On Thu, 2006-06-29 at 17:13 -0400, Al Freundorfer wrote:
> I set up xinetd to allow certian sites to connect to the server
> thru /etc/xinetd.d/ssh.
>> It works perfectly when I set selinux to permissive, but doesn't work
when set
>> to enforcing even though I have the box checked in system-config-security
>> under selinux tab to allow ssh connection through inetd.
>>
>> Can anyone help me with this?
>
>Change back to permissive:
>
># setenforce 0
>
>Make a note of the exact time.
>
>Then try out a connection (which should work since you're in permissive
>mode).
>
>Then look in your /var/log/messages or /var/log/audit/audit.log (if you
>have one) for messages containing "type=AVC" after the time you did the
>"setenforce". Post back here any that you find.
>
>Paul.
Thanks for your help. This is what I got.
selinux set to permissive:
remote terminal attemped login:
password:
Authentication successful.
Last login: Fri Jun 30 12:58:06 2006 from xx.xx.xx.xx
[xxxxxxxx ~]$
/var/log/messages:
Jun 30 13:04:42 local kernel: audit(1151687082.023:7): enforcing=0
old_enforcing=1 auid=4294967295
Jun 30 13:04:59 local kernel: audit(1151687099.076:8): avc: denied {
entrypoint } for pid=2884 comm="sshd" name="bash" dev=dm-0 ino=49053782
scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Jun 30 13:04:59 local kernel: audit(1151687099.080:9): avc: denied {
write } for pid=2884 comm="bash" name="7" dev=devpts ino=9
scontext=user_u:system_r:amanda_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file
Jun 30 13:04:59 local kernel: audit(1151687099.080:10): avc: denied {
ioctl } for pid=2884 comm="bash" name="7" dev=devpts ino=9
scontext=user_u:system_r:amanda_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file
Jun 30 13:04:59 local kernel: audit(1151687099.084:11): avc: denied {
execute } for pid=2888 comm="bash" name="hostname" dev=dm-0 ino=49053725
scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
Jun 30 13:04:59 local kernel: audit(1151687099.084:12): avc: denied {
execute_no_trans } for pid=2888 comm="bash" name="hostname" dev=dm-0
ino=49053725 scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
Jun 30 13:04:59 local kernel: audit(1151687099.084:13): avc: denied {
execute } for pid=2884 comm="bash" name="colorls.sh" dev=dm-0
ino=39026988 scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
_________________________________
selinux set to enforcing:
remote terminal attemped login:
password:
Authentication successful.
Last login: Fri Jun 30 12:49:57 2006
/bin/bash: Permission denied
bash-2.03$
/var/log/messages:
Jun 30 12:57:28 local kernel: audit(1151686648.208:4): enforcing=1
old_enforcing=0 auid=4294967295
Jun 30 12:58:06 local kernel: audit(1151686686.350:5): avc: denied {
entrypoint } for pid=2627 comm="sshd" name="bash" dev=dm-0 ino=49053782
scontext=user_u:system_r:amanda_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
regards
al
