iptables then when tried to enforce SELinux it (Secure
www) was not set there, so the /etc/sysconfig/iptables was rewrote and
443 line was lost. It is fixed now :-).

Cheers,
al.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:49 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org