(no subject)
by Cigliano Andrea
Hi, do u have a sample of trouble shooting exercise in RHCE exam?
Thanks
19 years, 6 months
SELinux and Auditing of Security-Relevant Files
by Kevin Degnan
Hey folks,
I just installed Fedora Core 3 Test 3 with SELinux
turned on and in the "targeted" mode. My goal is to
simply record unsuccessful attempts to access certain
files (such as /etc/shadow and almost everything in
/var/log). The targeted mode doesn't cover this since
it only covers certain daemons, and the strict mode
was way too strict for our needs (I had trouble
logging in and it spit out tons of "avc: denied"
messages).
Is there an easy way to configure SELinux (or another
tool) to audit these files and record unsuccessful
access attempts?
Thanks,
Kevin
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
19 years, 6 months
vsftpd cannot access home directories
by Ryan Graham
What am I looking at here?
This is a mostly default install on FC2. There were some other changes
to vsftpd.conf, but they didnt seem relevant.
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
Response: 500 OOPS: cannot change directory:/home/media
Response: 500 OOPS: child died
audit(1097532459.593:0): avc: denied { getattr } for pid=2281
exe=/usr/sbin/vsftpd path=/proc/2281/mounts dev= ino=149487632
scontext=system_u:system_r:ftpd_t tcontext=system_u:system_r:ftpd_t
tclass=file
audit(1097532459.653:0): avc: denied { search } for pid=2285
exe=/usr/sbin/vsftpd name=media dev=hda2 ino=5210119
scontext=system_u:system_r:ftpd_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
19 years, 6 months
Intro
by Temlakos
Hello. I am an applications developer with an interest in building
secure systems.
As a former practicing pathologist, I believe I have a good set of
"clues" for developing a comprehensive accessioning and reporting
application for pathologists. This will necessarily use a database
server, plus database clients who might connect either on the same
machine or on different machines perhaps even on different sites. That
means that the database server must be exposed to the public Internet,
though I can certainly use iptables to limit access to a single
recommended port.
Obviously I'm considering SELinux as the base operating system for the
database server, and perhaps also for database client systems.
Next week I hope to have a new, experimental box on which I plan to
install Fedora Core 3 Test 3 (one test away from general release; how
buggy can it really be?) with SELinux switched on, in permissive mode to
start with, and hopefully to proceed to full enforcement mode. Is there
anything I need to know, beyond what I can glean from Fedora's FAQ or
the NSA's FAQ? Is the NSA's document on how to write SELinux policies
the best place to get started? What do I need to consider when building
and running a new application in an SELinux environment? Those of you
out there running SELinux in enforcement mode--do you have any insights
you can share with me?
Thanks in advance.
Temlakos
19 years, 6 months
Where to find libselinux-devel-1.11.4-1.src.rpm ?
by Park Lee
Hi,
I'm doing something in SELinux, and need the libselinux-devel-1.11.4-1.src.rpm. I try to find it on the web, I've tried to search it either in http://fedora.redhat.com/projects/selinux/ or in http://rpmfind.net/. but I would only find libselinux-1.11.4-1.src.rpm, libselinux-1.17.14-1.src.rpm,...... etc.
So, would you please tell me where libselinux-devel-1.11.4-1.src.rpm is?
And, now I'm using FC2,in which libselinux-1.11.4-1.i386.rpm is installed. Then, can I use the newest libselinux-1.17.14-1.i386.rpm to update my system, while don't update all the other rpm packages? and if I do this, will my FC2 be damaged?
Thanks in advance
--
Best Regards,
Park Lee <parklee_sel(a)yahoo.com>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
19 years, 6 months
udev reports 'failed' on boot
by Tom London
Running strict/enforcing with lastest from Rawhide.
During boot when udev is started, I get:
Oct 8 09:31:42 fedora kernel: audit(1097227835.719:0): avc: denied
{ read } for pid=596 exe=/bin/cat name=hotplug dev=proc
ino=-268435400 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:sysctl_hotplug_t tclass=file
Oct 8 09:31:42 fedora kernel: audit(1097227837.871:0): avc: denied
{ search } for pid=932 exe=/usr/bin/rhgb-client name=rhgb dev=hda2
ino=280446 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:mnt_t tclass=dir
and 'udev [FAILED]' on the console.
udevd seems to be running, and the system appears to be functioning.....
tom
--
Tom London
19 years, 7 months
Fedora Project Mailing Lists reminder
by Elliot Lee
This is a reminder of the mailing lists for the Fedora Project, and
the purpose of each list. You can view this information at
http://fedora.redhat.com/participate/communicate/
When you're using these mailing lists, please take the time to choose
the one that is most appropriate to your post. If you don't know the
right mailing list to use for a question or discussion, please contact
me. This will help you get the best possible answer for your question,
and keep other list subscribers happy!
Mailing Lists
Mailing lists are email addresses which send email to all users
subscribed to the mailing list. Sending an email to a mailing list
reaches all users interested in discussing a specific topic and users
available to help other users with the topic.
The following mailing lists are available. To subscribe, send email to <listname>-request(a)redhat.com
(replace <listname> with the desired mailing list name such as
fedora-list) with the word subscribe in the subject.
fedora-announce-list - Announcements of changes and events. To stay
aware of news, subscribe to this list.
fedora-list - For users of releases. If you want help with a problem
installing or using , this is the list for you.
fedora-test-list - For testers of test releases. If you would like to
discuss experiences using TEST releases, this is the list for you.
fedora-devel-list - For developers, developers, developers. If you are
interested in helping create releases, this is the list for you.
fedora-docs-list - For participants of the docs project
fedora-desktop-list - For discussions about desktop issues such as user
interfaces, artwork, and usability
fedora-config-list - For discussions about the development of
configuration tools
fedora-legacy-announce - For announcements about the Fedora Legacy
Project
fedora-legacy-list - For discussions about the Fedora Legacy Project
fedora-selinux-list - For discussions about the Fedora SELinux Project
fedora-de-list - For discussions about Fedora in the German language
fedora-es-list - For discussions about Fedora in the Spanish language
fedora-ja-list - For discussions about Fedora in the Japanese language
fedora-i18n-list - For discussions about the internationalization of
Fedora Core
fedora-trans-list - For discussions about translating the software and
documentation associated with the Fedora Project
German: fedora-trans-de
French: fedora-trans-fr
Spanish: fedora-trans-es
Italian: fedora-trans-it
Brazilian Portuguese: fedora-trans-pt_br
Japanese: fedora-trans-ja
Korean: fedora-trans-ko
Simplified Chinese: fedora-trans-zh_cn
Traditional Chinese: fedora-trans-zh_tw
19 years, 7 months