On Tue, 2005-11-22 at 16:05 -0500, Claude Jones wrote: > On Tuesday 22 November 2005 4:00 pm, Louis Lagendijk wrote: > > > > I am running DenyHosts on my (Centos) server. It does seem to cause some > > problems changing security context on /etc/hosts.deny though. I am not > > sure whether it exhibits the same problem on Fedora, but you better > > monitor it for some time.... > > > > Could you give a little more detail. What problems regarding what security > contexts? I started this whole thread, and today I just installed denyhosts > as a first step in implementing some of the suggestions. It immediately > picked up some hosts from the logs that tried to break in yesterday, and > added them to denyhosts. I also happen to run a Centos server, so I'm doubly > curious about your issues. > My apologies for the late reply: I had to wait for the problem to re-appear. The issue appears to be that DenyHost (run as deamon) appear to change the context for /etc/hosts.deny to: -rw-r--r-- root root user_u:object_r:etc_t /etc/hosts -rw-r--r-- root root system_u:object_r:etc_t /etc/hosts.allow -rw-rw-rw- root root root:object_r:etc_runtime_t /etc/hosts.deny -rw-rw-rw- root root root:object_r:etc_t /etc/hosts.deny.purge.bak I have for now solved that with a local policy of: allow portmap_t etc_runtime_t:file read; probably not the best solution, but I am not (yet) versed well enough in selinux to solve the issue otherwise > -- > Claude Jones > Bluemont, VA, USA > -- Louis Lagendijk <louis@xxxxxxxxxxxxxxxxxxx>
