FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-03-2009, 04:33 AM
David Highley
 
Default Fedora 12 and unconfined_u sshdfilter

I'm trying to get sshdfilter a Perl wrapper around sshd to work in
Fedora 12. The script needs to be able to call iptables to drop in new
rejection rules detected hacking connections. I used "semanage fcontext
-a -t sshd_exec_t" which gave it the same context as sshd. I have not
been able to change the unconfined_u to system_u:
lz -Z /usr/sbin/sshdfilter unconfined_ubject_r:sshd_exec_t:s0

I was getting avc errors so I created an allow policy:
module mysshdfilter 1.0;

require {
type iptables_exec_t;
type iptables_t;
type sshd_t;
class file execute;
class fifo_file read;
}

#============= iptables_t ==============
allow iptables_t self:fifo_file read;

#============= sshd_t ==============
allow sshd_t iptables_exec_t:file execute;


Now I'm getting:
time->Wed Dec 2 21:07:04 2009
type=USER_ROLE_CHANGE msg=audit(1259816824.474:201): user pid=3664 uid=0
auid=0 ses=12 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=?: exe= "/usr/sbin/sshd" hostname=? addr=? terminal=? res=failed'

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-03-2009, 09:10 AM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Wed, Dec 02, 2009 at 09:33:02PM -0800, David Highley wrote:
> I'm trying to get sshdfilter a Perl wrapper around sshd to work in
> Fedora 12. The script needs to be able to call iptables to drop in new
> rejection rules detected hacking connections. I used "semanage fcontext
> -a -t sshd_exec_t" which gave it the same context as sshd. I have not
> been able to change the unconfined_u to system_u:

the _u part in a context is not important. It just shows which selinux users created the subject or object.

> lz -Z /usr/sbin/sshdfilter unconfined_ubject_r:sshd_exec_t:s0
>
> I was getting avc errors so I created an allow policy:
> module mysshdfilter 1.0;
>
> require {
> type iptables_exec_t;
> type iptables_t;
> type sshd_t;
> class file execute;
> class fifo_file read;
> }
>
> #============= iptables_t ==============
> allow iptables_t self:fifo_file read;
>
> #============= sshd_t ==============
> allow sshd_t iptables_exec_t:file execute;
>
>
> Now I'm getting:
> time->Wed Dec 2 21:07:04 2009
> type=USER_ROLE_CHANGE msg=audit(1259816824.474:201): user pid=3664 uid=0
> auid=0 ses=12 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=?: exe= "/usr/sbin/sshd" hostname=? addr=? terminal=? res=failed'

Looks to me like sshdfilter is not SELinux aware or that there is an error in sshdfilter/pam configuration. pam_selinux failed.

>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-04-2009, 03:40 AM
David Highley
 
Default Fedora 12 and unconfined_u sshdfilter

"Daniel J Walsh wrote:"
>
> On 12/03/2009 12:33 AM, David Highley wrote:
> > I'm trying to get sshdfilter a Perl wrapper around sshd to work in
> > Fedora 12. The script needs to be able to call iptables to drop in new
> > rejection rules detected hacking connections. I used "semanage fcontext
> > -a -t sshd_exec_t" which gave it the same context as sshd. I have not
> > been able to change the unconfined_u to system_u:
> > lz -Z /usr/sbin/sshdfilter unconfined_ubject_r:sshd_exec_t:s0
> >
> > I was getting avc errors so I created an allow policy:
> > module mysshdfilter 1.0;
> >
> > require {
> > type iptables_exec_t;
> > type iptables_t;
> > type sshd_t;
> > class file execute;
> > class fifo_file read;
> > }
> >
> > #============= iptables_t ==============
> > allow iptables_t self:fifo_file read;
> >
> > #============= sshd_t ==============
> > allow sshd_t iptables_exec_t:file execute;
> >
> >
> > Now I'm getting:
> > time->Wed Dec 2 21:07:04 2009
> > type=USER_ROLE_CHANGE msg=audit(1259816824.474:201): user pid=3664 uid=0
> > auid=0 ses=12 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=?: exe= "/usr/sbin/sshd" hostname=? addr=? terminal=? res=failed'
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >
> You probably want
>
> iptables_domtrans(sshd_t)

I tried adding this statement to the file, but checkmodule gave syntax
error. I tried searching through the selinux files but did not find an
example of how to use the above statement.

>
> The ROLE_CHANGE is not an SELinux error, it is just an audit message.
>
> I will add the fifo_file rule to iptables policy
>
> Fixed in selinux-policy-3.6.32-54.fc12
>
> If you want to get real crazy you could write policy for
> /usr/sbin/sshdfilter
>
>
> policy_module(sshdfilter, 1.0)
>
> ssh_server_template(sshdfilter)
> iptables_domtrans(sshdfilter_t)
>
>
>


--

Regards,

David Highley
Highley Recommended, Inc. Phone: (206) 669-0081
2927 SW 339th Street WEB: http://www.highley-recommended.com
Federal Way, WA 98023-7732

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-04-2009, 08:57 AM
Moray Henderson
 
Default Fedora 12 and unconfined_u sshdfilter

David Highley wrote:
>"Daniel J Walsh wrote:"
>>
>> On 12/03/2009 12:33 AM, David Highley wrote:
>> > I'm trying to get sshdfilter a Perl wrapper around sshd to work in
>> > Fedora 12. The script needs to be able to call iptables to drop in
new
>> > rejection rules detected hacking connections. I used "semanage
>fcontext
>> > -a -t sshd_exec_t" which gave it the same context as sshd. I have
not
>> > been able to change the unconfined_u to system_u:
>> > lz -Z /usr/sbin/sshdfilter unconfined_ubject_r:sshd_exec_t:s0
>> >
>> > I was getting avc errors so I created an allow policy:
>> > module mysshdfilter 1.0;
>> >
>> > require {
>> > type iptables_exec_t;
>> > type iptables_t;
>> > type sshd_t;
>> > class file execute;
>> > class fifo_file read;
>> > }
>> >
>> > #============= iptables_t ==============
>> > allow iptables_t self:fifo_file read;
>> >
>> > #============= sshd_t ==============
>> > allow sshd_t iptables_exec_t:file execute;
>> >
>> >
>> > Now I'm getting:
>> > time->Wed Dec 2 21:07:04 2009
>> > type=USER_ROLE_CHANGE msg=audit(1259816824.474:201): user pid=3664
>uid=0
>> > auid=0 ses=12 subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023
>msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-
>s0:c0.c1023 selected-context=?: exe= "/usr/sbin/sshd" hostname=? addr=?
>terminal=? res=failed'
>> >
>> > --
>> > fedora-selinux-list mailing list
>> > fedora-selinux-list@redhat.com
>> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> >
>> >
>> You probably want
>>
>> iptables_domtrans(sshd_t)
>
>I tried adding this statement to the file, but checkmodule gave syntax
>error. I tried searching through the selinux files but did not find an
>example of how to use the above statement.
>
>>
>> The ROLE_CHANGE is not an SELinux error, it is just an audit message.
>>
>> I will add the fifo_file rule to iptables policy
>>
>> Fixed in selinux-policy-3.6.32-54.fc12
>>
>> If you want to get real crazy you could write policy for
>> /usr/sbin/sshdfilter
>>
>>
>> policy_module(sshdfilter, 1.0)
>>
>> ssh_server_template(sshdfilter)
>> iptables_domtrans(sshdfilter_t)


Your original policy "module mysshdfilter 1.0;" is written in the
old-fashioned way: requirements declaration followed by allow rules.
This is how I write my policy, too.

Daniel's example uses the new way - a whole new policy programming
language which needs to be pre-processed and compiled. You can't mix
the old and new ways.

To compile with the new way (on EL5 - hopefully Fedora 12 is similar)
you need the selinux-policy-devel package. Simply use the checkmodule
command to build a .mod module file from the .te file, and then the
semanage_module command to combine the .mod file with any .fc file to
produce the loadable .pp module file which you can load with semodule.
You can also have a .if file, but I'm not sure where that fits in to
things yet.

checkmodule [ -M ] -m mysshdfilter.te -o mysshdfilter.mod
semanage_module -m mysshdfilter.mod -o rsyslogd.pp [ -f mysshdfilter.fc
]
semodule -i mysshdfilter.pp

Which leads me to a question I have been meaning to ask for a while now:
if I compile my policy the old way, I get a module of a certain size.
If I build exactly the same policy using the m4 macros and examine the
pre-processed files, there is a whole lot of extra stuff that has been
added. What is all that? What is the advantage of having it added to
each module?


Moray.
"To err is human.* To purr, feline"





--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-07-2009, 11:01 AM
"Moray Henderson (ICT)"
 
Default Fedora 12 and unconfined_u sshdfilter

James Carter wrote:
>Dan's example used Refpolicy interfaces. Interfaces are very useful and
>provide a better layer of abstraction, but they are just m4 macros,
>which have always been used in SELinux policy.
>
>Interfaces should be used as much as possible, but it is not true that
>you can't mix the old and new ways.

Mixing the plain rules and the m4 macros didn't work when I tried it - but perhaps I just wasn’t writing it right. Is there a Refpolicy tutorial anywhere?


Moray.
"To err is human. To purr, feline"


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-07-2009, 11:11 AM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> James Carter wrote:
> >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> >provide a better layer of abstraction, but they are just m4 macros,
> >which have always been used in SELinux policy.
> >
> >Interfaces should be used as much as possible, but it is not true that
> >you can't mix the old and new ways.
>
> Mixing the plain rules and the m4 macros didn't work when I tried it - but perhaps I just wasn’t writing it right. Is there a Refpolicy tutorial anywhere?

There is www.selinuxbyexample.com (book) but its not free and a bit dated. I want to do a video tutorial about it for Fedora 12 (i have some interesting ideas about what to demonstrate) unfortunatly i cannot find a working screen capture software for Fedora 12 (both istanbul and recordmydesktop are currently too buggy to use)

>
>
> Moray.
> "To err is human. To purr, feline"
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-07-2009, 07:28 PM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> James Carter wrote:
> >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> >provide a better layer of abstraction, but they are just m4 macros,
> >which have always been used in SELinux policy.
> >
> >Interfaces should be used as much as possible, but it is not true that
> >you can't mix the old and new ways.
>
> Mixing the plain rules and the m4 macros didn't work when I tried it - but perhaps I just wasn’t writing it right. Is there a Refpolicy tutorial anywhere?

I spend a little time today writing about the policy structure in Fedora. Maybe it can help you or others:

http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedora_12.pdf
>
>
> Moray.
> "To err is human. To purr, feline"
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-14-2009, 05:25 PM
David Highley
 
Default Fedora 12 and unconfined_u sshdfilter

"Dominick Grift wrote:"
>
>
> --===============0725889959==
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
> Content-Disposition: inline
>
>
> --uAKRQypu60I7Lcqm
> Content-Type: text/plain; charset=utf-8
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > James Carter wrote:
> > >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> > >provide a better layer of abstraction, but they are just m4 macros,
> > >which have always been used in SELinux policy.
> > >
> > >Interfaces should be used as much as possible, but it is not true that
> > >you can't mix the old and new ways.
> >=20
> > Mixing the plain rules and the m4 macros didn't work when I tried it - bu=
> t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut=
> orial anywhere?
>
> I spend a little time today writing about the policy structure in Fedora. M=
> aybe it can help you or others:
>
> http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo=
> ra_12.pdf


Still have not mastered this one yet. Here is the policy file created by
grep of /var/log/audit/audit.log file piped to audit2allow:

module mysshdfilter 1.0;

require {
type var_run_t;
type iptables_exec_t;
type bin_t;
type sshd_t;
type iptables_t;
class lnk_file read;
class file { read getattr open execute execute_no_trans };
class fifo_file { read write ioctl getattr };
}

#============= iptables_t ==============
allow iptables_t bin_t:lnk_file read;
allow iptables_t self:fifo_file { read write ioctl getattr };

#============= sshd_t ==============
allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
allow sshd_t var_run_t:file getattr;


The audit log entries are:
type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)

> >=20
> >=20
> > Moray.
> > "To err is human. To purr, feline"
> >=20
> >=20
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --uAKRQypu60I7Lcqm
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> =tNuu
> -----END PGP SIGNATURE-----
>
> --uAKRQypu60I7Lcqm--
>
>
> --===============0725889959==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> --===============0725889959==--
>

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-14-2009, 08:21 PM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> "Dominick Grift wrote:"
> >
> >
> > --===============0725889959==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
> > Content-Disposition: inline
> >
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: text/plain; charset=utf-8
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > James Carter wrote:
> > > >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> > > >provide a better layer of abstraction, but they are just m4 macros,
> > > >which have always been used in SELinux policy.
> > > >
> > > >Interfaces should be used as much as possible, but it is not true that
> > > >you can't mix the old and new ways.
> > >=20
> > > Mixing the plain rules and the m4 macros didn't work when I tried it - bu=
> > t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut=
> > orial anywhere?
> >
> > I spend a little time today writing about the policy structure in Fedora. M=
> > aybe it can help you or others:
> >
> > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo=
> > ra_12.pdf
>
>
> Still have not mastered this one yet. Here is the policy file created by
> grep of /var/log/audit/audit.log file piped to audit2allow:
>
> module mysshdfilter 1.0;
>
> require {
> type var_run_t;
> type iptables_exec_t;
> type bin_t;
> type sshd_t;
> type iptables_t;
> class lnk_file read;
> class file { read getattr open execute execute_no_trans };
> class fifo_file { read write ioctl getattr };
> }
>
> #============= iptables_t ==============
> allow iptables_t bin_t:lnk_file read;
> allow iptables_t self:fifo_file { read write ioctl getattr };

echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
echo "optional_policy(`" >> newiptables.te
echo "gen_require('" >> newiptables.te
echo "type iptables_t;" >> newiptables.te
echo "')" >> newiptables.te
echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
echo "')" >> newiptables.te

make -f /usr/share/selinux/devel/Makefile newiptables.pp
sudo semodule -i newiptables.pp

>
> #============= sshd_t ==============
> allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

echo "policy_module(newsshd, 1.0.0)" > newsshd.te
echo "optional_policy(`" >> newsshd.te
echo "gen_require(`" >> newsshd.te
echo "type sshd_t;" >> newsshd.te
echo "')" >> newsshd.te
echo "iptables_domtrans(sshd_t)" >> newsshd.te
echo "')" >> newsshd.te

make -f /usr/share/selinux/devel/Makefile newsshd.pp
sudo semodule -i newsshd.pp

> allow sshd_t var_run_t:file getattr;

This one is a bit more complicated because i dont know for sure what created it (in what context runs sshdfilter?)
>
>
> The audit log entries are:
> type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
> > >=20
> > >=20
> > > Moray.
> > > "To err is human. To purr, feline"
> > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > =tNuu
> > -----END PGP SIGNATURE-----
> >
> > --uAKRQypu60I7Lcqm--
> >
> >
> > --===============0725889959==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============0725889959==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-14-2009, 08:35 PM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> "Dominick Grift wrote:"
> >
> >
> > --===============0725889959==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
> > Content-Disposition: inline
> >
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: text/plain; charset=utf-8
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > James Carter wrote:
> > > >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> > > >provide a better layer of abstraction, but they are just m4 macros,
> > > >which have always been used in SELinux policy.
> > > >
> > > >Interfaces should be used as much as possible, but it is not true that
> > > >you can't mix the old and new ways.
> > >=20
> > > Mixing the plain rules and the m4 macros didn't work when I tried it - bu=
> > t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut=
> > orial anywhere?
> >
> > I spend a little time today writing about the policy structure in Fedora. M=
> > aybe it can help you or others:
> >
> > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo=
> > ra_12.pdf
>
>
> Still have not mastered this one yet. Here is the policy file created by
> grep of /var/log/audit/audit.log file piped to audit2allow:
>
> module mysshdfilter 1.0;
>
> require {
> type var_run_t;
> type iptables_exec_t;
> type bin_t;
> type sshd_t;
> type iptables_t;
> class lnk_file read;
> class file { read getattr open execute execute_no_trans };
> class fifo_file { read write ioctl getattr };
> }
>
> #============= iptables_t ==============
> allow iptables_t bin_t:lnk_file read;
> allow iptables_t self:fifo_file { read write ioctl getattr };
>
> #============= sshd_t ==============
> allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };


> allow sshd_t var_run_t:file getattr;

Actually i think sshdfilter init script may have created it? Does it even have an init script?

>
>
> The audit log entries are:
> type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_ubject_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_ubject_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
> > >=20
> > >=20
> > > Moray.
> > > "To err is human. To purr, feline"
> > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > =tNuu
> > -----END PGP SIGNATURE-----
> >
> > --uAKRQypu60I7Lcqm--
> >
> >
> > --===============0725889959==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============0725889959==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org