On Thu April 17 2008, Claude Jones wrote: > I can't declare victory. I am now networked, I now know how to break it. Just declare victory. It doesn't have to be total; victory declarations, qualified, with reservations, with lots of uselessmumbling, etc...work, too! Just switched over to an XP box that had been reliably browsing my Fedora box for the past hour, and got a "can't find" error. Turned off the firewall on Fedora, went back to the XP machine, and the connection is restored... WTF?? I doubt this is relevant, but here are the relevant entries in iptables: Chain INBOUND (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 192.168.2.0/24 anywhere ACCEPT all -- 192.168.2.1 anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpts:6881:6889 ACCEPT udp -- anywhere anywhere udp dpts:6881:6889 ACCEPT tcp -- anywhere anywhere tcp dpt:35986 ACCEPT udp -- anywhere anywhere udp dpt:35986 ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:ipp ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:ipp ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpts:netbios-ns:netbios-ssn ACCEPT udp -- 192.168.2.0/24 anywhere udp dpts:netbios-ns:netbios-ssn ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:microsoft-ds ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:microsoft-ds ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:sunrpc ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:sunrpc ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:nfs ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:nfs ACCEPT tcp -- 192.168.2.0/24 anywhere tcp dpt:domain ACCEPT udp -- 192.168.2.0/24 anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain LSI all -- anywhere anywhere *************************************** I know there are issues in there, but, the main point is, why did it suddenly go dark? Why did it work for a couple of hours this am, and all night, then suddenly lose it? *************************************** and there's the Samba and Selinux issue - I'm getting tons of these: Summary: SELinux is preventing smbd (smbd_t) "getattr" to /dev/sde1 (fixed_disk_device_t). Detailed Description: SELinux denied access requested by smbd. It is not expected that this access is required by smbd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /dev/sde1, restorecon -v '/dev/sde1' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:smbd_t Target Context system_u:object_r:fixed_disk_device_t Target Objects /dev/sde1 [ blk_file ] Source smbd Source Path /usr/sbin/smbd Port <Unknown> Host tehogee1 Source RPM Packages samba-3.0.28a-0.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-98.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name tehogee1 Platform Linux tehogee1 2.6.24.4-64.fc8 #1 SMP Sat Mar 29 09:54:46 EDT 2008 i686 i686 Alert Count 3 First Seen Wed 16 Apr 2008 08:39:18 AM EDT Last Seen Wed 16 Apr 2008 08:43:18 AM EDT Local ID 83d6b661-2e3b-482a-ada7-ca94aa1f5eb6 Line Numbers Raw Audit Messages host=tehogee1 type=AVC msg=audit(1208349798.310:1590): avc: denied { getattr } for pid=32296 comm="smbd" path="/dev/sde1" dev=tmpfs ino=323202 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file host=tehogee1 type=SYSCALL msg=audit(1208349798.310:1590): arch=40000003 syscall=195 success=no exit=-13 a0=bfd7a694 a1=bfd79e14 a2=4c5ff4 a3=bfd79e14 items=0 ppid=31287 pid=32296 auid=500 uid=99 gid=0 euid=99 suid=0 fsuid=99 egid=99 sgid=0 fsgid=99 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null) ******************************************** or even more germane, this: Summary: SELinux is preventing the samba daemon from serving r/o local files to remote clients. Detailed Description: SELinux has preventing the samba daemon (smbd) from reading files on the local system. If you have not exported these file systems, this could signals an intrusion. Allowing Access: If you want to export file systems using samba you need to turn on the samba_export_all_ro boolean: "setsebool -P samba_export_all_ro=1". The following command will allow this access: setsebool -P samba_export_all_ro=1 Additional Information: Source Context system_u:system_r:smbd_t Target Context system_u:object_r:var_t Target Objects ./srv [ dir ] Source smbd Source Path /usr/sbin/smbd Port <Unknown> Host tehogee1 Source RPM Packages samba-3.0.28a-0.fc8 Target RPM Packages filesystem-2.4.11-1.fc8 Policy RPM selinux-policy-3.0.8-98.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name samba_export_all_ro Host Name tehogee1 Platform Linux tehogee1 2.6.24.4-64.fc8 #1 SMP Sat Mar 29 09:54:46 EDT 2008 i686 i686 Alert Count 8 First Seen Wed 16 Apr 2008 10:06:11 PM EDT Last Seen Wed 16 Apr 2008 10:06:15 PM EDT Local ID dd8cb0d1-fac0-495c-89e6-c115d60ad66f Line Numbers Raw Audit Messages host=tehogee1 type=AVC msg=audit(1208397975.959:367): avc: denied { read } for pid=28749 comm="smbd" name="srv" dev=sda3 ino=26312705 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir host=tehogee1 type=SYSCALL msg=audit(1208397975.959:367): arch=40000003 syscall=5 success=no exit=-13 a0=b864d098 a1=98800 a2=bf9291fc a3=b86651c8 items=0 ppid=3353 pid=28749 auid=4294967295 uid=99 gid=0 euid=99 suid=0 fsuid=99 egid=99 sgid=0 fsgid=99 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0 key=(null) ********************************************* I have run the suggested command to fix the last, but to no avail. -- Claude Jones Brunswick, MD, USA
