November 2005 - selinux - Fedora Mailing-Lists

by Dan Thurman

>From: Daniel J Walsh [mailto:dwalsh@redhat.com] >Sent: Monday, November 07, 2005 9:30 AM >To: Daniel B. Thurman >Cc: fedora-selinux-list(a)redhat.com >Subject: Re: Problems with httpd and SElinux. > > >Daniel B. Thurman wrote: >> Folks, >> >> I was asked to post this information here. To explain things, >> I have installed FrontPage extensions on FC4 but not realizing >> that I had to first disable SElinux for httpd first, but to make >> a long story short, I was able to install FP and then restore >> SElinux protections for httpd, but on reboot, SElinux refused >> to allow httpd to start and I suspect it had something to do >> with the FrontPage additions to the /etc/httpd/conf/httpd.conf >> file. I currently have SElinux protections turned off for >> https. Below is the audit file, hope it helps show the problem. >> >> type=AVC msg=audit(1131056930.757:251): avc: denied { >name_bind } for pid=4946 comm="httpd" src=8090 >scontext=root:system_r:httpd_t >tcontext=system_u:object_r:port_t tclass=tcp_socket >> type=SYSCALL msg=audit(1131056930.757:251): arch=40000003 >syscall=102 success=no exit=-13 a0=2 a1=bfc779f0 a2=750218 >a3=8b8da58 items=0 pid=4946 auid=4294967295 uid=0 gid=0 euid=0 >suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd" >> type=SOCKADDR msg=audit(1131056930.757:251): >saddr=0A001F9A000000000000000000000000000000000000000000000000 >> type=SOCKETCALL msg=audit(1131056930.757:251): nargs=3 a0=5 >a1=8b8da84 a2=1c >> >> Kind regards, >> Dan >> >> >We do not currently allow apache to listen on port 8090, >but this looks legitimate, so I will add to policy. >You can install policy (selinux-policy-targeted-sources >for now and add a line to: >/etc/selinux/targeted/src/policy/domains/misc/local.te >portcon tcp 8090 system_u:object_r:http_port_t > >Then execute make -c /etc/selinux/targeted/src/policy load > >and you should be able to use that port. > The information you gave me above does not work. I got all sorts of compile errors. BTW, the make should be "make -C". >From Paul Howarth, I tried: ============================================= If you want httpd to be able to listen on port 8090, and you have the policy sources installed, you can do this by adding the following line to /etc/selinux/targeted/src/policy/net_contexts: portcon tcp 8090 system_u:object_r:http_port_t Then you need to compile and reload the security contexts: # make -C /etc/selinux/targeted/src/policy reload ============================================= This all compiles fine now. Testing to see if httpd can now restart with the new policies: 1) setsebool -P httpd_disable_trans 0 2) Restart httpd for this to take effect: service httpd restart Httpd can restart with no failure messages. The httpd server now runs fine. HOWEVER - Testing FrontPage client against my FC4 box FAILS to connect and the reason revealed in /var/log/httpd/error_log: [Tue Nov 08 15:25:40 2005] [error] (13)Permission denied: Could not create key file "/usr/local/frontpage/version5.0/apache-fp/suidkey.17096" in FrontPageInit(). Until this problem is fixed, the FrontPage security patch is disabled and the FrontPage extensions may not work correctly. I suspect that there is a SElinux policy that is preventing the FP client program from creating and deleting the suidkey file it needs in order to startup and begin listening for FP Client requests. Please note that the process number is created and destroyed for the suidkey file and this is happening from within the httpd service file and has nothing to do with the FP client connection attempts. SELinux policy is preventing the service file from creating and destroying this file. So - in order to get back the successful FP client connections as before, performing these steps: 1) setsebool -P httpd_disable_trans 1 2) Restart httpd for this to take effect: service httpd restart The httpd/error_log error message does not appear and I can now connect with to the FC4 with the FP client. Dan Thurman. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005

18 years, 5 months

2
1
0 / 0

RE: Syslogd sending output to devpts

by Jose H. REMY

I have updated to selinux-policy-targeted-1.27.1-2.11, and still be unable to send logs to /dev/pts/* ...........audit.log type=PATH msg=audit(1131616982.431:2085578): item=0 name="/dev/pts/2" inode=1 de v=00:09 mode=040755 ouid=0 ogid=0 rdev=00:00 type=SYSCALL msg=audit(1131616982.431:2085578): arch=40000003 syscall=5 success= no exit=-13 a0=bfa18cda a1=8541 a2=1a4 a3=1 items=1 pid=331 auid=4294967295 uid= 0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="syslogd" exe="/sbin/sy slogd" type=AVC msg=audit(1131616982.431:2085578): avc: denied { append } for pid=33 1 comm="syslogd" name=2 dev=devpts ino=4 scontext=root:system_r:syslogd_t tconte xt=root:object_r:devpts_t tclass=chr_file Jose H. REMY Network administrator -----Original Message----- From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: Monday, November 07, 2005 18:35 To: Jose H. REMY Cc: 'fedora-selinux-list(a)redhat.com' Subject: Re: Syslogd sending output to devpts Jose H. REMY wrote: > Hi, > > Since I've installed SElinux (fedora-release-4-2 > selinux-policy-targeted-1.23.16-6), configured with targeted policy > SELinux status: enabledSELinuxfs mount: > /selinuxCurrent mode: enforcingMode from config file: > enforcingPolicy version: 19Policy from config file: > targeted > I've trouble sending outputs of syslog toward a /dev/pts/* window > > My devpts context : crw--w---- root tty root:object_r:devpts_t > My syslogd context : user_u:system_r:syslogd_t 1872 ? 00:00:00 > syslogdMy syslog.conf context: -rw-r--r-- root root > system_u:object_r:etc_t /etc/syslog.conf > > Thank you for help and explanation (why I don't always have an "avc" denied > message in message log?) > They are being dontaudited. Please update to the latest policy for FC4. This should be allowed. > Thanks, > > Jose H. REMY > > Network administrator > SECUR.NET > > > -- > fedora-selinux-list mailing list > fedora-selinux-list(a)redhat.com > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. -.-. -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. ATTENTION: This message was automatically controled and filtered. S/MIME will not work, use file encryption/signing instead. Ce message INTERNET a ete controle et filtre par SECUR.NET (filtres: Anomy HTML_cleaner, HTML_parser, MIME_tools); (antivirus: File_Scan, CLAMAV, MacAFEE) postmaster@localhost -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. -.-. -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

18 years, 5 months

1
0
0 / 0

Multiple same specifications for /sbin/lvm.static.

by Justin Conover

/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /sbin/lvm.static. I've been getting this error for awhile when I do "yum updates" Running Fedora Core 4 + update testing on this box. I've done fixfiles relable and /.autorelabel several times and I keep seeing this. Do I need to do some kind of restorcon? Thank you,

18 years, 5 months

2
4
0 / 0

selinux is giving me denied messages for spamassassin

by Richard E Miles

I noticed that other people are getting AVC denied messages when using spamassassin. I checked my audit log and am also getting denied messages. type=AVC msg=audit(1131216876.860:2091): avc: denied { getattr } for pid=2205 comm="spamd" name=".spamassassin" dev=dm-0 ino=11929746 scontext=system_u:system_r:spamd_t tcontext=user_u:object_r:user_home_t tclass=dir I have many many of theses type messages. How can I get spamassassin to work with selinux? -- Richard Miles Federal Way WA. USA registered linux user 46097

18 years, 5 months

1
0
0 / 0

Selinux with Apache running PHP

by Jayendren Anand Maduray

Good day all. I am having trouble running PHP files in my webserver: Apache. Here is some information: [root@shiva warez]# rpm -qi php Name : php Relocations: (not relocatable) Version : 4.3.11 Vendor: Red Hat, Inc. Release : 2.7 Build Date: Thu 25 Aug 2005 11:26:47 SAST Install Date: Thu 03 Nov 2005 13:51:24 SAST Build Host: tweety.build.redhat.com Group : Development/Languages Source RPM: php-4.3.11-2.7.src.rpm Size : 3373100 License: The PHP License Signature : DSA/SHA1, Thu 25 Aug 2005 18:02:04 SAST, Key ID b44269d04f2a6fd2 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.php.net/ Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) [root@shiva warez]# rpm -qi httpd Name : httpd Relocations: (not relocatable) Version : 2.0.52 Vendor: Red Hat, Inc. Release : 3.1 Build Date: Thu 11 Nov 2004 17:39:18 SAST Install Date: Fri 22 Apr 2005 08:37:05 SAST Build Host: dolly.build.redhat.com Group : System Environment/Daemons Source RPM: httpd-2.0.52-3.1.src.rpm Size : 2407431 License: Apache Software License Signature : DSA/SHA1, Fri 12 Nov 2004 22:58:01 SAST, Key ID b44269d04f2a6fd2 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://httpd.apache.org/ Summary : The httpd Web server [root@shiva warez]# uname -a Linux shiva 2.6.9-1.667smp #1 SMP Tue Nov 2 14:59:52 EST 2004 i686 i686 i386 GNU/Linux SElinux is running in enforcing mode, and I have disabled protection for apache. I am trying to setup PHP Nuke on my webserver, but it has trouble running PHP files. Also tried the following from the fedora-forum: changed permissions of the php files: chmod 755 *.php turning off SELinux protection, which works of course. But I like SELinux!!! Please advise. -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus IT Administrator Perinatal HIV Research Unit Old Potch Road Chris Hani Baragwanath Hospital Soweto South Africa Tel: +27 11 989 9776 Tel: +27 11 989 9999 Fax: +27 11 938 3973 Cel: 082 22 774 94 Alternate email address: jayendren(a)mweb.co.za

18 years, 5 months

2
4
0 / 0

1105 fails to boot....

by Tom London

Running strict/enforcing, latest rawhide: After installing latest packages, relabeling /etc, /bin, /lib, .... and rebooting, the system produces lots of udev type errors (cannot remove /dev/.udev_tdb/classSTUFF) and hangs on 'adding hardware' Boots (with messages) in permissive mode. Here are the 'early' AVCs: Jan 21 07:24:30 fedora kernel: SELinux: initialized (dev bdev, type bdev), uses genfs_contexts Jan 21 07:24:30 fedora kernel: SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts Jan 21 07:24:30 fedora kernel: SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts Jan 21 07:24:30 fedora kernel: audit(1106292231.919:0): avc: denied { read } for pid=478 exe=/bin/hostname path=/init dev=rootfs ino=17 scontext=system_u:system_r:hostname_t tcontext=system_u:object_r:root_t tclass=file Jan 21 07:24:30 fedora kernel: SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts Jan 21 07:24:30 fedora kernel: audit(1106292233.809:0): avc: denied { read } for pid=576 exe=/sbin/restorecon path=/init dev=rootfs ino=17 scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:root_t tclass=file Jan 21 07:24:30 fedora kernel: audit(1106292234.081:0): avc: denied { read } for pid=576 exe=/sbin/restorecon name=customizable_types dev=hda2 ino=4506184 scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:default_context_t tclass=file Jan 21 07:24:30 fedora kernel: audit(1106292235.062:0): avc: denied { use } for pid=702 exe=/bin/dmesg path=/init dev=rootfs ino=17 scontext=system_u:system_r:dmesg_t tcontext=system_u:system_r:kernel_t tclass=fd Jan 21 07:24:30 fedora kernel: audit(1106292235.062:0): avc: denied { read } for pid=702 exe=/bin/dmesg path=/init dev=rootfs ino=17 scontext=system_u:system_r:dmesg_t tcontext=system_u:object_r:root_t tclass=file Jan 21 07:24:30 fedora kernel: audit(1106292235.086:0): avc: denied { read } for pid=703 exe=/bin/bash path=/init dev=rootfs ino=17 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:root_t tclass=file Jan 21 07:24:30 fedora kernel: audit(1106292239.427:0): avc: denied { use } for pid=1233 exe=/sbin/kmodule path=/init dev=rootfs ino=17 scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kernel_t tclass=fd Jan 21 07:24:30 fedora kernel: audit(1106292239.428:0): avc: denied { read } for pid=1233 exe=/sbin/kmodule path=/init dev=rootfs ino=17 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:root_t tclass=file Jan 21 07:24:30 fedora ptal-mlcd: SYSLOG at ExMgr.cpp:652, dev=<mlc:usb:PSC_900_Series>, pid=2629, e=2, t=1106321070 ptal-mlcd successfully initialized. Jan 21 07:24:30 fedora ptal-printd: ptal-printd(mlc:usb:PSC_900_Series) successfully initialized using /var/run/ptal-printd/mlc_usb_PSC_900_Series*. Jan 21 07:24:30 fedora kernel: Floppy drive(s): fd0 is 1.44M I'll probe a bit, but any help is welcome! tom -- Tom London

18 years, 5 months

4
7
0 / 0

Syslogd sending output to devpts

by Jose H. REMY

Hi, Since I've installed SElinux (fedora-release-4-2 selinux-policy-targeted-1.23.16-6), configured with targeted policy SELinux status: enabledSELinuxfs mount: /selinuxCurrent mode: enforcingMode from config file: enforcingPolicy version: 19Policy from config file: targeted I've trouble sending outputs of syslog toward a /dev/pts/* window My devpts context : crw--w---- root tty root:object_r:devpts_t My syslogd context : user_u:system_r:syslogd_t 1872 ? 00:00:00 syslogdMy syslog.conf context: -rw-r--r-- root root system_u:object_r:etc_t /etc/syslog.conf Thank you for help and explanation (why I don't always have an "avc" denied message in message log?) Thanks, Jose H. REMY Network administrator SECUR.NET

18 years, 5 months

2
1
0 / 0

Problems with httpd and SElinux.

by Dan Thurman

Folks, I was asked to post this information here. To explain things, I have installed FrontPage extensions on FC4 but not realizing that I had to first disable SElinux for httpd first, but to make a long story short, I was able to install FP and then restore SElinux protections for httpd, but on reboot, SElinux refused to allow httpd to start and I suspect it had something to do with the FrontPage additions to the /etc/httpd/conf/httpd.conf file. I currently have SElinux protections turned off for https. Below is the audit file, hope it helps show the problem. type=AVC msg=audit(1131056930.757:251): avc: denied { name_bind } for pid=4946 comm="httpd" src=8090 scontext=root:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket type=SYSCALL msg=audit(1131056930.757:251): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfc779f0 a2=750218 a3=8b8da58 items=0 pid=4946 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd" type=SOCKADDR msg=audit(1131056930.757:251): saddr=0A001F9A000000000000000000000000000000000000000000000000 type=SOCKETCALL msg=audit(1131056930.757:251): nargs=3 a0=5 a1=8b8da84 a2=1c Kind regards, Dan -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.7/159 - Release Date: 11/2/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.7/159 - Release Date: 11/2/2005

18 years, 5 months

2
1
0 / 0

pam_abl selinux problem

by Nicolas Mailhot

Hi, Following a thread on the fedora-extra list about which tool in FE should be used to protect against sshd brute-force attacks I installed pam_abl on my fedora devel box. Pam_abl is a security module that checks every login attempt against user and host blacklists, and automatically fill these lists after too frequent login failures. Unfortunately it seems the devel security policies are not nice to pam_abl, so it doesn't work : Nov 5 10:27:02 rousalka pam_abl[3917]: Permission denied (13) while opening or creating database I've posted the relevant details (full audit logs...) in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172496 Could someone more qualified than me take a peek at them ? -- Nicolas Mailhot

18 years, 5 months

3
3
0 / 0

Re: Selinux and kernel-2.6.12-1.1381 Fedora Core 3

by Antonio Olivares

--- Rahul Sundaram <sundaram(a)redhat.com> wrote: > Antonio Olivares wrote: > > >Dear Kind Folks, > > I recently updated one of my machines at work > which > >was running Fedora Core 3 to kernel-2.6.12-1.1381 > via > >yum. When I rebooted and booted to the new kernel, > I > >fired up firefox and could not load yahoo webpage. > I > >tried google, Fedorafaq, Distrowatch and nothing. > I > >suspected Selinux could be the culprit, so I did: > >Hat -> System Settings -> Security Level and > disabled > >selinux. Rebooted with new settings and viola I > could > >see yahoo, distrowatch, google, etc. I went to > >terminal fired up yum and yum update selinux and > gave > >me error message. I tried again this time with > >selinux-targetpolicy? (not to sure) but it went > >through. I reenabled selinux, and rebooted and > could > >not view any webpages again. I will get back to > the > >machine on Monday, and it makes me wonder about > what > >do I need to do, which updates I need to run. > > > >kernel installed -> [kernel-2.6.12-1.1381_FC3.i686] > > > >I read very carefully the FAQ for SELinux from > >http://www.nsa.gov/selinux/info/faq.cfm > >but I am still clueless. I would like to keep > selinux > >enabled and still view webpages. How can I still > do > >that? > > > > > post to the fedora-selinux list with the AVC denied > messages in > /var/log/messages. Fedora SELinux FAQ is available > from > > http://fedoraproject.org/wiki/Communicate > http://fedora.redhat.com/docs/selinux-faq/ > > regards > Rahul > > -- > fedora-list mailing list > fedora-list(a)redhat.com > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list > I'll do that come Monday, thanks for helping. In any case, at home same thing happened, here are some avc messages audit(1131052412.181:2): avc: denied { name_connect } for pid=4314 comm="gkrellm" dest=7634 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:port_t tclass=tcp_socket audit(1131052412.349:3): avc: denied { name_connect } for pid=4317 comm="eggcups" dest=631 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket audit(1131052412.349:4): avc: denied { name_connect } for pid=4317 comm="eggcups" dest=631 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket CSLIP: code copyright 1989 Regents of the University of California PPP generic driver version 2.4.2 PPP Deflate Compression module registered audit(1131052690.058:5): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052692.227:6): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052699.727:7): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052702.155:8): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052713.032:9): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052718.472:10): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052726.685:11): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052730.917:12): avc: denied { name_connect } for pid=4602 comm="firefox-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052743.510:13): avc: denied { name_connect } for pid=4617 comm="mozilla-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052746.942:14): avc: denied { name_connect } for pid=4617 comm="mozilla-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052843.092:15): avc: denied { name_connect } for pid=4692 comm="mozilla-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket audit(1131052848.928:16): avc: denied { name_connect } for pid=4692 comm="mozilla-bin" dest=443 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket [root@localhost ~]# [root@localhost ~]# tail /var/log/messages Nov 3 21:20:37 localhost pppd[4658]: local IP address 66.201.8.152 Nov 3 21:20:37 localhost pppd[4658]: remote IP address 66.201.8.6 Nov 3 21:20:37 localhost pppd[4658]: primary DNS address 168.215.176.2 Nov 3 21:20:37 localhost pppd[4658]: secondary DNS address 12.176.80.9 Nov 3 21:20:43 localhost kernel: audit(1131052843.092:15): avc: denied { name_connect } for pid=4692 comm="mozilla-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket Nov 3 21:20:48 localhost kernel: audit(1131052848.928:16): avc: denied { name_connect } for pid=4692 comm="mozilla-bin" dest=443 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket Nov 3 21:23:01 localhost kernel: audit(1131052981.865:17): avc: denied { name_connect } for pid=4692 comm="mozilla-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket Nov 3 21:23:03 localhost kernel: audit(1131052983.717:18): avc: denied { name_connect } for pid=4692 comm="mozilla-bin" dest=80 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:http_port_t tclass=tcp_socket Nov 3 21:25:01 localhost crond(pam_unix)[4703]: session opened for user root by (uid=0) Nov 3 21:25:02 localhost crond(pam_unix)[4703]: session closed for user root Regards, Antonio __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs

18 years, 5 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux November 2005