> -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of nodata > Sent: Saturday, July 23, 2005 5:28 PM > To: For users of Fedora Core releases > Subject: RE: FC4 and No logs and Audit-logs > > > On Sat, 2005-07-23 at 13:33 +0200, Tomas Larsson wrote: > > Looking in the "/var/logs/audit/audit.log" > > > > I'll find the following entry: > > type=AVC msg=audit(1122113324.490:351515): avc: denied { > read } for > > pid=2866 comm="syslogd" name="syslog.conf" dev=dm-0 ino=653814 > > scontext=root:system_r:syslogd_t > > tcontext=system_u:object_r:etc_runtime_t > > tclass=file > > type=SYSCALL msg=audit(1122113324.490:351515): > arch=40000003 syscall=5 > > success=no exit=-13 a0=2998c6 a1=0 a2=1b6 a3=98f1298 > items=1 pid=2866 > > auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 > > comm="syslogd" exe="/sbin/syslogd" > > > > It seems that syslogd is denied to do its job. > > > > With best regards > > > > Tomas Larsson > > Sweden > > > > Verus Amicus Est Tamquam Alter Idem > > > > > -----Original Message----- > > > From: fedora-list-bounces@xxxxxxxxxx > > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Tomas Larsson > > > Sent: Saturday, July 23, 2005 1:12 PM > > > To: 'For users of Fedora Core releases' > > > Subject: RE: FC4 and No logs > > > > > > > > > > -----Original Message----- > > > > From: fedora-list-bounces@xxxxxxxxxx > > > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of > Tomas Larsson > > > > Sent: Saturday, July 23, 2005 9:09 AM > > > > To: 'For users of Fedora Core releases' > > > > Subject: RE: FC4 and No logs > > > > > > > > > > > > > -----Original Message----- > > > > > From: fedora-list-bounces@xxxxxxxxxx > > > > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of > > > Thomas Cameron > > > > > Sent: Saturday, July 23, 2005 1:33 AM > > > > > To: For users of Fedora Core releases > > > > > Subject: Re: FC4 and No logs > > > > > > > > > > > > > > > On Fri, 2005-07-22 at 21:29 +0200, Tomas Larsson wrote: > > > > > > By some strange reason, the logging seems to have > > > stopped, boot, > > > > > > messages, secure etc hasn't logged anything since yesterday. > > > > > > > > > > > > Anyone got any clues? > > > > > > > > > > > > > > > > > > With best regards > > > > > > > > > > > > Tomas Larsson > > > > > > Sweden > > > > > > > > > > > > Verus Amicus Est Tamquam Alter Idem > > > > > > > > > > That sounds like a potentially bad thing - some cracks involve > > > > > killing off logging so that the sysadmin can't see what > > > the bad guy > > > > > is doing. Are you sure your system isn't > > > > compromised? > > > > > -- > > > > > Thomas Cameron, RHCE, CNE, MCSE, MCT > > > > > 512-241-0774 (office) > > > > > 512-924-8592 (cell) > > > > > > > > > > -- > > > > > fedora-list mailing list > > > > > fedora-list@xxxxxxxxxx > > > > > To unsubscribe: > > > > > http://www.redhat.com/mailman/listinfo/fedora-list > > > > > > > > > > > > > > > > > Cant think that it's being compromised (you never know, > do you), > > > > got it upp and running same day. > > > > If it is compromised, then there is a serious flaw > within FEDORA. > > > > > > > > My thinking is that I've done something else. Syslogd > is running, > > > > so it must be something else, question is what though. > > > > > > > > > > > > With best regards > > > > > > > > Tomas Larsson > > > > Sweden > > > > > > > > Verus Amicus Est Tamquam Alter Idem > > > > > > > > > > When I do a "service syslog status", I'm getting the > > > following response Translated to English, > > > > > > Syslogd is dead, but PID exists > > > Klogd (pid 1512) is running > > > > > > On the console I'm getting "syslogd:0 /dev/console: permission > > > denied" > > > > > > I'm starting to think that it might be selinux that has > > > screwed something up. > > > > > > With best regards > > > > > > Tomas Larsson > > > Sweden > > > > > > Verus Amicus Est Tamquam Alter Idem > > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > > To test, turn off selinux, reboot then check the logs. > Then file a bug quoting the avc messages above. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list Turned off SELINUX, and logging started. Could anyone running FEDORA Core 4, using SELINUX enforced, targeted policy do a "ls -alZ /etc/syslog.conf" And post the result here My output looks like "-rw-r--r-- root root system_u:object_r:etc_t /etc/syslog.conf" With best regards Tomas Larsson Sweden Verus Amicus Est Tamquam Alter Idem
Attachment:
smime.p7s
Description: S/MIME cryptographic signature