Re: SELinux Attack!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thomas Cameron wrote:
On Fri, 2007-10-12 at 12:31 -0600, Karl Larsen wrote:
Thomas Cameron wrote:
On Fri, 2007-10-12 at 09:24 -0600, Karl Larsen wrote:

Yes the ONLY problem is that a F7 that was working just fine all by itself found it can not locate cups. After 10 minutes it does find cups but then it can't find sendmail for around 5 minutes. Then it comes up very slow and when clear up into xwindows it still doesn't all work. When it got to a point I could operate the SELinux control panels I tried to turn SELinux off. To see what happens. Well just now looking at dmesg the dam SELinux is not turned off! So what is the best way to make sure this thing is turned off?
Karl -

What you are describing is almost surely a matter of your host not being
able to resolve its own name.  Nothing whatsoever to do with SELinux.

Post the contents of your /etc/hosts and /etc/resolv.conf files.

I'm betting good money that localhost does not resolve.

[karl@k5di ~]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain   localhost
::1     localhost6.localdomain6 localhost6
192.168.0.1     dsl
[karl@k5di ~]$

[karl@k5di ~]$ ping localhost
PING localhost.localdomain (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.060 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.064 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64 time=0.066 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=4 ttl=64 time=0.060 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=5 ttl=64 time=0.065 ms

--- localhost.localdomain ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.060/0.063/0.066/0.002 ms
[karl@k5di ~]$

OK how much money were you going to send :-)

In this case, none.  This is squarely your fault, nothing whatsoever to
do with SELinux.

[karl@k5di ~]$ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 216.234.192.92
nameserver 216.234.213.130
[karl@k5di ~]$
[karl@k5di ~]$

It all looks fine to me.

And that is why you can't fix it.  You don't understand it.  With a
little real information I (and I'm sure others on this list) see exactly
what the issue was.  I was close - I thought it was localhost not
resolving.  The answer is that your machine can't resolve its own name.
"k5di" is not defined in /etc/hosts, and your DNS servers are public
ones.  What is your full hostname?  k5di.xyz.com - what is the "xyz.com"
part of your machine's name?

216.234.192.92 is ns1.zianet.com and 216.234.213.130 is ns2.zianet.com.
They don't know anything about k5di.

Change the line in /etc/hosts that looks like this:

127.0.0.1 localhost.localdomain localhost

to this:

127.0.0.1 localhost.localdomain localhost k5di k5di.xyz.com

Obviously, cahnge xyz.com to your domain name.  Once you do that I
imagine your services will start in a timely manner.

SELinux is not involved.  Please, until you understand of what you
speak, keep quiet.
You are hunting ghosts. When I set up the network I changed the system host name to k5di.com and it has been that for months. Years before that on FC4.

Yesterday I changed nothing but turning off SELinux and the problems have all disappeared.



--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux