dear all, that really baffles me, I don't seem to be able to set it up :) and that port by default in conf file?? setroubleshoot server should be able to listen on network so remote sealert could connect to it, right? on my boxes(f9;f10) it does even look like binding to a port please advise cheers
___________________________________________________________ Try the all-new Yahoo! Mail. "The New Version is radically easier to use" � The Wall Street Journal http://uk.docs.yahoo.com/nowyoucan.html
lejeczek wrote:
dear all, that really baffles me, I don't seem to be able to set it up :) and that port by default in conf file?? setroubleshoot server should be able to listen on network so remote sealert could connect to it, right? on my boxes(f9;f10) it does even look like binding to a port please advise cheers
By default the connection between the server and client is local and is implemented with a unix domain socket, not inet. This default is chosen for security reasons with the consequence the client (sealert) can only connect to the server (setroubleshootd) if they are running on the same host. However, it is possible to configure setroubleshootd to accept inet connections (see the comments in /etc/setroubleshoot/setroubleshoot.cfg) so that a remote sealert can connect to it. Be aware there is no authentication in this configuration and as such you must be comfortable with anyone being able to access your selinux denial information. For sealert to connect via inet to a remote host use the "connect to" menu item in the "File" menu (going from memory, the name might be slightly different). In the default local case you should not need to do anything special, the default configuration should just work.
hello John, more than fair, safety is priority but what I said was that this is a bit of conf I cannot figure out there are these two directive in client_connect_to; listen_for_client fairly clear explanation how to use inet family and this 69783 in fedoras default_port, it's not even a valid port! is it? anyhow, I change this directive like: address_list = {unix}%(path)s, hostname:8880 (hostname gets resolved) but I still see no process binds/listens to that port and by the way, sealert browser seems using only hard-coded port with no way of changing it server logs: 2009-03-25 01:06:34,771 [communication.DEBUG] parse_socket_address_list: input='{unix}/var/run/setroubleshoot/setroubleshoot_server,10.0.0.100:8880' 2009-03-25 01:06:34,772 [communication.DEBUG] parse_socket_address_list: 10.0.0.100:8880 --> {inet}10.0.0.100:8880 socket=None 2009-03-25 01:06:34,774 [communication.DEBUG] new_listening_socket: {unix}/var/run/setroubleshoot/setroubleshoot_server socket=None 2009-03-25 01:06:34,775 [communication.DEBUG] new_listening_socket: {inet}10.0.0.100:8880 socket=None but as I said, doesn't open that port, ipc socket is working, sends emails with reports I'll check those plug-ins Dominick mentions cheers
John Dennis wrote:
lejeczek wrote:
dear all, that really baffles me, I don't seem to be able to set it up :) and that port by default in conf file?? setroubleshoot server should be able to listen on network so remote sealert could connect to it, right? on my boxes(f9;f10) it does even look like binding to a port please advise cheers
By default the connection between the server and client is local and is implemented with a unix domain socket, not inet. This default is chosen for security reasons with the consequence the client (sealert) can only connect to the server (setroubleshootd) if they are running on the same host. However, it is possible to configure setroubleshootd to accept inet connections (see the comments in /etc/setroubleshoot/setroubleshoot.cfg) so that a remote sealert can connect to it. Be aware there is no authentication in this configuration and as such you must be comfortable with anyone being able to access your selinux denial information. For sealert to connect via inet to a remote host use the "connect to" menu item in the "File" menu (going from memory, the name might be slightly different). In the default local case you should not need to do anything special, the default configuration should just work.
___________________________________________________________ Inbox full of spam? Get leading spam protection and 1GB storage with All New Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html
On Tue, 2009-03-24 at 21:38 +0000, lejeczek wrote:
dear all, that really baffles me, I don't seem to be able to set it up :) and that port by default in conf file?? setroubleshoot server should be able to listen on network so remote sealert could connect to it, right? on my boxes(f9;f10) it does even look like binding to a port please advise cheers
This might not be what you are looking but i would just like to mention that prelude and the audisp plug-in do a great job of relaying avc denials amongst other things secure on the network to a central manager
http://people.redhat.com/sgrubb/audit/prelude.txt
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" The Wall Street Journal http://uk.docs.yahoo.com/nowyoucan.html
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org